dvsa · awshuss · Nov 10, 2023 · Nov 16, 2023 · Nov 16, 2023 · Nov 21, 2023
diff --git a/.github/actions/build-iuweb/README.md b/.github/actions/build-iuweb/README.md
@@ -0,0 +1,17 @@
+# Build Internal Web Artifact
+Action to build Internal Web artifact
+
+####  Prerequisites
+Git checkout
+
+####  Context
+This action allows the workflow to build Internal Web artifact
+
+####  Outputs
+N/A
+
+####  Usage
+```yaml
+- name: Build Internal Web artifact
+  uses: dvsa/olcs-internal/.github/actions/build-iuweb@main
+```
diff --git a/.github/actions/build-iuweb/action.yaml b/.github/actions/build-iuweb/action.yaml
@@ -0,0 +1,26 @@
+name: Build VOL IUWEB FE
+description: Build VOL IUWEB FE
+
+runs:
+  using: 'composite'
+  steps:
+
+    - name: Download the compose file
+      run: |
+        php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
+        php composer-setup.php --install-dir=/usr/local/bin --filename=composer
+        php -r "unlink('composer-setup.php');"
+      shell: bash
+
+    - name: Install Composer dependencies
+      run: |
+       composer install --optimize-autoloader --no-interaction --no-dev
+      shell: bash
+
+    - name: Build VOL IUWEB FE
+      run: |
+        date > config/version
+        git describe --all >> config/version
+        tar cvzf iuweb.tar.gz --exclude=config/autoload/local.php \
+          --exclude=config/autoload/local.php.dist composer.lock init_autoloader.php config module public data/autoload data/cache vendor
+      shell: bash
diff --git a/.github/actions/build-static/action.yaml b/.github/actions/build-static/action.yaml
@@ -0,0 +1,51 @@
+
+name: Build olcs static asset
+description: Build olcs static asset
+
+
+runs:
+    using: 'composite'
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+        with:
+          repository: ${{ inputs.checkout-repo }}
+
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: ${{ inputs.node-version }}
+
+      # - name: Setup Python
+      #   uses: actions/setup-python@v2
+      #   with:
+      #     python-version: ${{ inputs.python-version }}
+
+      - name: python alias
+        run: alias python=python3
+        shell: bash
+
+      - name: Install dependencies
+        run: |
+          npm install -g npm@${{ inputs.npm-version }}
+          npm install
+        shell: bash
+
+      - name: build static content
+        run: |
+          npm run build:container
+        shell: bash
+
+      - name: Build olcs static
+        run: |
+          mkdir -p static
+          mv public static
+        shell: bash
+
+      - name: upload staic artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: olcs-static-artifact
+          path: ./static
+          retention-days: 1
diff --git a/.github/workflows/non-prod-internal-web-build-deploy.yaml b/.github/workflows/non-prod-internal-web-build-deploy.yaml
@@ -0,0 +1,266 @@
+name: CI/CD NON PROD INTERNAL WEB
+run-name: CI/CD NON PROD INTERNAL WEB
+
+on:
+  pull_request:
+  push:
+    branches:
+      - master
+
+env:
+  AWS_REGION : ${{ vars.DVSA_AWS_REGION }}
+  IUWEB_NONPROD_TOOLING_REPO_URL: ${{ secrets.IUWEB_NONPROD_TOOLING_ECR_REPO_URL }}
+  AWS_ACCOUNT_ID_SHAREDCOREECR: ${{ vars.AWS_ACCOUNT_ID_SHAREDCOREECR }}
+
+# Permission can be added at job level or workflow level
+permissions:
+  id-token: write   # This is required for requesting the JWT
+  contents: read    # This is required for actions/checkout
+
+jobs:
+
+  # security:
+  #   uses: dvsa/.github/.github/workflows/[email protected]
+  #   secrets:
+  #     SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+
+  # static-analysis:
+  #   uses: dvsa/.github/.github/workflows/[email protected]
+  #   # with:
+  #   #   php-version: '7.4'
+
+  # tests:
+  #   uses: dvsa/.github/.github/workflows/[email protected]
+  #   with:
+  #     php-versions: "[\"7.4\"]"
