Skip to content

Fix bug when polling auth req after creation #860

Fix bug when polling auth req after creation

Fix bug when polling auth req after creation #860

Workflow file for this run

name: '@app/policy-engine CI'
on:
push:
branches:
- '**'
paths:
- packages/**
- apps/policy-engine/**
- .github/workflows/policy-engine.yml
- .github/workflows/policy-engine-prod.yml
- jest.config.ts
- jest.preset.js
- .eslintrc.json
- .prettierrc
- package.json
- package-lock.json
- deploy/policy-engine.dockerfile
- deploy/charts/policy-engine/**
tags-ignore:
- vault-v*
- armory-v*
- policy-engine-v*
jobs:
test:
name: Test
runs-on: ubuntu-latest
services:
postgres:
image: postgres:14
ports:
- '5432:5432'
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Add private .npmrc
run: echo "${{ secrets.NPMRC }}" > .npmrc
- name: Install node.js
uses: actions/setup-node@v4
with:
node-version: '21'
cache: 'npm'
- name: Install dependencies
run: |
make install/ci
- name: Install Open Policy Agent CLI
uses: open-policy-agent/setup-opa@v2
with:
version: latest
- name: Install dependencies
run: |
make install/ci
- name: Code format
shell: bash
run: |
make policy-engine/format/check
make policy-engine/lint/check
- name: Setup database and Prisma types
shell: bash
run: |
make policy-engine/copy-default-env
make policy-engine/test/db/setup
make policy-engine/db/generate-types
- name: Test types
shell: bash
run: |
make policy-engine/test/type
- name: Test unit
shell: bash
run: |
make policy-engine/test/unit
- name: Test integration
shell: bash
run: |
make policy-engine/test/integration
- name: Test E2E
shell: bash
run: |
make policy-engine/test/e2e
- name: Send Slack notification on failure
if: failure() && github.ref == 'refs/heads/main'
uses: 8398a7/action-slack@v3
with:
username: GitHub
author_name: '@app/policy-engine CI failed'
status: ${{ job.status }}
fields: message,commit,author
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
opa-rego:
name: Open Agent Policy CI
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v4
- name: Setup OPA
uses: open-policy-agent/setup-opa@v2
with:
version: latest
- name: Test rego
run: make policy-engine/rego/test
release:
name: Release
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
# Only run if the Test jobs succeed
needs: [test, opa-rego]
permissions:
id-token: write
contents: write
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ vars.ACTIONS_ECR_ROLE_ARN }} # Organization variable
aws-region: ${{ vars.ACTIONS_ECR_REGION }} # Organization variable
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Get short SHA
id: slug
run: echo "sha7=${GITHUB_SHA::7}" >> $GITHUB_ENV
- name: Add private .npmrc
run: echo "${{ secrets.NPMRC }}" > .npmrc
- name: Build, tag, and push docker image to Amazon ECR
uses: docker/build-push-action@v5
with:
context: .
file: ./deploy/policy-engine.dockerfile
push: true
tags: |
${{ steps.login-ecr.outputs.registry }}/armory/policy-engine:${{ env.sha7 }}
${{ steps.login-ecr.outputs.registry }}/armory/policy-engine:latest
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Create GitHub App Token
uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ vars.NARVAL_HELM_APP_ID }}
private-key: ${{ secrets.NARVAL_HELM_PRIVATE_KEY }}
repositories: "armory,armory-platform"
- name: Checkout Target Repository
uses: actions/checkout@v4
with:
repository: narval-xyz/armory-platform
ref: main
path: platform
token: ${{ steps.app-token.outputs.token }}
persist-credentials: false
- name: Update Image Version in the worker HelmChart values.yaml
uses: fjogeleit/yaml-update-action@main
with:
valueFile: 'apps/charts/policy-engine/values.yaml'
# propertyPath: 'image.tag'
# value: ${{ env.sha7 }}
message: 'Update policy-engine Image Version to ${{ env.sha7 }}'
repository: narval-xyz/armory-platform
branch: main
token: ${{ steps.app-token.outputs.token }}
workDir: platform
changes: |
{
"apps/charts/policy-engine/values.yaml": {
"image.tag": "${{ env.sha7 }}"
},
"apps/charts/policy-engine/values-node-0.yaml": {
"image.tag": "${{ env.sha7 }}"
},
"apps/charts/policy-engine/values-node-1.yaml": {
"image.tag": "${{ env.sha7 }}"
},
"apps/charts/policy-engine/values-node-2.yaml": {
"image.tag": "${{ env.sha7 }}"
}
}
- name: Send Slack notification on failure
if: failure() && github.ref == 'refs/heads/main'
uses: 8398a7/action-slack@v3
with:
username: GitHub
author_name: '@app/policy-engine CI release failed'
status: ${{ job.status }}
fields: message,commit,author
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}