CCM-14499: Pinning all GitHub Actions to SHAs #1
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Test stage" | ||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| build_datetime: | ||
| description: "Build datetime, set by the CI/CD pipeline workflow" | ||
| required: true | ||
| type: string | ||
| build_timestamp: | ||
| description: "Build timestamp, set by the CI/CD pipeline workflow" | ||
| required: true | ||
| type: string | ||
| build_epoch: | ||
| description: "Build epoch, set by the CI/CD pipeline workflow" | ||
| required: true | ||
| type: string | ||
| nodejs_version: | ||
| description: "Node.js version, set by the CI/CD pipeline workflow" | ||
| required: true | ||
| type: string | ||
| python_version: | ||
| description: "Python version, set by the CI/CD pipeline workflow" | ||
| required: true | ||
| type: string | ||
| terraform_version: | ||
| description: "Terraform version, set by the CI/CD pipeline workflow" | ||
| required: true | ||
| type: string | ||
| version: | ||
| description: "Version of the software, set by the CI/CD pipeline workflow" | ||
| required: true | ||
| type: string | ||
| env: | ||
| AWS_REGION: eu-west-2 | ||
| TERM: xterm-256color | ||
| permissions: | ||
| id-token: write # This is required for requesting the JWT | ||
| contents: read # This is required for actions/checkout | ||
| packages: read # This is required for downloading from GitHub Package Registry | ||
| jobs: | ||
| check-generated-dependencies: | ||
| name: "Check generated dependencies" | ||
| runs-on: ubuntu-latest | ||
| timeout-minutes: 5 | ||
| steps: | ||
| - name: "Checkout code" | ||
| uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 - name: Setup NodeJS | ||
| uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: | ||
| node-version: ${{ inputs.nodejs_version }} | ||
| registry-url: "https://npm.pkg.github.com" | ||
| - name: "Cache node_modules" | ||
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 with: | ||
| path: | | ||
| **/node_modules | ||
| key: ${{ runner.os }}-node-${{ inputs.nodejs_version }}-${{ hashFiles('**/package-lock.json') }} | ||
| restore-keys: | | ||
| ${{ runner.os }}-node-${{ inputs.nodejs_version }}- | ||
| - name: "Repo setup" | ||
| uses: ./.github/actions/node-install | ||
| with: | ||
| node-version: ${{ inputs.nodejs_version }} | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: "Generate dependencies" | ||
| run: | | ||
| npm run generate-dependencies --workspaces --if-present | ||
| git diff --exit-code | ||
| test-unit: | ||
| name: "Unit tests" | ||
| runs-on: ubuntu-latest | ||
| timeout-minutes: 5 | ||
| env: | ||
| NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| steps: | ||
| - name: "Checkout code" | ||
| uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 - name: Setup NodeJS | ||
| uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: | ||
| node-version: ${{ inputs.nodejs_version }} | ||
| registry-url: "https://npm.pkg.github.com" | ||
| - name: "Cache node_modules" | ||
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 with: | ||
| path: | | ||
| **/node_modules | ||
| key: ${{ runner.os }}-node-${{ inputs.nodejs_version }}-${{ hashFiles('**/package-lock.json') }} | ||
| restore-keys: | | ||
| ${{ runner.os }}-node-${{ inputs.nodejs_version }}- | ||
| - name: "Repo setup" | ||
| uses: ./.github/actions/node-install | ||
| with: | ||
| node-version: ${{ inputs.nodejs_version }} | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: "Generate dependencies" | ||
| run: | | ||
| npm run generate-dependencies --workspaces --if-present | ||
| - name: "Run unit test suite" | ||
| run: | | ||
| make test-unit | ||
| - name: "Save the result of fast test suite" | ||
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: | ||
| name: unit-tests | ||
| path: "**/.reports/unit" | ||
| include-hidden-files: true | ||
| if: always() | ||
| - name: "Save the result of code coverage" | ||
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: | ||
| name: code-coverage-report | ||
| path: ".reports/lcov.info" | ||
| test-pact: | ||
| name: "Pact tests" | ||
| runs-on: ubuntu-latest | ||
| timeout-minutes: 5 | ||
| env: | ||
| NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| permissions: | ||
| packages: write | ||
| contents: read | ||
| steps: | ||
| - name: "Checkout code" | ||
| uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 - name: "Cache node_modules" | ||
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 with: | ||
| path: | | ||
| **/node_modules | ||
| key: ${{ runner.os }}-node-${{ inputs.nodejs_version }}-${{ hashFiles('**/package-lock.json') }} | ||
| restore-keys: | | ||
| ${{ runner.os }}-node-${{ inputs.nodejs_version }}- | ||
| - name: "Repo setup" | ||
| uses: ./.github/actions/node-install | ||
| with: | ||
| node-version: ${{ inputs.nodejs_version }} | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: "Generate dependencies" | ||
| run: npm run generate-dependencies --workspaces --if-present | ||
| - name: "Run PACT tests" | ||
| run: npm run test:pact --workspace tests | ||
| - name: Publish Pact Contracts | ||
| run: ./scripts/publish-pact-contracts.sh | ||
| test-lint: | ||
| name: "Linting" | ||
| runs-on: ubuntu-latest | ||
| timeout-minutes: 5 | ||
| env: | ||
| NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| steps: | ||
| - name: "Checkout code" | ||
| uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 - name: Setup NodeJS | ||
| uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: | ||
| node-version: ${{ inputs.nodejs_version }} | ||
| registry-url: "https://npm.pkg.github.com" | ||
| - name: "Cache node_modules" | ||
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 with: | ||
| path: | | ||
| **/node_modules | ||
| key: ${{ runner.os }}-node-${{ inputs.nodejs_version }}-${{ hashFiles('**/package-lock.json') }} | ||
| restore-keys: | | ||
| ${{ runner.os }}-node-${{ inputs.nodejs_version }}- | ||
| - name: "Repo setup" | ||
| uses: ./.github/actions/node-install | ||
| with: | ||
| node-version: ${{ inputs.nodejs_version }} | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: "Generate dependencies" | ||
| run: | | ||
| npm run generate-dependencies --workspaces --if-present | ||
| - name: "Run linting" | ||
| run: | | ||
| make test-lint | ||
| test-typecheck: | ||
| name: "Typecheck" | ||
| runs-on: ubuntu-latest | ||
| timeout-minutes: 5 | ||
| env: | ||
| NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| steps: | ||
| - name: "Checkout code" | ||
| uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 - name: Setup NodeJS | ||
| uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: | ||
| node-version: ${{ inputs.nodejs_version }} | ||
| registry-url: "https://npm.pkg.github.com" | ||
| - name: "Cache node_modules" | ||
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 with: | ||
| path: | | ||
| **/node_modules | ||
| key: ${{ runner.os }}-node-${{ inputs.nodejs_version }}-${{ hashFiles('**/package-lock.json') }} | ||
| restore-keys: | | ||
| ${{ runner.os }}-node-${{ inputs.nodejs_version }}- | ||
| - name: "Repo setup" | ||
| uses: ./.github/actions/node-install | ||
| with: | ||
| node-version: ${{ inputs.nodejs_version }} | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: "Generate dependencies" | ||
| run: | | ||
| npm run generate-dependencies --workspaces --if-present | ||
| - name: "Run typecheck" | ||
| run: | | ||
| make test-typecheck | ||
| test-coverage: | ||
| name: "Test coverage" | ||
| needs: [test-unit] | ||
| runs-on: ubuntu-latest | ||
| timeout-minutes: 5 | ||
| steps: | ||
| - name: "Checkout code" | ||
| uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 - name: "Run test coverage check" | ||
| run: | | ||
| make test-coverage | ||
| - name: "Save the coverage check result" | ||
| run: | | ||
| echo "Nothing to save" | ||
| perform-static-analysis: | ||
| name: "Perform static analysis" | ||
| needs: [test-unit] | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| id-token: write | ||
| contents: read | ||
| timeout-minutes: 5 | ||
| steps: | ||
| - name: "Checkout code" | ||
| uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 with: | ||
| fetch-depth: 0 # Full history is needed to improving relevancy of reporting | ||
| - name: "Download coverage report for SONAR" | ||
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 with: | ||
| name: code-coverage-report | ||
| - name: "Perform static analysis" | ||
| uses: NHSDigital/nhs-notify-shared-modules/.github/actions/perform-static-analysis@3.0.8 | ||
| with: | ||
| sonar_organisation_key: "${{ vars.SONAR_ORGANISATION_KEY }}" | ||
| sonar_project_key: "${{ vars.SONAR_PROJECT_KEY }}" | ||
| sonar_token: "${{ secrets.SONAR_TOKEN }}" | ||