Skip to content

Commit

Permalink
CI: rename job
Browse files Browse the repository at this point in the history
  • Loading branch information
@JonJagger
JonJagger committed Nov 8, 2023
1 parent c1b8883 commit 0f2501d
Show file tree
Hide file tree
Showing 7 changed files with 44 additions and 51 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/main_staging.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ on:

env:
KOSLI_DRY_RUN: ${{ vars.KOSLI_DRY_RUN }}
KOSLI_HOST: "https://staging.app.kosli.com"
KOSLI_HOST: https://staging.app.kosli.com
KOSLI_ORG: ${{ vars.KOSLI_ORG }}
KOSLI_FLOW: ${{ vars.KOSLI_FLOW }}
KOSLI_API_TOKEN: ${{ secrets.KOSLI_API_TOKEN }}
Expand Down Expand Up @@ -66,7 +66,7 @@ jobs:
KOSLI_API_TOKEN: ${{ secrets.KOSLI_API_TOKEN }}
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
KOSLI_HOST: "https://staging.app.kosli.com"
KOSLI_HOST: https://staging.app.kosli.com
IMAGE_TAG: ${{ needs.variables.outputs.image_tag }}

push-latest:
Expand All @@ -84,7 +84,7 @@ jobs:
secrets:
KOSLI_API_TOKEN: ${{ secrets.KOSLI_API_TOKEN }}
with:
KOSLI_HOST: "https://staging.app.kosli.com"
KOSLI_HOST: https://staging.app.kosli.com
IMAGE_TAG: ${{ needs.variables.outputs.image_tag }}


1 change: 0 additions & 1 deletion .github/workflows/sub_build_image.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@ env:
KOSLI_ORG: ${{ vars.KOSLI_ORG }}
KOSLI_FLOW: ${{ vars.KOSLI_FLOW }}
KOSLI_API_TOKEN: ${{ secrets.KOSLI_API_TOKEN }}
#IMAGE_TAG: ${{ inputs.IMAGE_TAG }}

jobs:
build-image:
Expand Down
58 changes: 29 additions & 29 deletions .github/workflows/sub_deploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,19 +12,19 @@ env:

jobs:

setup-ci-vars:
variables:
runs-on: ubuntu-latest
outputs:
image_tag: ${{ steps.ci_vars.outputs.image_tag }}
aws_account_id_beta: ${{ steps.ci_vars.outputs.aws_account_id_beta }}
aws_account_id_prod: ${{ steps.ci_vars.outputs.aws_account_id_prod }}
ecr_registry_beta: ${{ steps.ci_vars.outputs.ecr_registry_beta }}
ecr_registry_prod: ${{ steps.ci_vars.outputs.ecr_registry_prod }}
aws_region: ${{ steps.ci_vars.outputs.aws_region }}
gh_actions_iam_role_name: ${{ steps.ci_vars.outputs.gh_actions_iam_role_name }}
image_tag: ${{ steps.vars.outputs.image_tag }}
aws_account_id_beta: ${{ steps.vars.outputs.aws_account_id_beta }}
aws_account_id_prod: ${{ steps.vars.outputs.aws_account_id_prod }}
ecr_registry_beta: ${{ steps.vars.outputs.ecr_registry_beta }}
ecr_registry_prod: ${{ steps.vars.outputs.ecr_registry_prod }}
aws_region: ${{ steps.vars.outputs.aws_region }}
gh_actions_iam_role_name: ${{ steps.vars.outputs.gh_actions_iam_role_name }}
steps:
- name: Prepare outputs for fivexl deployment workflow # can't use ${{ env.VAR }} in its with:
id: ci_vars
id: vars
run: |
echo "image_tag=${{ env.IMAGE_TAG }}" >> ${GITHUB_OUTPUT}
echo "aws_account_id_beta=244531986313" >> ${GITHUB_OUTPUT}
Expand All @@ -35,7 +35,7 @@ jobs:
echo "gh_actions_iam_role_name=gh_actions_services" >> ${GITHUB_OUTPUT}
push-image-to-beta-ecr:
needs: [setup-ci-vars]
needs: [variables]
runs-on: ubuntu-latest
permissions:
id-token: write
Expand All @@ -44,10 +44,10 @@ jobs:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: ${{ needs.setup-ci-vars.outputs.aws_region }}
aws-region: ${{ needs.variables.outputs.aws_region }}
role-duration-seconds: 2400
role-session-name: ${{ github.event.repository.name }}
role-to-assume: arn:aws:iam::${{ needs.setup-ci-vars.outputs.aws_account_id_beta }}:role/${{ needs.setup-ci-vars.outputs.gh_actions_iam_role_name }}
role-to-assume: arn:aws:iam::${{ needs.variables.outputs.aws_account_id_beta }}:role/${{ needs.variables.outputs.gh_actions_iam_role_name }}

