Add spans around wasm build #1540
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: '@app/policy-engine CI' | |
on: | |
push: | |
branches: | |
- '**' | |
paths: | |
- packages/** | |
- apps/policy-engine/** | |
- .github/workflows/policy-engine.yml | |
- .github/workflows/policy-engine-prod.yml | |
- jest.config.ts | |
- jest.preset.js | |
- .eslintrc.json | |
- .prettierrc | |
- package.json | |
- package-lock.json | |
- deploy/policy-engine.dockerfile | |
- deploy/charts/policy-engine/** | |
tags-ignore: | |
- vault-v* | |
- armory-v* | |
- policy-engine-v* | |
jobs: | |
test: | |
name: Test | |
runs-on: ubuntu-latest | |
services: | |
postgres: | |
image: postgres:14 | |
ports: | |
- '5432:5432' | |
env: | |
POSTGRES_USER: postgres | |
POSTGRES_PASSWORD: postgres | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Add .npmrc | |
if: ${{ !startsWith(github.head_ref, 'dependabot/') }} | |
run: echo "${{ secrets.NPMRC }}" > .npmrc | |
- name: Install node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: '21' | |
cache: 'npm' | |
- name: Install dependencies | |
run: | | |
make install/ci | |
- name: Download and install custom OPA | |
run: | | |
curl -L -o opa https://openpolicyagent.org/downloads/v0.69.0/opa_linux_amd64_static | |
chmod +x opa | |
sudo mv opa /usr/local/bin/opa | |
- name: Code format | |
shell: bash | |
run: | | |
make policy-engine/format/check | |
make policy-engine/lint/check | |
- name: Setup database and Prisma types | |
shell: bash | |
run: | | |
make policy-engine/copy-default-env | |
make policy-engine/test/db/setup | |
make policy-engine/db/generate-types | |
- name: Test types | |
shell: bash | |
run: | | |
make policy-engine/test/type | |
- name: Test unit | |
shell: bash | |
run: | | |
make policy-engine/test/unit | |
- name: Test integration | |
shell: bash | |
run: | | |
make policy-engine/test/integration | |
- name: Test E2E | |
shell: bash | |
run: | | |
make policy-engine/test/e2e | |
- name: Send Slack notification on failure | |
if: failure() && github.ref == 'refs/heads/main' | |
uses: 8398a7/action-slack@v3 | |
with: | |
username: GitHub | |
author_name: '@app/policy-engine CI failed' | |
status: ${{ job.status }} | |
fields: message,commit,author | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} | |
opa-rego: | |
name: Open Agent Policy CI | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
- name: Setup Regal | |
uses: StyraInc/setup-regal@v1.0.0 | |
with: | |
version: '0.29.0' | |
- name: Setup OPA | |
uses: open-policy-agent/setup-opa@v2 | |
with: | |
version: '0.70.0' | |
- name: Format | |
run: make policy-engine/rego/format/check | |
- name: Syntax | |
run: make policy-engine/rego/syntax/check | |
- name: Lint | |
run: make policy-engine/rego/lint/check REGAL_FORMAT=github | |
- name: Test | |
run: make policy-engine/rego/test | |
release: | |
name: Release | |
if: github.ref == 'refs/heads/main' | |
runs-on: ubuntu-latest | |
# Only run if the Test jobs succeed | |
needs: [test, opa-rego] | |
permissions: | |
id-token: write | |
contents: write | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ vars.ACTIONS_ECR_ROLE_ARN }} # Organization variable | |
aws-region: ${{ vars.ACTIONS_ECR_REGION }} # Organization variable | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
- name: Get short SHA | |
id: slug | |
run: echo "sha7=${GITHUB_SHA::7}" >> $GITHUB_ENV | |
- name: Add private .npmrc | |
run: echo "${{ secrets.NPMRC }}" > .npmrc | |
- name: Build, tag, and push docker image to Amazon ECR | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: ./deploy/policy-engine.dockerfile | |
push: true | |
tags: | | |
${{ steps.login-ecr.outputs.registry }}/armory/policy-engine:${{ env.sha7 }} | |
${{ steps.login-ecr.outputs.registry }}/armory/policy-engine:latest | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
- name: Create GitHub App Token | |
uses: actions/create-github-app-token@v1 | |
id: app-token | |
with: | |
app-id: ${{ vars.NARVAL_HELM_APP_ID }} | |
private-key: ${{ secrets.NARVAL_HELM_PRIVATE_KEY }} | |
repositories: 'armory-platform' | |
- name: Notify Platform | |
uses: peter-evans/repository-dispatch@v3 | |
with: | |
token: ${{ steps.app-token.outputs.token }} | |
repository: narval-xyz/armory-platform | |
event-type: dev-build | |
client-payload: | | |
{ | |
"app": "policy-engine", | |
"commit_sha": "${{ github.sha }}", | |
"commit_sha7": "${{ env.sha7 }}", | |
"repository": "${{ github.repository }}", | |
"branch": "${{ github.ref_name }}", | |
"built_by": "${{ github.actor }}", | |
"image_uri": "${{ steps.login-ecr.outputs.registry }}/armory/policy-engine:${{ env.sha7 }}", | |
"build_url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
} | |
- name: Send Slack notification on failure | |
if: failure() && github.ref == 'refs/heads/main' | |
uses: 8398a7/action-slack@v3 | |
with: | |
username: GitHub | |
author_name: '@app/policy-engine CI release failed' | |
status: ${{ job.status }} | |
fields: message,commit,author | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} |