Release/2023-08-03 #1597
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: pull_request | |
permissions: | |
id-token: write | |
contents: read | |
actions: write | |
env: | |
BASE_CACHE_NAME: base-cache | |
CACHE_NAME: cache | |
BASE_ARTIFACT_NAME: base-artifact | |
ARTIFACT_NAME: artifact | |
TF_ARTIFACT_NAME: terraform-artifact | |
AWS_DEFAULT_REGION: eu-west-2 | |
# Default github env vars are not working for some reason. This is here to get branch names from the trigger event | |
BASE_BRANCH_NAME: ${{ github.event.pull_request.base.ref }} | |
BRANCH_NAME: ${{ github.event.pull_request.head.ref }} | |
TF_CLI_ARGS: -no-color | |
RUNNING_IN_CI: 1 | |
jobs: | |
set-uniquish-id: | |
# Set a uniquish ID - good enough for our purposes since it must be close enough to unique for | |
# a) Terraform / AWS to allow clean build/destroys without side-effects (e.g. we don't | |
# want resources marked for deletion to be recreated in another CI run) | |
# b) Not to fall foul of character limits on AWS resource names: the ID must be short | |
name: Set a uniquish ID | |
runs-on: [self-hosted, ci] | |
steps: | |
- name: Set a uniquish ID | |
id: set_uniqish_id | |
run: | | |
TIME_IN_SECONDS_SINCE_MIDNIGHT=$(date -d "1970-01-01 UTC $(date +%T)" +%s) | |
echo "uniqish_id=${GITHUB_SHA::7}-${TIME_IN_SECONDS_SINCE_MIDNIGHT}" >> $GITHUB_OUTPUT | |
outputs: | |
uniqish_id: ${{ steps.set_uniqish_id.outputs.uniqish_id }} | |
check-release: | |
name: Check if release branch | |
runs-on: [self-hosted, ci] | |
steps: | |
- name: Git clone - ${{ env.BRANCH_NAME }} | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ env.BRANCH_NAME }} | |
- name: Is release branch | |
run: | | |
if [[ ${{ github.event.pull_request.head.ref }} == release/* || ${{ github.event.pull_request.head.ref }} == hotfix/* ]]; | |
then | |
echo "Branch is a release branch, checking names match"; | |
else | |
echo "Regular branch, exiting release check" | |
exit 0; | |
fi | |
prefix="release/" | |
branchname=${{ env.BRANCH_NAME }} | |
releasedate=${branchname#"$prefix"} | |
if grep "$releasedate" CHANGELOG.md ; then | |
echo "Branch is a release and matches the latest release details in CHANGELOG.md, continuing" | |
exit 0 | |
else | |
echo "Branch name does not match the latest release details in CHANGELOG.md, exiting" | |
exit 1; | |
fi | |
cache-base: | |
name: Cache (base) | |
needs: [check-release] | |
runs-on: [self-hosted, ci] | |
steps: | |
- name: Git clone - ${{ env.BASE_BRANCH_NAME }} | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ env.BASE_BRANCH_NAME }} | |
- name: Runner setup | |
uses: ./.github/actions/runner-setup/ | |
- name: Install dependencies | |
run: | | |
source nrlf.sh | |
nrlf make install | |
- name: Create cache - ${{ env.BASE_CACHE_NAME }} | |
uses: ./.github/actions/caching/ | |
with: | |
path: .venv | |
name: ${{ env.BASE_CACHE_NAME }} | |
cache: | |
name: Cache (head) | |
needs: [check-release] | |
runs-on: [self-hosted, ci] | |
steps: | |
- name: Git clone - ${{ env.BRANCH_NAME }} | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ env.BRANCH_NAME }} | |
- name: Runner setup | |
uses: ./.github/actions/runner-setup/ | |
- name: Install dependencies | |
run: | | |
source nrlf.sh | |
nrlf make install | |
- name: Create cache - ${{ env.CACHE_NAME }} | |
uses: ./.github/actions/caching/ | |
with: | |
path: .venv | |
name: ${{ env.CACHE_NAME }} | |
lint-check: | |
needs: [cache] | |
