chore(deps): update dependency @bifravst/aws-cdk-ecr-helpers to v1.3.31 #3928
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test and Release | |
on: | |
push: | |
workflow_dispatch: | |
permissions: | |
id-token: write | |
contents: write | |
issues: write | |
actions: write | |
packages: write | |
env: | |
CI: 1 | |
FORCE_COLOR: 3 | |
JSII_SILENCE_WARNING_UNTESTED_NODE_VERSION: 1 | |
REGISTRY: ghcr.io | |
jobs: | |
unit-tests: | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: "22.x" | |
cache: "npm" | |
- name: Install dependencies | |
run: npm ci --no-audit | |
- name: Compile TypeScript | |
run: npx tsc | |
- name: Check source code with eslint | |
run: npx eslint . | |
- name: Check if source code is properly formatted | |
run: npx prettier -c ./ | |
- name: Run Unit Tests | |
run: npm test | |
http-api-mock: | |
needs: [unit-tests] | |
runs-on: ubuntu-24.04 | |
timeout-minutes: 5 | |
outputs: | |
stackName: ${{ steps.create.outputs.stackName }} | |
responsesTableName: ${{ steps.create.outputs.responsesTableName }} | |
apiURL: ${{ steps.create.outputs.apiURL }} | |
requestsTableName: ${{ steps.create.outputs.requestsTableName }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: "22.x" | |
cache: "npm" | |
- name: Install dependencies | |
run: npm ci --no-audit | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
# The role is set up via https://github.com/hello-nrfcloud/ci | |
# secrets.AWS_ACCOUNT_ID_CI is an organization secret | |
role-to-assume: | | |
arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID_CI }}:role/${{ github.repository_owner }}-ci-${{ github.event.repository.name }} | |
# vars.AWS_REGION_CI is an organization variable | |
aws-region: ${{ vars.AWS_REGION_CI }} | |
- name: Create HTTP API mock | |
id: create | |
run: | | |
npx @bifravst/http-api-mock > http-api-mock.json | |
echo "stackName=`jq -r '.stackName' http-api-mock.json`" >> $GITHUB_OUTPUT | |
echo "responsesTableName=`jq -r '.responsesTableName' http-api-mock.json`" >> $GITHUB_OUTPUT | |
echo "apiURL=`jq -r '.apiURL' http-api-mock.json`" >> $GITHUB_OUTPUT | |
echo "requestsTableName=`jq -r '.requestsTableName' http-api-mock.json`" >> $GITHUB_OUTPUT | |
stack-name: | |
needs: [unit-tests] | |
runs-on: ubuntu-24.04 | |
outputs: | |
stackName: ${{ steps.stackName.outputs.stackName }} | |
steps: | |
- name: Generate Stack ID | |
id: stackName | |
run: | | |
RANDOM_STRING=`node -e "const crypto = require('crypto'); process.stdout.write(crypto.randomBytes(Math.ceil(8 * 0.5)).toString('hex').slice(0, 8));"` | |
echo "stackName=hni-${RANDOM_STRING}" >> $GITHUB_OUTPUT | |
# Containers are rebuilt for every run, this ensures that they can actually | |
# be built. If we were to use a pre-built version here we could run into | |
# the risk that they are no longer buildable. | |
openssl-lambda-container: | |
needs: [stack-name, unit-tests] | |
runs-on: ubuntu-24.04 | |
timeout-minutes: 5 | |
env: | |
STACK_NAME: ${{ needs.stack-name.outputs.stackName }} | |
outputs: | |
tag: ${{ steps.build.outputs.tag }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: "22.x" | |
cache: "npm" | |
- name: Install dependencies | |
run: npm ci --no-audit | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
# The role is set up via https://github.com/hello-nrfcloud/ci | |
# secrets.AWS_ACCOUNT_ID_CI is an organization secret | |
role-to-assume: | | |
arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID_CI }}:role/${{ github.repository_owner }}-ci-${{ github.event.repository.name }} | |
# vars.AWS_REGION_CI is an organization variable | |
aws-region: ${{ vars.AWS_REGION_CI }} | |
- name: Build OpenSSL Lambda container | |
id: build | |
run: | | |
TAG=$(./cli.sh build-container --pull openssl-lambda) | |
echo "tag=$TAG" >> $GITHUB_OUTPUT | |
- name: Publish Docker image to repository registry | |
run: | | |
docker login -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} ${{ env.REGISTRY }} | |
docker tag openssl-lambda:${{ steps.build.outputs.tag }} ${{ env.REGISTRY }}/${{ github.repository }}/openssl-lambda:${{ steps.build.outputs.tag }} | |
docker push ${{ env.REGISTRY }}/${{ github.repository }}/openssl-lambda:${{ steps.build.outputs.tag }} | |
e2e-tests: | |
needs: | |
- http-api-mock | |
- unit-tests | |
- stack-name | |
- openssl-lambda-container | |
runs-on: ubuntu-24.04 | |
timeout-minutes: 30 | |
outputs: | |
ref: ${{ steps.ref.outputs.ref }} | |
env: | |
STACK_NAME: ${{ needs.stack-name.outputs.stackName }} | |
