This repository has been archived by the owner on Aug 16, 2024. It is now read-only.

CI/CD NON PROD INTERNAL WEB #4

Workflow file for this run

.github/workflows/non-prod-internal-web-build-deploy.yaml at 934a558

	name: CI/CD NON PROD INTERNAL WEB
	run-name: CI/CD NON PROD INTERNAL WEB

	on:
	pull_request:
	push:
	branches:
	- master

	env:
	AWS_REGION : ${{ vars.DVSA_AWS_REGION }}
	IUWEB_NONPROD_TOOLING_REPO_URL: ${{ secrets.IUWEB_NONPROD_TOOLING_ECR_REPO_URL }}
	AWS_ACCOUNT_ID_SHAREDCOREECR: ${{ vars.AWS_ACCOUNT_ID_SHAREDCOREECR }}

	# Permission can be added at job level or workflow level
	permissions:
	id-token: write # This is required for requesting the JWT
	contents: read # This is required for actions/checkout

	jobs:

	# security:
	# uses: dvsa/.github/.github/workflows/php-security.yml@v3.2.0
	# secrets:
	# SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

	# static-analysis:
	# uses: dvsa/.github/.github/workflows/php-static.yml@v3.2.0
	# # with:
	# # php-version: '7.4'

	# tests:
	# uses: dvsa/.github/.github/workflows/php-tests.yml@v3.2.0
	# with:
	# php-versions: "[\"7.4\"]"
	# # fail-fast: false

	unit-tests:

	name: Run Unit Tests
	runs-on: ubuntu-latest

	steps:

	- name: Checkout the repository to this runner
	uses: actions/checkout@v3

	- name: Run unit tests
	run: \|
	echo 'Run unit tests'
	ls -la ./

	build-test-push-sign-image:

	name: Build, Push & Sign Image
	runs-on: ubuntu-latest
	strategy:
	matrix:
	php:
	- '7.4'

	steps:

	- name: Checkout the repository to this runner
	uses: actions/checkout@v3

	- name: Setup PHP
	uses: shivammathur/setup-php@v2
	with:
	php-version: ${{ matrix.php }}
	tools: composer:v2
	coverage: none

	- name: Build Internal Web artifact
	uses: dvsa/olcs-internal/.github/actions/build-iuweb@feature/AddWorkflows

	- name: Set BASE_IMAGE & IUWEB_IMAGE_TAG
	run: \|
	envsubst < dockerfile \| tee dockerfile.tmp
	mv dockerfile.tmp dockerfile
	BASE_IMAGE=$(head -n1 dockerfile)
	echo "BASE_IMAGE=${BASE_IMAGE#* }" >> $GITHUB_ENV
	echo "IUWEB_IMAGE_TAG=approved-iuweb-${BASE_IMAGE#*:}-$(git rev-parse --short HEAD)" >> $GITHUB_ENV

	- name: Configure AWS credentials on Shared Core ECR
	uses: aws-actions/configure-aws-credentials@v4.0.1
	with:
	role-to-assume: ${{ secrets.DVSA_AWS_ROLE_SHAREDCORECR }}
	role-session-name: GitHub_to_AWS_via_FederatedOIDC
	aws-region: ${{ env.AWS_REGION }}

	- name: Login to Shared Core ECR
	id: login-ecr-sharedcoreecr
	uses: aws-actions/amazon-ecr-login@v2.0.1

	- name: Verify base image
	uses: dvsa/.github/.github/actions/image-integrity@feature/AddMiscAuxilaryWorkflows
	with:
	ecr_tagged_image: $BASE_IMAGE
	image_sign_inspect: 'true'

	- name: Build Internal Web image
	run: \|
	docker build -t ${IUWEB_NONPROD_TOOLING_REPO_URL}:${IUWEB_IMAGE_TAG} \
	--build-arg DVSA_AWS_SHAREDCOREECR_ID=${{ env.AWS_ACCOUNT_ID_SHAREDCOREECR }} .

	- name: Snyk scan Internal Web image
	id: scan-api-image
	uses: snyk/actions/docker@master
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
	with:
	image: ${IUWEB_NONPROD_TOOLING_REPO_URL}:${IUWEB_IMAGE_TAG}
	args: --file=dockerfile --severity-threshold=critical
	continue-on-error: true

	- name: Configure AWS credentials on Non Production IUWEB ECR
	uses: aws-actions/configure-aws-credentials@v4.0.1
	with:
	role-to-assume: ${{ secrets.VOL_AWS_ROLE_TOOLING_NONPROD }}
	role-session-name: GitHub_to_AWS_via_FederatedOIDC
	aws-region: ${{ env.AWS_REGION }}

	- name: Login to Non Production IUWEB ECR
	id: login-ecr-iuweb-tooling-non-prod
	uses: aws-actions/amazon-ecr-login@v2.0.1

	- name: Push Internal Web image
	# if: github.ref == 'refs/heads/master'
	id: push-image
	run: \|
	echo "image_tag=${IUWEB_IMAGE_TAG}" >> $GITHUB_OUTPUT
	docker push ${IUWEB_NONPROD_TOOLING_REPO_URL}:${IUWEB_IMAGE_TAG}

