-
Notifications
You must be signed in to change notification settings - Fork 1
148 lines (138 loc) · 4.07 KB
/
merge.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
name: Merge to Main
env:
deployment_name: pay-transparency
on:
push:
branches: [main]
paths-ignore:
- "*.md"
- "docker-compose.yml"
- "renovate.json"
- "COMPLIANCE.yaml"
- ".gitignore"
- ".vscode/**"
- ".diagrams/**"
- ".graphics/**"
- "sysdig/**"
- ".github/workflows/sysdig.yml"
workflow_dispatch:
inputs:
pr_no:
description: "PR-numbered container set to deploy"
type: number
required: true
concurrency:
group: merge-to-main
cancel-in-progress: false # queue the workflows , if multiples are triggered.
jobs:
vars:
name: Set Variables
outputs:
pr: ${{ steps.pr.outputs.pr }}
runs-on: ubuntu-22.04
timeout-minutes: 1
steps: # Get PR number for squash merges to main
- name: PR Number
id: pr
uses: bcgov-nr/[email protected]
codeql:
name: Semantic Code Analysis
runs-on: ubuntu-22.04
permissions:
actions: read
contents: read
security-events: write
steps:
- uses: actions/checkout@v4
- name: Initialize
uses: github/codeql-action/init@v3
with:
languages: javascript
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v3
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
semantic-version: # Create a semantic version based on the commit messages and tag the commit.
outputs:
semanticVersion: ${{ steps.changelog.outputs.version }}
tag: ${{ steps.changelog.outputs.tag }}
clean_changelog: ${{ steps.changelog.outputs.clean_changelog }}
runs-on: ubuntu-22.04
timeout-minutes: 1
steps:
- uses: actions/checkout@v4
- name: Conventional Changelog Update
uses: TriPSs/conventional-changelog-action@v5
id: changelog
continue-on-error: true
with:
preset: "conventionalcommits"
github-token: ${{ github.token }}
output-file: "CHANGELOG.md"
skip-version-file: "true"
skip-commit: "true"
skip-on-empty: "false"
git-push: "true"
retag-images:
needs: [vars, semantic-version]
runs-on: ubuntu-22.04
strategy:
matrix:
package:
[
backend,
database-migrations,
frontend,
doc-gen-service,
backend-external,
maintenance,
]
steps:
- name: Tag Docker Images
uses: shrink/actions-docker-registry-tag@v4
with:
registry: ghcr.io
repository: ${{ github.repository }}/${{ matrix.package }}
target: ${{ needs.vars.outputs.pr }}
tags: |
${{ needs.semantic-version.outputs.semanticVersion }}
dev
deploys:
name: Deploys (dev)
needs: [retag-images, semantic-version]
uses: ./.github/workflows/.deploy.yml
secrets: inherit
with:
target: dev
tag: ${{ needs.semantic-version.outputs.semanticVersion }}
frontend-url: https://dev.paytransparency.fin.gov.bc.ca
semver: ${{ needs.semantic-version.outputs.semanticVersion }}
values: "values-dev.yaml"
test-integration:
name: Integration
needs: [deploys]
uses: ./.github/workflows/.integration.yml
secrets: inherit
with:
backend-external-url: https://pay-transparency-dev-backend-external.apps.silver.devops.gov.bc.ca/api
test-e2e:
name: E2E (dev)
needs: [deploys]
uses: ./.github/workflows/.e2e.yml
secrets: inherit
with:
frontend-url: https://dev.paytransparency.fin.gov.bc.ca
zap:
name: ZAP Scan
needs: [deploys]
runs-on: ubuntu-22.04
steps:
- name: Penetration Test
uses: zaproxy/[email protected]
with:
target: https://dev.paytransparency.fin.gov.bc.ca
cmd_options: "-a"
fail_action: false
allow_issue_writing: false