Skip to content
This repository has been archived by the owner on Aug 16, 2024. It is now read-only.

Commit

Permalink
Added workflows
Browse files Browse the repository at this point in the history
  • Loading branch information
awshuss committed Nov 17, 2023
1 parent 82593da commit aba8afd
Showing 1 changed file with 63 additions and 57 deletions.
120 changes: 63 additions & 57 deletions .github/workflows/static-vol-selfserve-build-deploy.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ on:

env:
AWS_REGION : ${{ vars.DVSA_AWS_REGION }}
VOL_NONPROD_TOOLING_REPO_URL: ${{ secrets.VOL_NONPROD_TOOLING_ECR_REPO_URL }}
VOL_NONPROD_TOOLING_REPO_URL: ${{ secrets.VOL_NONPROD_TOOLING_ECR_REPO_URL }} #{account}.dkr.ecr.{region}.amazonaws.com/non-prod-vol-ssweb
AWS_ACCOUNT_ID_SHAREDCOREECR: ${{ vars.AWS_ACCOUNT_ID_SHAREDCOREECR }}

# Permission can be added at job level or workflow level
Expand All @@ -25,72 +25,78 @@ jobs:
if: github.event_name == 'pull_request' && github.event_name != 'pull_request_review'
uses: ./.github/workflows/docker-hadolint.yaml

unit-tests:

name: Run Unit Tests
security:
name: Run security Check
if: github.event_name == 'pull_request' && github.event_name != 'pull_request_review'
runs-on: ubuntu-latest

steps:
uses: dvsa/.github/.github/workflows/php-security.yml@main
secrets:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

- name: Checkout the repository to this runner
uses: actions/checkout@v3

- name: Run unit tests
run: |
echo 'Run unit tests'
ls -la ./
# build-test-push-sign-image:

# name: Build, Push & Sign Image
# if: github.event_name == 'pull_request' && github.event_name != 'pull_request_review'
# runs-on: ubuntu-latest
static-analysis:
name: Perform static analysis
if: github.event_name == 'pull_request' && github.event_name != 'pull_request_review'
uses: dvsa/.github/.github/workflows/php-static.yml@main
with:
php-version: '7.4'

# # needs:
# # - build
tests:
name: Run tests
if: github.event_name == 'pull_request' && github.event_name != 'pull_request_review'
uses: dvsa/.github/.github/workflows/php-tests.yml@main
with:
php-versions: "[\"7.4\"]"
fail-fast: false

# steps:
build-test-push-sign-image:

# - name: Checkout the repository to this runner
# uses: actions/checkout@v3
name: Build, Push & Sign Image
if: github.event_name == 'pull_request' && github.event_name != 'pull_request_review'
runs-on: ubuntu-latest

# - name: Build VOL API artifact
# uses: dvsa/olcs-backend/.github/actions/build-vol-api@feature/AWSRESET1-514
# needs:
# - build

# - name: Set BASE_IMAGE & VOL_API_IMAGE_TAG
# if: github.event.review.state == 'APPROVED'
# run: |
# envsubst < dockerfile | tee dockerfile.tmp
# mv dockerfile.tmp dockerfile
# BASE_IMAGE=$(head -n1 dockerfile)
# echo "BASE_IMAGE=${BASE_IMAGE#* }" >> $GITHUB_ENV
# echo "VOL_API_IMAGE_TAG=pr-approved-vol-api-${BASE_IMAGE#*:}-$(git rev-parse --short HEAD)" >> $GITHUB_ENV
steps:

# - name: Configure AWS credentials on Shared Core ECR
# if: github.event.review.state == 'APPROVED'
# uses: aws-actions/[email protected]
# with:
# role-to-assume: ${{ secrets.DVSA_AWS_ROLE_SHAREDCORECR }}
# role-session-name: GitHub_to_AWS_via_FederatedOIDC
# aws-region: ${{ vars.DVSA_AWS_REGION }}
- name: Checkout the repository to this runner
uses: actions/checkout@v3

# - name: Login to Shared Core ECR
# if: github.event.review.state == 'APPROVED'
# id: login-ecr-sharedcoreecr
# uses: aws-actions/[email protected]
- name: Build VOL API artifact
uses: dvsa/olcs-backend/.github/actions/build-ssweb@feature/AddWorkflows

