Skip to content

dms-2024-i5-r1

dms-2024-i5-r1 #413

Workflow file for this run

name: Test
on: [pull_request]
jobs:
test:
strategy:
matrix:
ruby-version:
- '3.1.6'
# - '3.2' # Not yet tested on CentOS 7. Ideally move to rails 7.0 first
name: Ruby ${{ matrix.ruby-version }}
runs-on: ubuntu-latest
services:
postgres:
image: postgres
env:
POSTGRES_USER: rails
POSTGRES_PASSWORD: rails_password
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 5432:5432
env:
DB_HOST: localhost
DB_PORT: 5432
DB_USERNAME: rails
DB_PASSWORD: rails_password
# Prep the whole stack in test-only mode:
RAILS_ENV: test
steps:
- uses: actions/checkout@v2
- name: Remove mini_racer CentOS 7 shim from Gemfile.lock
run: sed -i.bak -e '/mini_racer ([0-9.]*-x86_64-linux)/,+1d' Gemfile.lock
- name: Remove tests confirming mini_racer CentOS 7 shim in Gemfile.lock
run: rm -f test/lib/gemfile_test.rb
- name: Set up Ruby + Bundle
uses: ruby/setup-ruby@v1
with:
bundler-cache: true
ruby-version: ${{ matrix.ruby-version }}
- name: Inject configuration
run: cp config/database.yml{.ci,}
- name: Prepare the database
run: bin/rails db:setup
- name: Precompile assets
# Since ruby/setup-ruby@v1 moved to Node.js v18 we need the extra options
# until we move to newer webpacker / stop using it.
# I've tried using a newer hash function in config/webpack/environment.js
# by adding the following line, but this didn't help with github actions
# # environment.config.set('output.hashFunction', 'sha256')
# https://stackoverflow.com/questions/69692842/error-message-error0308010cdigital-envelope-routinesunsupported/73465262#73465262
run: NODE_OPTIONS=--openssl-legacy-provider bin/rails assets:precompile
- name: Run tests
run: bin/rails test
brakeman:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Remove mini_racer CentOS 7 shim from Gemfile.lock
run: sed -i.bak -e '/mini_racer ([0-9.]*-x86_64-linux)/,+1d' Gemfile.lock
- name: Set up Ruby + Bundle
uses: ruby/setup-ruby@v1
with:
bundler-cache: true
- name: Run Brakeman analysis
run: bundle exec brakeman
bundle-audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Remove mini_racer CentOS 7 shim from Gemfile.lock
run: sed -i.bak -e '/mini_racer ([0-9.]*-x86_64-linux)/,+1d' Gemfile.lock
- name: Set up Ruby + Bundle
uses: ruby/setup-ruby@v1
with:
bundler-cache: true
- name: Audit the bundle
# Ignore bootstrap version 3 warning: https://nhsd-jira.digital.nhs.uk/browse/NDRS2-1676
run: bundle exec bundle-audit check --update --ignore CVE-2024-6484
# run: bundle exec bundle-audit check --update
# A utility job upon which Branch Protection can depend,
# thus remaining agnostic of the matrix.
test_matrix:
if: ${{ always() }}
runs-on: ubuntu-latest
name: Matrix
needs: test
steps:
- name: Check build matrix status
if: ${{ needs.test.result != 'success' }}
run: exit 1
notify:
# Run only on master, but regardless of whether tests past:
if: ${{ always() && github.ref == 'refs/heads/master' }}
needs:
- test_matrix
- brakeman
- bundle-audit
runs-on: ubuntu-latest
steps:
- uses: 8398a7/action-slack@v3
with:
status: custom
fields: workflow,commit,author
custom_payload: |
{
channel: 'CSEPN7EES',
username: 'CI',
icon_emoji: ':hammer_and_wrench:',
attachments: [{
color: '${{ needs.test.result }}' === 'success' ? 'good' : '${{ needs.test.result }}' === 'failure' ? 'danger' : 'warning',
text: `${process.env.AS_WORKFLOW} against \`${{ github.ref }}\` (${process.env.AS_COMMIT}) for ${{ github.actor }} resulted in *${{ needs.test.result }}*.`
},{
color: '${{ needs.brakeman.result }}' === 'success' ? 'good' : '${{ needs.brakeman.result }}' === 'failure' ? 'danger' : 'warning',
text: `Brakeman checks returned *${{ needs.brakeman.result }}*.`
},{
color: '${{ needs.bundle-audit.result }}' === 'success' ? 'good' : '${{ needs.bundle-audit.result }}' === 'failure' ? 'danger' : 'warning',
text: `Bundle Audit checks returned *${{ needs.bundle-audit.result }}*.`
}]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}