feat: github action to run otp provider unit tests (#447) #25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Create and publish Otp Provider Docker image | |
| on: | |
| push: | |
| branches: | |
| - 'dev' | |
| env: | |
| IMAGE_NAME: bcgov-sso/otp-provider | |
| TF_VERSION: 1.2.0 | |
| jobs: | |
| build-and-push-image: | |
| permissions: write-all | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Set env to development | |
| if: (github.ref == 'refs/heads/dev' && github.event_name == 'push') | |
| run: | | |
| cat >> $GITHUB_ENV <<EOF | |
| APP_ENV=development | |
| APP_URL=https://otp-sandbox.loginproxy.gov.bc.ca | |
| TF_STATE_BUCKET=xgr00q-dev-sso-otp-provider | |
| TF_STATE_BUCKET_KEY=sso-otp-provider.tfstate | |
| TF_STATE_DYNAMODB_TABLE=xgr00q-dev-otp-state-locking | |
| CUSTOM_DOMAIN_NAME=otp-sandbox.loginproxy.gov.bc.ca | |
| CORS_ORIGINS=https://dev.sandbox.loginproxy.gov.bc.ca,https://test.sandbox.loginproxy.gov.bc.ca,https://sandbox.loginproxy.gov.bc.ca,https://sso-playground.apps.gold.devops.gov.bc.ca | |
| NODE_ENV=production | |
| HASH_SALT=${{ secrets.DEV_HASH_SALT }} | |
| EOF | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - uses: hashicorp/setup-terraform@v3 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.DEV_OTP_TF_DEPLOY_ROLE_ARN }} | |
| aws-region: ca-central-1 | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Build, tag, and push docker image to Amazon ECR | |
| env: | |
| REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| REPOSITORY: ${{ env.IMAGE_NAME }} | |
| IMAGE_TAG: latest | |
| run: | | |
| echo "Building and pushing Docker image to ECR..." | |
| docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG . | |
| docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG | |
| working-directory: ./docker/otp-provider | |
| - name: Terraform Variables | |
| run: | | |
| cat >"config.tf" <<EOF | |
| terraform { | |
| backend "s3" { | |
| bucket = "${{ env.TF_STATE_BUCKET }}" | |
| key = "${{ env.TF_STATE_BUCKET_KEY }}" | |
| region = "ca-central-1" | |
| dynamodb_table = "${{ env.TF_STATE_DYNAMODB_TABLE }}" | |
| } | |
| } | |
| EOF | |
| cat >"ci.auto.tfvars" <<EOF | |
| aws_ecr_uri="${{ steps.login-ecr.outputs.registry }}" | |
| ches_username="${{ secrets.CHES_USERNAME }}" | |
| ches_password="${{ secrets.CHES_PASSWORD }}" | |
| custom_domain_name="${{ env.CUSTOM_DOMAIN_NAME }}" | |
| cors_origins="${{ env.CORS_ORIGINS }}" | |
| app_env="${{ env.APP_ENV }}" | |
| node_env="${{ env.NODE_ENV }}" | |
| app_url="${{ env.APP_URL }}" | |
| hash_salt="${{ env.HASH_SALT }}" | |
| otp_validity_minutes="5" | |
| otp_attempts_allowed="5" | |
| otp_resends_allowed_per_day="4" | |
| otp_resend_interval_minutes="[1,2,5,60]" | |
| EOF | |
| working-directory: ./docker/otp-provider/terraform | |
| - name: Terraform Init | |
| id: init | |
| run: terraform init -upgrade | |
| working-directory: ./docker/otp-provider/terraform | |
| - name: Terraform Plan | |
| id: plan | |
| run: terraform plan -no-color | |
| working-directory: ./docker/otp-provider/terraform | |
| continue-on-error: true | |
| - name: Terraform Plan Status | |
| if: steps.plan.outcome == 'failure' | |
| run: exit 1 | |
| - name: Terraform Apply | |
| if: github.event_name == 'push' | |
| run: terraform apply -auto-approve | |
| working-directory: ./docker/otp-provider/terraform |