Skip to content

Bump the aws-sdk group across 1 directory with 4 updates #11780

Bump the aws-sdk group across 1 directory with 4 updates

Bump the aws-sdk group across 1 directory with 4 updates #11780

Workflow file for this run

name: Deploy
on:
push:
branches:
- '*'
- 'dependabot/**'
- '!skipci*'
- '!main'
permissions:
id-token: write
jobs:
begin-deployment:
name: Begin Deployment
runs-on: ubuntu-20.04
permissions:
deployments: write
outputs:
deploy-id: ${{ steps.ghdeployment.outputs.deployment_id }}
stage-name: ${{ steps.stage-name.outputs.stage-name-for-branch}}
app-version: ${{ steps.branch-name.outputs.app-version}}
changed-services: ${{ steps.changed-services-action.outputs.changed-services }}
steps:
- name: Check out repository
uses: actions/checkout@v4
with:
fetch-depth: 40
- name: Check for secrets
uses: ./.github/actions/check_secrets
with:
expected-secret: ${{ secrets.VITE_APP_AUTH_MODE }}
- name: set app version
id: app-version
shell: bash
run: echo "app-version=$(scripts/app_version.sh)" >> "$GITHUB_OUTPUT"
- name: set stage name
id: stage-name
shell: bash
run: |
echo "stage-name-for-branch=$(./scripts/stage_name_for_branch.sh ${GITHUB_REF#refs/heads/})" >> "$GITHUB_OUTPUT"
- name: set branch name
id: branch-name
shell: bash
run: echo "branch-name=$(echo ${GITHUB_REF#refs/heads/})" >> "$GITHUB_OUTPUT"
- name: lock this branch to prevent concurrent deploys
run: ./.github/github-lock.sh
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Setup env
uses: ./.github/actions/setup_env
- name: build scripts
shell: bash
run: pnpm -r build:ci-scripts
- name: run get_changed_services
id: changed-services-action
uses: ./scripts/get-changed-services/
with:
branchName: ${{ steps.branch-name.outputs.branch-name}}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: test we have changed services output
id: test
shell: bash
run: |
echo "${{steps.changed-services-action.outputs.changed-services}}"
- uses: chrnorm/deployment-action@v2
name: Create GitHub deployment
id: ghdeployment
with:
token: '${{ github.token }}'
environment: review-apps
transient-environment: true
description: stack ${{ steps.branch-name.outputs.stage-name-for-branch}}
initial-status: in_progress
web-unit-tests:
name: test - web unit tests
runs-on: ubuntu-20.04
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: Setup env
uses: ./.github/actions/setup_env
- name: Generate Code
run: pnpm -r generate
- name: Build packages
shell: bash
run: pnpm build:packages
- name: Web Unit Tests
id: web-unit-tests
env:
NODE_OPTIONS: --max_old_space_size=6000
VITE_APP_AUTH_MODE: AWS_COGNITO
DATABASE_URL: postgresql://postgres:shhhsecret@localhost:5432/postgres?schema=public&connection_limit=5 #pragma: allowlist secret
working-directory: services/app-web
run: |
set -e
pnpm test:coverage
exit $?
