Report Azure auth error description #3565
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "CI/CD - Full Pipeline" | |
on: | |
pull_request: | |
push: | |
branches: | |
- main | |
- development | |
- production | |
jobs: | |
build_test: | |
name: Build (Test) | |
runs-on: ubuntu-20.04 | |
outputs: | |
docker_image: ${{ steps.build.outputs.docker_image }} | |
if: ${{ github.ref != 'refs/heads/production' && github.ref != 'refs/heads/development' }} | |
steps: | |
- uses: actions/checkout@v4.1.6 | |
- uses: ./.github/workflows/actions/build-docker-image | |
name: Build docker image | |
id: build | |
with: | |
target: test | |
ghcr_username: ${{ github.actor }} | |
ghcr_password: ${{ secrets.GITHUB_TOKEN }} | |
build_release: | |
name: Build (Release) | |
runs-on: ubuntu-20.04 | |
outputs: | |
docker_image: ${{ steps.build.outputs.docker_image }} | |
steps: | |
- uses: actions/checkout@v4.1.6 | |
- uses: ./.github/workflows/actions/build-docker-image | |
name: Build docker image | |
id: build | |
with: | |
target: app | |
ghcr_username: ${{ github.actor }} | |
ghcr_password: ${{ secrets.GITHUB_TOKEN }} | |
brakeman: | |
name: Checks - Brakeman | |
needs: build_test | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3.3.0 | |
- run: docker run ${{ needs.build_test.outputs.docker_image }} bundle exec brakeman | |
rubocop: | |
name: Checks - Rubocop | |
needs: build_test | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3.3.0 | |
- run: docker run ${{ needs.build_test.outputs.docker_image }} bundle exec rubocop | |
jest: | |
name: Checks - Jest | |
needs: build_test | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v4.1.6 | |
- name: Install node modules | |
run: yarn install | |
- name: Run tests | |
run: yarn jest | |
rspec: | |
name: Checks - Rspec | |
needs: build_test | |
runs-on: ubuntu-20.04 | |
strategy: | |
fail-fast: false | |
matrix: | |
ci_node_total: [6] | |
ci_node_index: [0, 1, 2, 3, 4, 5] | |
services: | |
postgres: | |
image: postgres | |
env: | |
POSTGRES_USER: postgres | |
POSTGRES_PASSWORD: password | |
POSTGRES_HOST_AUTH_METHOD: trust | |
ports: | |
- 5432:5432 | |
redis: | |
image: redis | |
ports: | |
- 6379:6379 | |
chrome: | |
image: selenium/standalone-chrome:95.0-chromedriver-95.0 | |
ports: | |
- 4444:4444 | |
steps: | |
- name: Run Rspec tests | |
run: | | |
docker run \ | |
--network ${{ job.container.network }} \ | |
--name test_container \ | |
-e RAILS_ENV=test \ | |
-e DATABASE_URL=postgres://postgres:password@postgres:5432/buy-for-your-school-test \ | |
-e DATABASE_CLEANER_ALLOW_REMOTE_DATABASE_URL="true" \ | |
-e DOCKER=true \ | |
-e SELENIUM_HUB_URL=http://chrome:4444/wd/hub \ | |
-e REDIS_URL=redis://redis:6379 \ | |
-e APPLICATION_URL=http://localhost:3000 \ | |
-e SECRET_KEY_BASE=test \ | |
-e CONTENTFUL_SPACE=test \ | |
-e CONTENTFUL_ENVIRONMENT=master \ | |
-e CONTENTFUL_DELIVERY_TOKEN=123 \ | |
-e CONTENTFUL_PREVIEW_TOKEN=123 \ | |
-e CONTENTFUL_ENTRY_CACHING=false \ | |
-e CONTENTFUL_WEBHOOK_API_KEY=test \ | |
-e NOTIFY_API_KEY=development_team-12345678-1234-1234-1234-abcd12345678-12345678-1234-1234-1234-abcd12345678 \ | |
