Skip to content

Improve CI/CD automations #32

Improve CI/CD automations

Improve CI/CD automations #32

Workflow file for this run

name: Continuous Integration
on:
# ====== πŸ‘‡ WORKAROUND FOR TESTING πŸ‘‡ (DO NOT MERGE OR APPROVE) ======
# pull_request_target: {} # ENABLE BEFORE MERGING!
pull_request: {} # REMOVE BEFORE MERGING!
# ====== πŸ‘† WORKAROUND FOR TESTING πŸ‘† (DO NOT MERGE OR APPROVE) ======
permissions:
contents: read
jobs:
qa:
permissions:
contents: read
uses: ./.github/workflows/qa.yml
with:
ref: ${{ github.event.pull_request.head.sha }}
publish-qa-results:
name: Publish QA Results
permissions:
contents: read
pull-requests: write
if: needs.qa.result != 'skipped' || needs.qa.result != 'cancelled'
needs:
- qa
uses: "./.github/workflows/publish-qa-results.yml"
with:
client-test-outcome: ${{ needs.qa.outputs.client-test-outcome }}
client-test-coverage-markdown-report: ${{ needs.qa.outputs.client-test-coverage-markdown-report }}
server-test-outcome: ${{ needs.qa.outputs.server-test-outcome }}
server-test-coverage-markdown-report: ${{ needs.qa.outputs.server-test-coverage-markdown-report }}
eslint-outcome: ${{ needs.qa.outputs.eslint-outcome }}
tflint-outcome: ${{ needs.qa.outputs.tflint-outcome }}
e2e-test-outcome: ${{ needs.qa.outputs.e2e-test-outcome }}
pr-number: ${{ github.event.pull_request.number }}
write-summary: true
write-comment: true
build:
permissions:
contents: read
packages: write
name: Build deployment artifacts
uses: ./.github/workflows/build.yml
with:
ref: ${{ github.event.pull_request.head.sha }}
build-server-image: true
server-image-push: true
server-image-args-ref: ${{ github.ref }}
server-image-tag-latest: false
server-image-tag-pr: "${{ github.event.pull_request.number }}"
server-image-version: "rc-pr-${{ github.event.pull_request.number }}"
build-website: true
website-artifact-retention-days: 14
aws-auth:
name: Configure AWS Credentials
permissions:
contents: read
id-token: write
uses: ./.github/workflows/aws-auth.yml
with:
aws-region: us-west-2
secrets:
role-to-assume: ${{ secrets.CI_ROLE_ARN }}
gpg-passphrase: ${{ secrets.TFPLAN_SECRET }}
tf-plan:
name: Plan Terraform
permissions:
contents: read
needs:
- aws-auth
- build
uses: ./.github/workflows/terraform-plan.yml
if: needs.build.outputs.build-server-image-result == 'success' && needs.build.outputs.build-website-result == 'success' && needs.aws-auth.result == 'success'
with:
ref: ${{ github.event.pull_request.head.sha }}
concurrency-group: run_terraform-staging
server-image-tag: ${{ github.event.pull_request.head.sha }}
server-image-digest: ${{ needs.build.outputs.server-image-digest }}
website-artifacts-key: ${{ needs.build.outputs.website-artifacts-key }}
website-artifacts-path: ${{ needs.build.outputs.website-artifacts-path }}
aws-region: us-west-2
environment-key: staging
tf-backend-config-file: staging.s3.tfbackend
tf-var-file: staging.tfvars
upload-artifacts: false
artifacts-retention-days: 14
secrets:
aws-access-key-id: ${{ needs.aws-auth.outputs.aws-access-key-id }}
aws-secret-access-key: ${{ needs.aws-auth.outputs.aws-secret-access-key }}
aws-session-token: ${{ needs.aws-auth.outputs.aws-session-token }}
datadog-api-key: ${{ secrets.DATADOG_API_KEY }}
datadog-app-key: ${{ secrets.DATADOG_APP_KEY }}
gpg-passphrase: ${{ secrets.TFPLAN_SECRET }}
publish-tf-plan:
name: Publish Terraform Plan
permissions:
contents: read
pull-requests: write
if: needs.tf-plan.result != 'skipped' || needs.tf-plan.result != 'cancelled'
needs:
- tf-plan
uses: ./.github/workflows/publish-terraform-plan.yml
with:
write-summary: true
write-comment: true
pr-number: ${{ github.event.pull_request.number }}
tf-fmt-outcome: ${{ needs.tf-plan.outputs.fmt-outcome }}
tf-init-outcome: ${{ needs.tf-plan.outputs.init-outcome }}
tf-plan-outcome: ${{ needs.tf-plan.outputs.plan-outcome }}
tf-plan-output: ${{ needs.tf-plan.outputs.plan-output }}
tf-validate-outcome: ${{ needs.tf-plan.outputs.validate-outcome }}
tf-validate-output: ${{ needs.tf-plan.outputs.validate-output }}