pull test suite step out into own job

Author: kikidawson-gds

.github/workflows/backend-api-post-merge.yml

@@ -17,17 +17,26 @@ permissions:
   id-token: write
 
 jobs:
+  run-test-suite:
+    name: Run test suite
+    uses:
+      govuk-one-login/mobile-id-check-async/.github/workflows/job_test-suite.yml@DCMAW-11654
+    with:
+      WORKING_DIRECTORY: backend-api
+
   sonarqube-scan:
     name: SonarQube Scan
+    needs: run-test-suite
     uses:
       govuk-one-login/mobile-id-check-async/.github/workflows/job_sonarqube.yml@DCMAW-11654
     with:
-      WORKING_DIRECTORY: ${{ inputs.WORKING_DIRECTORY }}
+      DOWNLOAD_TEST_COVERAGE: true
+      WORKING_DIRECTORY: backend-api
     secrets: inherit
 
   dev-post-merge:
-    name: Dev Post Merge
-    needs: sonarqube-scan
+    name: Build and push image, build and upload artifact to S3 for dev
+    needs: run-test-suite
     uses:
       govuk-one-login/mobile-id-check-async/.github/workflows/workflow_post-merge.yml@DCMAW-11654
     with:
@@ -40,7 +49,7 @@ jobs:
       TEST_IMAGE_REPOSITORY_URI: ${{ secrets.BACKEND_API_DEV_TEST_IMAGE_REPOSITORY }}
 
   build-post-merge:
-    name: Build Post Merge
+    name: Build and push image, build and upload artifact to S3 for build
     needs: dev-post-merge
     uses:
       govuk-one-login/mobile-id-check-async/.github/workflows/workflow_post-merge.yml@DCMAW-11654

.github/workflows/backend-api-pull-request.yml

@@ -26,13 +26,22 @@ jobs:
       GENERATE_PROXY_OPEN_API_SPEC: true
       WORKING_DIRECTORY: backend-api
     secrets: inherit
+
+  run-test-suite:
+    name: Run test suite
+    if: github.event.pull_request.draft == false
+    uses:
+      govuk-one-login/mobile-id-check-async/.github/workflows/job_test-suite.yml@DCMAW-11654
+    with:
+      WORKING_DIRECTORY: backend-api
 
   sonarqube:
     name: SonarQube
-    needs: ci-checks
+    needs: run-test-suite
     uses:
       govuk-one-login/mobile-id-check-async/.github/workflows/job_sonarqube.yml@DCMAW-11654
     with:
+      DOWNLOAD_TEST_COVERAGE: true
       RUN_SONARQUBE_QUALITY_GATE_CHECK: true
       WORKING_DIRECTORY: backend-api
     secrets: inherit

.github/workflows/job_build-and-push-test-image.yml

@@ -48,9 +48,6 @@ jobs:
           aws-region: eu-west-2
           role-to-assume: ${{ secrets.GH_ACTIONS_ROLE_ARN }}
 
-      - name: Run custom tests
-        run: npm run test
-
       - name: Login to AWS ECR
         uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 #v2.0.1
 

.github/workflows/job_ci-checks.yml

@@ -60,10 +60,6 @@ jobs:
       - name: Check formatting
         run: npm run format:check
 
-      - name: Run custom tests
-        run: npm run test
-        # output the file the unit tests generates for use in sonar quality gate
-
       # - name: Generate proxy open api spec
       #   if: ${{ inputs.GENERATE_PROXY_OPEN_API_SPEC }}
       #   run: npm run generate-proxy-open-api

.github/workflows/job_sonarqube.yml

@@ -3,6 +3,11 @@ name: SonarQube Scan
 on:
   workflow_call:
     inputs:
+      DOWNLOAD_TEST_COVERAGE:
+        description: Set to true if test coverage artifact has been uploaded. If false, test suite will run
+        required: false
+        type: boolean
+        default: false
       RUN_SONARQUBE_QUALITY_GATE_CHECK:
         description: Whether to run SonarQube Quality Gate check
         required: false
@@ -38,7 +43,15 @@ jobs:
       - name: Install dependencies
         run: npm clean-install
 
+      - name: Download coverage artifact
+        if: ${{ inputs.DOWNLOAD_TEST_COVERAGE }} == true
+        uses: actions/download-artifact@v3
+        with:
+          name: test-coverage
+          path: coverage/
+
       - name: Generate test coverage report for SonarQube Quality Gate Check
+        if: ${{ inputs.DOWNLOAD_TEST_COVERAGE }} == false
         run: npm run test:unit
 
