generated from nhs-england-tools/repository-template
-
Notifications
You must be signed in to change notification settings - Fork 0
126 lines (124 loc) · 4.26 KB
/
stage-1-commit.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
name: "Commit stage"
on:
workflow_call:
inputs:
build_datetime:
description: "Build datetime, set by the CI/CD pipeline workflow"
required: true
type: string
build_timestamp:
description: "Build timestamp, set by the CI/CD pipeline workflow"
required: true
type: string
build_epoch:
description: "Build epoch, set by the CI/CD pipeline workflow"
required: true
type: string
nodejs_version:
description: "Node.js version, set by the CI/CD pipeline workflow"
required: true
type: string
python_version:
description: "Python version, set by the CI/CD pipeline workflow"
required: true
type: string
terraform_version:
description: "Terraform version, set by the CI/CD pipeline workflow"
required: true
type: string
version:
description: "Version of the software, set by the CI/CD pipeline workflow"
required: true
type: string
jobs:
scan-secrets:
name: "Scan secrets"
runs-on: ubuntu-latest
timeout-minutes: 2
steps:
- name: "Checkout code"
uses: actions/checkout@v4
with:
fetch-depth: 0 # Full history is needed to scan all commits
- name: "Scan secrets"
uses: ./.github/actions/scan-secrets
check-file-format:
name: "Check file format"
runs-on: ubuntu-latest
timeout-minutes: 2
steps:
- name: "Checkout code"
uses: actions/checkout@v4
with:
fetch-depth: 0 # Full history is needed to compare branches
- name: "Check file format"
uses: ./.github/actions/check-file-format
check-markdown-format:
name: "Check Markdown format"
runs-on: ubuntu-latest
timeout-minutes: 2
steps:
- name: "Checkout code"
uses: actions/checkout@v4
with:
fetch-depth: 0 # Full history is needed to compare branches
- name: "Check Markdown format"
uses: ./.github/actions/check-markdown-format
check-english-usage:
name: "Check English usage"
runs-on: ubuntu-latest
timeout-minutes: 2
steps:
- name: "Checkout code"
uses: actions/checkout@v4
with:
fetch-depth: 0 # Full history is needed to compare branches
- name: "Check English usage"
uses: ./.github/actions/check-english-usage
lint-terraform:
name: "Lint Terraform"
runs-on: ubuntu-latest
timeout-minutes: 2
steps:
- name: "Checkout code"
uses: actions/checkout@v4
- name: "Lint Terraform"
uses: ./.github/actions/lint-terraform
count-lines-of-code:
name: "Count lines of code"
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
timeout-minutes: 2
steps:
- name: "Checkout code"
uses: actions/checkout@v4
- name: "Count lines of code"
uses: ./.github/actions/create-lines-of-code-report
with:
build_datetime: "${{ inputs.build_datetime }}"
build_timestamp: "${{ inputs.build_timestamp }}"
idp_aws_report_upload_account_id: "${{ secrets.IDP_AWS_REPORT_UPLOAD_ACCOUNT_ID }}"
idp_aws_report_upload_region: "${{ secrets.IDP_AWS_REPORT_UPLOAD_REGION }}"
idp_aws_report_upload_role_name: "${{ secrets.IDP_AWS_REPORT_UPLOAD_ROLE_NAME }}"
idp_aws_report_upload_bucket_endpoint: "${{ secrets.IDP_AWS_REPORT_UPLOAD_BUCKET_ENDPOINT }}"
scan-dependencies:
name: "Scan dependencies"
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
timeout-minutes: 2
steps:
- name: "Checkout code"
uses: actions/checkout@v4
# - name: "Scan dependencies"
# uses: ./.github/actions/scan-dependencies
# with:
# build_datetime: "${{ inputs.build_datetime }}"
# build_timestamp: "${{ inputs.build_timestamp }}"
# idp_aws_report_upload_account_id: "${{ secrets.IDP_AWS_REPORT_UPLOAD_ACCOUNT_ID }}"
# idp_aws_report_upload_region: "${{ secrets.IDP_AWS_REPORT_UPLOAD_REGION }}"
# idp_aws_report_upload_role_name: "${{ secrets.IDP_AWS_REPORT_UPLOAD_ROLE_NAME }}"
# idp_aws_report_upload_bucket_endpoint: "${{ secrets.IDP_AWS_REPORT_UPLOAD_BUCKET_ENDPOINT }}"