- name: upload app web gen directory
uses: actions/upload-artifact@v4
with:
name: app-web-gen
path: ./services/app-web/src/gen
- name: upload cypress gen directory
uses: actions/upload-artifact@v4
with:
name: cypress-gen
path: ./services/cypress/gen
- name: upload unit test coverage
uses: actions/upload-artifact@v4
with:
name: unit-test-coverage
path: ./services/app-web/coverage/coverage-final.json
- name: publish code coverage
uses: paambaati/[email protected]
continue-on-error: true
env:
CC_TEST_REPORTER_ID: f7474ffe9522492f5380eb86189480f352c841718c1fe6a63f169353c7cee243
with:
debug: true
coverageLocations: ${{github.workspace}}/services/app-web/coverage/lcov.info:lcov
prefix: services/app-web/
workingDirectory: services/app-web
api-unit-tests:
name: test - api unit tests
runs-on: ubuntu-20.04
services:
postgres:
image: postgres:13.3
env:
VITE_APP_AUTH_MODE: AWS_COGNITO
POSTGRES_PASSWORD: shhhsecret #pragma: allowlist secret
# Set health checks to wait until postgres has started
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 5432:5432
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: Setup env
uses: ./.github/actions/setup_env
- name: Generate code
run: pnpm -r generate
- name: Generate Prisma
env:
NODE_OPTIONS: --max_old_space_size=6000
VITE_APP_AUTH_MODE: AWS_COGNITO
DATABASE_URL: postgresql://postgres:shhhsecret@localhost:5432/postgres?schema=public&connection_limit=5 #pragma: allowlist secret
working-directory: services/app-api
run: |
pnpm generate
npx prisma migrate reset --force
- name: Build packages
shell: bash
run: pnpm build:packages
- name: API Unit Tests
id: api-unit-tests
env:
stage: ${steps.stage-name.outputs.stage-name-for-branch}
NODE_OPTIONS: --max_old_space_size=6000
VITE_APP_OTEL_COLLECTOR_URL: ${{vars.VITE_APP_OTEL_COLLECTOR_URL}}
VITE_APP_AUTH_MODE: AWS_COGNITO
DATABASE_URL: postgresql://postgres:shhhsecret@localhost:5432/postgres?schema=public&connection_limit=5 #pragma: allowlist secret
working-directory: services/app-api
run: |
set -e
pnpm test:coverage
exit $?
- name: upload api test coverage
uses: actions/upload-artifact@v4
with:
name: api-test-coverage
path: ./services/app-api/coverage/coverage-final.json
- name: publish code coverage
uses: paambaati/[email protected]
continue-on-error: true
env:
CC_TEST_REPORTER_ID: f7474ffe9522492f5380eb86189480f352c841718c1fe6a63f169353c7cee243
with:
debug: true
coverageLocations: |
${{github.workspace}}/services/app-api/coverage/lcov.info:lcov
build-prisma-client-lambda-layer:
name: build - postgres prisma layer
runs-on: ubuntu-20.04
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: Setup env
uses: ./.github/actions/setup_env
- name: Generate protos
working-directory: services/app-proto
run: pnpm generate
# Generate Prisma Client and binary that can run in a lambda environment
- name: Prepare prisma client
working-directory: services/app-api
env:
PRISMA_CLI_BINARY_TARGETS: rhel-openssl-3.0.x
run: pnpm prisma generate
- name: Prepare "@prisma/client" lambda layer
working-directory: services/app-api
run: ./scripts/prepare-prisma-layer.sh
- uses: actions/upload-artifact@v4
with:
name: lambda-layers-prisma-client-migration
path: ./services/app-api/lambda-layers-prisma-client-migration
- uses: actions/upload-artifact@v4
with:
name: lambda-layers-prisma-client-engine
path: ./services/app-api/lambda-layers-prisma-client-engine
build-clamav-layer:
name: build - clamav layer
runs-on: ubuntu-20.04
steps:
- name: Check out repository
uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
- name: Prepare ClamAV layer
working-directory: services/uploads/src/avLayer
run: ./dockerbuild.sh
- uses: actions/upload-artifact@v4
with:
name: lambda-layers-clamav
path: ./services/uploads/src/avLayer/build/lambda_layer.zip
deploy-infra:
needs: [begin-deployment, build-clamav-layer]
uses: Enterprise-CMCS/managed-care-review/.github/workflows/deploy-infra-to-env.yml@main
with:
environment: dev
stage_name: ${{ needs.begin-deployment.outputs.stage-name}}
changed_services: ${{ needs.begin-deployment.outputs.changed-services }}
aws_default_region: ${{ vars.AWS_DEFAULT_REGION }}
secrets:
aws_account_id: ${{ secrets.DEV_AWS_ACCOUNT_ID }}
nr_license_key: ${{ secrets.NR_LICENSE_KEY }}
slack_webhook_url: ${{ secrets.SLACK_WEBHOOK }}
deploy-app:
needs:
[
begin-deployment,
build-prisma-client-lambda-layer,
web-unit-tests,
api-unit-tests,
deploy-infra,
]
if: |
always() &&
(needs.deploy-infra.result == 'success' || needs.deploy-infra.result == 'skipped') &&
needs.web-unit-tests.result == 'success' &&
needs.api-unit-tests.result == 'success' &&
needs.build-prisma-client-lambda-layer.result == 'success' &&
needs.begin-deployment.result == 'success'
uses: Enterprise-CMCS/managed-care-review/.github/workflows/deploy-app-to-env.yml@main
with:
environment: dev
stage_name: ${{ needs.begin-deployment.outputs.stage-name }}
app_version: ${{ needs.begin-deployment.outputs.app-version }}
changed_services: ${{ needs.begin-deployment.outputs.changed-services }}
aws_default_region: ${{ vars.AWS_DEFAULT_REGION }}
vite_app_auth_mode: AWS_COGNITO
secrets:
aws_account_id: ${{ secrets.DEV_AWS_ACCOUNT_ID }}
nr_license_key: ${{ secrets.NR_LICENSE_KEY }}
finishing-prep:
name: Finishing Prep
needs: [deploy-infra, begin-deployment, deploy-app]
environment: dev
if: |
always()
&& (needs.begin-deployment.result == 'success')
&& (needs.deploy-infra.result == 'success' || needs.deploy-infra.result == 'skipped')
&& (needs.deploy-app.result == 'success' || needs.deploy-app.result == 'skipped')
runs-on: ubuntu-20.04
outputs:
application-endpoint: ${{ steps.save-app-endpoint.outputs.app-endpoint }}
api-endpoint: ${{ steps.save-api-endpoint.outputs.api-endpoint }}
cypress-uuid: ${{ steps.uuid.outputs.value }}
cognito-user-pool-id: ${{ steps.save-cognito-user-pool-id.outputs.value }}
cognito-region: ${{ steps.save-cognito-region.outputs.value }}
cognito-identity-pool-id: ${{ steps.save-cognito-identity-pool-id.outputs.value }}
cognito-user-pool-web-client-id: ${{ steps.save-cognito-user-pool-web-client-id.outputs.value }}
steps:
- uses: actions/checkout@v4
- name: Setup env
uses: ./.github/actions/setup_env
- name: Get AWS credentials
uses: ./.github/actions/get_aws_credentials
with:
region: ${{ vars.AWS_DEFAULT_REGION }}
account-id: ${{ secrets.DEV_AWS_ACCOUNT_ID }}
stage-name: ${{ needs.begin-deployment.outputs.stage-name }}
changed-services: ${{ needs.begin-deployment.outputs.changed-services }}
- name: Create Test Users
env:
STAGE_NAME: ${{ needs.begin-deployment.outputs.stage-name }}
TEST_USERS_PASS: ${{ secrets.TEST_USERS_PASS }}
run: |
cd scripts
pnpm tsc
node ./add_cypress_test_users.js $STAGE_NAME $TEST_USERS_PASS
- name: Run migrate to turn on Aurora
id: run-migrations
working-directory: services/app-api
env:
STAGE_NAME: ${{ needs.begin-deployment.outputs.stage-name }}
run: |
./scripts/invoke-migrate-lambda.sh app-api-$STAGE_NAME-migrate
- name: get application endpoint
id: save-app-endpoint
env:
STAGE_NAME: ${{ needs.begin-deployment.outputs.stage-name }}
run: |
cd services
endpoint=$(./output.sh ui CloudFrontEndpointUrl $STAGE_NAME)
echo $endpoint
echo "app-endpoint=$endpoint" >> "$GITHUB_OUTPUT"
- name: get api endpoint
id: save-api-endpoint
env:
STAGE_NAME: ${{ needs.begin-deployment.outputs.stage-name }}
run: |
cd services
endpoint=$(./output.sh infra-api ApiGatewayRestApiUrl $STAGE_NAME)
echo "api-endpoint=$endpoint" >> "$GITHUB_OUTPUT"
- name: get cognito user pool id
id: save-cognito-user-pool-id
env:
STAGE_NAME: ${{ needs.begin-deployment.outputs.stage-name }}
run: |
cd services
endpoint=$(./output.sh ui-auth UserPoolId $STAGE_NAME)
echo "value=$endpoint" >> "$GITHUB_OUTPUT"
- name: get cognito region
