Bump rubocop from 1.79.2 to 1.82.1 #686
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Deploy | |
| concurrency: build_and_deploy_${{ github.ref_name }} | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: "Deploy environment" | |
| required: true | |
| type: choice | |
| default: review | |
| options: | |
| - review | |
| - qa | |
| - staging | |
| - production | |
| docker-image-tag: | |
| description: "Docker image tag to deploy (optional)" | |
| required: true | |
| type: string | |
| pull-request-number: | |
| description: "Pull request number (required for review environment)" | |
| required: false | |
| type: string | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| types: [opened, reopened, synchronize, labeled] | |
| env: | |
| TERRAFORM_BASE: terraform/application | |
| HEALTHCHECK_CMD: "healthcheck" | |
| TOOL_VERSIONS_FILE: .tool-versions | |
| jobs: | |
| build: | |
| name: Build | |
| if: ${{ github.event_name != 'workflow_dispatch' }} | |
| env: | |
| DOCKER_REPOSITORY: ghcr.io/dfe-digital/register-placement-schools | |
| outputs: | |
| docker-image-tag: ${{ steps.build-image.outputs.tag }} | |
| permissions: | |
| packages: write | |
| pull-requests: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| name: Checkout | |
| - name: Build and push docker image | |
| id: build-image | |
| uses: DFE-Digital/github-actions/build-docker-image@master | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| context: . | |
| docker-repository: ${{ env.DOCKER_REPOSITORY }} | |
| max-cache: true | |
| reuse-cache: true | |
| snyk-token: ${{ secrets.SNYK_TOKEN }} | |
| quality_checks: | |
| name: ${{ matrix.check.name }} | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| check: | |
| - name: "Security Scan" | |
| type: "security" | |
| commands: "bin/brakeman --no-pager" | |
| needs_node: false | |
| verify_version: false | |
| - name: "Ruby Linting" | |
| type: "ruby_lint" | |
| commands: | | |
| bin/rubocop -f github | |
| bin/erb_lint --lint-all | |
| needs_node: true | |
| verify_version: true | |
| - name: "JavaScript Linting" | |
| type: "js_lint" | |
| commands: "yarn prettier --check --ignore-unknown '**/*'" | |
| needs_node: true | |
| verify_version: false | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Set up Ruby | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| bundler-cache: true | |
| - name: Set up Node.js | |
| if: matrix.check.needs_node | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version-file: ${{ env.TOOL_VERSIONS_FILE }} | |
| cache: "yarn" | |
| - name: Install Node.js dependencies | |
| if: matrix.check.needs_node | |
| run: yarn install --frozen-lockfile | |
| - name: Run ${{ matrix.check.name }} | |
| run: ${{ matrix.check.commands }} | |
| - name: Verify tool versions | |
| if: ${{ matrix.check.verify_version }} | |
| run: bin/tool_versions_checker | |
| test: | |
| name: Test Suite | |
| runs-on: ubuntu-latest | |
| services: | |
| postgres: | |
| image: postgres:16 | |
| env: | |
| POSTGRES_USER: postgres | |
| POSTGRES_PASSWORD: postgres | |
| POSTGRES_DB: test | |
| ports: | |
| - 5432:5432 | |
| options: >- | |
| --health-cmd="pg_isready -U postgres" | |
| --health-interval=10s | |
| --health-timeout=5s | |
| --health-retries=5 | |
| env: | |
| RAILS_ENV: test | |
| DATABASE_URL: postgres://postgres:postgres@localhost:5432/test | |
| CI: true | |
| steps: | |
| - name: Install system dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install --no-install-recommends -y \ | |
| build-essential \ | |
| git \ | |
| libpq-dev \ | |
| libyaml-dev \ | |
| node-gyp \ | |
| pkg-config \ | |
| python-is-python3 \ | |
| google-chrome-stable | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Set up Ruby | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| bundler-cache: true | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version-file: ${{ env.TOOL_VERSIONS_FILE }} | |
| cache: "yarn" | |
| - name: Install Node.js dependencies | |
| run: yarn install --frozen-lockfile | |
| - name: Prepare database and assets | |
| run: | | |
| bin/rails db:prepare | |
| bin/rails assets:precompile | |
| - name: Run database consistency check | |
| run: bin/db_consistency_check | |
| - name: Run test suite | |
| run: bundle exec rspec | |
| - name: Upload test failure screenshots | |
| if: failure() | |
| uses: actions/upload-artifact@v5 | |
| with: | |
| name: test-failure-screenshots | |
| path: tmp/screenshots/ | |
| if-no-files-found: ignore | |
| retention-days: 7 | |
| merge-dependabot: | |
| name: Merge dependabot | |
| permissions: | |
| pull-requests: write | |
| contents: write | |
| if: ${{ github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'dependencies') }} | |
