Skip to content

[ASAP-542] - submit compliance report #15687

[ASAP-542] - submit compliance report

[ASAP-542] - submit compliance report #15687

Workflow file for this run

name: Pipeline branch
concurrency:
group: ${{ github.head_ref || github.run_id }}
cancel-in-progress: true
on:
merge_group:
pull_request:
types: [opened, synchronize, labeled]
branches:
- master
jobs:
setup:
runs-on: ubuntu-latest
environment: Branch
outputs:
crn-contentful-env: ${{ steps.setup.outputs.crn-contentful-env-id }}
crn-contentful-on-branch-env: ${{ steps.setup.outputs.crn-contentful-on-branch-env }}
crn-analytics-algolia-on-branch-env: ${{ steps.setup.outputs.crn-analytics-algolia-on-branch-env }}
crn-contentful-env-exists: ${{ steps.get-crn-contentful-state.outputs.contentful-env-exists }}
crn-contentful-limit-reached: ${{ steps.get-crn-contentful-state.outputs.contentful-limit-reached }}
gp2-contentful-env: ${{ steps.setup.outputs.gp2-contentful-env-id }}
gp2-on-branch-env: ${{ steps.setup.outputs.gp2-on-branch-env }}
gp2-contentful-env-exists: ${{ steps.get-gp2-contentful-state.outputs.contentful-env-exists }}
gp2-contentful-limit-reached: ${{ steps.get-gp2-contentful-state.outputs.contentful-limit-reached }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup
id: setup
uses: ./.github/actions/setup-environment
with:
environment-name: Branch
- name: Get CRN Contentful Environment state
id: get-crn-contentful-state
uses: ./.github/actions/contentful-checks
with:
contentful-space-id: ${{ steps.setup.outputs.crn-contentful-space-id }}
contentful-token: ${{ secrets.CONTENTFUL_MANAGEMENT_TOKEN }}
contentful-environment-id: ${{ steps.setup.outputs.crn-contentful-env-id }}
- name: Get GP2 Contentful Environment state
id: get-gp2-contentful-state
uses: ./.github/actions/contentful-checks
with:
contentful-space-id: ${{ steps.setup.outputs.gp2-contentful-space-id }}
contentful-token: ${{ secrets.CONTENTFUL_MANAGEMENT_TOKEN }}
contentful-environment-id: ${{ steps.setup.outputs.gp2-contentful-env-id }}
test:
uses: ./.github/workflows/reusable-test.yml
with:
environment-name: Branch
secrets:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
CONTENTFUL_MANAGEMENT_TOKEN: ${{ secrets.CONTENTFUL_MANAGEMENT_TOKEN }}
CRN_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.CRN_INTEGRATION_TESTS_ACCESS_TOKEN }}
CRN_CONTENTFUL_PREVIEW_ACCESS_TOKEN: ${{ secrets.CRN_INTEGRATION_TESTS_PREVIEW_ACCESS_TOKEN }}
build:
needs: [setup]
uses: ./.github/workflows/reusable-build.yml
with:
environment-name: Branch
crn-contentful-env: ${{ needs.setup.outputs.crn-contentful-env }}
gp2-contentful-env: ${{ needs.setup.outputs.gp2-contentful-env }}
secrets:
ACTIVE_CAMPAIGN_TOKEN: ${{ secrets.ACTIVE_CAMPAIGN_TOKEN }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
CONTENTFUL_MANAGEMENT_TOKEN: ${{ secrets.CONTENTFUL_MANAGEMENT_TOKEN }}
CRN_AUTH0_SHARED_SECRET: ${{ secrets.CRN_AUTH0_SHARED_SECRET }}
CRN_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.CRN_CONTENTFUL_ACCESS_TOKEN }}
CRN_CONTENTFUL_PREVIEW_ACCESS_TOKEN: ${{ secrets.CRN_CONTENTFUL_PREVIEW_ACCESS_TOKEN }}
CRN_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN: ${{ secrets.CRN_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN }}
CRN_OPENAI_API_KEY: ${{ secrets.CRN_OPENAI_API_KEY }}
GP2_AUTH0_SHARED_SECRET: ${{ secrets.GP2_AUTH0_SHARED_SECRET }}
GP2_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.GP2_CONTENTFUL_ACCESS_TOKEN }}
GP2_CONTENTFUL_PREVIEW_ACCESS_TOKEN: ${{ secrets.GP2_CONTENTFUL_PREVIEW_ACCESS_TOKEN }}
GP2_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN: ${{ secrets.GP2_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN }}
GP2_OPENAI_API_KEY: ${{ secrets.GP2_OPENAI_API_KEY }}
SLACK_WEBHOOK: 'n-a'
build-analysis:
needs: [build]
uses: ./.github/workflows/reusable-build-analysis.yml
with:
environment-name: Branch
secrets:
BUNDLEWATCH_GITHUB_TOKEN: ${{ secrets.BUNDLEWATCH_GITHUB_TOKEN }}
create-environment:
needs: [setup]
uses: ./.github/workflows/reusable-create-environment.yml
with:
environment-name: Branch
crn-contentful-on-branch-env: ${{ needs.setup.outputs.crn-contentful-on-branch-env }}
crn-analytics-algolia-on-branch-env: ${{ needs.setup.outputs.crn-analytics-algolia-on-branch-env }}
