lint/.github/workflows/deploy-production.yml
Brett Logan 07c894f89e Add explicit permissions
Signed-off-by: Brett Logan <lindluni@github.com>
2022-12-20 18:00:18 -05:00

233 lines
9.5 KiB
YAML

---
name: Build, test, and eventually deploy super-linter container images
on:
pull_request:
push:
jobs:
build:
name: Build, test, and eventually push the container image
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
strategy:
fail-fast: false
matrix:
images:
- container-build-target: final_slim
container-image-id-prefix: slim-
deployment-environment-identifier: Production-SLIM
image-id: slim
- container-build-target: final_standard
container-image-id-prefix: ""
deployment-environment-identifier: Production
image-id: standard
timeout-minutes: 60
steps:
- name: Checkout Code
uses: actions/checkout@v3
with:
# Full git history is needed to get a proper list
# of changed files within `super-linter`
fetch-depth: 0
- name: Get current date and make it available as an environment variable
run: |
echo "Appending the build date contents to GITHUB_ENV..."
echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> "${GITHUB_ENV}"
- name: Setup Docker BuildX
uses: docker/setup-buildx-action@v2.0.0
- name: Build Docker image - ${{ matrix.images.image-id }}
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }}
uses: docker/build-push-action@v3.1.1
with:
context: .
file: ./Dockerfile
build-args: |
BUILD_DATE=${{ env.BUILD_DATE }}
BUILD_REVISION=${{ github.sha }}
BUILD_VERSION=${{ github.sha }}
load: true
push: false
tags: |
ghcr.io/github/super-linter:${{ matrix.images.container-image-id-prefix }}${{ github.sha }}
ghcr.io/github/super-linter:${{ matrix.images.container-image-id-prefix }}test
target: "${{ matrix.images.container-build-target }}"
- name: Run container image label test cases
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }}
shell: bash
run: .automation/validate-docker-labels.sh "${{ matrix.images.image-id }}"
- name: Edit an action.yml file for test local build
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }}
run: |
sed -i "s/super-linter:.*/super-linter:${{ matrix.images.container-image-id-prefix }}${GITHUB_SHA}'/g" action.yml
- name: Gather information about the runtime environment
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }}
shell: bash
run: |
make info
############################################################
# Test the built image in the actions context. #
# Not the container directly, and not using RUN_LOCAL=true #
############################################################
- name: Test the local action
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }}
uses: ./
env:
ACTIONS_RUNNER_DEBUG: true
ERROR_ON_MISSING_EXEC_BIT: true
VALIDATE_ALL_CODEBASE: false
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DEFAULT_BRANCH: main
LOCAL_UPDATES: true
# Workaround for https://github.com/actions/runner/issues/434
- name: Fix file and directory ownership
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }}
shell: bash
run: |
sudo chown -R "$(id -u)":"$(id -g)" "$(pwd)"
- name: Run the test suite
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }}
shell: bash
run: |
make IMAGE=${{ matrix.images.image-id }} test
- name: Upload the code coverage report
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }}
uses: codacy/codacy-coverage-reporter-action@v1.1
# Sometimes this fails when user does not have permissions to secrets
continue-on-error: true
with:
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
coverage-reports: test/reports/cobertura/runTests.sh/cobertura.xml
- name: Run test cases - ${{ matrix.images.image-id }}
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }}
shell: bash
run: |
docker run \
-e RUN_LOCAL=true \
-e TEST_CASE_RUN=true \
-e ANSIBLE_DIRECTORY=.automation/test/ansible \
-e ACTIONS_RUNNER_DEBUG=true \
-e ERROR_ON_MISSING_EXEC_BIT=true \
-v "${GITHUB_WORKSPACE}:/tmp/lint" \
"ghcr.io/github/super-linter:${{ matrix.images.container-image-id-prefix }}${GITHUB_SHA}"
- name: Clean the working directory for additional testing
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }}
shell: bash
run: .automation/clean-code-base-for-tests.sh
- name: Run against all code base - ${{ matrix.images.image-id }}
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }}
shell: bash
run: |
docker run \
-e RUN_LOCAL=true \
-e OUTPUT_DETAILS=detailed \
-e ACTIONS_RUNNER_DEBUG=true \
-e ERROR_ON_MISSING_EXEC_BIT=true \
-v "${GITHUB_WORKSPACE}:/tmp/lint" \
"ghcr.io/github/super-linter:${{ matrix.images.container-image-id-prefix }}${GITHUB_SHA}"
- name: Login to Docker Hub
if: ${{ github.repository == 'github/super-linter' && github.ref == 'refs/heads/main' }}
uses: docker/login-action@v2.0.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Login to GitHub Container Registry
if: ${{ github.repository == 'github/super-linter' && github.ref == 'refs/heads/main' }}
uses: docker/login-action@v2.0.0
with:
registry: ghcr.io
username: ${{ secrets.GCR_USERNAME }}
password: ${{ secrets.GCR_TOKEN }}
- name: Start the deployment for the ${{ matrix.images.deployment-environment-identifier }} environment
if: ${{ github.repository == 'github/super-linter' && github.ref == 'refs/heads/main' }}
uses: bobheadxi/deployments@v1.3.0
id: deployment
with:
step: start
token: ${{ secrets.GITHUB_TOKEN }}
env: ${{ matrix.images.deployment-environment-identifier }}
- name: Build the container image and push it - ${{ matrix.images.image-id }}
if: ${{ github.repository == 'github/super-linter' && github.ref == 'refs/heads/main' }}
uses: docker/build-push-action@v3.1.1
with:
context: .
file: ./Dockerfile
build-args: |
BUILD_DATE=${{ env.BUILD_DATE }}
BUILD_REVISION=${{ github.sha }}
BUILD_VERSION=${{ github.sha }}
load: false
push: true
tags: |
github/super-linter:${{ matrix.images.container-image-id-prefix }}latest
ghcr.io/github/super-linter:${{ matrix.images.container-image-id-prefix }}latest
target: "${{ matrix.images.container-build-target }}"
- name: Update the deployment status for the ${{ matrix.images.deployment-environment-identifier }} environment
if: ${{ github.repository == 'github/super-linter' && github.ref == 'refs/heads/main' }}
uses: bobheadxi/deployments@v1.3.0
with:
step: finish
token: ${{ secrets.GITHUB_TOKEN }}
status: ${{ job.status }}
deployment_id: ${{ steps.deployment.outputs.deployment_id }}
env: ${{ steps.deployment.outputs.env }}
env_url: https://github.com/github/super-linter
- name: Create a GitHub issue on failure
if: ${{ github.repository == 'github/super-linter' && github.ref == 'refs/heads/main' && failure() }}
uses: actions/github-script@v6
id: create-issue
with:
# https://octokit.github.io/rest.js/v18#issues-create
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
const create = await github.rest.issues.create({
owner: context.repo.owner,
repo: context.repo.repo,
title: "Failed to deploy to production",
body: "Automation has failed us!\nMore information can be found at:\n - ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
})
console.log('create', create)
return create.data.number
- name: Assign admins to the issue created on failure
uses: actions/github-script@v6
if: ${{ github.repository == 'github/super-linter' && github.ref == 'refs/heads/main' && failure() }}
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
github.rest.issues.addAssignees({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: "${{ steps.create-issue.outputs.result }}",
assignees: [
'admiralawkbar',
'jwiebalk',
'IAmHughes',
'nemchik',
'Hanse00',
'GaboFDC',
'ferrarimarco'
]
})