chore(build): API test image (#4266)

Flagsmith · Jul 12, 2024 · 9b927e8 · 9b927e8
1 parent cd121e8
commit 9b927e8
Show file tree

Hide file tree

Showing 9 changed files with 145 additions and 350 deletions.
diff --git a/.github/actions/docker-build-report-to-pr/action.yml b/.github/actions/docker-build-report-to-pr/action.yml
@@ -0,0 +1,46 @@
+name: Report Docker Build status to PR
+description: Create or update PR comment related to Docker build
+
+inputs:
+  image-tag:
+    description: Full image tag
+    required: false
+  build-status:
+    description: Build status in short format
+    required: false
+  security-report-status:
+    description: Security report status in short format
+    required: false
+
+runs:
+  using: composite
+
+  steps:
+    - uses: peter-evans/find-comment@v3
+      id: find-comment
+      with:
+        issue-number: ${{ github.event.pull_request.number }}
+        body-includes: 'Docker builds report'
+
+    - uses: chuhlomin/[email protected]
+      if: ${{ !inputs.image-tag }}
+      id: render-header
+      with:
+        template: .github/docker_build_comment_template.md
+
+    - uses: peter-evans/create-or-update-comment@v4
+      if: ${{ !inputs.image-tag }}
+      with:
+        comment-id: ${{ steps.find-comment.outputs.comment-id }}
+        edit-mode: replace
+        issue-number: ${{ github.event.pull_request.number }}
+        body: ${{ steps.render-header.outputs.result }}
+
+    - uses: peter-evans/create-or-update-comment@v4
+      if: ${{ inputs.image-tag }}
+      with:
+        comment-id: ${{ steps.find-comment.outputs.comment-id }}
+        edit-mode: append
+        issue-number: ${{ github.event.pull_request.number }}
+        body: >
+          | `${{ inputs.image-tag }}` | ${{ inputs.build-status }} | ${{ inputs.security-report-status }} |
diff --git a/.github/docker_build_comment_template.md b/.github/docker_build_comment_template.md
@@ -1,5 +1,4 @@
-{{ .message }}
+#### Docker builds report
 
-| Image           | Build Status       | Security report             |
-| --------------- | ------------------ | --------------------------- |
-| {{ .imageTag }} | {{ .buildStatus }} | {{ .securityReportStatus }} |
+| Image | Build Status | Security report |
+| ----- | ------------ | --------------- |
diff --git a/.github/workflows/.reusable-docker-build.yml b/.github/workflows/.reusable-docker-build.yml
@@ -96,33 +96,6 @@ jobs:
             ${{ inputs.registry-url }}/flagsmith/${{ inputs.image-name }}
           tags: ${{ inputs.tags }}
 
-      - uses: chuhlomin/[email protected]
-        if: inputs.comment
-        id: render-comment-initial
-        with:
-          template: .github/docker_build_comment_template.md
-          vars: |
-            message: "`${{ inputs.image-name }}` is being built... :hourglass_flowing_sand:"
-            imageTag: "Pending :hourglass_flowing_sand:"
-            buildStatus: "Building :hourglass_flowing_sand:"
-            securityReportStatus: "${{ inputs.scan && 'Pending :hourglass_flowing_sand:' || 'Skipped' }}"
-
-      - uses: peter-evans/find-comment@v3
-        if: inputs.comment
-        id: find-comment
-        with:
-          issue-number: ${{ github.event.pull_request.number }}
-          body-includes: '`${{ inputs.image-name }}` '
-
-      - uses: peter-evans/create-or-update-comment@v4
-        if: inputs.comment
-        id: add-comment
-        with:
-          comment-id: ${{ steps.find-comment.outputs.comment-id }}
-          edit-mode: replace
-          issue-number: ${{ github.event.pull_request.number }}
-          body: ${{ steps.render-comment-initial.outputs.result }}
-
       - name: Build and push image
         id: build
         uses: depot/build-push-action@v1
@@ -156,23 +129,13 @@ jobs:
           echo ::add-mask::$DEPOT_TOKEN
           echo depot-token=$DEPOT_TOKEN >> $GITHUB_OUTPUT
 
