Skip to content
Build and Deploy

fix(ci-lease): chained-assume session capped at 1h #862

Sign in to view logs

fix(ci-lease): chained-assume session capped at 1h

fix(ci-lease): chained-assume session capped at 1h #862

Workflow file for this run

.github/workflows/build-deploy.yml at 48d8a8c
# NDX:Try AWS Scenarios - Build and Deploy Pipeline
#
# This workflow:
# 1. Validates scenario schema
# 2. Builds the Eleventy site
# 3. Runs accessibility tests
# 4. Runs Lighthouse CI
# 5. Deploys to GitHub Pages (main branch only)
name: Build and Deploy
on:
push:
branches: [main]
pull_request:
branches: [main]
merge_group:
branches: [main]
workflow_dispatch:
# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
permissions:
contents: read
pages: write
id-token: write
# Allow only one concurrent deployment
concurrency:
group: "pages"
cancel-in-progress: false
env:
NODE_VERSION: '22'
jobs:
validate-schema:
name: Validate Schema
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v6
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Validate scenarios.yaml schema
run: npm run validate:schema
build:
name: Build Site
runs-on: ubuntu-latest
needs: validate-schema
steps:
- name: Checkout repository
uses: actions/checkout@v6
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Build Eleventy site
run: npm run build
env:
GITHUB_PAGES_URL: https://aws.try.ndx.digital.cabinet-office.gov.uk
- name: Upload build artifact
uses: actions/upload-artifact@v7
with:
name: site-build
path: _site
retention-days: 1
- name: Upload Pages artifact
if: github.ref == 'refs/heads/main'
uses: actions/upload-pages-artifact@v5
with:
path: _site
accessibility:
name: Accessibility Tests
runs-on: ubuntu-latest
needs: build
steps:
- name: Checkout repository
uses: actions/checkout@v6
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Download build artifact
uses: actions/download-artifact@v8
with:
name: site-build
path: _site
- name: Install pa11y-ci
run: npm install -g pa11y-ci
- name: Start local server
run: npx http-server _site -p 8080 &
- name: Wait for server
run: sleep 5
- name: Run pa11y accessibility tests
run: |
pa11y-ci --config .pa11yci.json || echo "::warning::Some accessibility issues found"
lighthouse:
name: Lighthouse CI
runs-on: ubuntu-latest
needs: build
steps:
- name: Checkout repository
uses: actions/checkout@v6
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Download build artifact
uses: actions/download-artifact@v8
with:
name: site-build
path: _site
playwright:
name: Playwright (front-end)
runs-on: ubuntu-latest
needs: build
permissions:
contents: read
actions: read
steps:
- name: Checkout repository
uses: actions/checkout@v6
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Cache Playwright browsers
uses: actions/cache@v5
with:
path: ~/.cache/ms-playwright
key: playwright-${{ runner.os }}-${{ hashFiles('package-lock.json') }}
restore-keys: |
playwright-${{ runner.os }}-
- name: Install Playwright browsers
run: npx playwright install --with-deps chromium
- name: Download build artifact
uses: actions/download-artifact@v8
with:
name: site-build
path: _site
- name: Find latest successful main run for visual baselines
id: latest-main
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
run_id=$(gh run list \
--workflow=build-deploy.yml \
--branch=main \
--status=success \
--limit=1 \
--json databaseId \
--jq '.[0].databaseId // empty')
echo "run_id=$run_id" >> "$GITHUB_OUTPUT"
if [ -z "$run_id" ]; then
echo "::warning::No prior successful main run found; visual baselines will be bootstrapped on this run"
else
echo "Using baselines from main run $run_id"
fi
- name: Restore visual baselines from latest main
if: steps.latest-main.outputs.run_id != ''
continue-on-error: true
uses: actions/download-artifact@v8
with:
name: visual-baselines
path: tests/visual-regression.spec.ts-snapshots
run-id: ${{ steps.latest-main.outputs.run_id }}
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Run NAP-558 phase-navigator regression
run: npx playwright test tests/phase-navigator-links.spec.ts --project=desktop
- name: Run visual-regression (bootstrap if no baselines)
if: always()
run: |
if [ -d tests/visual-regression.spec.ts-snapshots ] && \
[ -n "$(ls -A tests/visual-regression.spec.ts-snapshots 2>/dev/null || true)" ]; then
npx playwright test tests/visual-regression.spec.ts --project=desktop
else
echo "::warning::No baselines present; running with --update-snapshots to bootstrap"
npx playwright test tests/visual-regression.spec.ts --project=desktop --update-snapshots
fi
- name: Upload Playwright report
if: always()
uses: actions/upload-artifact@v7
with:
name: playwright-report
path: playwright-report
retention-days: 7
- name: Upload visual baselines (main only)
if: github.ref == 'refs/heads/main' && always()
uses: actions/upload-artifact@v7
with:
name: visual-baselines
path: tests/visual-regression.spec.ts-snapshots
retention-days: 90
deploy:
name: Deploy to GitHub Pages
runs-on: ubuntu-latest
needs: [build, playwright]
if: github.ref == 'refs/heads/main'
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
steps:
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@v5