-e MS_GRAPH_TENANT=test \ | |
-e MS_GRAPH_CLIENT_ID=test \ | |
-e MS_GRAPH_CLIENT_SECRET=test \ | |
-e MS_GRAPH_SHARED_MAILBOX_USER_ID=test \ | |
-e MS_GRAPH_SHARED_MAILBOX_NAME=mailbox \ | |
-e MS_GRAPH_SHARED_MAILBOX_ADDRESS=test@mailbox.com \ | |
-e CLAMAV_REST_SERVICE_URL=test \ | |
-e DSI_ENV=test \ | |
-e DFE_SIGN_IN_IDENTIFIER=service \ | |
-e DFE_SIGN_IN_API_SECRET=secret \ | |
-e PROC_OPS_TEAM="DSI Caseworkers" \ | |
-e QUALTRICS_SURVEY_URL=https://dferesearch.fra1.qualtrics.com \ | |
-e SUPPORT_EMAIL=email@example.gov.uk \ | |
-e FAF_FRAMEWORK_ENDPOINT=http://faf.test \ | |
-e FAF_WEBHOOK_SECRET=test \ | |
-e CI_NODE_TOTAL=${{ matrix.ci_node_total }} \ | |
-e CI_NODE_INDEX=${{ matrix.ci_node_index }} \ | |
${{ needs.build_test.outputs.docker_image }} \ | |
bash -c "bundle exec rake 'knapsack:rspec[--tag ~flaky]'" | |
- name: Get coverage from container | |
run: | | |
mkdir coverage | |
docker cp test_container:/srv/app/coverage/.resultset.json coverage/.resultset-${{ matrix.ci_node_index }}.json | |
- name: Remove test container | |
run: docker rm test_container | |
- name: Store test coverage | |
uses: actions/upload-artifact@v4.3.3 | |
with: | |
name: coverage-report-${{ matrix.ci_node_index }} | |
path: coverage/.resultset-${{ matrix.ci_node_index }}.json | |
rspec_quarentine: | |
name: Checks - Rspec (Quarantined tests) | |
needs: build_test | |
runs-on: ubuntu-20.04 | |
services: | |
postgres: | |
image: postgres | |
env: | |
POSTGRES_USER: postgres | |
POSTGRES_PASSWORD: password | |
POSTGRES_HOST_AUTH_METHOD: trust | |
ports: | |
- 5432:5432 | |
redis: | |
image: redis | |
ports: | |
- 6379:6379 | |
chrome: | |
image: selenium/standalone-chrome:95.0-chromedriver-95.0 | |
ports: | |
- 4444:4444 | |
steps: | |
- name: Run Quarantined Rspec tests | |
continue-on-error: true | |
run: | | |
docker run \ | |
--network ${{ job.container.network }} \ | |
--name test_container \ | |
-e RAILS_ENV=test \ | |
-e DATABASE_URL=postgres://postgres:password@postgres:5432/buy-for-your-school-test \ | |
-e DATABASE_CLEANER_ALLOW_REMOTE_DATABASE_URL="true" \ | |
-e DOCKER=true \ | |
-e SELENIUM_HUB_URL=http://chrome:4444/wd/hub \ | |
-e REDIS_URL=redis://redis:6379 \ | |
-e APPLICATION_URL=http://localhost:3000 \ | |
-e SECRET_KEY_BASE=test \ | |
-e CONTENTFUL_SPACE=test \ | |
-e CONTENTFUL_ENVIRONMENT=master \ | |
-e CONTENTFUL_DELIVERY_TOKEN=123 \ | |
-e CONTENTFUL_PREVIEW_TOKEN=123 \ | |
-e CONTENTFUL_ENTRY_CACHING=false \ | |
-e CONTENTFUL_WEBHOOK_API_KEY=test \ | |
-e NOTIFY_API_KEY=development_team-12345678-1234-1234-1234-abcd12345678-12345678-1234-1234-1234-abcd12345678 \ | |
-e MS_GRAPH_TENANT=test \ | |
-e MS_GRAPH_CLIENT_ID=test \ | |
-e MS_GRAPH_CLIENT_SECRET=test \ | |
-e MS_GRAPH_SHARED_MAILBOX_USER_ID=test \ | |
-e MS_GRAPH_SHARED_MAILBOX_NAME=mailbox \ | |
-e MS_GRAPH_SHARED_MAILBOX_ADDRESS=test@mailbox.com \ | |
-e CLAMAV_REST_SERVICE_URL=test \ | |
-e DSI_ENV=test \ | |
-e DFE_SIGN_IN_IDENTIFIER=service \ | |
-e DFE_SIGN_IN_API_SECRET=secret \ | |
-e PROC_OPS_TEAM="DSI Caseworkers" \ | |
