Skip to content

Move Hardcoded Settings to vets-api - Part 1 #77112

Move Hardcoded Settings to vets-api - Part 1

Move Hardcoded Settings to vets-api - Part 1 #77112

Workflow file for this run

name: Code Checks
on:
push:
branches: [master]
pull_request:
types: [opened, reopened, synchronize]
permissions:
contents: read
checks: write
jobs:
linting_and_security:
name: Linting and Security
env:
BUNDLE_ENTERPRISE__CONTRIBSYS__COM: ${{ secrets.BUNDLE_ENTERPRISE__CONTRIBSYS__COM }}
permissions: write-all
runs-on: ubuntu-32-cores-latest
steps:
- uses: actions/checkout@v4
- uses: ruby/setup-ruby@1d0e911f615a112e322369596f10ee0b95b010ae # v1.183.0
with:
bundler-cache: true
- name: Remove Review label
if: github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'ready-for-backend-review')
uses: actions-ecosystem/action-remove-labels@v1
with:
number: ${{ github.event.pull_request.number }}
labels: |
ready-for-backend-review
- name: Run bundle-audit (checks gems for CVE issues)
run: bundle exec bundle-audit check --update --ignore CVE-2024-27456
- name: Run Rubocop
run: bundle exec rubocop --parallel --format github
- name: Run Brakeman
run: bundle exec brakeman --ensure-latest --confidence-level=2 --format github
- name: Add Lint Failure label
if: failure() && github.event_name == 'pull_request' && !contains(github.event.pull_request.labels.*.name, 'lint-failure')
uses: actions-ecosystem/action-add-labels@v1
with:
number: ${{ github.event.pull_request.number }}
labels: |
lint-failure
- name: Remove Lint Failure label
if: success() && github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'lint-failure')
uses: actions-ecosystem/action-remove-labels@v1
with:
number: ${{ github.event.pull_request.number }}
labels: |
lint-failure
tests:
name: Test
env:
BUNDLE_ENTERPRISE__CONTRIBSYS__COM: ${{ secrets.BUNDLE_ENTERPRISE__CONTRIBSYS__COM }}
CI: true
RAILS_ENV: test
TERM: xterm-256color
DOCKER_BUILDKIT: 1
COMPOSE_DOCKER_CLI_BUILD: 1
permissions: write-all
runs-on: ubuntu-32-cores-latest
steps:
- uses: actions/checkout@v4
- uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Configure AWS credentials
uses: aws-actions/[email protected]
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-gov-west-1
- name: Login to Amazon ECR
id: ecr-login
uses: aws-actions/[email protected]
with:
mask-password: true
- name: Setup Environment
run: |
echo "VETS_API_USER_ID=$(id -u)" >> $GITHUB_ENV
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Remove Review label
if: github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'ready-for-backend-review')
uses: actions-ecosystem/action-remove-labels@v1
with:
number: ${{ github.event.pull_request.number }}
labels: |
ready-for-backend-review
- name: Remove Test Passing label
if: github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'test-passing')
uses: actions-ecosystem/action-remove-labels@v1
with:
number: ${{ github.event.pull_request.number }}
labels: |
test-passing
- name: Build Docker Image
uses: docker/build-push-action@v6
env:
DOCKER_BUILD_SUMMARY: false
with:
build-args: |
BUNDLE_ENTERPRISE__CONTRIBSYS__COM=${{ env.BUNDLE_ENTERPRISE__CONTRIBSYS__COM }}
USER_ID=${{ env.VETS_API_USER_ID }}
context: .
push: false
load: true
tags: vets-api
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Setup Database
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
with:
timeout_minutes: 10
retry_wait_seconds: 3 # Seconds
max_attempts: 3
command: |
docker compose -f docker-compose.test.yml run web bash \
-c "CI=true RAILS_ENV=test DISABLE_BOOTSNAP=true bundle exec parallel_test -n 24 -e 'bin/rails db:reset'"