-      - uses: chuhlomin/[email protected]
-        if: inputs.comment
-        id: render-comment-on-finished-build
+      - name: Report build finish
+        uses: ./.github/actions/docker-build-report-to-pr
+        if: inputs.comment && !inputs.scan
         with:
-          template: .github/docker_build_comment_template.md
-          vars: |
-            message: "`${{ inputs.image-name }}` image build finished :sparkles: ${{ inputs.scan && 'Executing security scan...' || '' }}"
-            imageTag: "`${{ steps.image-tag.outputs.image-tag }}`"
-            buildStatus: "Finished :white_check_mark:"
-            securityReportStatus: "${{ inputs.scan && 'Pending :hourglass_flowing_sand:' || 'Skipped' }}"
-
-      - uses: peter-evans/create-or-update-comment@v4
-        if: inputs.comment
-        with:
-          comment-id: ${{ steps.add-comment.outputs.comment-id }}
-          edit-mode: replace
-          body: ${{ steps.render-comment-on-finished-build.outputs.result }}
+          image-tag: ${{ steps.image-tag.outputs.image-tag }}
+          build-status: 'Finished :white_check_mark:'
+          security-report-status: 'Skipped'
 
       - name: Run Trivy vulnerability scanner
         id: trivy
@@ -194,25 +157,17 @@ jobs:
 
       - name: Render scan results URL
         id: scan-results-url
+        if: inputs.scan
         run: >
           echo scan-results-url=${{ format('{0}/{1}/security/code-scanning?query=pr%3A{2}+path%3Aflagsmith%2F{3}',
           github.server_url, github.repository, github.event.pull_request.number, inputs.image-name) }} >>
           $GITHUB_OUTPUT
 
-      - uses: chuhlomin/[email protected]
-        id: render-comment-on-finished-scan
-        if: inputs.scan && inputs.comment
-        with:
-          template: .github/docker_build_comment_template.md
-          vars: |
-            message: "`${{ inputs.image-name }}` image build and security scan finished :sparkles:"
-            imageTag: "`${{ steps.image-tag.outputs.image-tag }}`"
-            buildStatus: "Finished :white_check_mark:"
-            securityReportStatus: "${{ format('[Results]({0}) :white_check_mark:', steps.scan-results-url.outputs.scan-results-url) }}"
-
-      - uses: peter-evans/create-or-update-comment@v4
-        if: inputs.scan && inputs.comment
+      - name: Report scan results URL
+        uses: ./.github/actions/docker-build-report-to-pr
+        if: inputs.comment && inputs.scan
         with:
-          comment-id: ${{ steps.add-comment.outputs.comment-id }}
-          edit-mode: replace
-          body: ${{ steps.render-comment-on-finished-scan.outputs.result }}
+          image-tag: ${{ steps.image-tag.outputs.image-tag }}
+          build-status: 'Finished :white_check_mark:'
+          security-report-status:
+            "${{ format('[Results]({0}) :white_check_mark:', steps.scan-results-url.outputs.scan-results-url) }}"
diff --git a/.github/workflows/platform-docker-build-test-publish.yml b/.github/workflows/platform-docker-build-test-publish.yml
@@ -50,6 +50,14 @@ jobs:
       secrets: |
         github_private_cloud_token=${{ secrets.GH_PRIVATE_ACCESS_TOKEN }}
 
+  docker-build-api-test:
+    name: Build API Test Image
+    uses: ./.github/workflows/.reusable-docker-build.yml
+    with:
+      target: api-test
+      image-name: flagsmith-api-test
+      scan: false
+
   docker-build-e2e:
     name: Build E2E Image
     uses: ./.github/workflows/.reusable-docker-build.yml

diff --git a/.github/workflows/platform-pull-request.yml b/.github/workflows/platform-pull-request.yml
@@ -10,9 +10,11 @@ on:
       - release-please-*
 
 jobs:
-  validate-pr-title:
-    name: Validate Conventional Commit title
+  conventional-commit:
+    name: Conventional Commit
     runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
     steps:
       - name: Check PR Conventional Commit title
         uses: amannn/action-semantic-pull-request@v5
@@ -30,13 +32,6 @@ jobs:
             refactor
             test
             chore
-
-  add-labels:
-    name: Add labels based on Conventional Commit title
-    runs-on: ubuntu-latest
-    permissions:
-      pull-requests: write
-    steps:
       - name: Auto-label PR with Conventional Commit title
         uses: bcoe/conventional-release-labels@v1
         with:
@@ -66,9 +61,23 @@ jobs:
         with:
           require: write
 