name: Linting check (head) | |
runs-on: [self-hosted, ci] | |
steps: | |
- name: Git clone - ${{ env.BRANCH_NAME }} | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ env.BRANCH_NAME }} | |
- name: Runner setup | |
uses: ./.github/actions/runner-setup/ | |
- name: Download cache - ${{ env.CACHE_NAME }} | |
uses: ./.github/actions/caching/ | |
with: | |
path: .venv | |
name: ${{ env.CACHE_NAME }} | |
- name: Run linting | |
run: | | |
source .venv/bin/activate | |
source nrlf.sh | |
nrlf lint check | |
unit-test: | |
needs: [cache] | |
name: Unit test (head) | |
runs-on: [self-hosted, ci] | |
steps: | |
- name: Git clone - ${{ env.BRANCH_NAME }} | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ env.BRANCH_NAME }} | |
- name: Runner setup | |
uses: ./.github/actions/runner-setup/ | |
- name: Download cache - ${{ env.CACHE_NAME }} | |
uses: ./.github/actions/caching/ | |
with: | |
path: .venv | |
name: ${{ env.CACHE_NAME }} | |
- name: Run test | |
run: | | |
source .venv/bin/activate | |
source nrlf.sh | |
nrlf test unit --runslow | |
feature-test-local: | |
needs: [cache] | |
name: Local Feature Test (head) | |
runs-on: [self-hosted, ci] | |
steps: | |
- name: Git clone - ${{ env.BRANCH_NAME }} | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ env.BRANCH_NAME }} | |
- name: Runner setup | |
uses: ./.github/actions/runner-setup/ | |
- name: Download cache - ${{ env.CACHE_NAME }} | |
uses: ./.github/actions/caching/ | |
with: | |
path: .venv | |
name: ${{ env.CACHE_NAME }} | |
- name: Run test | |
run: | | |
source .venv/bin/activate | |
source nrlf.sh | |
nrlf test feature local | |
build-base: | |
needs: [cache-base] | |
name: Build (base) | |
runs-on: [self-hosted, ci] | |
steps: | |
- name: Git clone - ${{ env.BASE_BRANCH_NAME }} | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ env.BASE_BRANCH_NAME }} | |
- name: Runner setup | |
uses: ./.github/actions/runner-setup/ | |
- name: Download cache - ${{ env.BASE_CACHE_NAME }} | |
uses: ./.github/actions/caching/ | |
with: | |
path: .venv | |
name: ${{ env.BASE_CACHE_NAME }} | |
- name: Build | |
run: | | |
source .venv/bin/activate | |
source nrlf.sh | |
nrlf make build | |
- name: Upload artifact - ${{ env.BASE_ARTIFACT_NAME }} | |
uses: ./.github/actions/upload-artifact/ | |
with: | |
name: ${{ env.BASE_ARTIFACT_NAME }} | |
path: ./**/dist/*.zip | |
build: | |
needs: [cache] | |
name: Build (head) | |
runs-on: [self-hosted, ci] | |
steps: | |
- name: Git clone - ${{ env.BRANCH_NAME }} | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ env.BRANCH_NAME }} | |
- name: Runner setup | |
uses: ./.github/actions/runner-setup/ | |
- name: Download cache - ${{ env.CACHE_NAME }} | |
uses: ./.github/actions/caching/ | |
with: | |
path: .venv | |
name: ${{ env.CACHE_NAME }} | |
- name: Build | |
run: | | |
source .venv/bin/activate | |
source nrlf.sh | |
nrlf make build | |
- name: Upload artifact - ${{ env.ARTIFACT_NAME }} | |
uses: ./.github/actions/upload-artifact/ | |
with: | |
name: ${{ env.ARTIFACT_NAME }} | |
path: ./**/dist/*.zip | |
terraform-base: | |
needs: | |
[build-base, unit-test, feature-test-local, lint-check, set-uniquish-id] | |
name: Terraform (base) | |
runs-on: [self-hosted, ci] | |
steps: | |
- name: Git clone - ${{ env.BASE_BRANCH_NAME }} | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ env.BASE_BRANCH_NAME }} | |
- name: Runner setup | |
uses: ./.github/actions/runner-setup/ | |
