Experimental: Test GitHub Actions locally (nhs-england-tools#114)

stefaniuk · web-flow · commit ba990e1b5428 · 2023-09-19T09:48:32.000Z
## Description This PR introduces the `nektos/act` project to run GitHub Actions workflows on a developer's local machine, providing a fast, cost-effective and resource-efficient way to test changes to actions and debug before pushing to GitHub. It emulates the GitHub Actions runner environment using Docker containers, allowing for an identical testing conditions. ## Context <img width="2056" alt="image" src="https://github.com/nhs-england-tools/repository-template/assets/499338/ed06f59f-aa9c-4557-abf2-8b1298813d5f"> ### Testing ``` # clone the repo and switch to the `Test_GitHub_Actions_locally` branch, then run: $ make runner-act workflow="stage-1-commit" job="cloc-repository" ``` ## Type of changes - [ ] Refactoring (non-breaking change) - [x] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would change existing functionality) - [ ] Bug fix (non-breaking change which fixes an issue) ## Checklist - [x] I am familiar with the [contributing guidelines](../docs/CONTRIBUTING.md) - [x] I have followed the code style of the project - [x] I have added tests to cover my changes - [x] I have updated the documentation accordingly - [ ] This PR is a result of pair or mob programming --- ## Sensitive Information Declaration To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including [PII (Personal Identifiable Information) / PID (Personal Identifiable Data)](https://digital.nhs.uk/data-and-information/keeping-data-safe-and-benefitting-the-public) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter. - [x] I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes.
diff --git a/.github/actions/cloc-repository/action.yaml b/.github/actions/cloc-repository/action.yaml
@@ -31,6 +31,7 @@ runs:
       shell: bash
       run: zip cloc-report.json.zip cloc-report.json
     - name: "Upload CLOC report as an artefact"
+      if: ${{ !env.ACT }}
       uses: actions/upload-artifact@v3
       with:
         name: cloc-report.json.zip
diff --git a/.github/actions/scan-dependencies/action.yaml b/.github/actions/scan-dependencies/action.yaml
@@ -31,6 +31,7 @@ runs:
       shell: bash
       run: zip sbom-repository-report.json.zip sbom-repository-report.json
     - name: "Upload SBOM report as an artefact"
+      if: ${{ !env.ACT }}
       uses: actions/upload-artifact@v3
       with:
         name: sbom-repository-report.json.zip
@@ -45,6 +46,7 @@ runs:
       shell: bash
       run: zip vulnerabilities-repository-report.json.zip vulnerabilities-repository-report.json
     - name: "Upload vulnerabilities report as an artefact"
+      if: ${{ !env.ACT }}
       uses: actions/upload-artifact@v3
       with:
         name: vulnerabilities-repository-report.json.zip
diff --git a/.github/workflows/cicd-1-pull-request.yaml b/.github/workflows/cicd-1-pull-request.yaml
@@ -11,6 +11,7 @@ on:
 
 jobs:
   metadata:
+    name: "Set CI/CD metadata"
     runs-on: ubuntu-latest
     timeout-minutes: 1
     outputs:
@@ -66,6 +67,7 @@ jobs:
           export DOES_PULL_REQUEST_EXIST="${{ steps.pr_exists.outputs.does_pull_request_exist }}"
           make list-variables
   commit-stage: # Recommended maximum execution time is 2 minutes
+    name: "Commit stage"
     needs: [metadata]
     uses: ./.github/workflows/stage-1-commit.yaml
     with:
@@ -78,6 +80,7 @@ jobs:
       version: "${{ needs.metadata.outputs.version }}"
     secrets: inherit
   test-stage: # Recommended maximum execution time is 5 minutes
+    name: "Test stage"
     needs: [metadata, commit-stage]
     uses: ./.github/workflows/stage-2-test.yaml
     with:
@@ -90,6 +93,7 @@ jobs:
       version: "${{ needs.metadata.outputs.version }}"
     secrets: inherit
   build-stage: # Recommended maximum execution time is 3 minutes
+    name: "Build stage"
     needs: [metadata, test-stage]
     uses: ./.github/workflows/stage-3-build.yaml
     if: needs.metadata.outputs.does_pull_request_exist == 'true' || (github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'reopened'))
@@ -103,6 +107,7 @@ jobs:
       version: "${{ needs.metadata.outputs.version }}"
     secrets: inherit
   acceptance-stage: # Recommended maximum execution time is 10 minutes
+    name: "Acceptance stage"
     needs: [metadata, build-stage]
     uses: ./.github/workflows/stage-4-acceptance.yaml
     if: needs.metadata.outputs.does_pull_request_exist == 'true' || (github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'reopened'))
diff --git a/.github/workflows/cicd-2-publish.yaml b/.github/workflows/cicd-2-publish.yaml
@@ -8,6 +8,7 @@ on:
 