OPENSSL_LAMBDA_CONTAINER_TAG: | |
${{ needs.openssl-lambda-container.outputs.tag }} | |
HTTP_API_MOCK_RESPONSES_TABLE_NAME: | |
${{ needs.http-api-mock.outputs.responsesTableName }} | |
HTTP_API_MOCK_REQUESTS_TABLE_NAME: | |
${{ needs.http-api-mock.outputs.requestsTableName }} | |
HTTP_API_MOCK_API_URL: ${{ needs.http-api-mock.outputs.apiURL }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: store checkout out version | |
id: ref | |
run: echo "ref=${{ github.sha }}" >> $GITHUB_OUTPUT | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: "22.x" | |
cache: "npm" | |
- name: Install dependencies | |
run: npm ci --no-audit | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
# The role is set up via https://github.com/hello-nrfcloud/ci | |
# secrets.AWS_ACCOUNT_ID_CI is an organization secret | |
role-to-assume: | | |
arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID_CI }}:role/${{ github.repository_owner }}-ci-${{ github.event.repository.name }} | |
# vars.AWS_REGION_CI is an organization variable | |
aws-region: ${{ vars.AWS_REGION_CI }} | |
- name: Use HTTP API mock | |
run: | | |
./cli.sh configure-nrfcloud-account apiEndpoint ${{ env.HTTP_API_MOCK_API_URL }}api.nrfcloud.com/ | |
./cli.sh configure-nrfcloud-account apiKey apiKey_Nordic | |
./cli.sh configure-hello apiEndpoint ${{ env.HTTP_API_MOCK_API_URL }}hello-api/ | |
- run: ./cli.sh generate-jwt-keypair | |
- name: Deploy solution stack | |
env: | |
IS_TEST: 1 | |
run: npx cdk deploy --all --require-approval never | |
- name: Run End-to-End Tests | |
run: npm run test:e2e | |
- name: Print failed End-to-End tests | |
if: failure() | |
run: | |
cat e2e-test-result.json | npx tsx --no-warnings | |
./feature-runner/console-reporter.ts --only-failed --with-timestamps | |
- uses: actions/upload-artifact@v4 | |
if: failure() | |
with: | |
name: e2e-test-result | |
path: e2e-test-result.json | |
- name: Get logs | |
if: failure() | |
run: ./cli.sh logs -f ERROR | |
- name: Trigger cleanup workflow | |
if: always() | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
gh workflow run cleanup.yaml --ref ${{ github.ref_name }} \ | |
-F stackName=${{ env.STACK_NAME }} \ | |
-F openssl_lambda_tag=${{ needs.openssl-lambda-container.outputs.tag }} \ | |
-F http_api_mock_stack_name=${{ needs.http-api-mock.outputs.stackName }} | |
release: | |
needs: | |
- e2e-tests | |
- openssl-lambda-container | |
runs-on: ubuntu-24.04 | |
if: github.ref == 'refs/heads/saga' | |
outputs: | |
version: ${{ steps.version.outputs.version }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ needs.e2e-tests.outputs.ref }} | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: "22.x" | |
cache: "npm" | |
- name: Install dependencies | |
run: npm ci --no-audit | |
- name: Semantic release | |
id: semantic-release | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: npx semantic-release | |
- name: Determine released version | |
id: version | |
run: | | |
VERSION=`git describe --abbrev=0 --tags --always | tr -d '\n'` | |
echo "version=$VERSION" >> $GITHUB_OUTPUT | |
- name: Log in to the Container registry | |
if: github.ref == 'refs/heads/saga' | |
uses: docker/login-action@1f36f5b7a2d2f7bfd524795fc966e6d88c37baa9 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- run: docker image ls | |
# The Docker images that were used successfully in this test run are shared | |
# on the projects' container registry. The deploy workflow will pull them and | |
# use copy them to the product instance's container registry. | |
# This ensures that exactly the container that was verified to work is used | |
# in production. | |
- name: Tag docker images with release version | |
if: github.ref == 'refs/heads/saga' | |
run: | | |
docker pull ${{ env.REGISTRY }}/${{ github.repository }}/openssl-lambda:${{ needs.openssl-lambda-container.outputs.tag }} | |
docker tag ${{ env.REGISTRY }}/${{ github.repository }}/openssl-lambda:${{ needs.openssl-lambda-container.outputs.tag }} ${{ env.REGISTRY }}/${{ github.repository }}/openssl-lambda:${{ steps.version.outputs.version }} | |
docker push ${{ env.REGISTRY }}/${{ github.repository }}/openssl-lambda:${{ steps.version.outputs.version }} | |
- name: Trigger deployment workflow | |
if: steps.semantic-release.outcome == 'success' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
gh workflow run deploy.yaml \ | |
-F ref=${{ needs.e2e-tests.outputs.ref }} \ | |
-F openssl_lambda_tag=${{ needs.openssl-lambda-container.outputs.tag }} |