+  #     # fail-fast: false
+
+  unit-tests:
+
+    name: Run Unit Tests
+    runs-on: ubuntu-latest
+
+    steps:
+
+    - name: Checkout the repository to this runner
+      uses: actions/checkout@v3
+
+    - name: Run unit tests
+      run: |
+       echo 'Run unit tests'
+       ls -la ./
+
+  build-test-push-sign-image:
+
+    name: Build, Push & Sign Image
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        php: 
+        - '7.4'
+
+    steps:
+
+    - name: build olcs static container
+      uses: dvsa/olcs-internal/.github/actions/build-static@feature/AddWorkflows
+      with:
+          checkout-repo: 'dvsa/olcs-static'
+          npm-version: '6'
+          python-version: '2.7'
+          node-version: '14'
+
+    - name: Checkout the repository to this runner
+      uses: actions/checkout@v3
+
+    - uses: actions/download-artifact@v3
+      with:
+        name: olcs-static-artifact
+        path: static
+
+    - name: Setup PHP
+      uses: shivammathur/setup-php@v2
+      with:
+        php-version: ${{ matrix.php }}
+        tools: composer:v2
+        coverage: none
+
+    - name: Build Internal Web artifact
+      uses: dvsa/olcs-internal/.github/actions/build-iuweb@feature/AddWorkflows
+
+    - name: Set BASE_IMAGE & IUWEB_IMAGE_TAG
+      run: |
+        envsubst < dockerfile | tee dockerfile.tmp
+        mv dockerfile.tmp dockerfile
+        BASE_IMAGE=$(head -n1 dockerfile)
+        echo "BASE_IMAGE=${BASE_IMAGE#* }" >> $GITHUB_ENV
+        echo "IUWEB_IMAGE_TAG=approved-iuweb-${BASE_IMAGE#*:}-$(git rev-parse --short HEAD)" >> $GITHUB_ENV
+
+    - name: Configure AWS credentials on Shared Core ECR
+      uses: aws-actions/[email protected]
+      with:
+        role-to-assume: ${{ secrets.DVSA_AWS_ROLE_SHAREDCORECR }}
+        role-session-name: GitHub_to_AWS_via_FederatedOIDC
+        aws-region: ${{ env.AWS_REGION }}
+
+    - name: Login to Shared Core ECR
+      id: login-ecr-sharedcoreecr
+      uses: aws-actions/[email protected]
+
+    - name: Verify base image
+      uses: dvsa/.github/.github/actions/image-integrity@feature/AddMiscAuxilaryWorkflows
+      with:
+        ecr_tagged_image: $BASE_IMAGE
+        image_sign_inspect: 'true'
+
+    - name: Build Internal Web image
+      run: |
+        docker build -t ${IUWEB_NONPROD_TOOLING_REPO_URL}:${IUWEB_IMAGE_TAG} \
+          --build-arg DVSA_AWS_SHAREDCOREECR_ID=${{ env.AWS_ACCOUNT_ID_SHAREDCOREECR }} .
+
+    - name: Snyk scan Internal Web image
+      id: scan-api-image
+      uses: snyk/actions/docker@master
+      env:
+        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+      with:
+        image: ${IUWEB_NONPROD_TOOLING_REPO_URL}:${IUWEB_IMAGE_TAG}
+        args: --file=dockerfile --severity-threshold=critical
+      continue-on-error: true
+
+    - name: Configure AWS credentials on Non Production IUWEB ECR
+      uses: aws-actions/[email protected]
+      with:
+        role-to-assume: ${{ secrets.VOL_AWS_ROLE_TOOLING_NONPROD }}
+        role-session-name: GitHub_to_AWS_via_FederatedOIDC
+        aws-region: ${{ env.AWS_REGION }}
+
+    - name: Login to Non Production IUWEB ECR
+      id: login-ecr-iuweb-tooling-non-prod
+      uses: aws-actions/[email protected]
+
+    - name: Push Internal Web image
+      # if: github.ref == 'refs/heads/master'
+      id: push-image
+      run: |
+        echo "image_tag=${IUWEB_IMAGE_TAG}" >> $GITHUB_OUTPUT
+        docker push ${IUWEB_NONPROD_TOOLING_REPO_URL}:${IUWEB_IMAGE_TAG}
+
+    - name: Sign Internal Web image
+      # if: github.ref == 'refs/heads/master'
+      uses: dvsa/.github/.github/actions/image-integrity@feature/AddMiscAuxilaryWorkflows
+      with:
+        aws_signer_profile_arn: ${{ secrets.DVSA_AWS_IUWEB_NONPROD_TOOLING_IMAGE_SIGNING_PROFILE }}