- name: Download artifacts - ${{ env.BASE_ARTIFACT_NAME }} | |
uses: ./.github/actions/download-artifact/ | |
with: | |
name: ${{ env.BASE_ARTIFACT_NAME }} | |
- name: Configure aws credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
role-to-assume: ${{ secrets.CI_ROLE_NAME }} | |
role-session-name: github-actions-ci-${{ needs.set-uniquish-id.outputs.uniqish_id }} | |
aws-region: eu-west-2 | |
- name: Terraform apply | |
run: | | |
source nrlf.sh | |
nrlf truststore pull-server ref | |
nrlf terraform ciinit "ci-${{ needs.set-uniquish-id.outputs.uniqish_id }}" | |
nrlf terraform ciplan "ci-${{ needs.set-uniquish-id.outputs.uniqish_id }}" | |
nrlf terraform ciapply "ci-${{ needs.set-uniquish-id.outputs.uniqish_id }}" | |
terraform-apply: | |
needs: | |
[ | |
build, | |
unit-test, | |
lint-check, | |
feature-test-local, | |
terraform-base, | |
set-uniquish-id, | |
] | |
name: Terraform (head) | |
runs-on: [self-hosted, ci] | |
steps: | |
- name: Git clone - ${{ env.BRANCH_NAME }} | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ env.BRANCH_NAME }} | |
- name: Runner setup | |
uses: ./.github/actions/runner-setup/ | |
- name: Download artifacts - ${{ env.ARTIFACT_NAME }} | |
uses: ./.github/actions/download-artifact/ | |
with: | |
name: ${{ env.ARTIFACT_NAME }} | |
- name: Configure aws credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
role-to-assume: ${{ secrets.CI_ROLE_NAME }} | |
role-session-name: github-actions-ci-${{ needs.set-uniquish-id.outputs.uniqish_id }} | |
aws-region: eu-west-2 | |
- name: Terraform apply | |
run: | | |
source nrlf.sh | |
nrlf truststore pull-server ref | |
nrlf terraform ciinit "ci-${{ needs.set-uniquish-id.outputs.uniqish_id }}" | |
nrlf terraform ciplan "ci-${{ needs.set-uniquish-id.outputs.uniqish_id }}" | |
nrlf terraform ciapply "ci-${{ needs.set-uniquish-id.outputs.uniqish_id }}" || echo "ok" | |
nrlf terraform ciplan "ci-${{ needs.set-uniquish-id.outputs.uniqish_id }}" | |
nrlf terraform ciapply "ci-${{ needs.set-uniquish-id.outputs.uniqish_id }}" | |
- name: Upload artifact | |
uses: ./.github/actions/upload-artifact/ | |
with: | |
name: ${{ env.TF_ARTIFACT_NAME }} | |
path: ./terraform/infrastructure/output.json | |
integration-test: | |
needs: [terraform-apply, set-uniquish-id] | |
name: Integration test (head) | |
runs-on: [self-hosted, ci] | |
steps: | |
- name: Git clone - ${{ env.BRANCH_NAME }} | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ env.BRANCH_NAME }} | |
- name: Runner setup | |
uses: ./.github/actions/runner-setup/ | |
- name: Download artifacts - ${{ env.TF_ARTIFACT_NAME }} | |
uses: ./.github/actions/download-artifact/ | |
with: | |
name: ${{ env.TF_ARTIFACT_NAME }} | |
path: ./terraform/infrastructure/ | |
- name: Download cache - ${{ env.CACHE_NAME }} | |
uses: ./.github/actions/caching/ | |
with: | |
path: .venv | |
name: ${{ env.CACHE_NAME }} | |
- name: Configure aws credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
role-to-assume: ${{ secrets.CI_ROLE_NAME }} | |
role-session-name: github-actions-ci-${{ needs.set-uniquish-id.outputs.uniqish_id }} | |
aws-region: eu-west-2 | |
- name: Run test | |
run: | | |
source .venv/bin/activate | |
source nrlf.sh | |
nrlf truststore pull-client ref | |
nrlf test integration | |
feature-test-integration: | |
needs: [integration-test, set-uniquish-id] | |
name: Feature integration test (head) | |
runs-on: [self-hosted, ci] | |