-e QUALTRICS_SURVEY_URL=https://dferesearch.fra1.qualtrics.com \ | |
-e SUPPORT_EMAIL=email@example.gov.uk \ | |
-e FAF_FRAMEWORK_ENDPOINT=http://faf.test \ | |
-e FAF_WEBHOOK_SECRET=test \ | |
${{ needs.build_test.outputs.docker_image }} \ | |
bash -c "bundle exec rspec --tag flaky || bundle exec rspec --only-failure" | |
- name: Get coverage from container | |
run: | | |
mkdir coverage | |
docker cp test_container:/srv/app/coverage/.resultset.json coverage/.resultset-quarantine.json | |
- name: Remove test container | |
run: docker rm test_container | |
- name: Store test coverage | |
uses: actions/upload-artifact@v4.3.3 | |
with: | |
name: coverage-report-quarantine | |
path: coverage/.resultset-quarantine.json | |
collate_test_coverage: | |
name: Checks - Produce test coverage report | |
needs: [build_test, rspec, rspec_quarentine] | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3.3.0 | |
- name: Download all test coverage | |
uses: actions/download-artifact@v4.1.7 | |
with: | |
path: coverage | |
pattern: coverage-report-* | |
merge-multiple: true | |
- name: Generate collated test coverage | |
run: | | |
CONTAINER_ID=$(docker run -di ${{ needs.build_test.outputs.docker_image }} "/bin/sh") | |
docker cp coverage $CONTAINER_ID:/srv/app | |
docker exec $CONTAINER_ID bash -c "ruby lib/code_coverage_collate.rb" | |
docker cp $CONTAINER_ID:/srv/app/coverage/index.html coverage | |
docker cp $CONTAINER_ID:/srv/app/coverage/assets coverage | |
docker cp $CONTAINER_ID:/srv/app/coverage/.last_run.json coverage | |
docker stop $CONTAINER_ID | |
docker rm $CONTAINER_ID | |
- name: Store collated test coverage | |
uses: actions/upload-artifact@v4.3.3 | |
with: | |
name: full-coverage-report | |
path: | | |
coverage/* | |
!coverage/.last_run.json | |
- name: Store last run | |
uses: actions/upload-artifact@v4.3.3 | |
with: | |
name: last-run | |
path: coverage/.last_run.json | |
- name: Delete intermediate artifacts | |
uses: geekyeggo/delete-artifact@v5.0.0 | |
with: | |
name: coverage-report-* | |
comment_coverage: | |
name: Comment coverage on PR | |
needs: collate_test_coverage | |
runs-on: ubuntu-20.04 | |
if: ${{ github.event_name == 'pull_request' }} | |
steps: | |
- name: Download coverage from current run | |
uses: actions/download-artifact@v4.1.7 | |
with: | |
path: coverage/current | |
pattern: last-run | |
- run: echo current_coverage=$(cat coverage/current/last-run/.last_run.json) >> $GITHUB_ENV | |
- name: Store coverage from current run | |
id: current-run-coverage | |
run: | | |
echo branch=${{ fromJson(env.current_coverage).result.branch }} >> $GITHUB_OUTPUT | |
echo line=${{ fromJson(env.current_coverage).result.line }} >> $GITHUB_OUTPUT | |
- name: Post comment | |
uses: thollander/actions-comment-pull-request@v2.5.0 | |
with: | |
message: | | |
# Test coverage | |
**Line:** ${{ steps.current-run-coverage.outputs.line }}% | |
**Branch:** ${{ steps.current-run-coverage.outputs.branch }}% | |
release_dev: | |
name: Deploy release (Dev) | |
runs-on: ubuntu-20.04 | |
needs: build_release | |
environment: az-dev | |
