Skip to content

Merge pull request #925 from 18F/audit-signatures-workflow #718

Merge pull request #925 from 18F/audit-signatures-workflow

Merge pull request #925 from 18F/audit-signatures-workflow #718

Workflow file for this run

name: CI workflow
on:
push:
pull_request:
jobs:
lint:
runs-on: ubuntu-latest
steps:
- name: Code checkout
uses: actions/checkout@v4
- name: Install node
uses: actions/setup-node@v4
with:
node-version-file: ".nvmrc"
cache: 'npm'
- name: Install node dependencies
run: npm ci
- name: Lint javascript
run: npm run lint
audit_dependencies:
runs-on: ubuntu-latest
steps:
- name: Code checkout
uses: actions/checkout@v4
- name: Install node
uses: actions/setup-node@v4
with:
node-version-file: ".nvmrc"
cache: 'npm'
- name: Install node dependencies
run: npm ci
- name: Validate npm package signatures
run: npm audit signatures
test:
needs:
- lint
- audit_dependencies
runs-on: ubuntu-latest
# Start Postgres as a service, wait until healthy. Uses latest Postgres version.
services:
postgres:
image: postgres:latest
env:
POSTGRES_DB: analytics_reporter_test
POSTGRES_USER: analytics
POSTGRES_PASSWORD: 123abc
ports:
- 5432:5432
options:
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
steps:
- name: Code checkout
uses: actions/checkout@v4
- name: Install node
uses: actions/setup-node@v4
with:
node-version-file: ".nvmrc"
cache: 'npm'
- name: Install node dependencies
run: npm ci
- name: Run tests
run: npm test
deploy_dev:
needs:
- lint
- audit_dependencies
- test
if: github.ref == 'refs/heads/develop'
uses: 18F/analytics-reporter/.github/workflows/deploy.yml@develop
with:
ANALYTICS_GA4_CALL_RETRY_COUNT: ${{ vars.ANALYTICS_GA4_CALL_RETRY_COUNT_DEV }}
ANALYTICS_KEY_FILE_NAME: ${{ vars.ANALYTICS_KEY_FILE_NAME }}
ANALYTICS_LOG_LEVEL: ${{ vars.ANALYTICS_LOG_LEVEL_DEV }}
ANALYTICS_REPORT_EMAIL: ${{ vars.ANALYTICS_REPORT_EMAIL }}
APP_NAME: ${{ vars.APP_NAME_DEV }}
CF_ORGANIZATION_NAME: ${{ vars.CF_ORGANIZATION_NAME }}
CF_SPACE_NAME: ${{ vars.CF_SPACE_NAME_DEV }}
DB_SERVICE_NAME: ${{ vars.DB_SERVICE_NAME_DEV }}
MESSAGE_QUEUE_DATABASE_NAME: ${{ vars.MESSAGE_QUEUE_DATABASE_NAME }}
MESSAGE_QUEUE_NAME: ${{ vars.MESSAGE_QUEUE_NAME }}
NEW_RELIC_APP_NAME: ${{ vars.NEW_RELIC_APP_NAME_DEV }}
PROXY_FQDN: ${{ vars.PROXY_FQDN_DEV }}
PROXY_PORT: ${{ vars.PROXY_PORT }}
S3_SERVICE_NAME: ${{ vars.S3_SERVICE_NAME_DEV }}
secrets:
ANALYTICS_CREDENTIALS: ${{ secrets.ANALYTICS_CREDENTIALS }}
CF_USERNAME: ${{ secrets.CF_USERNAME_DEV }}
CF_PASSWORD: ${{ secrets.CF_PASSWORD_DEV }}
GA4_CREDS: ${{ secrets.GA4_CREDS_DEV }}
NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY_DEV }}
