Order the README sections #865
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: '@app/policy-engine CI' | |
on: | |
push: | |
branches: | |
- '**' | |
paths: | |
- packages/** | |
- apps/policy-engine/** | |
- .github/workflows/policy-engine.yml | |
- .github/workflows/policy-engine-prod.yml | |
- jest.config.ts | |
- jest.preset.js | |
- .eslintrc.json | |
- .prettierrc | |
- package.json | |
- package-lock.json | |
- deploy/policy-engine.dockerfile | |
- deploy/charts/policy-engine/** | |
tags-ignore: | |
- vault-v* | |
- armory-v* | |
- policy-engine-v* | |
jobs: | |
test: | |
name: Test | |
runs-on: ubuntu-latest | |
services: | |
postgres: | |
image: postgres:14 | |
ports: | |
- '5432:5432' | |
env: | |
POSTGRES_USER: postgres | |
POSTGRES_PASSWORD: postgres | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Add private .npmrc | |
run: echo "${{ secrets.NPMRC }}" > .npmrc | |
- name: Install node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: '21' | |
cache: 'npm' | |
- name: Install dependencies | |
run: | | |
make install/ci | |
- name: Install Open Policy Agent CLI | |
uses: open-policy-agent/setup-opa@v2 | |
with: | |
version: latest | |
- name: Install dependencies | |
run: | | |
make install/ci | |
- name: Code format | |
shell: bash | |
run: | | |
make policy-engine/format/check | |
make policy-engine/lint/check | |
- name: Setup database and Prisma types | |
shell: bash | |
run: | | |
make policy-engine/copy-default-env | |
make policy-engine/test/db/setup | |
make policy-engine/db/generate-types | |
- name: Test types | |
shell: bash | |
run: | | |
make policy-engine/test/type | |
- name: Test unit | |
shell: bash | |
run: | | |
make policy-engine/test/unit | |
- name: Test integration | |
shell: bash | |
run: | | |
make policy-engine/test/integration | |
- name: Test E2E | |
shell: bash | |
run: | | |
make policy-engine/test/e2e | |
- name: Send Slack notification on failure | |
if: failure() && github.ref == 'refs/heads/main' | |
uses: 8398a7/action-slack@v3 | |
with: | |
username: GitHub | |
author_name: '@app/policy-engine CI failed' | |
status: ${{ job.status }} | |
fields: message,commit,author | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} | |
opa-rego: | |
name: Open Agent Policy CI | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
- name: Setup OPA | |
uses: open-policy-agent/setup-opa@v2 | |
with: | |
version: latest | |
- name: Test rego | |
run: make policy-engine/rego/test | |
release: | |
name: Release | |
if: github.ref == 'refs/heads/main' | |
runs-on: ubuntu-latest | |
# Only run if the Test jobs succeed | |
needs: [test, opa-rego] | |
permissions: | |
id-token: write | |
contents: write | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ vars.ACTIONS_ECR_ROLE_ARN }} # Organization variable | |
aws-region: ${{ vars.ACTIONS_ECR_REGION }} # Organization variable | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
- name: Get short SHA | |
id: slug | |
run: echo "sha7=${GITHUB_SHA::7}" >> $GITHUB_ENV | |
- name: Add private .npmrc | |
run: echo "${{ secrets.NPMRC }}" > .npmrc | |
- name: Build, tag, and push docker image to Amazon ECR | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: ./deploy/policy-engine.dockerfile | |
push: true | |
tags: | | |
${{ steps.login-ecr.outputs.registry }}/armory/policy-engine:${{ env.sha7 }} | |
${{ steps.login-ecr.outputs.registry }}/armory/policy-engine:latest | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
- name: Create GitHub App Token | |
uses: actions/create-github-app-token@v1 | |
id: app-token | |
with: | |
app-id: ${{ vars.NARVAL_HELM_APP_ID }} | |
private-key: ${{ secrets.NARVAL_HELM_PRIVATE_KEY }} | |
repositories: "armory,armory-platform" | |
- name: Checkout Target Repository | |
uses: actions/checkout@v4 | |
with: | |
repository: narval-xyz/armory-platform | |
ref: main | |
path: platform | |
token: ${{ steps.app-token.outputs.token }} | |
persist-credentials: false | |
- name: Update Image Version in the worker HelmChart values.yaml | |
uses: fjogeleit/yaml-update-action@main | |
with: | |
valueFile: 'apps/charts/policy-engine/values.yaml' | |
# propertyPath: 'image.tag' | |
# value: ${{ env.sha7 }} | |
message: 'Update policy-engine Image Version to ${{ env.sha7 }}' | |
repository: narval-xyz/armory-platform | |
branch: main | |
token: ${{ steps.app-token.outputs.token }} | |
workDir: platform | |
changes: | | |
{ | |
"apps/charts/policy-engine/values.yaml": { | |
"image.tag": "${{ env.sha7 }}" | |
}, | |
"apps/charts/policy-engine/values-node-0.yaml": { | |
"image.tag": "${{ env.sha7 }}" | |
}, | |
"apps/charts/policy-engine/values-node-1.yaml": { | |
"image.tag": "${{ env.sha7 }}" | |
}, | |
"apps/charts/policy-engine/values-node-2.yaml": { | |
"image.tag": "${{ env.sha7 }}" | |
} | |
} | |
- name: Send Slack notification on failure | |
if: failure() && github.ref == 'refs/heads/main' | |
uses: 8398a7/action-slack@v3 | |
with: | |
username: GitHub | |
author_name: '@app/policy-engine CI release failed' | |
status: ${{ job.status }} | |
fields: message,commit,author | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} |