 jobs:
   metadata:
+    name: "Set CI/CD metadata"
     runs-on: ubuntu-latest
     if: github.event.pull_request.merged == true
     timeout-minutes: 1
@@ -45,6 +46,7 @@ jobs:
           export VERSION="${{ steps.variables.outputs.version }}"
           make list-variables
   publish:
+    name: "Publish packages"
     runs-on: ubuntu-latest
     needs: [metadata]
     if: github.event.pull_request.merged == true
@@ -78,13 +80,14 @@ jobs:
       #     asset_name: repository-template-${{ needs.metadata.outputs.version }}.tar.gz
       #     asset_content_type: "application/gzip"
   success:
+    name: "Success notification"
     runs-on: ubuntu-latest
     needs: [publish]
     steps:
       - name: "Check prerequisites for notification"
         id: check
         run: echo "secret_exist=${{ secrets.TEAMS_NOTIFICATION_WEBHOOK_URL != '' }}" >> $GITHUB_OUTPUT
-      - name: "Notify on build completion"
+      - name: "Notify on publishing packages"
         if: steps.check.outputs.secret_exist == 'true'
         uses: nhs-england-tools/notify-msteams-action@v0.0.4
         with:
diff --git a/.github/workflows/cicd-3-deploy.yaml b/.github/workflows/cicd-3-deploy.yaml
@@ -10,6 +10,7 @@ on:
 
 jobs:
   metadata:
+    name: "Set CI/CD metadata"
     runs-on: ubuntu-latest
     timeout-minutes: 1
     outputs:
@@ -49,6 +50,7 @@ jobs:
           export TAG="${{ steps.variables.outputs.tag }}"
           make list-variables
   deploy:
+    name: "Deploy to an environment"
     runs-on: ubuntu-latest
     needs: [metadata]
     timeout-minutes: 10
@@ -57,13 +59,14 @@ jobs:
         uses: actions/checkout@v4
   # TODO: More jobs or/and steps here
   # success:
+  #   name: "Success notification"
   #   runs-on: ubuntu-latest
   #   needs: [deploy]
   #   steps:
   #     - name: "Check prerequisites for notification"
   #       id: check
   #       run: echo "secret_exist=${{ secrets.TEAMS_NOTIFICATION_WEBHOOK_URL != '' }}" >> $GITHUB_OUTPUT
-  #     - name: "Notify on build completion"
+  #     - name: "Notify on deployment to an environment"
   #       if: steps.check.outputs.secret_exist == 'true'
   #       uses: nhs-england-tools/notify-msteams-action@v0.0.4
   #       with:
diff --git a/.github/workflows/stage-1-commit.yaml b/.github/workflows/stage-1-commit.yaml
@@ -34,9 +34,9 @@ on:
 
 jobs:
   scan-secrets:
+    name: "Scan secrets"
     runs-on: ubuntu-latest
     timeout-minutes: 2
-    name: "Scan secrets"
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v4
@@ -45,9 +45,9 @@ jobs:
       - name: "Scan secrets"
         uses: ./.github/actions/scan-secrets
   check-file-format:
+    name: "Check file format"
     runs-on: ubuntu-latest
     timeout-minutes: 2
-    name: "Check file format"
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v4
@@ -56,9 +56,9 @@ jobs:
       - name: "Check file format"
         uses: ./.github/actions/check-file-format
   check-markdown-format:
+    name: "Check markdown format"
     runs-on: ubuntu-latest
     timeout-minutes: 2
-    name: "Check markdown format"
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v4
@@ -67,21 +67,21 @@ jobs:
       - name: "Check markdown format"
         uses: ./.github/actions/check-markdown-format
   lint-terraform:
+    name: "Lint Terraform"
     runs-on: ubuntu-latest
     timeout-minutes: 2
-    name: "Lint Terraform"
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v4
       - name: "Lint Terraform"
         uses: ./.github/actions/lint-terraform
   cloc-repository:
+    name: "Count lines of code"
     runs-on: ubuntu-latest
     permissions:
       id-token: write
       contents: read
     timeout-minutes: 2
-    name: "Count lines of code"
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v4
@@ -95,12 +95,12 @@ jobs:
           idp_aws_report_upload_role_name: "${{ secrets.IDP_AWS_REPORT_UPLOAD_ROLE_NAME }}"
           idp_aws_report_upload_bucket_endpoint: "${{ secrets.IDP_AWS_REPORT_UPLOAD_BUCKET_ENDPOINT }}"
   scan-dependencies:
+    name: "Scan dependencies"
     runs-on: ubuntu-latest
     permissions:
       id-token: write
       contents: read
     timeout-minutes: 2
-    name: "Scan dependencies"
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v4
diff --git a/.github/workflows/stage-2-test.yaml b/.github/workflows/stage-2-test.yaml
@@ -34,6 +34,7 @@ on:
 
