fix(deps): update dependency mongoose to v8 [security] #576
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This Source Code Form is subject to the terms of the Mozilla Public | |
# License, v. 2.0. If a copy of the MPL was not distributed with this | |
# file, You can obtain one at https://mozilla.org/MPL/2.0/. | |
# | |
# OpenCRVS is also distributed under the terms of the Civil Registration | |
# & Healthcare Disclaimer located at http://opencrvs.org/license. | |
# | |
# Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS. | |
name: Deploy PR to feature environment | |
on: | |
pull_request: | |
types: [opened, synchronize] | |
workflow_dispatch: | |
inputs: | |
pr_number: | |
description: 'PR number' | |
required: true | |
type: string | |
concurrency: | |
group: ${{ inputs.pr_number || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
generate_stack_name_and_branch: | |
runs-on: ubuntu-22.04 | |
outputs: | |
slugified_branch: ${{ steps.slugify_bname.outputs.stack }} | |
branch_name: ${{ steps.set_branch_and_pr_number.outputs.BRANCH_NAME }} | |
pr_number: ${{ steps.set_branch_and_pr_number.outputs.PR_NUMBER }} | |
author: ${{ steps.get_author.outputs.AUTHOR }} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Get branch name (when manually triggered) | |
env: | |
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} | |
if: ${{ github.event_name == 'workflow_dispatch' }} | |
run: | | |
PR_NUMBER=${{ github.event.inputs.pr_number }} | |
PR_DATA=$(gh pr view $PR_NUMBER --json headRefName,headRefOid) | |
BRANCH_NAME=$(echo "$PR_DATA" | jq -r '.headRefName') | |
echo "BRANCH_NAME=${BRANCH_NAME}" >> $GITHUB_ENV | |
echo "PR_NUMBER=${PR_NUMBER}" >> $GITHUB_ENV | |
- name: Get PR Information | |
env: | |
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} | |
if: ${{ github.event_name != 'workflow_dispatch' }} | |
run: | | |
PR_NUMBER=${{ github.event.pull_request.number }} | |
echo "PR_NUMBER=${PR_NUMBER}" >> $GITHUB_ENV | |
- name: Check for "🚀 Ready to deploy" label | |
run: | | |
labels=$(gh pr view $PR_NUMBER --json labels --jq '.labels[].name') | |
if [[ "$labels" != *"🚀 Ready to deploy"* ]]; then | |
echo "Label '🚀 Ready to deploy' not found. Exiting." | |
exit 1 | |
else | |
echo "Label '🚀 Ready to deploy' found. Continuing." | |
fi | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Get PR Author | |
id: get_author | |
env: | |
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} | |
run: | | |
AUTHOR=$(gh pr view $PR_NUMBER --json author --jq '.author.login') | |
echo "PR is created by $AUTHOR" | |
echo "AUTHOR=$(echo $AUTHOR)" >> $GITHUB_ENV | |
echo "::set-output name=AUTHOR::$AUTHOR" | |
- name: Get Branch Name (on PR creation) | |
if: ${{ github.event_name != 'workflow_dispatch' }} | |
run: | | |
echo "BRANCH_NAME=$(echo ${{ github.head_ref }})" >> $GITHUB_ENV | |
- name: Set the branch name as output | |
id: set_branch_and_pr_number | |
run: | | |
echo "BRANCH_NAME=$(echo ${{ env.BRANCH_NAME }})" >> $GITHUB_OUTPUT | |
echo "PR_NUMBER=$(echo ${{ env.PR_NUMBER }})" >> $GITHUB_OUTPUT | |
- name: Slugify the branch name | |
id: slugify_bname | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
function slugify(str) { | |
return str | |
.toLowerCase() | |
.replace(/[^\w\s-]/g, '') | |
.trim() | |
.replace(/\s+/g, '-') | |
.replace(/-+/g, '-') | |
.substr(0, 35) | |
.replace(/[^a-zA-Z0-9]+$/g, ''); | |
} | |
core.setOutput('stack', slugify('${{ env.BRANCH_NAME }}')); | |
trigger-build: | |
if: ${{ (github.event_name == 'workflow_dispatch') || (!contains(github.actor, 'bot') && github.event.pull_request.head.repo.fork == false) }} | |
needs: generate_stack_name_and_branch | |
uses: ./.github/workflows/build-images-from-branch.yml | |
with: | |
branch_name: ${{ needs.generate_stack_name_and_branch.outputs.branch_name }} | |