	- name: Sign Internal Web image
	# if: github.ref == 'refs/heads/master'
	uses: dvsa/.github/.github/actions/image-integrity@feature/AddMiscAuxilaryWorkflows
	with:
	aws_signer_profile_arn: ${{ secrets.DVSA_AWS_IUWEB_NONPROD_TOOLING_IMAGE_SIGNING_PROFILE }}
	ecr_tagged_image: ${IUWEB_NONPROD_TOOLING_REPO_URL}:${IUWEB_IMAGE_TAG}
	image_sign_create: 'true'

	# - name: Release Internal Web
	# uses: google-github-actions/release-please-action@v3
	# id: release
	# with:
	# release-type: php
	# package-name: ${{ github.event.repository.name }}

	outputs:
	image_tag: ${{ steps.push-image.outputs.image_tag }}

	# deploy-on-non-prod-cluster:

	# name: Deploy on Non Prod Cluster
	# # if: github.ref == 'refs/heads/master'

	# needs:
	# - unit-tests
	# # - security
	# # - static-analysis
	# # - tests
	# - build-test-push-sign-image

	# runs-on: ubuntu-latest

	# steps:

	# - name: Deploy
	# run: \|
	# echo 'Deploy on Non Prod'

	# # uses: dvsa/.github/.github/workflows/trigger-github-workflow.yaml@feature/AddMiscAuxilaryWorkflows
	# # with:
	# # branch: 'feature/AWSRESET1-514'
	# # git_repository: 'dvsa/dvsa-container-registry'
	# # workflow_name: 'CD NON PROD INTERNAL WEB'
	# # input_arguments: 'iuweb_image_tag=${{ needs.build-test-push-sign-image.outputs.image_tag }}'
	# # secrets:
	# # gh_token: ${{ secrets.DVSA_VOL_TERRAFORM_ACCESS_TOKEN }}

	# automation-tests:

	# name: Run Automation Tests
	# # if: github.ref == 'refs/heads/master'
	# runs-on: ubuntu-latest

	# needs:
	# - deploy-on-non-prod-cluster

	# steps:

	# - name: Run automation tests
	# run: \|
	# echo 'Run automation tests'

	# build-nonprod-approved-image:

	# name: Build Non PROD Approved Image
	# # if: github.ref == 'refs/heads/master'
	# runs-on: ubuntu-latest

	# needs:
	# - build-test-push-sign-image
	# - deploy-on-non-prod-cluster
	# - automation-tests

	# steps:

	# - name: IUWEB_IMAGE_TAG & NONPROD_IUWEB_IMAGE_TAG
	# run: \|
	# echo "IUWEB_IMAGE_TAG=${{ needs.build-test-push-sign-image.outputs.image_tag }}" >> $GITHUB_ENV
	# echo "NONPROD_IUWEB_IMAGE_TAG=nonprod-${{ needs.build-test-push-sign-image.outputs.image_tag }}" >> $GITHUB_ENV

	# - name: Configure AWS credentials on Non Production IUWEB ECR
	# uses: aws-actions/configure-aws-credentials@v4.0.1
	# with:
	# role-to-assume: ${{ secrets.VOL_AWS_ROLE_TOOLING_NONPROD }}
	# role-session-name: GitHub_to_AWS_via_FederatedOIDC
	# aws-region: ${{ env.AWS_REGION }}

	# - name: Login to Non Production IUWEB ECR
	# id: login-ecr-iuweb-tooling-non-prod
	# uses: aws-actions/amazon-ecr-login@v2.0.1

	# - name: Push Internal Web image
	# # if: github.ref == 'refs/heads/master'
	# id: push-approved-image
	# run: \|
	# echo "approved_image_tag=${NONPROD_IUWEB_IMAGE_TAG}" >> $GITHUB_OUTPUT
	# docker pull ${IUWEB_NONPROD_TOOLING_REPO_URL}:${IUWEB_IMAGE_TAG}
	# docker tag ${IUWEB_NONPROD_TOOLING_REPO_URL}:${IUWEB_IMAGE_TAG} ${IUWEB_NONPROD_TOOLING_REPO_URL}:${NONPROD_IUWEB_IMAGE_TAG}
	# docker push ${IUWEB_NONPROD_TOOLING_REPO_URL}:${NONPROD_IUWEB_IMAGE_TAG}

	# outputs:
	# approved_image_tag: ${{ steps.push-approved-image.outputs.approved_image_tag }}

	# qa-approval:

	# name: QA Internal Web Image Approval
	# # if: github.ref == 'refs/heads/master'

	# needs:
	# - build-nonprod-approved-image

	# uses: dvsa/.github/.github/workflows/trigger-github-workflow.yaml@feature/AddMiscAuxilaryWorkflows
	# with:
	# branch: 'feature/AddWorkflows'
	# git_repository: 'dvsa/olcs-internal'
	# workflow_name: 'qa-internal-web-approval.yaml'
	# input_arguments: 'iuweb_image_tag=${{ needs.build-nonprod-approved-image.outputs.approved_image_tag }}'
	# secrets:
	# gh_token: ${{ secrets.DVSA_VOL_TERRAFORM_ACCESS_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CI/CD NON PROD INTERNAL WEB #4

Workflow file

CI/CD NON PROD INTERNAL WEB #4

Jobs

Run details

Workflow file for this run