| needs: [quality_checks, test, build] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Merge minor dependency updates | |
| uses: fastify/github-action-merge-dependabot@v3 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| target: minor | |
| exclude: "govuk-components,govuk_design_system_formbuilder,govuk-frontend,@ministryofjustice/frontend,dfe-analytics" | |
| merge-method: rebase | |
| deploy-review-app: | |
| name: Deployment To Review | |
| concurrency: deploy_review_${{ github.event.pull_request.number }} | |
| if: ${{ github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'deploy') }} | |
| needs: [build] | |
| environment: | |
| name: review | |
| url: ${{ steps.deploy_review.outputs.environment_url }} | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| pull-requests: write | |
| steps: | |
| - name: Deploy App to Review | |
| id: deploy_review | |
| uses: DFE-Digital/github-actions/deploy-to-aks@master | |
| with: | |
| azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| environment: review | |
| pr-number: ${{ github.event.pull_request.number }} | |
| sha: ${{ needs.build.outputs.docker-image-tag }} | |
| terraform-base: ${{ env.TERRAFORM_BASE }} | |
| healthcheck: ${{ env.HEALTHCHECK_CMD }} | |
| db-seed: true | |
| # gcp-wip: ${{ vars.GCP_WIP }} | |
| # gcp-project-id: ${{ vars.GCP_PROJECT_ID }} | |
| deploy: | |
| name: Deploy environments | |
| if: ${{ github.ref == 'refs/heads/main' && github.event_name == 'push' }} | |
| environment: | |
| name: ${{ matrix.environment }} | |
| url: ${{ steps.deploy_app.outputs.environment_url }} | |
| needs: [build, test] | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| pull-requests: write | |
| strategy: | |
| max-parallel: 1 | |
| matrix: | |
| environment: [qa, staging, production] | |
| steps: | |
| - name: Deploy app to ${{ matrix.environment }} | |
| id: deploy_app | |
| uses: DFE-Digital/github-actions/deploy-to-aks@master | |
| with: | |
| azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| environment: ${{ matrix.environment }} | |
| sha: ${{ needs.build.outputs.docker-image-tag }} | |
| terraform-base: ${{ env.TERRAFORM_BASE }} | |
| healthcheck: ${{ env.HEALTHCHECK_CMD }} | |
| slack-webhook: ${{ secrets.SLACK_WEBHOOK }} | |
| # gcp-wip: ${{ vars.GCP_WIP }} | |
| # gcp-project-id: ${{ vars.GCP_PROJECT_ID }} | |
| # | |
| # manual_deploy: | |
| # name: Manual deploy | |
| # if: ${{ github.event_name == 'workflow_dispatch' }} | |
| # environment: | |
| # name: ${{ inputs.environment }} | |
| # url: ${{ steps.deploy_manual.outputs.environment_url }} | |
| # runs-on: ubuntu-latest | |
| # permissions: | |
| # id-token: write | |
| # pull-requests: write | |
| # | |
| # steps: | |
| # - name: Deploy app to ${{ inputs.environment }} | |
| # id: deploy_manual | |
| # uses: DFE-Digital/github-actions/deploy-to-aks@master | |
| # with: | |
| # azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| # azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| # azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| # environment: ${{ inputs.environment }} | |
| # pr-number: ${{ inputs.pull-request-number }} | |
| # sha: ${{ inputs.docker-image-tag }} | |
| # terraform-base: ${{ env.TERRAFORM_BASE }} | |
| # healthcheck: ${{ env.HEALTHCHECK_CMD }} | |
| # slack-webhook: ${{ secrets.SLACK_WEBHOOK }} | |
| # smoke-test: true | |
| # db-seed: ${{ inputs.environment == 'review' && 'true' || 'false' }} | |
| # # gcp-wip: ${{ vars.GCP_WIP }} | |
| # # gcp-project-id: ${{ vars.GCP_PROJECT_ID }} | |
| # | |
| deploy_domains_infra: | |
| name: Deploy Domains Infrastructure | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| concurrency: deploy_domains_infra | |
| needs: [deploy] | |
| environment: | |
| name: production | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Deploy Domains Infrastructure | |
| uses: DFE-Digital/github-actions/deploy-domains-infra@master | |
| with: | |
| azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| slack-webhook: ${{ secrets.SLACK_WEBHOOK }} | |
| deploy_domains_env: | |
| name: Deploy Domains to ${{ matrix.domain_environment }} environment | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| concurrency: deploy_domains_${{ matrix.domain_environment }} | |
| needs: [deploy_domains_infra] | |
| strategy: | |
| max-parallel: 1 | |
| matrix: | |
| domain_environment: [qa, staging, production] | |
| environment: | |
| name: production | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Deploy Domains Environment | |
| uses: DFE-Digital/github-actions/deploy-domains-env@master | |
| with: | |
| azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| environment: ${{ matrix.domain_environment }} | |
| healthcheck: healthcheck | |
| slack-webhook: ${{ secrets.SLACK_WEBHOOK }} |