diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 9185746af2eb5cf253b555add72703369e757eb4..2a5025320fb5c471a4db4b5083009bb1492d0500 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -9,7 +9,7 @@ default:
- 1cpu-4gb # build on smaller machine
variables:
- API_DOMAIN_PATH: "$CI_PROJECT_DIR/api_domain"
+ API_DOMAIN_PATH: '$CI_PROJECT_DIR/api_domain'
# job templates
@@ -17,15 +17,15 @@ variables:
image:
name: 'europe-north1-docker.pkg.dev/holi-shared/docker-hub-remote/hashicorp/terraform:1.6.6'
# default entrypoint is terraform command, but we want to run shell scripts
- entrypoint: ["/bin/sh", "-c"]
+ entrypoint: ['/bin/sh', '-c']
variables:
ENVIRONMENT_ID: $CI_ENVIRONMENT_SLUG
artifacts:
paths:
- - "terraform/environments/crash.log" # optional, only available in case of a crash/panic
- - "terraform/environments/terraform-*.log" # separate log for every step/command
+ - 'terraform/environments/crash.log' # optional, only available in case of a crash/panic
+ - 'terraform/environments/terraform-*.log' # separate log for every step/command
- $API_DOMAIN_PATH
- name: "${CI_JOB_NAME}_${CI_JOB_ID}"
+ name: '${CI_JOB_NAME}_${CI_JOB_ID}'
#when: on_failure
expire_in: 1 week
script:
@@ -34,12 +34,13 @@ variables:
resource_group: $ENVIRONMENT_ID # never execute terraform in parallel on the same environment
interruptible: false
-.e2e:
- image: 'europe-north1-docker.pkg.dev/holi-shared/docker-hub-remote/archlinux:latest'
+.smoketest:
+ image: 'europe-north1-docker.pkg.dev/holi-shared/docker/holi-docker/holi-k6-builder'
script:
- - API_DOMAIN=`cat $API_DOMAIN_PATH`
- - echo "e2e tests against $CI_ENVIRONMENT_SLUG environment go here and against $API_DOMAIN"
+ - API_DOMAIN=$(cat $API_DOMAIN_PATH)
- terraform/environments/scripts/wait-for-ssl.sh "https://${API_DOMAIN}"
+ - BASE_URL="https://${API_DOMAIN}/graphql" k6 run smoketest/main.js
+ # TODO should/could we roll back the service to the last working revision on test failure?
# end job templates
@@ -48,13 +49,13 @@ variables:
## common steps
cache_lint_test:
- image: 'europe-north1-docker.pkg.dev/holi-shared/docker-hub-remote/denoland/deno:alpine-1.45.2'
- stage: "test"
+ image: 'europe-north1-docker.pkg.dev/holi-shared/docker-hub-remote/denoland/deno:2.0.0'
+ stage: 'test'
script:
- - deno cache --reload --lock=deno.lock app/deps.ts app/dev_deps.ts
+ - deno cache --allow-import --reload --lock=deno.lock app/deps.ts app/dev_deps.ts
- deno fmt --check
- deno lint
- - deno test
+ - deno test --allow-import
# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
@@ -64,13 +65,13 @@ cache_lint_test:
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
sast:
- needs: ["cache_lint_test"]
+ needs: ['cache_lint_test']
stage: test
include:
- template: Security/SAST.gitlab-ci.yml
build_docker:
- needs: ["cache_lint_test"]
+ needs: ['cache_lint_test']
image: 'europe-north1-docker.pkg.dev/holi-shared/docker-hub-remote/docker:27'
services:
- 'docker:27-dind'
@@ -87,7 +88,7 @@ build_docker:
review_deploy:
extends: .deploy
- needs: ["build_docker"]
+ needs: ['build_docker']
environment:
name: review/$CI_COMMIT_REF_SLUG
url: https://$CI_ENVIRONMENT_SLUG.volunteering.apis.holi.social
@@ -98,20 +99,20 @@ review_deploy:
- production
- /^noenv\/.*/
-review_e2e:
- extends: .e2e
- needs: ["review_deploy"]
+review_smoketest:
+ extends: .smoketest
+ needs: ['review_deploy']
except:
- main
- production
- /^noenv\/.*/
review_destroy:
- needs: ["review_deploy"]
