Skip to content

fix S S

fix S S #145

Workflow file for this run

name: Deploy Dev Environment
on:
workflow_dispatch:
push:
branches:
- aldudinn
paths-ignore:
- database/**
- package.json
- package-lock.json
- CHANGELOG.md
- .conventional-changelog.mjs
- .release-it.json
jobs:
build-backend:
runs-on: ubuntu-22.04
timeout-minutes: 10
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Setup .NET
uses: actions/setup-dotnet@v3
with:
dotnet-version: '7.0.400'
- uses: actions/cache@v3
with:
path: ~/.nuget/packages
key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
restore-keys: |
${{ runner.os }}-nuget
- name: Setup Tools
uses: ./.github/actions/setup-tools
- name: Build backend
run: |
pwd
dotnet build ./server/server.sln
- name: Test backend
run: dotnet test ./server/server.sln --no-build
# SonarQube integration for backend
- name: SonarQube Scan Backend
uses: sonarsource/[email protected]
env:
SONAR_HOST_URL: https://sonarcloud.io
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_TEST }}
build-frontend:
runs-on: ubuntu-22.04
timeout-minutes: 10
permissions:
contents: read
packages: write
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: '18'
- name: Install Angular CLI
run: |
cd ./frontend
npm install -g @angular/cli
- name: Install project dependencies
run: |
cd ./frontend
npm install
- name: Build frontend
run: |
cd ./frontend
ng build --configuration=production
- name: Run frontend tests
run: |
cd ./frontend
ng test --watch=false --progress=false --browsers=ChromeHeadless --code-coverage --source-map=false
continue-on-error: true
# # SonarQube integration frontend
# - name: SonarQube Scan
# uses: sonarsource/[email protected]
# env:
# SONAR_HOST_URL: https://sonarcloud.io
# SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_TEST }}
docker-build-backend:
needs: [build-backend]
runs-on: ubuntu-22.04
timeout-minutes: 10
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4
- name: Setup Tools
uses: ./.github/actions/setup-tools
- name: Build Docker image
run: cd server && docker build -t strdss-backend -f Dockerfile .
- name: Tag Docker image
run: docker tag strdss-backend artifacts.developer.gov.bc.ca/sf4a-strdss/strdss-backend:latest
- name: Push Docker image to Artifactory
run: |
docker login artifacts.developer.gov.bc.ca -u ${{ secrets.JFROG_USERNAME }} -p ${{ secrets.JFROG_PASSWORD }}
docker push artifacts.developer.gov.bc.ca/sf4a-strdss/strdss-backend:latest
docker-build-frontend:
needs: [build-frontend]
runs-on: ubuntu-22.04
timeout-minutes: 10
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4
- name: Setup Tools
uses: ./.github/actions/setup-tools
- name: Render style_nonce
id: render_style_nonce
run: echo "::set-output name=style_nonce::$(echo -n ${{ github.sha }} | base64)"
- name: Build Docker image
run: cd frontend && docker build -t strdss-frontend -f Dockerfile .
- name: Tag Docker image
run: docker tag strdss-frontend artifacts.developer.gov.bc.ca/sf4a-strdss/strdss-frontend:latest
- name: Push Docker image to Artifactory
run: |
docker login artifacts.developer.gov.bc.ca -u ${{ secrets.JFROG_USERNAME }} -p ${{ secrets.JFROG_PASSWORD }}
docker push artifacts.developer.gov.bc.ca/sf4a-strdss/strdss-frontend:latest
deploy:
needs: [docker-build-frontend, docker-build-backend]
runs-on: ubuntu-22.04
timeout-minutes: 5
permissions:
contents: read
environment:
name: dev
url: https://dev-strdata.apps.silver.devops.gov.bc.ca/
steps:
- uses: actions/checkout@v4
- name: Authenticate and set context
uses: redhat-actions/[email protected]
with:
openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }}
openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
namespace: f4a30d-dev
insecure_skip_tls_verify: true
- name: Deploy apps with Helm chart
run: |
make upgrade \
NAMESPACE=f4a30d-dev \
NAME=strdss-dev \
ENV_NAME=dev \
IMAGE_TAG_FRONTEND=latest \
IMAGE_TAG_BACKEND=latest \
working-directory: ./helm/main
scan:
needs: [deploy]
runs-on: ubuntu-22.04
steps:
- name: Run ZAP Scan
uses: zaproxy/[email protected]
with:
target: 'https://dev-strdata.apps.advsol-ams.3j6z.p1.openshiftapps.com/'
env:
TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Fail build on any alerts
run: |
if grep -q "FAIL-NEW: 0" zap.out; then
echo "No new alerts found"
else
echo "New alerts found, failing build"
exit 1
fi