       - name: Run SonarQube Scan

.github/workflows/job_test-suite.yml

@@ -0,0 +1,43 @@
+name: Run Test Suite
+
+on:
+  workflow_call:
+    inputs:
+      WORKING_DIRECTORY:
+        description: Working directory
+        required: true
+        type: string
+
+jobs:
+  run-test-suite:
+    name: Run test suite and upload coverage artifact
+    runs-on: ubuntu-24.04
+    defaults:
+      run:
+        shell: bash
+        working-directory: ${{ inputs.WORKING_DIRECTORY }}
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08 #main
+        with:
+          fetch-depth: 0
+          submodules: true
+
+      - name: Setup nodeJS v20
+        uses: actions/setup-node@26961cf329f22f6837d5f54c3efd76b480300ace #main
+        with:
+          cache: npm
+          cache-dependency-path: ${{ inputs.WORKING_DIRECTORY }}/package-lock.json
+          node-version: 20
+
+      - name: Install dependencies
+        run: npm clean-install
+
+      - name: Run all tests
+        run: npm run test
+
+      - name: Upload coverage artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: test-coverage
+          path: coverage/

.github/workflows/test-resources-post-merge.yml

@@ -26,12 +26,21 @@ jobs:
       WORKING_DIRECTORY: test-resources
     secrets: inherit
 
+  run-test-suite:
+    name: Run test suite
+    if: github.event.pull_request.draft == false
+    uses:
+      govuk-one-login/mobile-id-check-async/.github/workflows/job_test-suite.yml@DCMAW-11654
+    with:
+      WORKING_DIRECTORY: test-resources
+
   sonarqube:
     name: SonarQube
-    needs: ci-checks
+    needs: run-test-suite
     uses:
       govuk-one-login/mobile-id-check-async/.github/workflows/job_sonarqube.yml@DCMAW-11654
     with:
+      DOWNLOAD_TEST_COVERAGE: true
       RUN_SONARQUBE_QUALITY_GATE_CHECK: true
       WORKING_DIRECTORY: test-resources
     secrets: inherit

.github/workflows/test-resources-pull-request.yml

@@ -0,0 +1,63 @@
+name: test-resources post merge
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "test-resources/**"
+      - ".github/workflows/test-resources-post-merge.yml"
+      - "!test-resources/**/*.md"
+      - "!test-resources/**/*.png"
+
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  # run-test-suite:
+  #   name: Run test suite
+  #   uses:
+  #     govuk-one-login/mobile-id-check-async/.github/workflows/job_test-suite.yml@DCMAW-11654
+  #   with:
+  #     WORKING_DIRECTORY: test-resources
+
+  # sonarqube-scan:
+  #   name: SonarQube Scan
+  #   needs: run-test-suite
+  #   uses:
+  #     govuk-one-login/mobile-id-check-async/.github/workflows/job_sonarqube.yml@DCMAW-11654
+  #   with:
+  #     DOWNLOAD_TEST_COVERAGE: true
+  #     WORKING_DIRECTORY: test-resources
+  #   secrets: inherit
+
+  dev-post-merge:
+    name: Build and push image, build and upload artifact to S3 for dev
+    needs: run-test-suite
+    uses:
+      govuk-one-login/mobile-id-check-async/.github/workflows/workflow_post-merge.yml@DCMAW-11654
+    with:
+      WORKING_DIRECTORY: test-resources
+    secrets:
+      ARTIFACT_BUCKET_NAME: ${{ secrets.TEST_RESOURCES_DEV_ARTIFACT_BUCKET }}
+      CONTAINER_SIGN_KMS_KEY: ${{ secrets.DEV_CONTAINER_SIGN_KMS_KEY }}
+      GH_ACTIONS_ROLE_ARN: ${{ secrets.TEST_RESOURCES_DEV_GH_ACTIONS_ROLE_ARN }}
+      SIGNING_PROFILE_NAME: ${{ secrets.DEV_SIGNING_PROFILE_NAME }}
+      TEST_IMAGE_REPOSITORY_URI: ${{ secrets.TEST_RESOURCES_DEV_TEST_IMAGE_REPOSITORY_URI }}
+
+  # build-post-merge:
+  #   name: Build and push image, build and upload artifact to S3 for build
+  #   needs: dev-post-merge
+  #   uses:
+  #     govuk-one-login/mobile-id-check-async/.github/workflows/workflow_post-merge.yml@DCMAW-11654
+  #   with:
+  #     WORKING_DIRECTORY: test-resources
+  #   secrets:
+  #     ARTIFACT_BUCKET_NAME: ${{ secrets.TEST_RESOURCES_BUILD_ARTIFACT_BUCKET }}
+  #     CONTAINER_SIGN_KMS_KEY: ${{ secrets.BUILD_CONTAINER_SIGN_KMS_KEY }}
+  #     GH_ACTIONS_ROLE_ARN: ${{ secrets.BACKEND_API_BUILD_GH_ACTIONS_ROLE_ARN }}
+  #     SIGNING_PROFILE_NAME: ${{ secrets.BUILD_SIGNING_PROFILE_NAME }}
+  #     TEST_IMAGE_REPOSITORY_URI: ${{ secrets.BACKEND_API_BUILD_TEST_IMAGE_REPOSITORY }}