+ needs: ['review_deploy']
image:
name: 'europe-north1-docker.pkg.dev/holi-shared/docker-hub-remote/hashicorp/terraform:1.6.6'
# default entrypoint is terraform command, but we want to run shell scripts
- entrypoint: ["/bin/sh", "-c"]
+ entrypoint: ['/bin/sh', '-c']
variables:
# has to be set to none for auto stop
GIT_STRATEGY: none
@@ -122,9 +123,9 @@ review_destroy:
dependencies: [] # explicitly disable artifact usage
artifacts:
paths:
- - "terraform/environments/crash.log" # optional, only available in case of a crash/panic
- - "terraform/environments/terraform-*.log" # separate log for every step/command
- name: "${CI_JOB_NAME}_${CI_JOB_ID}"
+ - 'terraform/environments/crash.log' # optional, only available in case of a crash/panic
+ - 'terraform/environments/terraform-*.log' # separate log for every step/command
+ name: '${CI_JOB_NAME}_${CI_JOB_ID}'
when: on_failure
expire_in: 1 week
script:
@@ -134,7 +135,7 @@ review_destroy:
- terraform/environments/scripts/destroy-env.sh $CI_ENVIRONMENT_SLUG
# can't use rules here: https://gitlab.com/gitlab-org/gitlab/-/issues/34077
when: manual
- allow_failure: false
+ allow_failure: true
except:
- main
- production
@@ -146,7 +147,7 @@ review_destroy:
staging_deploy:
extends: .deploy
- needs: ["build_docker"]
+ needs: ['build_docker']
environment:
name: staging
deployment_tier: staging
@@ -156,27 +157,26 @@ staging_deploy:
only:
- main
-staging_trigger_unified-api_redeployment:
- needs: ["staging_deploy"]
- trigger:
- project: "app/holi-unified-api"
- branch: "main"
+staging_smoketest:
+ extends: .smoketest
+ needs: ['staging_deploy']
only:
- main
-staging_e2e:
- extends: .e2e
- # if staging_e2e would actually run tests (other than ensuring SSL works), we'd have to
- # wait for the unified-api pipeline to finish.
- needs: ["staging_deploy"]
+staging_trigger_unified-api_redeployment:
+ needs: ['staging_smoketest']
+ trigger:
+ project: 'app/holi-unified-api'
+ branch: 'main'
only:
- main
+ resource_group: unified-api-staging
## production environment
production_deploy:
extends: .deploy
- needs: ["build_docker"]
+ needs: ['build_docker']
allow_failure: false
environment:
name: production
@@ -187,10 +187,17 @@ production_deploy:
only:
- production
+production_smoketest:
+ extends: .smoketest
+ needs: ['production_deploy']
+ only:
+ - production
+
production_trigger_unified-api_redeployment:
- needs: ["production_deploy"]
+ needs: ['production_smoketest']
trigger:
- project: "app/holi-unified-api"
- branch: "production"
+ project: 'app/holi-unified-api'
+ branch: 'production'
only:
- production
+ resource_group: unified-api-production
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 2f34ebc58adb3df395e52bedee0d670532274122..f4b830c8175179542b86e58cc479dbe443a5adbb 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,7 +1,7 @@
repos:
-- repo: local
+ - repo: local
hooks:
- - id: gitleaks
+ - id: gitleaks
name: gitleaks
language: system
entry: gitleaks protect --staged -v -c ../.gitleaks.toml
diff --git a/Dockerfile b/Dockerfile
index 3f53a75b2bcd049d1b69f277207a3f48d2566790..cd6ca8a811095df53c4778ade83d5a1cdfa851a9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM europe-north1-docker.pkg.dev/holi-shared/docker-hub-remote/denoland/deno:alpine-1.45.2
+FROM europe-north1-docker.pkg.dev/holi-shared/docker-hub-remote/denoland/deno:2.0.0
# The port that your application listens to.
EXPOSE 8004
@@ -10,7 +10,7 @@ COPY deno.lock .
COPY deno.json .
