Merge pull request #1465 from DFE-Digital/renovate/selenium-webdriver… #1437
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI Checks | |
on: | |
pull_request: | |
push: | |
branches: | |
- main | |
jobs: | |
build-and-cache: | |
name: Build and cache image | |
runs-on: ubuntu-latest | |
steps: | |
- | |
name: Checkout | |
uses: actions/checkout@v4 | |
- | |
name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- | |
name: Build and cache | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: ./Dockerfile | |
build-args: RAILS_ENV=test | |
push: false | |
tags: complete-app:latest | |
cache-from: type=gha | |
cache-to: type=gha,mode=min | |
lint-and-format: | |
name: Linting and formatting | |
runs-on: ubuntu-latest | |
needs: build-and-cache | |
steps: | |
- | |
name: Checkout | |
uses: actions/checkout@v4 | |
- | |
name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- | |
name: Build and cache | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: ./Dockerfile | |
build-args: | | |
RAILS_ENV=test | |
push: false | |
load: true | |
tags: complete-app:latest | |
cache-from: type=gha | |
- | |
name: Run linters and formaters | |
run: | | |
docker run --rm complete-app:latest sh -c "bin/standardrb -f simple && bin/erblint --lint-all \ | |
&& yarn run lint:format && yarn run lint:js" | |
static-analysis: | |
name: Static analysis | |
runs-on: ubuntu-latest | |
needs: build-and-cache | |
steps: | |
- | |
name: Checkout | |
uses: actions/checkout@v4 | |
- | |
name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- | |
name: Build and cache | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: ./Dockerfile | |
build-args: | | |
RAILS_ENV=test | |
push: false | |
load: true | |
tags: complete-app:latest | |
cache-from: type=gha | |
- | |
name: Run Brakeman | |
run: | | |
docker run --rm complete-app:latest bin/brakeman | |
specs: | |
name: Specs and coverage | |
runs-on: ubuntu-latest | |
needs: build-and-cache | |
steps: | |
- | |
name: Checkout | |
uses: actions/checkout@v4 | |
- | |
name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- | |
name: Build and cache | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: ./Dockerfile | |
build-args: | | |
RAILS_ENV=test | |
push: false | |
load: true | |
tags: complete-app:latest | |
cache-from: type=gha | |
- | |
name: Run RSpec and Simplecov | |
run: | | |
docker compose -p complete-app -f docker-compose.checks.yml \ | |
run --name complete-app test bin/rspec | |
- | |
name: Grab coverage report from container | |
run: | |
docker cp complete-app:/srv/app/coverage/coverage.json coverage/coverage.json | |
- | |
name: Shutdown containers | |
run: docker compose -p complete-app down && docker compose -p complete-app rm | |
- | |
name: Upload coverage report | |
uses: actions/upload-artifact@v4 | |
with: | |
name: coverage-report | |
path: coverage/coverage.json | |
accessibility: | |
name: Accessibility | |
runs-on: ubuntu-latest | |
needs: build-and-cache | |
steps: | |
- | |
name: Checkout | |
uses: actions/checkout@v4 | |
- | |
name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- | |
name: Build and cache | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: ./Dockerfile | |
build-args: RAILS_ENV=test | |
push: false | |
load: true | |
tags: complete-app:latest | |
cache-from: type=gha | |
- | |
name: Run RSpec AXE tests | |
run: | | |
docker compose -p complete-app -f docker-compose.checks.yml \ | |
run -e NO_COVERAGE=true --rm test bin/rspec --tag accessibility spec/accessibility | |
sonarcloud: | |
name: SonarCloud | |
runs-on: ubuntu-latest | |
needs: specs | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: actions/download-artifact@v4 | |
with: | |
name: coverage-report | |
path: ./coverage | |
- name: Update coverage report paths | |
run: sed -i "s|/srv/app|/github/workspace|g" ./coverage/coverage.json | |
- name: SonarCloud Scan | |
uses: SonarSource/sonarcloud-github-action@master | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} |