diff --git a/.github/workflows/build-from-main.yml b/.github/workflows/build-from-main.yml new file mode 100644 index 000000000..de0c3ea44 --- /dev/null +++ b/.github/workflows/build-from-main.yml @@ -0,0 +1,310 @@ +name: Check and Build Main + +on: + push: + branches: + - main + - staging + workflow_dispatch: + +permissions: + contents: write + pull-requests: write + packages: write + +jobs: + check-build: + if: contains(fromJson('["main", "staging"]'), github.ref_name) + environment: ${{ matrix.network }} + strategy: + fail-fast: false + matrix: + include: + - branch: main + network: preview-govtool + workdir: ./govtool/backend + name: govtool-backend + dockerfile: ./govtool/backend/Dockerfile.qovery + image: ghcr.io/${{ github.repository }}-backend + qovery_container_name: govtool-backend + - branch: main + network: preview-govtool + workdir: ./govtool/frontend + name: govtool-frontend + dockerfile: ./govtool/frontend/Dockerfile.qovery + image: ghcr.io/${{ github.repository }}-frontend + qovery_container_name: govtool-frontend + - branch: main + network: preview-govtool + workdir: ./govtool/metadata-validation + name: govtool-metadata-validation + dockerfile: ./govtool/metadata-validation/Dockerfile + image: ghcr.io/${{ github.repository }}-metadata-validation + qovery_container_name: govtool-metadata-validation + - branch: main + network: pre-prod-govtool + workdir: ./govtool/backend + name: govtool-backend + dockerfile: ./govtool/backend/Dockerfile.qovery + image: ghcr.io/${{ github.repository }}-backend + qovery_container_name: govtool-backend + - branch: main + network: pre-prod-govtool + workdir: ./govtool/frontend + name: govtool-frontend + dockerfile: ./govtool/frontend/Dockerfile.qovery + image: ghcr.io/${{ github.repository }}-frontend + qovery_container_name: govtool-frontend + - branch: main + network: pre-prod-govtool + workdir: ./govtool/metadata-validation + name: govtool-metadata-validation + dockerfile: ./govtool/metadata-validation/Dockerfile + image: ghcr.io/${{ github.repository }}-metadata-validation + qovery_container_name: govtool-metadata-validation + - branch: main + network: prod-govtool + workdir: ./govtool/backend + name: govtool-backend + dockerfile: ./govtool/backend/Dockerfile.qovery + image: ghcr.io/${{ github.repository }}-backend + qovery_container_name: govtool-backend + - branch: main + network: prod-govtool + workdir: ./govtool/frontend + name: govtool-frontend + dockerfile: ./govtool/frontend/Dockerfile.qovery + image: ghcr.io/${{ github.repository }}-frontend + qovery_container_name: govtool-frontend + - branch: main + network: prod-govtool + workdir: ./govtool/metadata-validation + name: govtool-metadata-validation + dockerfile: ./govtool/metadata-validation/Dockerfile + image: ghcr.io/${{ github.repository }}-metadata-validation + qovery_container_name: govtool-metadata-validation + - branch: staging + network: preview-govtool + workdir: ./govtool/backend + name: govtool-backend + dockerfile: ./govtool/backend/Dockerfile.qovery + image: ghcr.io/${{ github.repository }}-backend + qovery_container_name: govtool-backend + - branch: staging + network: preview-govtool + workdir: ./govtool/frontend + name: govtool-frontend + dockerfile: ./govtool/frontend/Dockerfile.qovery + image: ghcr.io/${{ github.repository }}-frontend + qovery_container_name: govtool-frontend + - branch: staging + network: preview-govtool + workdir: ./govtool/metadata-validation + name: govtool-metadata-validation + dockerfile: ./govtool/metadata-validation/Dockerfile + image: ghcr.io/${{ github.repository }}-metadata-validation + qovery_container_name: govtool-metadata-validation + - branch: staging + network: pre-prod-govtool + workdir: ./govtool/backend + name: govtool-backend + dockerfile: ./govtool/backend/Dockerfile.qovery + image: ghcr.io/${{ github.repository }}-backend + qovery_container_name: