Create codeql.yml #1691
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: preview-env-deploy | |
on: | |
pull_request: | |
types: [ labeled,synchronize ] | |
jobs: | |
deploy-preview: | |
# checks that the PR isn't closed AND check whether the labeled event contains deploy-preview as substring || check whether on new commit of PR the label deploy-preview is part of label array | |
if: github.event.pull_request.state != 'closed' && (contains( github.event.label.name, 'deploy-preview') || contains( github.event.pull_request.labels.*.name, 'deploy-preview')) | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 20 | |
name: deploy-preview-env-${{ matrix.product_context }} | |
env: | |
BRANCH_NAME: ${{ github.head_ref }} # head_ref = branch on PR | |
concurrency: | |
group: pr-update-${{ github.head_ref }}-${{ matrix.product_context }} # env is not yet available here | |
cancel-in-progress: true | |
strategy: | |
fail-fast: false # Don't disrupt other deployments because of failure | |
matrix: | |
product_context: [c8sm] | |
steps: | |
######################################################################### | |
# Sanitize the branch name to remove dependabot/,renovate/ and transform the name | |
- id: sanitize | |
uses: camunda/infra-global-github-actions/sanitize-branch-name@main | |
with: | |
branch: ${{ env.BRANCH_NAME }} | |
max_length: '15' | |
######################################################################### | |
# Setup: import secrets from vault | |
- name: Import secrets | |
id: secrets | |
uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0 | |
with: | |
url: ${{ secrets.VAULT_ADDR }} | |
method: approle | |
roleId: ${{ secrets.VAULT_ROLE_ID }} | |
secretId: ${{ secrets.VAULT_SECRET_ID }} | |
secrets: | | |
secret/data/products/connectors/ci/common ARGOCD_TOKEN; | |
######################################################################### | |
# Setup: checkout code. This is required because we are using | |
# composite actions and deployment manifests. | |
- name: Checkout | |
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 | |
######################################################################### | |
# Determine the argocd arguments that need to be passed to the create app command | |
- name: Determine Argocd Arguments for ${{ matrix.product_context }} | |
if: matrix.product_context == 'c8sm' | |
shell: bash | |
run: | | |
echo "argocd_arguments=--dest-namespace ${app_name} \ | |
--file .ci/preview-environments/argo/${argocd_app_file_name}.yml \ | |
--helm-set camunda-platform.connectors.image.tag=${docker_tag} \ | |
--helm-set global.preview.git.branch=${revision} \ | |
--helm-set global.labels.app=${app_name} \ | |
--helm-set global.preview.ingress.domain=connectors.camunda.cloud \ | |
--name ${app_name} \ | |
--revision ${revision} \ | |
--upsert" >> $GITHUB_ENV | |
env: | |
docker_tag: pr-${{ github.event.pull_request.head.sha }} # SHA of latest commit | |
revision: ${{ env.BRANCH_NAME }} | |
app_name: connectors-${{ steps.sanitize.outputs.branch_name }}-${{ matrix.product_context }} | |
argocd_app_file_name: ${{ matrix.product_context }} | |
######################################################################### | |
# Create a preview environment | |
- name: Deploy Preview Environment for ${{ matrix.product_context }} | |
uses: camunda/infra-global-github-actions/preview-env/create@main | |
with: | |
revision: ${{ env.BRANCH_NAME }} | |
argocd_token: ${{ steps.secrets.outputs.ARGOCD_TOKEN }} | |
app_name: connectors-${{ steps.sanitize.outputs.branch_name }}-${{ matrix.product_context }} | |
app_url: https://${{ steps.sanitize.outputs.branch_name }}-${{ matrix.product_context }}.connectors.camunda.cloud | |
argocd_arguments: ${{ env.argocd_arguments }} | |
argocd_server: argocd.int.camunda.com | |
clean: | |
if: always() && github.event_name == 'pull_request' && needs.deploy-preview.result != 'skipped' | |
uses: camunda/connectors/.github/workflows/PREVIEW-ENV-CLEAN.yml@main | |
needs: [deploy-preview] | |
secrets: inherit | |
with: | |
pull-request: ${{ github.event.pull_request.number }} |