Build NRL Project on dev #499
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build NRL Project on Environment | |
| run-name: Build NRL Project on ${{ inputs.environment || 'dev' }} | |
| on: | |
| push: | |
| branches: | |
| - develop | |
| schedule: | |
| - cron: "0 1 * * *" | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| type: environment | |
| description: "The environment to deploy changes to" | |
| default: "dev" | |
| required: true | |
| jobs: | |
| build: | |
| name: Build and test - ${{ github.ref }} | |
| runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }} | |
| permissions: | |
| contents: read | |
| actions: write | |
| id-token: write | |
| steps: | |
| - name: Git clone - ${{ github.ref }} | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.ref }} | |
| - name: Setup environment | |
| run: | | |
| echo "${HOME}/.asdf/bin" >> $GITHUB_PATH | |
| poetry install --no-root | |
| - name: Run Linting | |
| run: make lint | |
| - name: Build Project | |
| run: make build | |
| - name: Run Unit Tests | |
| run: make test | |
| - name: Configure Management Credentials | |
| uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a #v4.3.1 | |
| with: | |
| aws-region: eu-west-2 | |
| role-to-assume: ${{ secrets.MGMT_ROLE_ARN }} | |
| role-session-name: github-actions-ci-${{ inputs.environment || 'dev' }}-${{ github.run_id }} | |
| - name: Add S3 Permissions to Lambda | |
| run: | | |
| account=$(echo '${{ inputs.environment || 'dev' }}' | cut -d '-' -f1) | |
| inactive_stack=$(poetry run python ./scripts/get_env_config.py inactive-stack ${{ inputs.environment || 'dev' }}) | |
| make get-s3-perms ENV=${account} TF_WORKSPACE_NAME=${inactive_stack} | |
| - name: Save Build Artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: build-artifacts | |
| path: | | |
| dist/*.zip | |
| dist/test-coverage.xml | |
| !dist/nrlf_permissions.zip | |
| - name: Save NRLF Permissions cache | |
| uses: actions/cache/save@v4 | |
| with: | |
| key: ${{ github.run_id }}-nrlf-permissions | |
| path: dist/nrlf_permissions.zip | |
| sonar: | |
| name: SonarQube scan | |
| runs-on: ubuntu-latest | |
| needs: build | |
| environment: pull-request | |
| permissions: | |
| contents: read | |
| actions: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.ref }} | |
| - name: Get build artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: build-artifacts | |
| path: dist | |
| - name: SonarQube scan | |
| uses: sonarsource/sonarqube-scan-action@a31c9398be7ace6bbfaf30c0bd5d415f843d45e9 #v7.0.0 | |
| env: | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| - name: SonarQube quality gate check | |
| id: sonarqube-quality-gate-check | |
| uses: sonarsource/sonarqube-quality-gate-action@cf038b0e0cdecfa9e56c198bbb7d21d751d62c3b #v1.2.0 | |
| with: | |
| pollingTimeoutSec: 600 | |
| env: | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} |