add tests with sam #1299
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: '@app/policy-engine CI' | |
| on: | |
| push: | |
| branches: | |
| - '**' | |
| paths: | |
| - packages/** | |
| - apps/policy-engine/** | |
| - .github/workflows/policy-engine.yml | |
| - .github/workflows/policy-engine-prod.yml | |
| - jest.config.ts | |
| - jest.preset.js | |
| - .eslintrc.json | |
| - .prettierrc | |
| - package.json | |
| - package-lock.json | |
| - deploy/policy-engine.dockerfile | |
| - deploy/charts/policy-engine/** | |
| tags-ignore: | |
| - vault-v* | |
| - armory-v* | |
| - policy-engine-v* | |
| jobs: | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| services: | |
| postgres: | |
| image: postgres:14 | |
| ports: | |
| - '5432:5432' | |
| env: | |
| POSTGRES_USER: postgres | |
| POSTGRES_PASSWORD: postgres | |
| options: >- | |
| --health-cmd pg_isready | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Add .npmrc | |
| if: ${{ !startsWith(github.head_ref, 'dependabot/') }} | |
| run: echo "${{ secrets.NPMRC }}" > .npmrc | |
| - name: Install node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '21' | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: | | |
| make install/ci | |
| - name: Install Open Policy Agent CLI | |
| uses: open-policy-agent/setup-opa@v2 | |
| with: | |
| version: latest | |
| - name: Code format | |
| shell: bash | |
| run: | | |
| make policy-engine/format/check | |
| make policy-engine/lint/check | |
| - name: Setup database and Prisma types | |
| shell: bash | |
| run: | | |
| make policy-engine/copy-default-env | |
| make policy-engine/test/db/setup | |
| make policy-engine/db/generate-types | |
| - name: Test types | |
| shell: bash | |
| run: | | |
| make policy-engine/test/type | |
| - name: Test unit | |
| shell: bash | |
| run: | | |
| make policy-engine/test/unit | |
| - name: Test integration | |
| shell: bash | |
| run: | | |
| make policy-engine/test/integration | |
| - name: Test E2E | |
| shell: bash | |
| run: | | |
| make policy-engine/test/e2e | |
| - name: Send Slack notification on failure | |
| if: failure() && github.ref == 'refs/heads/main' | |
| uses: 8398a7/action-slack@v3 | |
| with: | |
| username: GitHub | |
| author_name: '@app/policy-engine CI failed' | |
| status: ${{ job.status }} | |
| fields: message,commit,author | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} | |
| opa-rego: | |
| name: Open Agent Policy CI | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out repository code | |
| uses: actions/checkout@v4 | |
| - name: Setup OPA | |
| uses: open-policy-agent/setup-opa@v2 | |
| with: | |
| version: latest | |
| - name: Code format | |
| run: make policy-engine/rego/format/check | |
| - name: Test | |
| run: make policy-engine/rego/test | |
| release: | |
| name: Release | |
| if: github.ref == 'refs/heads/main' | |
| runs-on: ubuntu-latest | |
| # Only run if the Test jobs succeed | |
| needs: [test, opa-rego] | |
| permissions: | |
| id-token: write | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ vars.ACTIONS_ECR_ROLE_ARN }} # Organization variable | |
| aws-region: ${{ vars.ACTIONS_ECR_REGION }} # Organization variable | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Get short SHA | |
| id: slug | |
| run: echo "sha7=${GITHUB_SHA::7}" >> $GITHUB_ENV | |
| - name: Add private .npmrc | |
| run: echo "${{ secrets.NPMRC }}" > .npmrc | |
| - name: Build, tag, and push docker image to Amazon ECR | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./deploy/policy-engine.dockerfile | |
| push: true | |
| tags: | | |
| ${{ steps.login-ecr.outputs.registry }}/armory/policy-engine:${{ env.sha7 }} | |
| ${{ steps.login-ecr.outputs.registry }}/armory/policy-engine:latest | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Create GitHub App Token | |
| uses: actions/create-github-app-token@v1 | |
| id: app-token | |
| with: | |
| app-id: ${{ vars.NARVAL_HELM_APP_ID }} | |
| private-key: ${{ secrets.NARVAL_HELM_PRIVATE_KEY }} | |
| repositories: 'armory,armory-platform' | |
| - name: Checkout Target Repository | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: narval-xyz/armory-platform | |
| ref: main | |
| path: platform | |
| token: ${{ steps.app-token.outputs.token }} | |
| persist-credentials: false | |
| - name: Update Image Version in the worker HelmChart values.yaml | |
| uses: fjogeleit/yaml-update-action@main | |
| with: | |
| valueFile: 'apps/charts/policy-engine/values.yaml' | |
| # propertyPath: 'image.tag' | |
| # value: ${{ env.sha7 }} | |
| message: 'Update policy-engine Image Version to ${{ env.sha7 }}' | |
| repository: narval-xyz/armory-platform | |
| branch: main | |
| token: ${{ steps.app-token.outputs.token }} | |
| workDir: platform | |
| changes: | | |
| { | |
| "apps/charts/policy-engine/values.yaml": { | |
| "image.tag": "${{ env.sha7 }}" | |
| }, | |
| "apps/charts/policy-engine/values-node-0.yaml": { | |
| "image.tag": "${{ env.sha7 }}" | |
| }, | |
| "apps/charts/policy-engine/values-node-1.yaml": { | |
| "image.tag": "${{ env.sha7 }}" | |
| }, | |
| "apps/charts/policy-engine/values-node-2.yaml": { | |
| "image.tag": "${{ env.sha7 }}" | |
| } | |
| } | |
| - name: Send Slack notification on failure | |
| if: failure() && github.ref == 'refs/heads/main' | |
| uses: 8398a7/action-slack@v3 | |
| with: | |
| username: GitHub | |
| author_name: '@app/policy-engine CI release failed' | |
| status: ${{ job.status }} | |
| fields: message,commit,author | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} |