govtool-backend + - branch: staging + network: pre-prod-govtool + workdir: ./govtool/frontend + name: govtool-frontend + dockerfile: ./govtool/frontend/Dockerfile.qovery + image: ghcr.io/${{ github.repository }}-frontend + qovery_container_name: govtool-frontend + - branch: staging + network: pre-prod-govtool + workdir: ./govtool/metadata-validation + name: govtool-metadata-validation + dockerfile: ./govtool/metadata-validation/Dockerfile + image: ghcr.io/${{ github.repository }}-metadata-validation + qovery_container_name: govtool-metadata-validation + - branch: staging + network: prod-govtool + workdir: ./govtool/backend + name: govtool-backend + dockerfile: ./govtool/backend/Dockerfile.qovery + image: ghcr.io/${{ github.repository }}-backend + qovery_container_name: govtool-backend + - branch: staging + network: prod-govtool + workdir: ./govtool/frontend + name: govtool-frontend + dockerfile: ./govtool/frontend/Dockerfile.qovery + image: ghcr.io/${{ github.repository }}-frontend + qovery_container_name: govtool-frontend + - branch: staging + network: prod-govtool + workdir: ./govtool/metadata-validation + name: govtool-metadata-validation + dockerfile: ./govtool/metadata-validation/Dockerfile + image: ghcr.io/${{ github.repository }}-metadata-validation + qovery_container_name: govtool-metadata-validation + + + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Ensure Job Runs Only for Matching Branch + if: github.ref_name != matrix.branch + run: | + echo "Branch mismatch, exiting..." + exit 0 + + - name: Set TAG Environment Variable + id: set_tag + run: | + SANITIZED_BRANCH=$(echo "${{ github.ref_name }}" | tr '/' '-') + if [ "${{ github.ref_name }}" = "main" ]; then + echo "TAG=${{ github.sha }}-${{ github.run_number }}" >> $GITHUB_ENV + else + echo "TAG=${SANITIZED_BRANCH}-${{ github.sha }}-${{ github.run_number }}" >> $GITHUB_ENV + fi + echo "Generated TAG: $TAG" + + + - name: Lint Dockerfile + id: hadolint + uses: hadolint/hadolint-action@v3.1.0 + with: + failure-threshold: error + format: json + dockerfile: ${{ matrix.dockerfile }} + # output-file: hadolint_output.json + + - name: Save Hadolint output + id: save_hadolint_output + if: always() + run: cd ${{ matrix.workdir }} && echo "$HADOLINT_RESULTS" | jq '.' > hadolint_output.json + + - name: Print Dockerfile lint output + run: | + cd ${{ matrix.workdir }} + echo "-----HADOLINT RESULT-----" + echo "Outcome: ${{ steps.hadolint.outcome }}" + echo "-----DETAILS--------" + cat hadolint_output.json + echo "--------------------" + + - name: Code lint + id: code_lint + run: | + cd ${{ matrix.workdir }} + if [ ! -f lint.sh ]; then + echo "lint skipped" | tee code_lint_output.txt + exit 0 + fi + set -o pipefail + sudo chmod +x lint.sh && ./lint.sh 2>&1 | tee code_lint_output.txt + + - name: Unit tests + id: unit_tests + run: | + cd ${{ matrix.workdir }} + if [ ! -f unit-test.sh ]; then + echo "unit tests skipped" | tee code_lint_output.txt + exit 0 + fi + set -o pipefail + sudo chmod +x unit-test.sh && ./unit-test.sh 2>&1 | tee unit_test_output.txt + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Cache Docker layers + uses: actions/cache@v3 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + + - id: image_lowercase + uses: ASzc/change-string-case-action@v6 + with: + string: ${{ matrix.image }} + + - name: Set ENVIRONMENT Variable + run: echo "ENVIRONMENT=${{ matrix.network }}" >> $GITHUB_ENV + + - name: Sanitize Network Name + run: | + CLEAN_NETWORK=$(echo "${{ matrix.network }}" | sed 's/-govtool$//') + echo "CLEAN_NETWORK=$CLEAN_NETWORK" >> $GITHUB_ENV + + - name: Build Docker image + uses: docker/build-push-action@v5 + with: + context: ${{ matrix.workdir }} + file: ${{ matrix.dockerfile }} + tags: ${{ steps.image_lowercase.outputs.lowercase }}-${{ env.CLEAN_NETWORK }}:${{ env.TAG }} + load: false + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache + outputs: type=docker,dest=/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar + build-args: | + VITE_APP_ENV=${{ secrets.VITE_APP_ENV }} + VITE_BASE_URL=${{ secrets.VITE_BASE_URL }} + VITE_METADATA_API_URL=${{ secrets.VITE_METADATA_API_URL }} + VITE_GTM_ID=${{ secrets.VITE_GTM_ID }} + VITE_NETWORK_FLAG=${{ secrets.VITE_NETWORK_FLAG }} + VITE_SENTRY_DSN=${{ secrets.VITE_SENTRY_DSN }} + NPMRC_TOKEN=${{ secrets.NPMRC_TOKEN }} + VITE_USERSNAP_SPACE_API_KEY=${{ secrets.VITE_USERSNAP_SPACE_API_KEY }} + VITE_IS_PROPOSAL_DISCUSSION_FORUM_ENABLED=${{ secrets.VITE_IS_PROPOSAL_DISCUSSION_FORUM_ENABLED }} + VITE_IS_GOVERNANCE_OUTCOMES_PILLAR_ENABLED=${{ secrets.VITE_IS_GOVERNANCE_OUTCOMES_PILLAR_ENABLED }} + VITE_OUTCOMES_API_URL=${{secrets.VITE_OUTCOMES_API_URL}} + VITE_PDF_API_URL=${{ secrets.VITE_PDF_API_URL }} + VITE_IPFS_GATEWAY=${{ secrets.IPFS_GATEWAY }} + VITE_IPFS_PROJECT_ID=${{ secrets.IPFS_PROJECT_ID }} + IPFS_GATEWAY=${{ secrets.IPFS_GATEWAY }} + IPFS_PROJECT_ID=${{ secrets.IPFS_PROJECT_ID }} + + - name: Login to GHCR + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Scan Docker image with Dockle + id: dockle + run: | + wget -q https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz + tar zxf dockle_0.4.14_Linux-64bit.tar.gz + sudo mv dockle /usr/local/bin + + dockle --exit-code 1 --exit-level fatal --format json -ak GHC_RELEASE_KEY -ak CABAL_INSTALL_RELEASE_KEY -ak STACK_RELEASE_KEY -ak KEY_SHA512 --input '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar' --output ${{ matrix.workdir }}/dockle_scan_output.json + echo " dockle exited w/ $?" + cat ${{ matrix.workdir }}/dockle_scan_output.json + + echo "outcome=success" >> $GITHUB_OUTPUT + + - name: Debug TAG Before Docker Push + run: | + echo "Lowercase Image: ${{ steps.image_lowercase.outputs.lowercase }}" + echo "Network: ${{ matrix.network }}" + echo "TAG: ${{ env.TAG }}" + echo "Final Docker Tag: ${{ steps.image_lowercase.outputs.lowercase }}-${{ matrix.network}}:${{ env.TAG }}" + + - name: Push Docker image to GHCR + run: | + docker load -i '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar' + rm -rf '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar' + docker push ${{ steps.image_lowercase.outputs.lowercase }}-${{ env.CLEAN_NETWORK}}:${{ env.TAG }} + + - name: Add tag as a PR comment + uses: ubie-oss/comment-to-merged-pr-action@v0.3.3 + id: comment-to-merged-pr + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + message: |- + This PR is in the tag: ${{ env.TAG }} , for ${{ matrix.name }} service diff --git a/.github/workflows/image.yml b/.github/workflows/image.yml new file mode 100644 index 000000000..ce5a620b7 --- /dev/null +++ b/.github/workflows/image.yml @@ -0,0 +1,218 @@ +name: Check and Build Main + +on: + workflow_dispatch: + +permissions: + contents: write + pull-requests: write + packages: write + +jobs: + check-build: + environment: ${{ matrix.network }} + strategy: + fail-fast: false + matrix: + include: + - branch: main + network: prod-govtool + workdir: ./govtool/backend + name: govtool-backend + dockerfile: ./govtool/backend/Dockerfile.qovery + image: ghcr.io/${{ github.repository }}-govtool-backend + qovery_container_name: govtool-backend + - branch: main + network: prod-govtool + workdir: ./govtool/frontend + name: govtool-frontend + dockerfile: ./govtool/frontend/Dockerfile.qovery + image: ghcr.io/${{ github.repository }}-govtool-frontend + qovery_container_name: govtool-frontend + - branch: main + network: prod-govtool + workdir: ./govtool/metadata-validation + name: govtool-metadata-validation + dockerfile: ./govtool/metadata-validation/Dockerfile + image: ghcr.io/${{ github.repository }}-govtool-metadata-validation + qovery_container_name: govtool-metadata-validation + - branch: main + network: pre-prod-govtool + workdir: ./govtool/backend + name: govtool-backend + dockerfile: ./govtool/backend/Dockerfile.qovery + image: ghcr.io/${{ github.repository }}-govtool-backend + qovery_container_name: govtool-backend + - branch: main + network: pre-prod-govtool + workdir: ./govtool/frontend + name: govtool-frontend + dockerfile: ./govtool/frontend/Dockerfile.qovery + image: ghcr.io/${{ github.repository }}-govtool-frontend + qovery_container_name: govtool-frontend + - branch: main + network: pre-prod-govtool + workdir: ./govtool/metadata-validation + name: govtool-metadata-validation + dockerfile: ./govtool/metadata-validation/Dockerfile + image: ghcr.io/${{ github.repository }}-govtool-metadata-validation + qovery_container_name: govtool-metadata-validation + - branch: main + network: preview-govtool + workdir: ./govtool/backend + name: govtool-backend + dockerfile: ./govtool/backend/Dockerfile.qovery + image: ghcr.io/${{ github.repository }}-govtool-backend + qovery_container_name: govtool-backend + - branch: main + network: preview-govtool + workdir: ./govtool/frontend + name: govtool-frontend + dockerfile: ./govtool/frontend/Dockerfile.qovery + image: ghcr.io/${{ github.repository }}-govtool-frontend + qovery_container_name: govtool-frontend + - branch: main + network: preview-govtool + workdir: ./govtool/metadata-validation + name: govtool-metadata-validation + dockerfile: ./govtool/metadata-validation/Dockerfile + image: ghcr.io/${{ github.repository }}-govtool-metadata-validation + qovery_container_name: govtool-metadata-validation + + + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Set TAG Environment Variable + id: set_tag + run: | + if [ "${{ github.ref_name }}" = "main" ]; then + echo "TAG=${{ github.sha }}-${NETWORK}" >> $GITHUB_ENV + else + echo "TAG=${{ github.ref_name }}-${{ github.sha }}-${NETWORK}" >> $GITHUB_ENV + fi + + - name: Lint Dockerfile + id: hadolint + uses: hadolint/hadolint-action@v3.1.0 + with: + failure-threshold: error + format: json + dockerfile: ${{ matrix.dockerfile }} + # output-file: hadolint_output.json + + - name: Save Hadolint output + id: save_hadolint_output + if: always() + run: cd ${{ matrix.workdir }} && echo "$HADOLINT_RESULTS" | jq '.' > hadolint_output.json + + - name: Print Dockerfile lint output + run: | + cd ${{ matrix.workdir }} + echo "-----HADOLINT RESULT-----" + echo "Outcome: ${{ steps.hadolint.outcome }}" + echo "-----DETAILS--------" + cat hadolint_output.json + echo "--------------------" + + - name: Code lint + id: code_lint + run: | + cd ${{ matrix.workdir }} + if [ ! -f lint.sh ]; then + echo "lint skipped" | tee code_lint_output.txt + exit 0 + fi + set -o pipefail + sudo chmod +x lint.sh && ./lint.sh 2>&1 | tee code_lint_output.txt + + - name: Unit tests + id: unit_tests + run: | + cd ${{ matrix.workdir }} + if [ ! -f unit-test.sh ]; then + echo "unit tests skipped" | tee code_lint_output.txt + exit 0 + fi + set -o pipefail + sudo chmod +x unit-test.sh && ./unit-test.sh 2>&1 | tee unit_test_output.txt + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Cache Docker layers + uses: actions/cache@v3 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + + - id: image_lowercase + uses: ASzc/change-string-case-action@v6 + with: + string: ${{ matrix.image }} + + - name: Build Docker image + uses: docker/build-push-action@v5 + with: + context: ${{ matrix.workdir }} + file: ${{ matrix.dockerfile }} + tags: ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }} + load: false + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache + outputs: type=docker,dest=/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar + build-args: | + VITE_APP_ENV=${{ secrets.VITE_APP_ENV }} + VITE_BASE_URL=${{ secrets.VITE_BASE_URL }} + VITE_METADATA_API_URL=${{ secrets.VITE_METADATA_API_URL }} + VITE_GTM_ID=${{ secrets.VITE_GTM_ID }} + VITE_NETWORK_FLAG=${{ secrets.VITE_NETWORK_FLAG }} + VITE_SENTRY_DSN=${{ secrets.VITE_SENTRY_DSN }} + NPMRC_TOKEN=${{ secrets.NPMRC_TOKEN }} + VITE_USERSNAP_SPACE_API_KEY=${{ secrets.VITE_USERSNAP_SPACE_API_KEY }} + VITE_IS_PROPOSAL_DISCUSSION_FORUM_ENABLED=${{ secrets.VITE_IS_PROPOSAL_DISCUSSION_FORUM_ENABLED }} + VITE_IS_GOVERNANCE_OUTCOMES_PILLAR_ENABLED=${{ secrets.VITE_IS_GOVERNANCE_OUTCOMES_PILLAR_ENABLED }} + VITE_OUTCOMES_API_URL=${{secrets.VITE_OUTCOMES_API_URL}} + VITE_PDF_API_URL=${{ secrets.VITE_PDF_API_URL }} + VITE_IPFS_GATEWAY=${{ secrets.IPFS_GATEWAY }} + VITE_IPFS_PROJECT_ID=${{ secrets.IPFS_PROJECT_ID }} + IPFS_GATEWAY=${{ secrets.IPFS_GATEWAY }} + IPFS_PROJECT_ID=${{ secrets.IPFS_PROJECT_ID }} + + - name: Login to GHCR + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Scan Docker image with Dockle + id: dockle + run: | + wget -q https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz + tar zxf dockle_0.4.14_Linux-64bit.tar.gz + sudo mv dockle /usr/local/bin + + dockle --exit-code 1 --exit-level fatal --format json -ak GHC_RELEASE_KEY -ak CABAL_INSTALL_RELEASE_KEY -ak STACK_RELEASE_KEY -ak KEY_SHA512 --input '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar' --output ${{ matrix.workdir }}/dockle_scan_output.json + echo " dockle exited w/ $?" + cat ${{ matrix.workdir }}/dockle_scan_output.json + + echo "outcome=success" >> $GITHUB_OUTPUT + + - name: Push Docker image to GHCR + run: | + docker load -i '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar' + rm -rf '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar' + docker push ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }} + + - name: Add tag as a PR comment + uses: ubie-oss/comment-to-merged-pr-action@v0.3.3 + id: comment-to-merged-pr + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + message: |- + This PR is in the tag: ${{ env.TAG }} , for ${{ matrix.name }} service diff --git a/.github/workflows/merge.yaml b/.github/workflows/merge.yaml index 065a39624..c9574dcab 100644 --- a/.github/workflows/merge.yaml +++ b/.github/workflows/merge.yaml @@ -1,12 +1,7 @@ name: Check,Build,Deploy on: - push: - branches: - - develop - - test - - staging - - main + workflow_dispatch permissions: contents: write diff --git a/govtool/frontend/Dockerfile b/govtool/frontend/Dockerfile index 7c3eb3740..650455b6b 100644 --- a/govtool/frontend/Dockerfile +++ b/govtool/frontend/Dockerfile @@ -9,6 +9,7 @@ ARG VITE_SENTRY_DSN ARG NPMRC_TOKEN ARG VITE_USERSNAP_SPACE_API_KEY ARG VITE_IS_PROPOSAL_DISCUSSION_FORUM_ENABLED='true' +ARG VITE_IS_GOVERNANCE_OUTCOMES_PILLAR_ENABLED='false' ARG VITE_PDF_API_URL ARG VITE_IPFS_GATEWAY ARG VITE_IPFS_PROJECT_ID @@ -26,6 +27,7 @@ RUN \ : "${NPMRC_TOKEN:?Build argument NPMRC_TOKEN is not set}" && \ : "${VITE_USERSNAP_SPACE_API_KEY:?Build argument VITE_USERSNAP_SPACE_API_KEY is not set}" && \ : "${VITE_IS_PROPOSAL_DISCUSSION_FORUM_ENABLED:?Build argument VITE_IS_PROPOSAL_DISCUSSION_FORUM_ENABLED is not set}" && \ + : "${VITE_IS_GOVERNANCE_OUTCOMES_PILLAR_ENABLED:?Build argument VITE_IS_GOVERNANCE_OUTCOMES_PILLAR_ENABLED is not set}" && \ : "${VITE_IPFS_GATEWAY:?Build argument VITE_IPFS_GATEWAY is not set}" && \ : "${VITE_IPFS_PROJECT_ID:?Build argument VITE_IPFS_PROJECT_ID is not set}" diff --git a/govtool/frontend/Dockerfile.qovery b/govtool/frontend/Dockerfile.qovery index 0f871462f..6c75a61f9 100644 --- a/govtool/frontend/Dockerfile.qovery +++ b/govtool/frontend/Dockerfile.qovery @@ -9,6 +9,7 @@ ARG VITE_SENTRY_DSN ARG NPMRC_TOKEN ARG VITE_USERSNAP_SPACE_API_KEY ARG VITE_IS_PROPOSAL_DISCUSSION_FORUM_ENABLED +ARG VITE_IS_GOVERNANCE_OUTCOMES_PILLAR_ENABLED ARG VITE_PDF_API_URL ARG VITE_IPFS_GATEWAY ARG VITE_IPFS_PROJECT_ID diff --git a/govtool/frontend/src/components/molecules/Step.tsx b/govtool/frontend/src/components/molecules/Step.tsx index 7b8e1a0b4..07489df68 100644 --- a/govtool/frontend/src/components/molecules/Step.tsx +++ b/govtool/frontend/src/components/molecules/Step.tsx @@ -40,7 +40,6 @@ export const Step = ({ {stepNumber} -