PYIC-7797: route failed + reverification journeys to use process-candidate-identity-lambda #9834
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build and test | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
types: | |
- opened | |
- reopened | |
- ready_for_review | |
- synchronize | |
env: | |
SAM_CLI_TELEMETRY: "0" | |
jobs: | |
pre-commit: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.11.2' | |
- uses: pre-commit/[email protected] | |
with: | |
extra_args: "detect-secrets --all-files" | |
test-node-delete-user-data: | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
defaults: | |
run: | |
working-directory: ./lambdas/delete-user-data | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
- name: Setup node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
cache: npm | |
cache-dependency-path: '**/package-lock.json' # Need this so it looks in lambdas/delete-user-data for the package-lock | |
- name: Install dependencies | |
run: npm ci | |
- name: Linting | |
run: npm run lint | |
- name: Unit tests | |
run: npm run test | |
test-java: | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '17' | |
distribution: 'adopt' | |
cache: gradle | |
- name: Cache SonarCloud packages | |
uses: actions/cache@v4 | |
with: | |
path: ~/.sonar/cache | |
key: ${{ runner.os }}-sonar | |
restore-keys: ${{ runner.os }}-sonar | |
- name: Cache Gradle packages | |
uses: actions/cache@v4 | |
with: | |
path: ~/.gradle/caches | |
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }} | |
restore-keys: ${{ runner.os }}-gradle | |
- name: Build and unit tests | |
run: ./gradlew clean build | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Perform Static Analysis | |
if: ${{ github.actor != 'dependabot[bot]' }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
run: ./gradlew sonar | |
api-test: | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
permissions: | |
id-token: write | |
packages: read | |
contents: read | |
defaults: | |
run: | |
working-directory: ./api-tests | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
cache: npm | |
cache-dependency-path: '**/package-lock.json' | |
- name: Setup .npmrc | |
run: | | |
cp .npmrc.template .npmrc && \ | |
sed -i s/GITHUB_PAT_WITH_READ:PACKAGES/${{ secrets.GITHUB_TOKEN }}/ .npmrc | |
- name: Install dependencies | |
run: npm ci | |
- name: Linting | |
run: npm run lint | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '17' | |
distribution: 'adopt' | |
cache: gradle | |
- name: Cache Gradle packages | |
uses: actions/cache@v4 | |
with: | |
path: ~/.gradle/caches | |
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }} | |
restore-keys: ${{ runner.os }}-gradle | |
- name: Calculate queue name | |
# SQS queue names have a max length of 80 and cannot contain special characters | |
run: | | |
branch_name=${{ github.head_ref || github.sha }} | |
queue_name=`echo $branch_name | sed 's/[^[:alnum:]-]/\_/g' | cut -c1-60` | |
echo "queue_name=stubQueue_branch_$queue_name" >> $GITHUB_OUTPUT | |
id: extract_queue_name | |
- name: Setup app secrets | |
run: | | |
cp ../local-running/core.local.secrets.template.yaml ../local-running/core.local.secrets.yaml && \ | |
sed -i s/CIMIT_API_KEY/${{ secrets.API_KEY_CIMIT }}/ ../local-running/core.local.secrets.yaml && \ | |
sed -i s/EVCS_API_KEY/${{ secrets.API_KEY_EVCS }}/ ../local-running/core.local.secrets.yaml && \ | |
sed -i s/ASYNC_QUEUE_API_KEY/${{ secrets.ASYNC_QUEUE_API_KEY }}/ ../local-running/core.local.secrets.yaml && \ | |
sed -i s/ASYNC_QUEUE_NAME/${{ steps.extract_queue_name.outputs.queue_name }}/ ../local-running/core.local.secrets.yaml && \ | |
sed -i s/TICF_API_KEY/${{ secrets.TICF_API_KEY }}/ ../local-running/core.local.secrets.yaml | |
sed -i s/DCMAW_ASYNC_SECRET/${{ secrets.DCMAW_ASYNC_SECRET }}/ ../local-running/core.local.secrets.yaml | |
- name: Local API tests | |
env: | |
ASYNC_QUEUE_NAME: ${{ steps.extract_queue_name.outputs.queue_name }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
MANAGEMENT_CIMIT_STUB_API_KEY: ${{ secrets.MANAGEMENT_CIMIT_STUB_API_KEY }} | |
EVCS_STUB_API_KEY: ${{ secrets.API_KEY_EVCS }} | |
CRI_STUB_GEN_CRED_API_KEY: ${{ secrets.CRI_STUB_GEN_CRED_API_KEY }} | |
MANAGEMENT_TICF_API_KEY: ${{ secrets.MANAGEMENT_TICF_API_KEY }} | |
CIMIT_INTERNAL_API_KEY: ${{ secrets.API_KEY_CIMIT }} | |
run: npm run test:ci | |
- name: Upload API test report | |
if: ${{ !cancelled() }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: API test report | |
path: api-tests/reports/ | |
retention-days: 7 | |
sam-build: | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '17' | |
distribution: 'adopt' | |
cache: gradle | |
- uses: aws-actions/setup-sam@v2 | |
with: | |
use-installer: true | |
- name: Cache Gradle packages | |
uses: actions/cache@v4 | |
with: | |
path: ~/.gradle/caches | |
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }} | |
restore-keys: ${{ runner.os }}-gradle | |
- run: sam build -t deploy/template.yaml | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |