From 026ab81a239ce5bf4b3f8a77558e9c7219fdb22d Mon Sep 17 00:00:00 2001 From: devops Date: Fri, 7 Mar 2025 09:53:02 +0530 Subject: [PATCH] devops: Adding support for reusable workflow in PR pipelines --- .github/workflows/cicd-sec-trivy.yml | 201 +------------------- .github/workflows/pr-check.yml | 247 +------------------------ .github/workflows/pr-issues-status.yml | 164 +--------------- 3 files changed, 16 insertions(+), 596 deletions(-) diff --git a/.github/workflows/cicd-sec-trivy.yml b/.github/workflows/cicd-sec-trivy.yml index 7b0ada7..c4c769c 100644 --- a/.github/workflows/cicd-sec-trivy.yml +++ b/.github/workflows/cicd-sec-trivy.yml @@ -5,205 +5,14 @@ on: branches: - "main" -env: - env_var: ${{ vars.ENV_CONTEXT_VAR }} - DEVOPS_REPO: "javelin-cloud" - DEVOPS_BRANCH: "main" - GH_SEC_REPORT: false - TRIVY_REPORT_FILE: "trivy-scan-result" - jobs: - javelin-env: - permissions: - contents: 'read' - id-token: 'write' - runs-on: ubuntu-24.04 - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Setting up Repo Env - id: repo_env_setup - shell: bash - run: |- - echo "repository=$(basename ${{ github.repository }})" >> ${GITHUB_OUTPUT} - echo "shortsha=$(git rev-parse --short=7 HEAD)" >> ${GITHUB_OUTPUT} - - - name: Set Lowercase Repo Name - id: lc_repository - env: - REPO_NAME: ${{ steps.repo_env_setup.outputs.repository }} - shell: bash - run: echo "name=${REPO_NAME,,}" >> ${GITHUB_OUTPUT} - - - name: DevOps Repository Checkout - uses: actions/checkout@v4 - with: - repository: "${{ github.repository_owner }}/${{ env.DEVOPS_REPO }}" - token: ${{ secrets.DEVOPS_GITHUB_TOKEN }} - fetch-depth: 0 - persist-credentials: false - ref: ${{ env.DEVOPS_BRANCH }} - path: ${{ env.DEVOPS_REPO }} - - - name: Get Build Config - id: build_config - shell: bash - run: |- - trivy_severity=$(cat ${{ env.DEVOPS_REPO }}/app-config/javelin-default/sec-config.json | jq -r '.trivy.severity') - slack_scan_channel_id=$(cat ${{ env.DEVOPS_REPO }}/app-config/javelin-default/notify-config.json | jq -r '.slack.scan.channel_id') - echo "trivy_severity=${trivy_severity}" >> ${GITHUB_OUTPUT} - echo "slack_scan_channel_id=${slack_scan_channel_id}" >> ${GITHUB_OUTPUT} - outputs: - svc_name: ${{ steps.lc_repository.outputs.name }} - short_sha: ${{ steps.repo_env_setup.outputs.shortsha }} - trivy_severity: ${{ steps.build_config.outputs.trivy_severity }} - slack_scan_channel_id: ${{ steps.build_config.outputs.slack_scan_channel_id }} - - javelin-trivy-scan: - needs: - - javelin-env + reusable-workflow: permissions: contents: 'read' id-token: 'write' actions: 'read' security-events: 'write' - runs-on: ubuntu-24.04 - env: - TRIVY_SEVERITY: ${{ needs.javelin-env.outputs.trivy_severity }} - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - persist-credentials: true - - - name: Trivy Scan - GitHub Security Report - if: ${{ env.GH_SEC_REPORT == 'true' }} - uses: aquasecurity/trivy-action@0.29.0 - with: - ignore-unfixed: true - scan-type: "fs" - cache: "true" - format: "sarif" - output: "${{ env.TRIVY_REPORT_FILE }}.sarif" - severity: "${{ env.TRIVY_SEVERITY }}" - - - name: Upload Report - GitHub Security Report - if: ${{ env.GH_SEC_REPORT == 'true' }} - uses: github/codeql-action/upload-sarif@v3 - with: - sarif_file: "${{ env.TRIVY_REPORT_FILE }}.sarif" - - - name: Trivy Scan - Text Security Report - if: ${{ env.GH_SEC_REPORT == 'false' }} - uses: aquasecurity/trivy-action@0.29.0 - with: - ignore-unfixed: true - scan-type: "fs" - cache: "true" - format: "table" - output: "${{ env.TRIVY_REPORT_FILE }}.txt" - severity: "${{ env.TRIVY_SEVERITY }}" - - - name: Report Check - Text Security Report - if: ${{ env.GH_SEC_REPORT == 'false' }} - id: report_check - shell: bash - run: |- - if [[ -s ${{ env.TRIVY_REPORT_FILE }}.txt ]] ; then - echo "report_file=available" >> ${GITHUB_OUTPUT} - else - echo "report_file=unavailable" >> ${GITHUB_OUTPUT} - fi - cat ${{ env.TRIVY_REPORT_FILE }}.txt - - - name: Upload Report - Text Security Report - if: ${{ env.GH_SEC_REPORT == 