-
Notifications
You must be signed in to change notification settings - Fork 1
122 lines (110 loc) · 3.66 KB
/
workflow-pull-request.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
name: "[Workflow] Pull Request Path"
concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
on:
pull_request:
branches:
- main
permissions:
actions: read
checks: read
contents: write
deployments: none
issues: none
packages: none
pull-requests: write
repository-projects: none
security-events: write
statuses: none
jobs:
pr_label:
runs-on: ubuntu-latest
name: Label PR
steps:
- uses: actions/labeler@main
with:
configuration-path: ".github/labeller.yml"
repo-token: "${{ secrets.GITHUB_TOKEN }}"
sync-labels: true
branch_name:
runs-on: ubuntu-latest
name: Extract branch name
outputs:
raw_branch: ${{ steps.extract_branch.outputs.branch_raw }}
formatted_branch: ${{ steps.extract_branch.outputs.branch_formatted }}
steps:
- name: Extract branch
shell: bash
run: |
echo "branch_raw=$(echo ${GITHUB_HEAD_REF:-${GITHUB_REF##*/}})" >> $GITHUB_OUTPUT
echo "branch_formatted=$(echo ${GITHUB_HEAD_REF:-${GITHUB_REF##*/}} | tr -cd '[:alnum:]' | tr '[:upper:]' '[:lower:]' | cut -c1-10)" >> $GITHUB_OUTPUT
id: extract_branch
create_tags:
name: Create Tags
needs: ['branch_name']
uses: ./.github/workflows/sub-task-tags.yml
with:
branch_name: ${{ needs.branch_name.outputs.formatted_branch }}
secrets:
source_github_token: ${{ secrets.GITHUB_TOKEN }}
terraform_lint:
name: Lint terraform code
uses: ./.github/workflows/sub-task-lint.yml
needs: ['branch_name']
with:
workspace: ${{ needs.branch_name.outputs.formatted_branch }}
secrets:
source_github_token: ${{ secrets.GITHUB_TOKEN }}
aws_access_key_id_actions: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
aws_secret_access_key_actions: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
unit_tests:
name: Unit tests
needs: ['create_tags', 'branch_name']
uses: ./.github/workflows/sub-task-unit-tests.yml
docker_build_scan_push:
name: Build, Scan and Push
needs: ['create_tags', 'branch_name']
uses: ./.github/workflows/sub-task-docker-build.yml
with:
tag: ${{ needs.create_tags.outputs.version_tag }}
branch_name: ${{ needs.branch_name.outputs.formatted_branch }}
secrets:
aws_access_key_id_actions: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
aws_secret_access_key_actions: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
terraform_apply:
name: Terraform Plan and Apply Environment
needs: [
'docker_build_scan_push',
'terraform_lint',
'create_tags',
'branch_name',
'unit_tests'
]
uses: ./.github/workflows/sub-task-terraform.yml
with:
terraform_path: 'terraform/environment'
image_tag: ${{ needs.create_tags.outputs.version_tag }}
workspace: ${{ needs.branch_name.outputs.formatted_branch }}
secrets:
aws_access_key_id_actions: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
aws_secret_access_key_actions: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
integration_tests:
name: Integration tests against branch environment
needs: [
'terraform_apply',
'create_tags',
'branch_name'
]
uses: ./.github/workflows/sub-task-integration-tests.yml
with:
workspace: ${{ needs.branch_name.outputs.formatted_branch }}
secrets:
aws_access_key_id_actions: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
aws_secret_access_key_actions: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
workflow_complete:
name: Workflow Complete
runs-on: ubuntu-latest
needs: ['integration_tests']
steps:
- name: Completion message
run: echo "Workflow Complete"