- name: Login to Amazon ECR (Elastic Container Registry)
id: login-ecr
Expand All @@ -56,27 +56,27 @@ jobs:
- name: Push image to private beta-ECR
run: |
docker pull cyberdojo/differ:${{ env.IMAGE_TAG }}
docker tag cyberdojo/differ:${{ env.IMAGE_TAG }} ${{ needs.setup-ci-vars.outputs.ecr_registry_beta }}/differ:${{ env.IMAGE_TAG }}
docker push ${{ needs.setup-ci-vars.outputs.ecr_registry_beta }}/differ:${{ env.IMAGE_TAG }}
docker tag cyberdojo/differ:${{ env.IMAGE_TAG }} ${{ needs.variables.outputs.ecr_registry_beta }}/differ:${{ env.IMAGE_TAG }}
docker push ${{ needs.variables.outputs.ecr_registry_beta }}/differ:${{ env.IMAGE_TAG }}
deploy-to-aws-beta:
needs: [setup-ci-vars, push-image-to-beta-ecr]
needs: [variables, push-image-to-beta-ecr]
permissions:
id-token: write
contents: write
uses: fivexl/gh-workflow-tf-plan-apply/.github/workflows/base.yml@v0.0.7
with:
aws_region: ${{ needs.setup-ci-vars.outputs.aws_region }}
aws_role_arn: arn:aws:iam::${{ needs.setup-ci-vars.outputs.aws_account_id_beta }}:role/${{ needs.setup-ci-vars.outputs.gh_actions_iam_role_name }}
aws_default_region: ${{ needs.setup-ci-vars.outputs.aws_region }}
aws_region: ${{ needs.variables.outputs.aws_region }}
aws_role_arn: arn:aws:iam::${{ needs.variables.outputs.aws_account_id_beta }}:role/${{ needs.variables.outputs.gh_actions_iam_role_name }}
aws_default_region: ${{ needs.variables.outputs.aws_region }}
aws_role_duration: 900
working_directory: deployment/terraform/
tf_apply: 'true'
tf_version: v1.4.5
tf_additional_env_vars: '{"TF_VAR_TAGGED_IMAGE": "${{ needs.setup-ci-vars.outputs.ecr_registry_beta }}/differ:${{ needs.setup-ci-vars.outputs.image_tag }}"}'
tf_additional_env_vars: '{"TF_VAR_TAGGED_IMAGE": "${{ needs.variables.outputs.ecr_registry_beta }}/differ:${{ needs.variables.outputs.image_tag }}"}'

push-image-to-prod-ecr:
needs: [setup-ci-vars, deploy-to-aws-beta]
needs: [variables, deploy-to-aws-beta]
runs-on: ubuntu-latest
permissions:
id-token: write
Expand All @@ -85,10 +85,10 @@ jobs:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: ${{ needs.setup-ci-vars.outputs.aws_region }}
aws-region: ${{ needs.variables.outputs.aws_region }}
role-duration-seconds: 2400
role-session-name: ${{ github.event.repository.name }}
role-to-assume: arn:aws:iam::${{ needs.setup-ci-vars.outputs.aws_account_id_prod }}:role/${{ needs.setup-ci-vars.outputs.gh_actions_iam_role_name }}
role-to-assume: arn:aws:iam::${{ needs.variables.outputs.aws_account_id_prod }}:role/${{ needs.svariables.outputs.gh_actions_iam_role_name }}