steps: | |
- name: Git clone - ${{ env.BRANCH_NAME }} | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ env.BRANCH_NAME }} | |
- name: Runner setup | |
uses: ./.github/actions/runner-setup/ | |
- name: Download artifacts - ${{ env.TF_ARTIFACT_NAME }} | |
uses: ./.github/actions/download-artifact/ | |
with: | |
name: ${{ env.TF_ARTIFACT_NAME }} | |
path: ./terraform/infrastructure/ | |
- name: Download cache - ${{ env.CACHE_NAME }} | |
uses: ./.github/actions/caching/ | |
with: | |
path: .venv | |
name: ${{ env.CACHE_NAME }} | |
- name: Configure aws credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
role-to-assume: ${{ secrets.CI_ROLE_NAME }} | |
role-session-name: github-actions-ci-${{ needs.set-uniquish-id.outputs.uniqish_id }} | |
aws-region: eu-west-2 | |
- name: Run test | |
run: | | |
source .venv/bin/activate | |
source nrlf.sh | |
nrlf truststore pull-client ref | |
nrlf test feature integration | |
firehose-integration-test: | |
needs: [terraform-apply, set-uniquish-id] | |
name: Firehose integration test (head) | |
runs-on: [self-hosted, ci] | |
steps: | |
- name: Git clone - ${{ env.BRANCH_NAME }} | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ env.BRANCH_NAME }} | |
- name: Runner setup | |
uses: ./.github/actions/runner-setup/ | |
- name: Download artifacts - ${{ env.TF_ARTIFACT_NAME }} | |
uses: ./.github/actions/download-artifact/ | |
with: | |
name: ${{ env.TF_ARTIFACT_NAME }} | |
path: ./terraform/infrastructure/ | |
- name: Download cache - ${{ env.CACHE_NAME }} | |
uses: ./.github/actions/caching/ | |
with: | |
path: .venv | |
name: ${{ env.CACHE_NAME }} | |
- name: Configure aws credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
role-to-assume: ${{ secrets.CI_ROLE_NAME }} | |
role-session-name: github-actions-ci-${{ needs.set-uniquish-id.outputs.uniqish_id }} | |
aws-region: eu-west-2 | |
- name: Run test | |
run: | | |
source .venv/bin/activate | |
source nrlf.sh | |
nrlf truststore pull-client ref | |
nrlf test firehose | |
terraform-destroy: | |
needs: | |
[feature-test-integration, firehose-integration-test, set-uniquish-id] | |
if: ${{ always() }} | |
name: Terraform destroy | |
runs-on: [self-hosted, ci] | |
steps: | |
- name: Git clone - ${{ env.BRANCH_NAME }} | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ env.BRANCH_NAME }} | |
- name: Runner setup | |
uses: ./.github/actions/runner-setup/ | |
- name: Download artifacts - ${{ env.ARTIFACT_NAME }} | |
uses: ./.github/actions/download-artifact/ | |
with: | |
name: ${{ env.ARTIFACT_NAME }} | |
- name: Configure aws credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
role-to-assume: ${{ secrets.CI_ROLE_NAME }} | |
role-session-name: github-actions-ci-${{ needs.set-uniquish-id.outputs.uniqish_id }} | |
aws-region: eu-west-2 | |
- name: Terraform destroy | |
run: | | |
source nrlf.sh | |
nrlf terraform ciinit "ci-${{ needs.set-uniquish-id.outputs.uniqish_id }}" | |
nrlf terraform cidestroy "ci-${{ needs.set-uniquish-id.outputs.uniqish_id }}" | |
clear-cache: | |
name: Clear Caches | |
needs: [feature-test-integration, firehose-integration-test] | |
if: ${{ always() }} | |
runs-on: [self-hosted, ci] | |
steps: | |
- name: Git clone - ${{ env.BRANCH_NAME }} | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ env.BRANCH_NAME }} | |
- name: Clear cache | |
uses: ./.github/actions/clear-cache/ | |
with: | |
name: ${{ env.BASE_CACHE_NAME }},${{ env.CACHE_NAME }} |