secrets: inherit | |
trigger-e2e: | |
if: ${{ (github.event_name == 'workflow_dispatch') || (!contains(github.actor, 'bot') && github.event.pull_request.head.repo.fork == false) }} | |
runs-on: ubuntu-22.04 | |
needs: generate_stack_name_and_branch | |
environment: ${{ needs.generate_stack_name_and_branch.outputs.slugified_branch }} | |
outputs: | |
run_id: ${{ steps.dispatch_e2e.outputs.run_id }} | |
deployment_link: ${{ steps.print-links.outputs.deployment_link }} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Parse the branch name and set it as environment variable | |
run: | | |
BRANCH_NAME=${{ needs.generate_stack_name_and_branch.outputs.branch_name }} | |
echo "BRANCH_NAME=${BRANCH_NAME}" >> $GITHUB_ENV | |
- name: Get PR Information (when manually triggered) | |
env: | |
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} | |
if: ${{ github.event_name == 'workflow_dispatch' }} | |
run: | | |
PR_NUMBER=${{ github.event.inputs.pr_number }} | |
PR_DATA=$(gh pr view $PR_NUMBER --json headRefName,headRefOid) | |
HEAD_COMMIT_HASH=$(echo "$PR_DATA" | jq -r '.headRefOid' | cut -c1-7) | |
echo "HEAD_COMMIT_HASH=${HEAD_COMMIT_HASH}" >> $GITHUB_ENV | |
- name: Get Head Commit Hash (on PR creation) | |
if: ${{ github.event_name != 'workflow_dispatch' }} | |
id: vars | |
run: | | |
COMMIT_HASH=$(git rev-parse --short=7 ${{ github.event.pull_request.head.sha }}) | |
echo "HEAD_COMMIT_HASH=${COMMIT_HASH}" >> $GITHUB_ENV | |
- name: Check if branch exists in opencrvs-farajaland repo | |
run: | | |
FARAJALAND_REPO=https://github.com/opencrvs/opencrvs-farajaland | |
if git ls-remote --heads $FARAJALAND_REPO ${{ env.BRANCH_NAME }} | grep -q "${{ env.BRANCH_NAME }}"; then | |
COMMIT_HASH=$(git ls-remote $FARAJALAND_REPO refs/heads/${{ env.BRANCH_NAME }} | cut -c1-7) | |
else | |
COMMIT_HASH=$(git ls-remote $FARAJALAND_REPO refs/heads/develop | cut -c1-7) | |
fi | |
echo "FARAJALAND_COMMIT_HASH=${COMMIT_HASH}" >> $GITHUB_ENV | |
- name: Output Variables | |
run: | | |
echo "PR Branch: ${{ env.BRANCH_NAME }}" | |
echo "PR Head Commit Hash: ${{ env.HEAD_COMMIT_HASH }}" | |
echo "Farajaland Commit Hash: ${{ env.FARAJALAND_COMMIT_HASH }}" | |
- name: Parse the stack name | |
id: generate_stack | |
run: | | |
stack=${{ needs.generate_stack_name_and_branch.outputs.slugified_branch }} | |
echo "stack=${stack}" >> $GITHUB_OUTPUT | |
- name: Trigger E2E Workflow | |
id: dispatch_e2e | |
uses: actions/github-script@v7 | |
with: | |
github-token: ${{ secrets.GH_TOKEN }} | |
script: | | |
const result = await github.rest.repos.createDispatchEvent({ | |
owner: 'opencrvs', | |
repo: 'e2e', | |
event_type: 'run_e2e', | |
client_payload: { | |
actor: '${{ needs.generate_stack_name_and_branch.outputs.author }}', | |
'core-image-tag': '${{ env.HEAD_COMMIT_HASH }}', | |
'countryconfig-image-tag': '${{ env.FARAJALAND_COMMIT_HASH }}', | |
stack: '${{ steps.generate_stack.outputs.stack }}' | |
} | |
}); | |
console.log(result); | |
await new Promise(resolve => setTimeout(resolve, 10000)); | |
const runs = await github.rest.actions.listWorkflowRunsForRepo({ | |
owner: 'opencrvs', | |
repo: 'e2e', | |
event: 'repository_dispatch', | |
per_page: 1 | |
}); | |
if (runs.data.workflow_runs.length > 0) { | |
const runId = runs.data.workflow_runs[0].id; | |
console.log(`Captured runId: ${runId}`); | |
// Set the runId as an output | |
core.setOutput('run_id', runId); | |
} else { | |
throw new Error('No workflow run found.'); | |
} | |
- name: Print link to E2E workflow run | |
id: print-links | |
run: | | |
E2E_RUN_LINK="https://github.com/opencrvs/e2e/actions/runs/${{ steps.dispatch_e2e.outputs.run_id }}" | |
DEPLOYMENT_LINK="https://${{ steps.generate_stack.outputs.stack }}.opencrvs.dev" | |
echo "See your E2E deployment run details here: $E2E_RUN_LINK" >> $GITHUB_STEP_SUMMARY | |