- name: Login to Amazon ECR (Elastic Container Registry)
id: login-ecr
Expand All @@ -97,21 +97,21 @@ jobs:
- name: Push image to private prod-ECR
run: |
docker pull cyberdojo/differ:${{ env.IMAGE_TAG }}
docker tag cyberdojo/differ:${{ env.IMAGE_TAG }} ${{ needs.setup-ci-vars.outputs.ecr_registry_prod }}/differ:${{ env.IMAGE_TAG }}
docker push ${{ needs.setup-ci-vars.outputs.ecr_registry_prod }}/differ:${{ env.IMAGE_TAG }}
docker tag cyberdojo/differ:${{ env.IMAGE_TAG }} ${{ needs.variables.outputs.ecr_registry_prod }}/differ:${{ env.IMAGE_TAG }}
docker push ${{ needs.variables.outputs.ecr_registry_prod }}/differ:${{ env.IMAGE_TAG }}
deploy-to-aws-prod:
needs: [setup-ci-vars, push-image-to-prod-ecr]
needs: [variables, push-image-to-prod-ecr]
permissions:
id-token: write
contents: write
uses: fivexl/gh-workflow-tf-plan-apply/.github/workflows/base.yml@v0.0.7
with:
aws_region: ${{ needs.setup-ci-vars.outputs.aws_region }}
aws_role_arn: arn:aws:iam::${{ needs.setup-ci-vars.outputs.aws_account_id_prod }}:role/${{ needs.setup-ci-vars.outputs.gh_actions_iam_role_name }}
aws_default_region: ${{ needs.setup-ci-vars.outputs.aws_region }}
aws_region: ${{ needs.variables.outputs.aws_region }}
aws_role_arn: arn:aws:iam::${{ needs.variables.outputs.aws_account_id_prod }}:role/${{ needs.variables.outputs.gh_actions_iam_role_name }}
aws_default_region: ${{ needs.variables.outputs.aws_region }}
aws_role_duration: 900
working_directory: deployment/terraform/
tf_apply: 'true'
tf_version: v1.4.5
tf_additional_env_vars: '{"TF_VAR_TAGGED_IMAGE": "${{ needs.setup-ci-vars.outputs.ecr_registry_prod }}/differ:${{ needs.setup-ci-vars.outputs.image_tag }}"}'
tf_additional_env_vars: '{"TF_VAR_TAGGED_IMAGE": "${{ needs.variables.outputs.ecr_registry_prod }}/differ:${{ needs.variables.outputs.image_tag }}"}'
9 changes: 4 additions & 5 deletions .github/workflows/sub_expect_deployment.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ env:
KOSLI_ORG: ${{ vars.KOSLI_ORG }}
KOSLI_FLOW: ${{ vars.KOSLI_FLOW }}
KOSLI_API_TOKEN: ${{ secrets.KOSLI_API_TOKEN }}
IMAGE_TAG: ${{ inputs.IMAGE_TAG }}

jobs:

Expand All @@ -33,8 +32,8 @@ jobs:

- name: Report expected aws-beta deployment to Kosli
run: |
docker pull cyberdojo/differ:${{ env.IMAGE_TAG }}
kosli expect deployment cyberdojo/differ:${{ env.IMAGE_TAG }} \
docker pull cyberdojo/differ:${{ inputs.IMAGE_TAG }}
kosli expect deployment cyberdojo/differ:${{ inputs.IMAGE_TAG }} \
--artifact-type=docker \
--description="Deployed to aws-beta in Github Actions pipeline" \
--environment=aws-beta
Expand All @@ -49,8 +48,8 @@ jobs:

