canary_checks #9
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: canary_checks | |
| on: | |
| schedule: | |
| - cron: '0 */1 * * *' # runs every hour | |
| workflow_dispatch: | |
| jobs: | |
| local_checks_with_latest_dependencies: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0 | |
| - uses: ./.github/actions/setup_node | |
| - name: Install and build without lock file | |
| shell: bash | |
| run: | | |
| rm package-lock.json | |
| npm install | |
| npm run build | |
| - name: Check dependencies | |
| shell: bash | |
| run: | | |
| npm run check:dependencies | |
| - name: Run unit and integration tests | |
| shell: bash | |
| run: | | |
| # Integration tests snapshots can change when new construct or CDK version is pulled in | |
| # However we still want to run synthesis in these tests to verify that it doesn't fail | |
| export AMPLIFY_BACKEND_TESTS_DISABLE_INTEGRATION_SNAPSHOTS_COMPARISON=true | |
| npm run test | |
| live_dependency_health_checks: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| permissions: | |
| # these permissions are required for the configure-aws-credentials action to get a JWT from GitHub | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0 | |
| - uses: ./.github/actions/setup_node | |
| - uses: ./.github/actions/build_with_cache | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@04b98b3f9e85f563fb061be8751a0352327246b0 # version 3.0.1 | |
| with: | |
| role-to-assume: ${{ secrets.E2E_RUNNER_ROLE_ARN }} | |
| aws-region: us-west-2 | |
| - name: Run live dependency health checks | |
| shell: bash | |
| run: | | |
| npm run live-dependency-health-checks | |
| log-failure-metric: | |
| runs-on: ubuntu-latest | |
| needs: | |
| [local_checks_with_latest_dependencies, live_dependency_health_checks] | |
| permissions: | |
| # these permissions are required for the configure-aws-credentials action to get a JWT from GitHub | |
| id-token: write | |
| contents: read | |
| if: ${{ failure() }} | |
| steps: | |
| - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0 | |
| - name: Log failure | |
| uses: ./.github/actions/log-metric | |
| with: | |
| metric-name: WorkflowExecutionFailure | |
| value: 1 | |
| # github.workflow - workflow name | |
| # github.ref_name - branch or tag name | |
| dimensions: workflow=${{ github.workflow }},ref_name=${{ github.ref_name }} | |
| role-to-assume: ${{ secrets.METRICS_EMITTER_ROLE_ARN }} | |
| aws-region: us-west-2 | |
| log-success-metric: | |
| runs-on: ubuntu-latest | |
| needs: | |
| [local_checks_with_latest_dependencies, live_dependency_health_checks] | |
| permissions: | |
| # these permissions are required for the configure-aws-credentials action to get a JWT from GitHub | |
| id-token: write | |
| contents: read | |
| if: ${{ success() }} | |
| steps: | |
| - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # version 3.6.0 | |
| - name: Log success | |
| uses: ./.github/actions/log-metric | |
| with: | |
| metric-name: WorkflowExecutionFailure | |
| value: 0 | |
| # github.workflow - workflow name | |
| # github.ref_name - branch or tag name | |
| dimensions: workflow=${{ github.workflow }},ref_name=${{ github.ref_name }} | |
| role-to-assume: ${{ secrets.METRICS_EMITTER_ROLE_ARN }} | |
| aws-region: us-west-2 |