echo "All deployments & E2E of this environment you can see here: https://github.com/opencrvs/e2e/deployments/${{ steps.generate_stack.outputs.stack }}" >> $GITHUB_STEP_SUMMARY | |
echo "" >> $GITHUB_STEP_SUMMARY | |
echo "If everything goes alright, you should see your stack getting deployed here: $DEPLOYMENT_LINK" >> $GITHUB_STEP_SUMMARY | |
echo "deployment_link=$DEPLOYMENT_LINK" >> $GITHUB_OUTPUT | |
listen-e2e: | |
needs: [trigger-e2e, generate_stack_name_and_branch] | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Wait for Environment Deployment (Deploy Job) | |
uses: actions/github-script@v7 | |
with: | |
github-token: ${{ secrets.GH_TOKEN }} | |
script: | | |
const owner = 'opencrvs'; | |
const repo = 'e2e'; | |
const runId = ${{ needs.trigger-e2e.outputs.run_id }}; | |
const prNumber = ${{ needs.generate_stack_name_and_branch.outputs.pr_number }}; | |
const deployMessage = `Your environment is deployed to ${{ needs.trigger-e2e.outputs.deployment_link }}`; | |
let deployJobCompleted = false; | |
// Check if deploy job has completed | |
while (!deployJobCompleted) { | |
const workflowRun = await github.rest.actions.getWorkflowRun({ | |
owner, | |
repo, | |
run_id: runId | |
}); | |
const jobs = await github.rest.actions.listJobsForWorkflowRun({ | |
owner, | |
repo, | |
run_id: runId | |
}); | |
const deployJob = jobs.data.jobs.find(job => job.name === 'deploy / seed-data / seed-data'); | |
const cancelled = jobs.data.jobs.find(job => job.conclusion === 'cancelled'); | |
if (cancelled) { | |
throw new Error('E2E workflow was cancelled'); | |
} | |
if (deployJob && deployJob.status === 'completed') { | |
deployJobCompleted = true; | |
if (deployJob.conclusion !== 'success') { | |
throw new Error('Deploy job failed'); | |
} | |
console.log('Deploy job completed successfully'); | |
} | |
if(workflowRun.data.status === 'completed') { | |
deployJobCompleted = true; | |
if (workflowRun.data.conclusion !== 'success') { | |
throw new Error('E2E workflow failed'); | |
} | |
} | |
if (!deployJobCompleted) { | |
await new Promise(resolve => setTimeout(resolve, 10000)); | |
} | |
} | |
// Check if the comment already exists | |
const comments = await github.rest.issues.listComments({ | |
owner: 'opencrvs', | |
repo: 'opencrvs-core', | |
issue_number: prNumber | |
}); | |
const existingComment = comments.data.find(comment => comment.body.includes(deployMessage)); | |
if (!existingComment) { | |
// Add PR comment if it doesn't exist | |
await github.rest.issues.createComment({ | |
owner: 'opencrvs', | |
repo: 'opencrvs-core', | |
issue_number: prNumber, | |
body: deployMessage | |
}); | |
console.log('PR comment added'); | |
} else { | |
console.log('PR comment already exists, skipping...'); | |
} | |
- name: Wait for E2E Workflow Completion | |
uses: actions/github-script@v7 | |
with: | |
github-token: ${{ secrets.GH_TOKEN }} | |
script: | | |
const owner = 'opencrvs'; | |
const repo = 'e2e'; | |
const runId = ${{ needs.trigger-e2e.outputs.run_id }}; | |
let status = 'in_progress'; | |
while (status === 'in_progress' || status === 'queued') { | |
const run = await github.rest.actions.getWorkflowRun({ | |
owner, | |
repo, | |
run_id: runId | |
}); | |
status = run.data.status; | |
console.log(`Current status: ${status}`); | |
if (status === 'in_progress' || status === 'queued') { | |
await new Promise(resolve => setTimeout(resolve, 10000)); | |
} | |
} | |
if (status === 'completed') { | |
const conclusion = await github.rest.actions.getWorkflowRun({ | |
owner, | |
repo, | |
run_id: runId | |
}); | |
console.log(`Workflow finished with conclusion: ${conclusion.data.conclusion}`); | |
if (conclusion.data.conclusion !== 'success') { | |
throw new Error('E2E workflow failed'); | |
} | |
} |