- name: Report expected aws-prod deployment to Kosli
run: |
docker pull cyberdojo/differ:${{ env.IMAGE_TAG }}
kosli expect deployment cyberdojo/differ:${{ env.IMAGE_TAG }} \
docker pull cyberdojo/differ:${{ inputs.IMAGE_TAG }}
kosli expect deployment cyberdojo/differ:${{ inputs.IMAGE_TAG }} \
--artifact-type=docker \
--description="Deployed to aws-prod in Github Actions pipeline" \
--environment=aws-prod
7 changes: 2 additions & 5 deletions .github/workflows/sub_push_latest.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,6 @@ on:
required: true
type: string

env:
IMAGE_TAG: ${{ inputs.IMAGE_TAG }}

jobs:
to-dockerhub:
runs-on: ubuntu-latest
Expand All @@ -28,6 +25,6 @@ jobs:

- name: Build and push image:latest to Dockerhub Registry
run: |
docker pull cyberdojo/differ:${{ env.IMAGE_TAG }}
docker tag cyberdojo/differ:${{ env.IMAGE_TAG }} cyberdojo/differ:latest
docker pull cyberdojo/differ:${{ inputs.IMAGE_TAG }}
docker tag cyberdojo/differ:${{ inputs.IMAGE_TAG }} cyberdojo/differ:latest
docker push cyberdojo/differ:latest
5 changes: 2 additions & 3 deletions .github/workflows/sub_sdlc_gate.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ env:
KOSLI_ORG: ${{ vars.KOSLI_ORG }}
KOSLI_FLOW: ${{ vars.KOSLI_FLOW }}
KOSLI_API_TOKEN: ${{ secrets.KOSLI_API_TOKEN }}
IMAGE_TAG: ${{ inputs.IMAGE_TAG }}

jobs:
sdlc-gate:
Expand All @@ -32,6 +31,6 @@ jobs:

- name: Kosli SDLC gate to short-circuit-the-flow
run: |
docker pull cyberdojo/differ:${{ env.IMAGE_TAG }}
kosli assert artifact cyberdojo/differ:${{ env.IMAGE_TAG }} \
docker pull cyberdojo/differ:${{ inputs.IMAGE_TAG }}
kosli assert artifact cyberdojo/differ:${{ inputs.IMAGE_TAG }} \
--artifact-type=docker
9 changes: 4 additions & 5 deletions .github/workflows/sub_test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ env:
KOSLI_FLOW: ${{ vars.KOSLI_FLOW }}
KOSLI_API_TOKEN: ${{ secrets.KOSLI_API_TOKEN }}
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
IMAGE_TAG: ${{ inputs.IMAGE_TAG }}

jobs:

Expand All @@ -39,7 +38,7 @@ jobs:
- name: Run tests, save results to evidence.json file, report to Kosli flow
run: |
./sh/run_tests_with_coverage.sh
kosli report evidence artifact generic cyberdojo/differ:${{ env.IMAGE_TAG }} \
kosli report evidence artifact generic cyberdojo/differ:${{ inputs.IMAGE_TAG }} \
--artifact-type=docker \
--description="server & client branch-coverage reports" \
--name=branch-coverage \
Expand All @@ -61,15 +60,15 @@ jobs:
- name: Run Snyk to check Docker image for vulnerabilities
continue-on-error: true
run:
snyk container test cyberdojo/differ:${{ env.IMAGE_TAG }}
snyk container test cyberdojo/differ:${{ inputs.IMAGE_TAG }}
--file=Dockerfile
--json-file-output=snyk.json
--policy-path=.snyk

- name: Report Snyk results to Kosli flow
run: |
docker pull cyberdojo/differ:${{ env.IMAGE_TAG }}
kosli report evidence artifact snyk cyberdojo/differ:${{ env.IMAGE_TAG }} \
docker pull cyberdojo/differ:${{ inputs.IMAGE_TAG }}
kosli report evidence artifact snyk cyberdojo/differ:${{ inputs.IMAGE_TAG }} \
--artifact-type=docker \
--name=snyk-scan \
--scan-results=snyk.json
Expand Down

0 comments on commit 0f2501d

Please sign in to comment.