PROXY_USERNAME: ${{ secrets.PROXY_USERNAME_DEV }}
PROXY_PASSWORD: ${{ secrets.PROXY_PASSWORD_DEV }}
deploy_stg:
needs:
- lint
- audit_dependencies
- test
if: github.ref == 'refs/heads/staging'
uses: 18F/analytics-reporter/.github/workflows/deploy.yml@develop
with:
ANALYTICS_GA4_CALL_RETRY_COUNT: ${{ vars.ANALYTICS_GA4_CALL_RETRY_COUNT_STG }}
ANALYTICS_KEY_FILE_NAME: ${{ vars.ANALYTICS_KEY_FILE_NAME }}
ANALYTICS_LOG_LEVEL: ${{ vars.ANALYTICS_LOG_LEVEL_STG }}
ANALYTICS_REPORT_EMAIL: ${{ vars.ANALYTICS_REPORT_EMAIL }}
APP_NAME: ${{ vars.APP_NAME_STG }}
CF_ORGANIZATION_NAME: ${{ vars.CF_ORGANIZATION_NAME }}
CF_SPACE_NAME: ${{ vars.CF_SPACE_NAME_STG }}
DB_SERVICE_NAME: ${{ vars.DB_SERVICE_NAME_STG }}
MESSAGE_QUEUE_DATABASE_NAME: ${{ vars.MESSAGE_QUEUE_DATABASE_NAME }}
MESSAGE_QUEUE_NAME: ${{ vars.MESSAGE_QUEUE_NAME }}
NEW_RELIC_APP_NAME: ${{ vars.NEW_RELIC_APP_NAME_STG }}
PROXY_FQDN: ${{ vars.PROXY_FQDN_STG }}
PROXY_PORT: ${{ vars.PROXY_PORT }}
S3_SERVICE_NAME: ${{ vars.S3_SERVICE_NAME_STG }}
secrets:
ANALYTICS_CREDENTIALS: ${{ secrets.ANALYTICS_CREDENTIALS }}
CF_USERNAME: ${{ secrets.CF_USERNAME_STG }}
CF_PASSWORD: ${{ secrets.CF_PASSWORD_STG }}
GA4_CREDS: ${{ secrets.GA4_CREDS_STG }}
NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY_STG }}
PROXY_USERNAME: ${{ secrets.PROXY_USERNAME_STG }}
PROXY_PASSWORD: ${{ secrets.PROXY_PASSWORD_STG }}
deploy_prd:
needs:
- lint
- audit_dependencies
- test
if: github.ref == 'refs/heads/master'
uses: 18F/analytics-reporter/.github/workflows/deploy.yml@develop
with:
ANALYTICS_GA4_CALL_RETRY_COUNT: ${{ vars.ANALYTICS_GA4_CALL_RETRY_COUNT_PRD }}
ANALYTICS_KEY_FILE_NAME: ${{ vars.ANALYTICS_KEY_FILE_NAME }}
ANALYTICS_LOG_LEVEL: ${{ vars.ANALYTICS_LOG_LEVEL_PRD }}
ANALYTICS_REPORT_EMAIL: ${{ vars.ANALYTICS_REPORT_EMAIL }}
APP_NAME: ${{ vars.APP_NAME_PRD }}
CF_ORGANIZATION_NAME: ${{ vars.CF_ORGANIZATION_NAME }}
CF_SPACE_NAME: ${{ vars.CF_SPACE_NAME_PRD }}
DB_SERVICE_NAME: ${{ vars.DB_SERVICE_NAME_PRD }}
MESSAGE_QUEUE_DATABASE_NAME: ${{ vars.MESSAGE_QUEUE_DATABASE_NAME }}
MESSAGE_QUEUE_NAME: ${{ vars.MESSAGE_QUEUE_NAME }}
NEW_RELIC_APP_NAME: ${{ vars.NEW_RELIC_APP_NAME_PRD }}
PROXY_FQDN: ${{ vars.PROXY_FQDN_PRD }}
PROXY_PORT: ${{ vars.PROXY_PORT }}
S3_SERVICE_NAME: ${{ vars.S3_SERVICE_NAME_PRD }}
secrets:
ANALYTICS_CREDENTIALS: ${{ secrets.ANALYTICS_CREDENTIALS }}
CF_USERNAME: ${{ secrets.CF_USERNAME_PRD }}
CF_PASSWORD: ${{ secrets.CF_PASSWORD_PRD }}
GA4_CREDS: ${{ secrets.GA4_CREDS_PRD }}
NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY_PRD }}
PROXY_USERNAME: ${{ secrets.PROXY_USERNAME_PRD }}
PROXY_PASSWORD: ${{ secrets.PROXY_PASSWORD_PRD }}