COPY ./app ./app
-RUN deno cache --lock=deno.lock app/deps.ts app/dev_deps.ts
-RUN deno cache --lock=deno.lock app/main.ts
+RUN deno cache --allow-import --lock=deno.lock app/deps.ts app/dev_deps.ts
+RUN deno cache --allow-import --lock=deno.lock app/main.ts
-CMD ["deno", "run", "--allow-net", "--allow-env", "--lock=deno.lock", "--cached-only", "app/main.ts"]
+CMD ["deno", "run", "--allow-import", "--allow-net", "--allow-env", "--lock=deno.lock", "--cached-only", "app/main.ts"]
diff --git a/deno.json b/deno.json
index 9203752ec4618c7162ed0c65e3d2d2c392263f09..c7a0e2ddb13d85bb8f9f77b1c0bb79685fe8585e 100644
--- a/deno.json
+++ b/deno.json
@@ -4,14 +4,14 @@
"lint": "deno lint",
"fmt": "deno fmt",
"fmt:check": "deno fmt --check",
- "test": "deno test",
- "updateDeps": "deno cache --lock=deno.lock --lock-write app/deps.ts app/dev_deps.ts",
- "install": "deno cache --reload --lock=deno.lock app/deps.ts app/dev_deps.ts",
- "cache": "deno cache app/main.ts",
- "dev": "deno run --allow-net --allow-env --lock=deno.lock --cached-only --watch app/main.ts",
- "start": "deno run --allow-net --allow-env --lock=deno.lock --cached-only app/main.ts",
+ "test": "deno test --allow-import ",
+ "updateDeps": "deno cache --allow-import --lock=deno.lock --lock-write app/deps.ts app/dev_deps.ts",
+ "install": "deno cache --allow-import --reload --lock=deno.lock app/deps.ts app/dev_deps.ts",
+ "cache": "deno cache --allow-import app/main.ts",
+ "dev": "deno run --allow-import --allow-net --allow-env --lock=deno.lock --cached-only --watch app/main.ts",
+ "start": "deno run --allow-import --allow-net --allow-env --lock=deno.lock --cached-only app/main.ts",
"docker": "docker build -t volunteering-api . && docker run -it --init -p 8004:8004 volunteering-api",
- "coverage": "deno test --coverage=coverage && deno coverage coverage",
+ "coverage": "deno test --allow-import --coverage=coverage && deno coverage coverage",
"pre-commit": {
"cmd": "vr fmt && vr lint && vr test",
"gitHook": "pre-commit"
diff --git a/smoketest/main.js b/smoketest/main.js
new file mode 100644
index 0000000000000000000000000000000000000000..919c8a156d5102cce203590c7d9e24f46d72fce4
--- /dev/null
+++ b/smoketest/main.js
@@ -0,0 +1,40 @@
+import http from 'k6/http'
+import { check } from 'k6'
+
+// You don't need to change anything in this section, it's k6 glue code.
+// See the default function at the end of the file for defining your smoketest.
+// This configuration only executes 1 test, enough for a smoketest. The smoketest will fail on any check failing.
+const allChecksNeedToPassTreshold = { checks: [{ threshold: 'rate==1', abortOnFail: true }] }
+export const options = {
+ vus: 1,
+ iterations: 1,
+ thresholds: allChecksNeedToPassTreshold,
+}
+
+/**
+ * Performs a GraphQL query and checks the response using the provided function. Fails if any of the provided expectations are not met.
+ * @param {string} query The GraphQL query to perform
+ * @param {(response: http.Response) => Array<boolean>} checkFunction
+ * A function that takes the HTTP response as an argument and returns an array
+ * of boolean values, each indicating success or failure of a test.
+ */
+function forQuery(query, checkFunction) {
+ const response = http.post(`${__ENV.BASE_URL}`, JSON.stringify({ query }), {
+ headers: { 'Content-Type': 'application/json' },
+ })
+ checkFunction(response)
+}
+
+// Define your smoketest(s) here.
+export default () => {
+ forQuery(`{categories{data{name}}}`, (response) => {
+ check(response, {
+ 'is status 200': (r) => r.status === 200,
+ })
+ check(JSON.parse(response.body), {
+ // there can be multiple tests here, e.g.
+ //"contains topics object": (r) => typeof r.data.topics != null,
+ 'contains categories': (r) => Array.isArray(r.data.categories.data) && r.data.categories.data.length > 0,
+ })
+ })
+}