Merge branch 'oss/main' #1231
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: '@app/vault CI' | |
on: | |
push: | |
branches: | |
- '**' | |
paths: | |
- packages/** | |
- apps/vault/** | |
- .github/workflows/vault.yml | |
- jest.config.ts | |
- jest.preset.js | |
- .eslintrc.json | |
- .prettierrc | |
- package.json | |
- package-lock.json | |
- deploy/vault.dockerfile | |
tags-ignore: | |
- vault-v* | |
- armory-v* | |
- policy-engine-v* | |
jobs: | |
test: | |
name: Test | |
runs-on: ubuntu-latest | |
services: | |
postgres: | |
image: postgres:14 | |
ports: | |
- '5432:5432' | |
env: | |
POSTGRES_USER: postgres | |
POSTGRES_PASSWORD: postgres | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Add .npmrc | |
if: ${{ !startsWith(github.head_ref, 'dependabot/') }} | |
run: echo "${{ secrets.NPMRC }}" > .npmrc | |
- name: Install node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: '21' | |
cache: 'npm' | |
- name: Install dependencies | |
run: | | |
make install/ci | |
- name: Code format | |
shell: bash | |
run: | | |
make vault/format/check | |
make vault/lint/check | |
- name: Setup database and Prisma types | |
shell: bash | |
run: | | |
make vault/copy-default-env | |
make vault/test/db/setup | |
make vault/db/generate-types | |
- name: Test types | |
shell: bash | |
run: | | |
make vault/test/type | |
- name: Test unit | |
shell: bash | |
run: | | |
make vault/test/unit | |
- name: Test integration | |
shell: bash | |
run: | | |
make vault/test/integration | |
- name: Test E2E | |
shell: bash | |
run: | | |
make vault/test/e2e | |
- name: Send Slack notification on failure | |
if: failure() && github.ref == 'refs/heads/main' | |
uses: 8398a7/action-slack@v3 | |
with: | |
username: GitHub | |
author_name: '@app/vault CI tests failed' | |
status: ${{ job.status }} | |
fields: message,commit,author | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} | |
release: | |
name: Release | |
runs-on: ubuntu-latest | |
if: github.ref == 'refs/heads/main' | |
# Only run if the Test job succeeds | |
needs: test | |
permissions: | |
id-token: write | |
contents: write | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ vars.ACTIONS_ECR_ROLE_ARN }} # Organization variable | |
aws-region: ${{ vars.ACTIONS_ECR_REGION }} # Organization variable | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
- name: Get short SHA | |
id: slug | |
run: echo "sha7=${GITHUB_SHA::7}" >> $GITHUB_ENV | |
- name: Add private .npmrc | |
run: echo "${{ secrets.NPMRC }}" > .npmrc | |
- name: Build, tag, and push docker image to Amazon ECR | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: ./deploy/vault.dockerfile | |
push: true | |
tags: | | |
${{ steps.login-ecr.outputs.registry }}/armory/vault:${{ env.sha7 }} | |
${{ steps.login-ecr.outputs.registry }}/armory/vault:latest | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
- name: Create GitHub App Token | |
uses: actions/create-github-app-token@v1 | |
id: app-token | |
with: | |
app-id: ${{ vars.NARVAL_HELM_APP_ID }} | |
private-key: ${{ secrets.NARVAL_HELM_PRIVATE_KEY }} | |
repositories: 'armory-platform' | |
- name: Notify Platform | |
uses: peter-evans/repository-dispatch@v3 | |
with: | |
token: ${{ steps.app-token.outputs.token }} | |
repository: narval-xyz/armory-platform | |
event-type: dev-build | |
client-payload: | | |
{ | |
"app": "vault", | |
"commit_sha": "${{ github.sha }}", | |
"commit_sha7": "${{ env.sha7 }}", | |
"repository": "${{ github.repository }}", | |
"branch": "${{ github.ref_name }}", | |
"built_by": "${{ github.actor }}", | |
"image_uri": "${{ steps.login-ecr.outputs.registry }}/armory/vault:${{ env.sha7 }}", | |
"build_url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
} | |
- name: Send Slack notification on failure | |
if: failure() && github.ref == 'refs/heads/main' | |
uses: 8398a7/action-slack@v3 | |
with: | |
username: GitHub | |
author_name: '@app/vault CI release failed' | |
status: ${{ job.status }} | |
fields: message,commit,author | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} |