-
Notifications
You must be signed in to change notification settings - Fork 20
75 lines (74 loc) · 1.99 KB
/
pipeline.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
---
# This is an a CI pipeline
name: main
# Controls when the workflow run
on:
push:
# Triggers the workflow for feature branches and main branch
branches:
- "feature/*"
- "main"
# Run build, linting, security and unit testing in parallel,
# and in the main branch only create a release
jobs:
# Build project.
Build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Warming
run: make warming
- name: Build
run: make build
# Linting check
Linting:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Warming
run: make warming
- name: Linting
run: make linting
# Security check
Security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Warming
run: make warming
# Build AWS CDK output
- name: Build
run: make build
# We use a dedicated action for the security check
# https://github.com/stelligent/cfn_nag
- name: Security
uses: stelligent/cfn_nag@master
with:
input_path: ./cdk.out
extra_args: -t ..*\.template\.json
# https://github.com/stelligent/cfn_nag/issues/582
- name: Fail if cfn_nag scan contains failures
# sum cfn_nag failures and return it as exit code
run: |
exit `grep Failures cfn_nag.out | awk '{ SUM += $3} END { print SUM }'`
# Unit tests
UnitTest:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Warming
run: make warming
- name: Unit tests
run: make unittest
# Deployment example
Deploy:
# Move forward only on main branch
if: ${{ github.ref == 'refs/heads/main' }}
# Move forward only if all jobs above are successed
needs: [Build, Linting, Security, UnitTest]
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Deploy
run: echo "Deploying placeholder"