Migrate from jenkins to gha

.github/workflows/ci.yml

@@ -0,0 +1,110 @@
+name: ci
+on:
+  push:
+    branches:
+      - "**"
+  workflow_dispatch:
+    inputs:
+      deploy-to-dev:
+        description: "Whether to deploy to dev"
+        type: boolean
+        required: true
+        default: false
+
+defaults:
+  run:
+    # NOTE: A bit stricter than the default bash options used by GitHub Actions
+    # (bash --noprofile --norc -e -o pipefail {0})
+    shell: bash --noprofile --norc -euo pipefail {0}
+
+# NOTE: Set concurrency for the current workflow to 1
+concurrency: ci-${{ github.ref }}-${{ github.workflow }}
+
+jobs:
+  build-and-deploy:
+    timeout-minutes: 60
+    runs-on: ubuntu-22.04
+    permissions:
+      actions: read
+      contents: read
+      id-token: write
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - uses: capralifecycle/actions-lib/check-runtime-dependencies@7eaefbf567a011164b4085366190807b4ddce7bc # v1.2.0
+
+      - uses: capralifecycle/actions-lib/parse-config@7eaefbf567a011164b4085366190807b4ddce7bc # v1.2.0
+        id: config
+        with:
+          config-file: ".ldp.json"
+
+      - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+        with:
+          node-version: 20.9.0
+
+      - name: install dependencies
+        run: npm ci
+
+      - name: lint
+        run: npm run lint
+
+      - name: install playwright browsers
+        run: npx playwright install --with-deps
+
+      - name: build
+        run: npm run build:ci
+
+      - name: test
+        run: npm run test
+
+      # - name: test - component
+      #   run: npm run test:component:ci
+
+      # - name: test - e2e
+      #   run: npm run test:e2e:ci
+
+      - uses: capralifecycle/actions-lib/configure-aws-credentials@7eaefbf567a011164b4085366190807b4ddce7bc # v1.2.0
+        id: aws
+        with:
+          aws-account-id: ${{ steps.config.outputs.accountId }}
+          # NOTE: We use different roles on default and non-default branches
+          aws-iam-role-name: ${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) && steps.config.outputs.roleName || steps.config.outputs.limitedRoleName }}
+
+      - uses: capralifecycle/actions-lib/upload-s3-artifact@7eaefbf567a011164b4085366190807b4ddce7bc # v1.2.0
+        if: ${{ github.ref == 'refs/heads/master' || inputs.deploy-to-dev }}
+        id: upload-s3-artifact
+        env:
+          AWS_ACCESS_KEY_ID: ${{ steps.aws.outputs.aws-access-key-id }}
+          AWS_SECRET_ACCESS_KEY: ${{ steps.aws.outputs.aws-secret-access-key }}
+          AWS_SESSION_TOKEN: ${{ steps.aws.outputs.aws-session-token }}
+        with:
+          aws-s3-bucket-name: ${{ steps.config.outputs.artifactBucket }}
+          target-path: "build"
+
+      - name: trigger development deployment pipelines
+        uses: capralifecycle/actions-lib/trigger-deployment-pipeline@7eaefbf567a011164b4085366190807b4ddce7bc # v1.2.0
+        if: ${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) || inputs.deploy-to-dev }}
+        env:
+          AWS_ACCESS_KEY_ID: ${{ steps.aws.outputs.aws-access-key-id }}
+          AWS_SECRET_ACCESS_KEY: ${{ steps.aws.outputs.aws-secret-access-key }}
+          AWS_SESSION_TOKEN: ${{ steps.aws.outputs.aws-session-token }}
+        with:
+          pipelines: ${{ steps.config.outputs.devPipelines }}
+          aws-s3-bucket-name: ${{ steps.config.outputs.artifactBucket }}
+          trigger-type: "artifact"
+          # NOTE: The key passed to artifact-parameters will be the name of
+          # the SSM parameter where the reference to the artifact is stored.
+          artifact-parameters: "devWebappArtifactS3Key=${{ steps.upload-s3-artifact.outputs.aws-s3-key }}"
+
+      - name: trigger production deployment pipelines
+        uses: capralifecycle/actions-lib/trigger-deployment-pipeline@7eaefbf567a011164b4085366190807b4ddce7bc # v1.2.0
+        if: ${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
+        env:
+          AWS_ACCESS_KEY_ID: ${{ steps.aws.outputs.aws-access-key-id }}
+          AWS_SECRET_ACCESS_KEY: ${{ steps.aws.outputs.aws-secret-access-key }}
+          AWS_SESSION_TOKEN: ${{ steps.aws.outputs.aws-session-token }}
+        with:
+          pipelines: ${{ steps.config.outputs.prodPipelines }}
+          aws-s3-bucket-name: ${{ steps.config.outputs.artifactBucket }}
+          trigger-type: "artifact"
+          artifact-parameters: "prodWebappArtifactS3Key=${{ steps.upload-s3-artifact.outputs.aws-s3-key }}"

.ldp.json

@@ -0,0 +1,9 @@
+{
+  "version": "0.1",
+  "accountId": "001112238813",
+  "roleName": "github-actions-role",
+  "limitedRoleName": "github-actions-limited-role",
+  "artifactBucket": "incub-common-build-artifacts-001112238813-eu-west-1",
+  "devPipelines": ["cdkappref-core-dev"],
+  "prodPipelines": ["cdkappref-core-prod"]
+}