crn-contentful-env-exists: ${{ needs.setup.outputs.crn-contentful-env-exists }}
crn-contentful-env: ${{ needs.setup.outputs.crn-contentful-env }}
gp2-on-branch-env: ${{ needs.setup.outputs.gp2-on-branch-env }}
gp2-contentful-env-exists: ${{ needs.setup.outputs.gp2-contentful-env-exists }}
gp2-contentful-env: ${{ needs.setup.outputs.gp2-contentful-env }}
secrets:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
CONTENTFUL_MANAGEMENT_TOKEN: ${{ secrets.CONTENTFUL_MANAGEMENT_TOKEN }}
CRN_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.CRN_CONTENTFUL_ACCESS_TOKEN }}
GP2_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.GP2_CONTENTFUL_ACCESS_TOKEN }}
deployment:
needs: [setup, build, create-environment]
uses: ./.github/workflows/reusable-deployment.yml
with:
environment-name: Branch
crn-contentful-env: ${{ needs.setup.outputs.crn-contentful-env }}
gp2-contentful-env: ${{ needs.setup.outputs.gp2-contentful-env }}
secrets:
ACTIVE_CAMPAIGN_TOKEN: ${{ secrets.ACTIVE_CAMPAIGN_TOKEN }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
CONTENTFUL_MANAGEMENT_TOKEN: ${{ secrets.CONTENTFUL_MANAGEMENT_TOKEN }}
CRN_AUTH0_SHARED_SECRET: ${{ secrets.CRN_AUTH0_SHARED_SECRET }}
CRN_CI_AUTH0_CLIENT_SECRET: ${{ secrets.CRN_CI_AUTH0_CLIENT_SECRET }}
CRN_CI_PR_AUTH0_CLIENT_SECRET: ${{ secrets.CRN_CI_PR_AUTH0_CLIENT_SECRET }}
CRN_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.CRN_CONTENTFUL_ACCESS_TOKEN }}
CRN_CONTENTFUL_PREVIEW_ACCESS_TOKEN: ${{ secrets.CRN_CONTENTFUL_PREVIEW_ACCESS_TOKEN }}
CRN_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN: ${{ secrets.CRN_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN }}
CRN_OPENAI_API_KEY: ${{ secrets.CRN_OPENAI_API_KEY }}
GP2_AUTH0_SHARED_SECRET: ${{ secrets.GP2_AUTH0_SHARED_SECRET }}
GP2_CI_AUTH0_CLIENT_SECRET: ${{ secrets.GP2_CI_AUTH0_CLIENT_SECRET }}
GP2_CI_PR_AUTH0_CLIENT_SECRET: ${{ secrets.GP2_CI_PR_AUTH0_CLIENT_SECRET }}
GP2_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.GP2_CONTENTFUL_ACCESS_TOKEN }}
GP2_CONTENTFUL_PREVIEW_ACCESS_TOKEN: ${{ secrets.GP2_CONTENTFUL_PREVIEW_ACCESS_TOKEN }}
GP2_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN: ${{ secrets.GP2_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN }}
GP2_OPENAI_API_KEY: ${{ secrets.GP2_OPENAI_API_KEY }}
SLACK_WEBHOOK: 'n-a'
verify:
needs: [setup, deployment]
uses: ./.github/workflows/reusable-verify.yml
with:
environment-name: Branch
crn-contentful-env: ${{ needs.setup.outputs.crn-contentful-env }}
gp2-contentful-env: ${{ needs.setup.outputs.gp2-contentful-env }}
secrets:
CRN_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.CRN_CONTENTFUL_ACCESS_TOKEN }}
GP2_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.GP2_CONTENTFUL_ACCESS_TOKEN }}
branch-pipeline-success:
runs-on: ubuntu-latest
environment:
name: Branch
url: ${{ steps.setup.outputs.crn-app-url }}
needs: [test, build, build-analysis, create-environment, deployment, verify]
if: ${{ always() }}
steps:
- name: Checkout
if: ${{ success() }}
uses: actions/checkout@v3
- name: Setup
id: setup
uses: ./.github/actions/setup-environment
with:
environment-name: Branch
- name: Print status
run: |
function statusIcon () {
if [ "$1" == "success" ]; then
echo ":tada:"
else
echo ":warning:"
fi
}
echo "# Pipeline branch CI/CD" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "## Summary" >> $GITHUB_STEP_SUMMARY
echo "| stage | status |" >> $GITHUB_STEP_SUMMARY
echo "| ----- | ------ |" >> $GITHUB_STEP_SUMMARY
echo "| test | $(statusIcon ${{ needs.test.result }}) |" >> $GITHUB_STEP_SUMMARY
echo "| build | $(statusIcon ${{ needs.build.result }}) |" >> $GITHUB_STEP_SUMMARY
echo "| build-analysis | $(statusIcon ${{ needs.build-analysis.result }}) |" >> $GITHUB_STEP_SUMMARY
echo "| create-environment | $(statusIcon ${{ needs.create-environment.result }}) |" >> $GITHUB_STEP_SUMMARY
echo "| deployment | $(statusIcon ${{ needs.deployment.result }}) |" >> $GITHUB_STEP_SUMMARY
echo "| verify | $(statusIcon ${{ needs.verify.result }}) |" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
- name: On failure
if: ${{ !contains(needs.verify.result, 'success')}}
run: |
echo "Build Failed! :fire:" >> $GITHUB_STEP_SUMMARY
exit 1
- name: On success
run: |
echo "Build Success! :rocket:" >> $GITHUB_STEP_SUMMARY