+  docker-prepare-report-comment:
+    if: needs.check-permissions.outputs.can-write == 'true'
+    name: Prepare Docker report comment
+    needs: check-permissions
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          sparse-checkout: .github/
+          sparse-checkout-cone-mode: false
+      - uses: ./.github/actions/docker-build-report-to-pr
+
   docker-build-unified:
     if: github.event.pull_request.draft == false
-    needs: check-permissions
+    needs: [check-permissions, docker-prepare-report-comment]
     name: Build Unified Image
     uses: ./.github/workflows/.reusable-docker-build.yml
     with:
@@ -79,7 +88,7 @@ jobs:
 
   docker-build-api:
     if: github.event.pull_request.draft == false
-    needs: check-permissions
+    needs: [check-permissions, docker-prepare-report-comment]
     name: Build API Image
     uses: ./.github/workflows/.reusable-docker-build.yml
     with:
@@ -90,7 +99,7 @@ jobs:
 
   docker-build-frontend:
     if: github.event.pull_request.draft == false
-    needs: check-permissions
+    needs: [check-permissions, docker-prepare-report-comment]
     name: Build Frontend Image
     uses: ./.github/workflows/.reusable-docker-build.yml
     with:
@@ -99,9 +108,20 @@ jobs:
       image-name: flagsmith-frontend
       comment: ${{ needs.check-permissions.outputs.can-write == 'true' }}
 
+  docker-build-api-test:
+    if: github.event.pull_request.draft == false
+    needs: [check-permissions, docker-prepare-report-comment]
+    name: Build API Test Image
+    uses: ./.github/workflows/.reusable-docker-build.yml
+    with:
+      target: api-test
+      image-name: flagsmith-api-test
+      scan: false
+      comment: ${{ needs.check-permissions.outputs.can-write == 'true' }}
+
   docker-build-e2e:
     if: github.event.pull_request.draft == false
-    needs: check-permissions
+    needs: [check-permissions, docker-prepare-report-comment]
     name: Build E2E Image
     uses: ./.github/workflows/.reusable-docker-build.yml
     with:
@@ -113,7 +133,7 @@ jobs:
 
   docker-build-private-cloud:
     if: github.event.pull_request.draft == false && needs.check-permissions.outputs.can-write == 'true'
-    needs: check-permissions
+    needs: [check-permissions, docker-prepare-report-comment]
     name: Build Private Cloud Image
     uses: ./.github/workflows/.reusable-docker-build.yml
     with:

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -30,7 +30,7 @@ repos:
     rev: v3.1.0
     hooks:
       - id: prettier
-        exclude: ^(frontend/|CHANGELOG.md)
+        exclude: ^(frontend/|CHANGELOG.md|.github/docker_build_comment_template.md)
 
   - repo: https://github.com/python-poetry/poetry
     rev: 1.8.0

diff --git a/Dockerfile b/Dockerfile
@@ -37,6 +37,9 @@
 # * api-runtime [python:slim]
 # * api-runtime-private [api-runtime]
 
+# - Internal stages
+# * api-test [build-python]
+
 # - Target (shippable) stages
 # * private-cloud-api [api-runtime-private, build-python-private]
 # * private-cloud-unified [api-runtime-private, build-python-private, build-node-django]
@@ -138,6 +141,18 @@ FROM api-runtime as api-runtime-private
 # Install SAML binary dependency
 RUN apt-get update && apt-get install -y xmlsec1 && rm -rf /var/lib/apt/lists/*
 
+# - Internal stages
+# * api-test [build-python]
+FROM build-python AS api-test
+
+RUN make install-packages opts='--with dev'
+
+WORKDIR /app
+
+COPY api /app/
+
+CMD ["make test"]
+
 # - Target (shippable) stages
 # * private-cloud-api [api-runtime-private, build-python-private]
 FROM api-runtime-private as private-cloud-api