Skip to content

CCM-14499: Pinning all GitHub Actions to SHAs #1

CCM-14499: Pinning all GitHub Actions to SHAs

CCM-14499: Pinning all GitHub Actions to SHAs #1

Workflow file for this run

name: "Test stage"
on:
workflow_call:
inputs:
build_datetime:
description: "Build datetime, set by the CI/CD pipeline workflow"
required: true
type: string
build_timestamp:
description: "Build timestamp, set by the CI/CD pipeline workflow"
required: true
type: string
build_epoch:
description: "Build epoch, set by the CI/CD pipeline workflow"
required: true
type: string
nodejs_version:
description: "Node.js version, set by the CI/CD pipeline workflow"
required: true
type: string
python_version:
description: "Python version, set by the CI/CD pipeline workflow"
required: true
type: string
terraform_version:
description: "Terraform version, set by the CI/CD pipeline workflow"
required: true
type: string
version:
description: "Version of the software, set by the CI/CD pipeline workflow"
required: true
type: string
env:
AWS_REGION: eu-west-2
TERM: xterm-256color
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
packages: read # This is required for downloading from GitHub Package Registry
jobs:
check-generated-dependencies:
name: "Check generated dependencies"
runs-on: ubuntu-latest
timeout-minutes: 5
steps:

Check failure on line 49 in .github/workflows/stage-2-test.yaml

View workflow run for this annotation

GitHub Actions / .github/workflows/stage-2-test.yaml

Invalid workflow file

You have an error in your yaml syntax on line 49
- name: "Checkout code"
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 - name: Setup NodeJS
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with:
node-version: ${{ inputs.nodejs_version }}
registry-url: "https://npm.pkg.github.com"
- name: "Cache node_modules"
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 with:
path: |
**/node_modules
key: ${{ runner.os }}-node-${{ inputs.nodejs_version }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-${{ inputs.nodejs_version }}-
- name: "Repo setup"
uses: ./.github/actions/node-install
with:
node-version: ${{ inputs.nodejs_version }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: "Generate dependencies"
run: |
npm run generate-dependencies --workspaces --if-present
git diff --exit-code
test-unit:
name: "Unit tests"
runs-on: ubuntu-latest
timeout-minutes: 5
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: "Checkout code"
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 - name: Setup NodeJS
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with:
node-version: ${{ inputs.nodejs_version }}
registry-url: "https://npm.pkg.github.com"
- name: "Cache node_modules"
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 with:
path: |
**/node_modules
key: ${{ runner.os }}-node-${{ inputs.nodejs_version }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-${{ inputs.nodejs_version }}-
- name: "Repo setup"
uses: ./.github/actions/node-install
with:
node-version: ${{ inputs.nodejs_version }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: "Generate dependencies"
run: |
npm run generate-dependencies --workspaces --if-present
- name: "Run unit test suite"
run: |
make test-unit
- name: "Save the result of fast test suite"
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with:
name: unit-tests
path: "**/.reports/unit"
include-hidden-files: true
if: always()
- name: "Save the result of code coverage"
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with:
name: code-coverage-report
path: ".reports/lcov.info"
test-pact:
name: "Pact tests"
runs-on: ubuntu-latest
timeout-minutes: 5
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
permissions:
packages: write
contents: read
steps:
- name: "Checkout code"
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 - name: "Cache node_modules"
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 with:
path: |
**/node_modules
key: ${{ runner.os }}-node-${{ inputs.nodejs_version }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-${{ inputs.nodejs_version }}-
- name: "Repo setup"
uses: ./.github/actions/node-install
with:
node-version: ${{ inputs.nodejs_version }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: "Generate dependencies"
run: npm run generate-dependencies --workspaces --if-present
- name: "Run PACT tests"
run: npm run test:pact --workspace tests
- name: Publish Pact Contracts
run: ./scripts/publish-pact-contracts.sh
test-lint:
name: "Linting"
runs-on: ubuntu-latest
timeout-minutes: 5
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: "Checkout code"
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 - name: Setup NodeJS
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with:
node-version: ${{ inputs.nodejs_version }}
registry-url: "https://npm.pkg.github.com"
- name: "Cache node_modules"
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 with:
path: |
**/node_modules
key: ${{ runner.os }}-node-${{ inputs.nodejs_version }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-${{ inputs.nodejs_version }}-
- name: "Repo setup"
uses: ./.github/actions/node-install
with:
node-version: ${{ inputs.nodejs_version }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: "Generate dependencies"
run: |
npm run generate-dependencies --workspaces --if-present
- name: "Run linting"
run: |
make test-lint
test-typecheck:
name: "Typecheck"
runs-on: ubuntu-latest
timeout-minutes: 5
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: "Checkout code"
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 - name: Setup NodeJS
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with:
node-version: ${{ inputs.nodejs_version }}
registry-url: "https://npm.pkg.github.com"
- name: "Cache node_modules"
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 with:
path: |
**/node_modules
key: ${{ runner.os }}-node-${{ inputs.nodejs_version }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-${{ inputs.nodejs_version }}-
- name: "Repo setup"
uses: ./.github/actions/node-install
with:
node-version: ${{ inputs.nodejs_version }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: "Generate dependencies"
run: |
npm run generate-dependencies --workspaces --if-present
- name: "Run typecheck"
run: |
make test-typecheck
test-coverage:
name: "Test coverage"
needs: [test-unit]
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- name: "Checkout code"
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 - name: "Run test coverage check"
run: |
make test-coverage
- name: "Save the coverage check result"
run: |
echo "Nothing to save"
perform-static-analysis:
name: "Perform static analysis"
needs: [test-unit]
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
timeout-minutes: 5
steps:
- name: "Checkout code"
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 with:
fetch-depth: 0 # Full history is needed to improving relevancy of reporting
- name: "Download coverage report for SONAR"
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 with:
name: code-coverage-report
- name: "Perform static analysis"
uses: NHSDigital/nhs-notify-shared-modules/.github/actions/perform-static-analysis@3.0.8
with:
sonar_organisation_key: "${{ vars.SONAR_ORGANISATION_KEY }}"
sonar_project_key: "${{ vars.SONAR_PROJECT_KEY }}"
sonar_token: "${{ secrets.SONAR_TOKEN }}"