id: save-cognito-region
env:
STAGE_NAME: ${{ needs.begin-deployment.outputs.stage-name }}
run: |
cd services
endpoint=$(./output.sh ui-auth Region $STAGE_NAME)
echo "value=$endpoint" >> "$GITHUB_OUTPUT"
- name: get cognito identity pool id
id: save-cognito-identity-pool-id
env:
STAGE_NAME: ${{ needs.begin-deployment.outputs.stage-name }}
run: |
cd services
endpoint=$(./output.sh ui-auth IdentityPoolId $STAGE_NAME)
echo "value=$endpoint" >> "$GITHUB_OUTPUT"
- name: get cognito user pool web client id
id: save-cognito-user-pool-web-client-id
env:
STAGE_NAME: ${{ needs.begin-deployment.outputs.stage-name }}
run: |
cd services
endpoint=$(./output.sh ui-auth UserPoolClientId $STAGE_NAME)
echo "value=$endpoint" >> "$GITHUB_OUTPUT"
- name: get storybook endpoint
id: save-storybook-endpoint
env:
STAGE_NAME: ${{ needs.begin-deployment.outputs.stage-name }}
run: |
cd services
endpoint=$(./output.sh storybook CloudFrontEndpointUrl $STAGE_NAME)
echo $endpoint
echo "storybook-endpoint=$endpoint" >> "$GITHUB_OUTPUT"
end-deployment:
needs: [begin-deployment, deploy-app, finishing-prep]
if: always() && needs.begin-deployment.result == 'success'
name: End Deployment
runs-on: ubuntu-20.04
permissions:
deployments: write
steps:
- uses: actions/checkout@v4
- name: Update deployment status (failure)
if: failure() && needs.begin-deployment.result == 'success'
uses: chrnorm/deployment-status@v2
with:
token: '${{ github.token }}'
state: 'failure'
deployment_id: ${{ needs.begin-deployment.outputs.deploy-id }}
- name: Update deployment status (success)
if: needs.deploy-app.result == 'success'
uses: chrnorm/deployment-status@v2
with:
token: '${{ github.token }}'
environment-url: ${{ needs.finishing-prep.outputs.application-endpoint }}
state: 'success'
deployment-id: ${{ needs.begin-deployment.outputs.deploy-id }}
# GitHub creates a deployment each time you reference an environment, and you can't opt out: https://github.com/actions/runner/issues/2120
# We need to clean them up manually so they don't spam our PRs
- name: Clean up dev deployments
uses: ./.github/actions/clean_up_deployments
with:
environment: dev
cypress:
name: cypress-run
timeout-minutes: 25
needs: [deploy-app, finishing-prep]
if: always() && needs.finishing-prep.result == 'success'
runs-on: ubuntu-20.04
container:
image: cypress/browsers:node-20.14.0-chrome-126.0.6478.114-1-ff-127.0.1-edge-126.0.2592.61-1
options: --user 1001
permissions:
deployments: write
strategy:
fail-fast: true
matrix:
# run copies of the current job in parallel
containers: [1, 2, 3, 4, 5, 6, 7, 8]
steps:
- uses: actions/checkout@v4
- name: Setup env
uses: ./.github/actions/setup_env
- uses: actions/download-artifact@v4
with:
name: app-web-gen
path: ./services/app-web/src/gen
- uses: actions/download-artifact@v4
with:
name: cypress-gen
path: ./services/cypress/gen
- name: Generate Code
run: pnpm -r generate
- name: Build packages
shell: bash
run: pnpm build:packages
- name: Cypress -- Chrome
id: cypress
uses: cypress-io/github-action@v6
with:
config: baseUrl=${{ needs.finishing-prep.outputs.application-endpoint }}
record: true
parallel: true
browser: chrome
group: 'Chrome'
ci-build-id: ${{ github.run_id }}-${{ github.run_attempt }}
# Point to the cypress config file from root
config-file: services/cypress/cypress.config.ts
env:
VITE_APP_AUTH_MODE: AWS_COGNITO
CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TEST_USERS_PASS: ${{ secrets.TEST_USERS_PASS }}
VITE_APP_API_URL: ${{ needs.finishing-prep.outputs.api-endpoint }}
COGNITO_USER_POOL_ID: ${{ needs.finishing-prep.outputs.cognito-user-pool-id }}
COGNITO_REGION: ${{ needs.finishing-prep.outputs.cognito-region }}
COGNITO_IDENTITY_POOL_ID: ${{ needs.finishing-prep.outputs.cognito-identity-pool-id }}
COGNITO_USER_POOL_WEB_CLIENT_ID: ${{ needs.finishing-prep.outputs.cognito-user-pool-web-client-id }}