if: github.ref == 'refs/heads/development' | |
steps: | |
- uses: actions/checkout@v4.1.6 | |
- uses: ./.github/workflows/actions/deploy-az | |
with: | |
docker_image_and_tag: ${{ needs.build_release.outputs.docker_image }} | |
az_credentials: ${{ secrets.AZURE_SP_CREDENTIALS }} | |
container_app_name: ${{ secrets.CONTAINER_APP_NAME }} | |
resource_group_name: ${{ secrets.RESOURCE_GROUP_NAME }} | |
release_staging: | |
name: Deploy release (Staging) | |
runs-on: ubuntu-20.04 | |
needs: build_release | |
environment: az-staging | |
if: github.ref == 'refs/heads/main' | |
steps: | |
- uses: actions/checkout@v4.1.6 | |
- uses: ./.github/workflows/actions/deploy-az | |
with: | |
docker_image_and_tag: ${{ needs.build_release.outputs.docker_image }} | |
az_credentials: ${{ secrets.AZURE_SP_CREDENTIALS }} | |
container_app_name: ${{ secrets.CONTAINER_APP_NAME }} | |
resource_group_name: ${{ secrets.RESOURCE_GROUP_NAME }} | |
release_production: | |
name: Deploy release (Production) | |
runs-on: ubuntu-20.04 | |
needs: build_release | |
environment: az-production | |
if: github.ref == 'refs/heads/production' | |
steps: | |
- uses: actions/checkout@v4.1.6 | |
- uses: ./.github/workflows/actions/deploy-az | |
with: | |
docker_image_and_tag: ${{ needs.build_release.outputs.docker_image }} | |
az_credentials: ${{ secrets.AZURE_SP_CREDENTIALS }} | |
container_app_name: ${{ secrets.CONTAINER_APP_NAME }} | |
resource_group_name: ${{ secrets.RESOURCE_GROUP_NAME }} | |
data_regression_copy_to_original: | |
name: Data regression testing - trigger copy to pre-release-original-data | |
needs: release_production | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: Azure/pipelines@v1.2 | |
with: | |
azure-devops-project-url: "https://dfe-ssp.visualstudio.com/S174-Get%20Help%20Buying%20for%20Schools" | |
azure-pipeline-name: "Pre-release Original Data sync" | |
azure-devops-token: ${{ secrets.AZURE_DEVOPS_TOKEN }} | |
data_regression_copy_to_modified: | |
name: Data regression testing - trigger copy to pre-release-modified-data | |
needs: release_production | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: Azure/pipelines@v1.2 | |
with: | |
azure-devops-project-url: "https://dfe-ssp.visualstudio.com/S174-Get%20Help%20Buying%20for%20Schools" | |
azure-pipeline-name: "Pre-release Modified Data sync" | |
azure-devops-token: ${{ secrets.AZURE_DEVOPS_TOKEN }} | |
data_regression_migrate_modified: | |
name: Data regression testing - apply migrations to pre-release-modified-data | |
needs: [build_release, release_staging] | |
runs-on: ubuntu-20.04 | |
env: | |
PRE_RELEASE_MODIFIED_DATA_DB_URL: ${{ secrets.PRE_RELEASE_MODIFIED_DATA_DB_URL }} | |
steps: | |
- name: Run migrations against pre-release-modified-data | |
run: | | |
docker run --rm \ | |
-e RAILS_ENV=production \ | |
-e DATABASE_URL=${{ env.PRE_RELEASE_MODIFIED_DATA_DB_URL }} \ | |
-e DOCKER=true \ | |
-e SECRET_KEY_BASE=production \ | |
-e APPLICATION_URL=https://www.get-help-buying-for-schools.service.gov.uk \ | |
${{ needs.build_release.outputs.docker_image }} \ | |
bash -c "bundle exec rails db:migrate" |