 jobs:
   test-unit:
+    name: "Unit tests"
     runs-on: ubuntu-latest
     timeout-minutes: 5
     steps:
@@ -46,6 +47,7 @@ jobs:
         run: |
           echo "Nothing to save"
   test-lint:
+    name: "Linting"
     runs-on: ubuntu-latest
     timeout-minutes: 5
     steps:
@@ -58,6 +60,7 @@ jobs:
         run: |
           echo "Nothing to save"
   test-coverage:
+    name: "Test coverage"
     needs: [test-unit]
     runs-on: ubuntu-latest
     timeout-minutes: 5
@@ -71,13 +74,13 @@ jobs:
         run: |
           echo "Nothing to save"
   perform-static-analysis:
+    name: "Perform static analysis"
     needs: [test-unit]
     runs-on: ubuntu-latest
     permissions:
       id-token: write
       contents: read
     timeout-minutes: 5
-    name: "Perform static analysis"
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v4
diff --git a/.github/workflows/stage-3-build.yaml b/.github/workflows/stage-3-build.yaml
@@ -34,6 +34,7 @@ on:
 
 jobs:
   artefact-1:
+    name: "Artefact 1"
     runs-on: ubuntu-latest
     timeout-minutes: 3
     steps:
@@ -50,6 +51,7 @@ jobs:
           echo "Uploading artefact 1 ..."
           # TODO: Use either action/cache or action/upload-artifact
   artefact-2:
+    name: "Artefact 2"
     runs-on: ubuntu-latest
     timeout-minutes: 3
     steps:
diff --git a/.github/workflows/stage-4-acceptance.yaml b/.github/workflows/stage-4-acceptance.yaml
@@ -34,6 +34,7 @@ on:
 
 jobs:
   environment-set-up:
+    name: "Environment set up"
     runs-on: ubuntu-latest
     timeout-minutes: 5
     steps:
@@ -49,6 +50,7 @@ jobs:
         run: |
           echo "Deploying application..."
   test-contract:
+    name: "Contract test"
     runs-on: ubuntu-latest
     needs: environment-set-up
     timeout-minutes: 10
@@ -62,6 +64,7 @@ jobs:
         run: |
           echo "Nothing to save"
   test-security:
+    name: "Security test"
     runs-on: ubuntu-latest
     needs: environment-set-up
     timeout-minutes: 10
@@ -75,6 +78,7 @@ jobs:
         run: |
           echo "Nothing to save"
   test-ui:
+    name: "UI test"
     runs-on: ubuntu-latest
     needs: environment-set-up
     timeout-minutes: 10
@@ -88,6 +92,7 @@ jobs:
         run: |
           echo "Nothing to save"
   test-ui-performance:
+    name: "UI performance test"
     runs-on: ubuntu-latest
     needs: environment-set-up
     timeout-minutes: 10
@@ -101,6 +106,7 @@ jobs:
         run: |
           echo "Nothing to save"
   test-integration:
+    name: "Integration test"
     runs-on: ubuntu-latest
     needs: environment-set-up
     timeout-minutes: 10
@@ -114,6 +120,7 @@ jobs:
         run: |
           echo "Nothing to save"
   test-accessibility:
+    name: "Accessibility test"
     runs-on: ubuntu-latest
     needs: environment-set-up
     timeout-minutes: 10
@@ -127,6 +134,7 @@ jobs:
         run: |
           echo "Nothing to save"
   test-load:
+    name: "Load test"
     runs-on: ubuntu-latest
     needs: environment-set-up
     timeout-minutes: 10
@@ -140,6 +148,7 @@ jobs:
         run: |
           echo "Nothing to save"
   environment-tear-down:
+    name: "Environment tear down"
     runs-on: ubuntu-latest
     needs:
       [
diff --git a/.gitignore b/.gitignore
@@ -1,9 +1,10 @@
 # WARNING: Please, DO NOT edit this section of the file! It is maintained in the repository template.
 