# Overwrites folder directories in cypress config because in CI we run from root
CYPRESS_SUPPORT_FILE: services/cypress/support/index.ts
CYPRESS_FIXTURES_FOLDER: services/cypress/fixtures
CYPRESS_SPEC_PATTERN: services/cypress/integration/**/*.spec.ts
CYPRESS_SCREEN_SHOTS_FOLDER: services/cypress/screenshots
CYPRESS_VIDEOS_FOLDER: services/cypress/videos
# Test coverage
CYPRESS_COVERAGE: true
NODE_V8_COVERAGE: ./coverage-cypress
- name: Check coverage directory
if: always()
run: |
echo "Contents of coverage-cypress directory:"
ls -R ./coverage-cypress || echo "Directory not found"
- name: Upload cypress screenshots
uses: actions/upload-artifact@v4
if: failure() && steps.cypress.outcome == 'failure'
with:
name: cypress-screenshots-${{ matrix.containers}}
path: services/cypress/screenshots
- name: Upload cypress video
uses: actions/upload-artifact@v4
if: always() && steps.cypress.outcome != 'skipped'
with:
name: cypress-videos-${{ matrix.containers}}
path: services/cypress/videos
- name: upload partial cypress coverage
uses: actions/upload-artifact@v4
with:
name: partial-cypress-coverage-${{ matrix.containers}}
path: ./coverage-cypress/*.info
- name: upload partial cypress coverage json
uses: actions/upload-artifact@v4
with:
name: cypress-json-coverage-${{ matrix.containers}}
path: ./coverage-cypress/*.json
- name: publish code coverage
uses: paambaati/[email protected]
continue-on-error: true
env:
CC_TEST_REPORTER_ID: f7474ffe9522492f5380eb86189480f352c841718c1fe6a63f169353c7cee243
with:
debug: true
coverageLocations: |
${{github.workspace}}/coverage-cypress/lcov.info
coverage:
name: test-coverage
needs: [cypress]
if: always() && needs.finishing-prep.result == 'success'
runs-on: ubuntu-latest
permissions:
deployments: write
strategy:
fail-fast: false
steps:
- uses: actions/checkout@v4
- name: Setup env
uses: ./.github/actions/setup_env
- name: Collate test coverage reports
run: |
ls
echo $(pwd)
cd ./services/app-web
echo $(pwd)
ls
- uses: actions/download-artifact@v4
- name: Create combined test coverage report
run: |
echo "Combining all coverage reports"
echo "Prepare the folders to hold the reports"
mkdir -p reports/from-cypress/tmp cypress_temp coverage-all/tmp
echo "Listing current folder"
ls
echo "Copy the separate cypress reports from parallel runs to one folder"
for dir in cypress-json-coverage-*; do
if [[ $dir =~ cypress-json-coverage-([0-9]+) ]]; then
num=${BASH_REMATCH[1]}
mkdir -p "./cypress_temp/$num"
cp "$dir"/*.json "./cypress_temp/$num/"
fi
done
echo "Merge the collected cypress reports into one report"
npx c8 report -r lcov -r json -o ./reports/from-cypress --src ./services/app-web/src $(find ./cypress_temp -name '*.json')
echo "Temp merge done"
ls ./cypress_temp
ls ./reports/from-cypress
echo "Copy the web and api coverage reports to the reports folder"
[ -f "./api-test-coverage/coverage-final.json" ] && cp ./api-test-coverage/coverage-final.json ./reports/from-api.json
[ -f "./unit-test-coverage/coverage-final.json" ] && cp ./unit-test-coverage/coverage-final.json ./reports/from-unit-test.json
echo "Copied all files"
echo "DEBUG"
echo "c8 version:"
npx c8 --version
echo "Contents of reports directory:"
ls -R ./reports
echo "Contents of coverage-all directory:"
ls -R ./coverage-all
echo "Merge all reports into one"
npx c8 report --reporter=json -o ./coverage-all \
./reports/from-api.json \
./reports/from-cypress/coverage-final.json \
./reports/from-unit-test.json
echo "Generate the html report from the combined coverage report"
npx c8 report -r lcov -r text -r json-summary --report-dir coverage-all -i ./coverage-all/coverage.json
cd coverage-all
echo "Coverage reports merged and final report generated"
ls -R
- name: Upload combined test coverage
uses: actions/upload-artifact@v4
with:
name: combined-test-coverage
path: ./coverage-all/