- name: Run Specs
timeout-minutes: 15
run: |
docker compose -f docker-compose.test.yml run web bash \
-c "CI=true DISABLE_BOOTSNAP=true bundle exec parallel_rspec spec/ modules/ -n 24 -o '--color --tty'"
- name: Upload Coverage Report
uses: actions/upload-artifact@v4
if: always()
with:
name: Coverage Report
path: coverage
include-hidden-files: true
- name: Upload Test Results
uses: actions/upload-artifact@v4
if: always()
with:
name: Test Results
path: log/*.xml
if-no-files-found: ignore
- name: Add Test Failure label
if: failure() && github.event_name == 'pull_request'
uses: actions-ecosystem/action-add-labels@v1
with:
number: ${{ github.event.pull_request.number }}
labels: |
test-failure
- name: Remove Test Failure label
if: success() && github.event_name == 'pull_request'
uses: actions-ecosystem/action-remove-labels@v1
with:
number: ${{ github.event.pull_request.number }}
labels: |
test-failure
- name: Add Test Passing label
if: success() && github.event_name == 'pull_request'
uses: actions-ecosystem/action-add-labels@v1
with:
number: ${{ github.event.pull_request.number }}
labels: |
test-passing
- name: Add omit-backend-approval label
if: |
github.event_name == 'pull_request' && github.event.pull_request.draft == false &&
(
contains(toJSON(github.event.pull_request.requested_teams.*.name), 'mobile') ||
contains(toJSON(github.event.pull_request.requested_teams.*.name), 'lighthouse') ||
contains(toJSON(github.event.pull_request.requested_teams.*.name), 'identity')
)
uses: actions-ecosystem/action-add-labels@v1
with:
number: ${{ github.event.pull_request.number }}
labels: |
omit-backend-approval
- name: Add require-backend-approval label
uses: actions-ecosystem/action-add-labels@v1
if: |
github.event_name == 'pull_request' && github.event.pull_request.draft == false &&
!contains(toJSON(github.event.pull_request.requested_teams.*.name), 'mobile') &&
!contains(toJSON(github.event.pull_request.requested_teams.*.name), 'lighthouse') &&
!contains(toJSON(github.event.pull_request.requested_teams.*.name), 'identity')
with:
number: ${{ github.event.pull_request.number }}
labels: |
require-backend-approval
- name: Add Review label
uses: actions-ecosystem/action-add-labels@v1
if: |
github.event_name == 'pull_request' && success() && github.event.pull_request.draft == false &&
!contains(github.event.pull_request.labels.*.name, 'code-health-failure') &&
!contains(github.event.pull_request.labels.*.name, 'codeowners-addition-failure') &&
!contains(github.event.pull_request.labels.*.name, 'codeowners-delete-failure') &&
!contains(github.event.pull_request.labels.*.name, 'lint-failure') &&
!contains(github.event.pull_request.labels.*.name, 'test-failure')
with:
number: ${{ github.event.pull_request.number }}
labels: |
ready-for-backend-review
publish_results:
name: Publish Test Results and Coverage
if: always()
needs: [tests]
permissions: write-all
runs-on: ubuntu-16-cores-latest
steps:
- uses: actions/download-artifact@v4
- name: Publish Test Results to GitHub
uses: EnricoMi/publish-unit-test-result-action@v2
if: always()
with:
check_name: Test Results
comment_mode: off
files: Test Results/*.xml
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Fix up coverage report to work with coverage-check-action
run: sed -i 's/"line"/"covered_percent"/g' 'Coverage Report/.last_run.json'
- name: Publish Coverage Report
uses: devmasx/[email protected]
if: hashFiles('Coverage Report/.last_run.json') != ''
with:
type: simplecov
result_path: Coverage Report/.last_run.json
min_coverage: 90
token: ${{ secrets.GITHUB_TOKEN }}