 .scannerwork
-*cloc-report*.json
+*cloc*report*.json
 *sbom*report*.json
 *vulnerabilities*report*.json
+*report*json.zip
 .version
 
 *.code-workspace
diff --git a/.tool-versions b/.tool-versions
@@ -25,3 +25,6 @@ pre-commit 3.3.3
 
 # hadolint, SEE: https://hub.docker.com/r/hadolint/hadolint/tags
 # docker/hadolint/hadolint 2.12.0-alpine@sha256:7dba9a9f1a0350f6d021fb2f6f88900998a4fb0aaf8e4330aa8c38544f04db42
+
+# ghcr.io/nhs-england-tools/github-runner-image, SEE: https://github.com/nhs-england-tools/github-runner-image/pkgs/container/github-runner-image
+# docker/ghcr.io/nhs-england-tools/github-runner-image 20230909-321fd1e-rt@sha256:ce4fd6035dc450a50d3cbafb4986d60e77cb49a71ab60a053bb1b9518139a646
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-yyyymmdd
+${yyyy}${mm}${dd}
diff --git a/docs/adr/ADR-001_Use_git_hook_and_GitHub_action_to_check_the_editorconfig_compliance.md b/docs/adr/ADR-001_Use_git_hook_and_GitHub_action_to_check_the_editorconfig_compliance.md
@@ -136,12 +136,12 @@ Both, the git hook and the GitHub Action should be executed automatically as par
 
 ## Notes
 
-There is an emerging practice to use projects like [act](https://github.com/nektos/act) to make GitHub actions even more portable. The recommendation is for this tool to be assessed at further stages of the [nhs-england-tools/repository-template](https://github.com/nhs-england-tools/repository-template) project implementation, in the context of this decision record.
+There is an emerging practice to use projects like [act](https://github.com/nektos/act) to make GitHub Actions even more portable. ~~The recommendation is for this tool to be assessed at further stages of the [nhs-england-tools/repository-template](https://github.com/nhs-england-tools/repository-template) project implementation, in the context of this decision record.~~ Update: Please, see the [Test GitHub Actions locally](../user-guides/Test_GitHub_Actions_locally.md) user guide.
 
 ## Actions
 
-- [ ] Ensure the naming convention of the other git hooks follows the pattern set by the `./scripts/githooks/check-file-format.sh` script
-- [ ] Relocate shell scripts that are called by the GitHub workflow, currently placed in the `./scripts` directory, to `./.github/workflows/scripts`
+- [x] Ensure the naming convention of the other git hooks follows the pattern set by the `scripts/githooks/check-file-format.sh` script
+- [ ] ~~Relocate shell scripts that are called by the GitHub workflow, currently placed in the `scripts` directory, to `.github/workflows/scripts`.~~ Update: Scripts provided along with this repository template are made to be agnostic from any provider's workflow implementation; this is by design. Therefore, the `scripts` directory is the right place for the shell scripts.
 
 ## Tags
 
diff --git a/docs/user-guides/Scan_dependencies.md b/docs/user-guides/Scan_dependencies.md
@@ -71,4 +71,4 @@ cat vulnerabilities-repository-reportc.json | jq
    - Easier investigation of CVEs found in the repository, eliminating dependence on a third party like GitHub
    - Enhanced portability and flexibility, allowing the scans to run in diverse environments
 
-   However, this approach should be periodically reviewed as there is an emerging practice to use projects like [act](https://github.com/nektos/act) to make GitHub Actions portable.
+   However, this approach should be periodically reviewed as there is an emerging practice to use projects like [act](https://github.com/nektos/act) ~~to make GitHub Actions portable~~. Update: Please, see the [Test GitHub Actions locally](../user-guides/Test_GitHub_Actions_locally.md) user guide.
diff --git a/docs/user-guides/Test_GitHub_Actions_locally.md b/docs/user-guides/Test_GitHub_Actions_locally.md
diff --git a/scripts/docker/docker.lib.sh b/scripts/docker/docker.lib.sh
diff --git a/scripts/docker/tests/docker.test.sh b/scripts/docker/tests/docker.test.sh
diff --git a/scripts/init.mk b/scripts/init.mk