+        ecr_tagged_image: ${IUWEB_NONPROD_TOOLING_REPO_URL}:${IUWEB_IMAGE_TAG}
+        image_sign_create: 'true'
+
+    # - name: Release Internal Web
+    #   uses: google-github-actions/release-please-action@v3
+    #   id: release
+    #   with:
+    #     release-type: php
+    #     package-name: ${{ github.event.repository.name }}
+
+    outputs:
+      image_tag: ${{ steps.push-image.outputs.image_tag }}
+
+  # deploy-on-non-prod-cluster:
+
+  #   name: Deploy on Non Prod Cluster
+  #   # if: github.ref == 'refs/heads/master'
+
+  #   needs:
+  #   - unit-tests
+  #   # - security
+  #   # - static-analysis
+  #   # - tests
+  #   -  build-test-push-sign-image
+
+  #   runs-on: ubuntu-latest
+
+  #   steps:
+
+  #   - name: Deploy
+  #     run: |
+  #      echo 'Deploy on Non Prod'
+
+  #   # uses: dvsa/.github/.github/workflows/trigger-github-workflow.yaml@feature/AddMiscAuxilaryWorkflows
+  #   # with:
+  #   #   branch: 'feature/AWSRESET1-514'
+  #   #   git_repository: 'dvsa/dvsa-container-registry'
+  #   #   workflow_name: 'CD NON PROD INTERNAL WEB'
+  #   #   input_arguments: 'iuweb_image_tag=${{ needs.build-test-push-sign-image.outputs.image_tag }}'
+  #   # secrets:
+  #   #   gh_token: ${{ secrets.DVSA_VOL_TERRAFORM_ACCESS_TOKEN }}
+
+  # automation-tests:
+
+  #   name: Run Automation Tests
+  #   # if: github.ref == 'refs/heads/master'
+  #   runs-on: ubuntu-latest
+
+  #   needs:
+  #   - deploy-on-non-prod-cluster
+
+  #   steps:
+
+  #   - name: Run automation tests
+  #     run: |
+  #      echo 'Run automation tests'
+
+  # build-nonprod-approved-image:
+
+  #   name: Build Non PROD Approved Image
+  #   # if: github.ref == 'refs/heads/master'
+  #   runs-on: ubuntu-latest
+
+  #   needs:
+  #   - build-test-push-sign-image
+  #   - deploy-on-non-prod-cluster
+  #   - automation-tests
+
+  #   steps:
+
+  #   - name: IUWEB_IMAGE_TAG & NONPROD_IUWEB_IMAGE_TAG
+  #     run: |
+  #       echo "IUWEB_IMAGE_TAG=${{ needs.build-test-push-sign-image.outputs.image_tag }}" >> $GITHUB_ENV
+  #       echo "NONPROD_IUWEB_IMAGE_TAG=nonprod-${{ needs.build-test-push-sign-image.outputs.image_tag }}" >> $GITHUB_ENV
+
+  #   - name: Configure AWS credentials on Non Production IUWEB ECR
+  #     uses: aws-actions/[email protected]
+  #     with:
+  #       role-to-assume: ${{ secrets.VOL_AWS_ROLE_TOOLING_NONPROD }}
+  #       role-session-name: GitHub_to_AWS_via_FederatedOIDC
+  #       aws-region: ${{ env.AWS_REGION }}
+
+  #   - name: Login to Non Production IUWEB ECR
+  #     id: login-ecr-iuweb-tooling-non-prod
+  #     uses: aws-actions/[email protected]
+
+  #   - name: Push Internal Web image
+  #     # if: github.ref == 'refs/heads/master'
+  #     id: push-approved-image
+  #     run: |
+  #       echo "approved_image_tag=${NONPROD_IUWEB_IMAGE_TAG}" >> $GITHUB_OUTPUT
+  #       docker pull ${IUWEB_NONPROD_TOOLING_REPO_URL}:${IUWEB_IMAGE_TAG}
+  #       docker tag ${IUWEB_NONPROD_TOOLING_REPO_URL}:${IUWEB_IMAGE_TAG} ${IUWEB_NONPROD_TOOLING_REPO_URL}:${NONPROD_IUWEB_IMAGE_TAG}
+  #       docker push ${IUWEB_NONPROD_TOOLING_REPO_URL}:${NONPROD_IUWEB_IMAGE_TAG}
+
+  #   outputs:
+  #     approved_image_tag: ${{ steps.push-approved-image.outputs.approved_image_tag }}
+
+  # qa-approval:
+
+  #   name: QA Internal Web Image Approval
+  #   # if: github.ref == 'refs/heads/master'
+
+  #   needs:
+  #   -  build-nonprod-approved-image
+
+  #   uses: dvsa/.github/.github/workflows/trigger-github-workflow.yaml@feature/AddMiscAuxilaryWorkflows
+  #   with:
+  #     branch: 'feature/AddWorkflows'
+  #     git_repository: 'dvsa/olcs-internal'
+  #     workflow_name: 'qa-internal-web-approval.yaml'
+  #     input_arguments: 'iuweb_image_tag=${{ needs.build-nonprod-approved-image.outputs.approved_image_tag }}'
+  #   secrets:
+  #     gh_token: ${{ secrets.DVSA_VOL_TERRAFORM_ACCESS_TOKEN }}