# - name: Verify base image
# if: github.event.review.state == 'APPROVED'
# uses: dvsa/olcs-backend/.github/actions/image-integrity@feature/AWSRESET1-514
# with:
# ecr_tagged_image: $BASE_IMAGE
# image_sign_inspect: 'true'
- name: Set BASE_IMAGE & VOL_SSWEB_IMAGE_TAG
if: github.event.review.state == 'APPROVED'
run: |
envsubst < dockerfile | tee dockerfile.tmp
mv dockerfile.tmp dockerfile
BASE_IMAGE=$(head -n1 dockerfile)
echo "BASE_IMAGE=${BASE_IMAGE#* }" >> $GITHUB_ENV
echo "VOL_SSWEB_IMAGE_TAG=pr-approved-ssweb-${BASE_IMAGE#*:}-$(git rev-parse --short HEAD)" >> $GITHUB_ENV
- name: Configure AWS credentials on Shared Core ECR
if: github.event.review.state == 'APPROVED'
uses: aws-actions/[email protected]
with:
role-to-assume: ${{ secrets.DVSA_AWS_ROLE_SHAREDCORECR }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ vars.DVSA_AWS_REGION }}

- name: Login to Shared Core ECR
if: github.event.review.state == 'APPROVED'
id: login-ecr-sharedcoreecr
uses: aws-actions/[email protected]

- name: Verify base image
if: github.event.review.state == 'APPROVED'
uses: dvsa/.github/.github/actions/image-integrity@feature/AddMiscAuxilaryWorkflows
with:
ecr_tagged_image: $BASE_IMAGE
image_sign_inspect: 'true'

# - name: Build VOL API image
# if: github.event.review.state == 'APPROVED'
# run: |
# docker build -t ${VOL_NONPROD_TOOLING_REPO_URL}:${VOL_API_IMAGE_TAG} \
# docker build -t ${VOL_NONPROD_TOOLING_REPO_URL}:${VOL_SSWEB_IMAGE_TAG} \
# --build-arg DVSA_AWS_SHAREDCOREECR_ID=${{secrets.DVSA_AWS_SHAREDCOREECR_ID}} .

# - name: Snyk scan VOL API image
Expand All @@ -100,7 +106,7 @@ jobs:
# env:
# SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
# with:
# image: ${VOL_NONPROD_TOOLING_REPO_URL}:${VOL_API_IMAGE_TAG}
# image: ${VOL_NONPROD_TOOLING_REPO_URL}:${VOL_SSWEB_IMAGE_TAG}
# args: --file=dockerfile --severity-threshold=high
# continue-on-error: true

Expand All @@ -121,8 +127,8 @@ jobs:
# if: github.event.review.state == 'APPROVED'
# id: push-image
# run: |
# echo "image_tag=${VOL_API_IMAGE_TAG}" >> $GITHUB_OUTPUT
# docker push ${VOL_NONPROD_TOOLING_REPO_URL}:${VOL_API_IMAGE_TAG}
# echo "image_tag=${VOL_SSWEB_IMAGE_TAG}" >> $GITHUB_OUTPUT
# docker push ${VOL_NONPROD_TOOLING_REPO_URL}:${VOL_SSWEB_IMAGE_TAG}

# outputs:
# image_tag: ${{ steps.push-image.outputs.image_tag }}
Expand All @@ -148,7 +154,7 @@ jobs:
# # branch: 'feature/AWSRESET1-514'
# # git_repository: 'dvsa/dvsa-container-registry'
# # workflow_name: 'CD NON-PROD VOL API'
# # input_arguments: 'vol_api_image_tag=${{ needs.build-test-push-sign-image.outputs.image_tag }}'
# # input_arguments: 'VOL_SSWEB_IMAGE_TAG=${{ needs.build-test-push-sign-image.outputs.image_tag }}'
# # secrets:
# # gh_token: ${{ secrets.DVSA_VOL_TERRAFORM_ACCESS_TOKEN }}

Expand Down

0 comments on commit aba8afd

Please sign in to comment.