'false' && steps.report_check.outputs.report_file == 'available' }} - uses: actions/upload-artifact@v4 - with: - name: "${{ env.TRIVY_REPORT_FILE }}" - path: "${{ env.TRIVY_REPORT_FILE }}.txt" - if-no-files-found: error - retention-days: 1 - outputs: - report_status: ${{ steps.report_check.outputs.report_file }} - - javelin-trivy-notify: - needs: - - javelin-env - - javelin-trivy-scan - permissions: - contents: 'read' - id-token: 'write' - runs-on: ubuntu-24.04 - if: | - always() && (needs.javelin-trivy-scan.outputs.report_status == 'available') - env: - SVC_NAME: ${{ needs.javelin-env.outputs.svc_name }} - JOB_STATUS: "failure" - REPORT_INFO: "Please check the attachment" - JOB_STATUS_MARK: ":x:" - COMMIT_AUTHOR: ${{ github.event.commits[0].author.name }} - COMMIT_SHA: ${{ needs.javelin-env.outputs.short_sha }} - SLACK_CHANNEL_ID: ${{ needs.javelin-env.outputs.slack_scan_channel_id }} - COMMIT_URL: ${{ github.event.head_commit.url }} - BUILD_URL: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" - GH_SEC_URL: "${{ github.server_url }}/${{ github.repository }}/security" - SLACK_PAYLOAD_JSON: slack-trivy-scan-payload.json - steps: - - name: DevOps Repository Checkout - uses: actions/checkout@v4 - with: - repository: "${{ github.repository_owner }}/${{ env.DEVOPS_REPO }}" - token: ${{ secrets.DEVOPS_GITHUB_TOKEN }} - fetch-depth: 0 - persist-credentials: false - ref: ${{ env.DEVOPS_BRANCH }} - path: ${{ env.DEVOPS_REPO }} - - - name: Download Report - Text Security Report - if: ${{ env.GH_SEC_REPORT == 'false' }} - uses: actions/download-artifact@v4 - with: - name: "${{ env.TRIVY_REPORT_FILE }}" - - - name: Slack Payload Template - id: slack_template - shell: bash - run: |- - if [[ ${{ env.GH_SEC_REPORT }} == 'true' ]] ; then - export PAYLOAD_JSON="slack-trivy-scan-sec-payload.json" - else - export PAYLOAD_JSON="slack-trivy-scan-file-payload.json" - fi - envsubst < ${{ env.DEVOPS_REPO }}/slack-notify/${PAYLOAD_JSON} > ${{ env.SLACK_PAYLOAD_JSON }} - cat ${{ env.SLACK_PAYLOAD_JSON }} - - - name: Slack Notification - uses: slackapi/slack-github-action@v2.0.0 - id: slack_notify - with: - method: chat.postMessage - token: ${{ secrets.SLACK_BOT_TOKEN }} - payload-file-path: "${{ env.SLACK_PAYLOAD_JSON }}" - - - name: Upload Report Slack - Text Security Report - if: ${{ env.GH_SEC_REPORT == 'false' }} - uses: slackapi/slack-github-action@v2.0.0 - with: - method: files.uploadV2 - token: ${{ secrets.SLACK_BOT_TOKEN }} - payload: | - channel_id: "${{ env.SLACK_CHANNEL_ID }}" - thread_ts: ${{ steps.slack_notify.outputs.ts }} - initial_comment: "The Trivy Scan Result (${{ env.COMMIT_SHA }})" - file: "${{ env.TRIVY_REPORT_FILE }}.txt" - filename: "${{ env.TRIVY_REPORT_FILE }}-${{ env.COMMIT_SHA }}.txt" - - - name: Failing the Job - shell: bash - run: |- - echo "Vulnerabilities Found.....!" - exit 1 \ No newline at end of file + uses: getjavelin/javelin-workflow/.github/workflows/workflow-trivy-scan.yml@main + secrets: + DEVOPS_GITHUB_TOKEN: ${{ secrets.DEVOPS_GITHUB_TOKEN }} + SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml index 9092739..0fb43df 100644 --- a/.github/workflows/pr-check.yml +++ b/.github/workflows/pr-check.yml @@ -13,249 +13,12 @@ on: types: - checks_requested -env: - env_var: ${{ vars.ENV_CONTEXT_VAR }} - DEVOPS_REPO: "javelin-cloud" - DEVOPS_BRANCH: "main" - PY_LINT_CFG: ".flake8" - GO_LINT_CFG: ".golangci.yml" - NODE_LINT_CFG: "eslint.config.js" - LINT_REPORT_FILE: "lint-report" - PY_VER: 3.11.8 - GO_VER: 1.23.3 - NODE_VER: 20 - jobs: - javelin-env: - permissions: - contents: 'read' - id-token: 'write' - runs-on: ubuntu-24.04 - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Setting up Repo Env - id: repo_env_setup - shell: bash - run: |- - echo "repository=$(basename ${{ github.repository }})" >> ${GITHUB_OUTPUT} - echo "shortsha=$(git rev-parse --short=7 HEAD)" >> ${GITHUB_OUTPUT} - if [[ -f "pyproject.toml" ]] ; then - echo "lint_lan=python" >> ${GITHUB_OUTPUT} - elif [[ -f "package.json" ]] ; then - echo "lint_lan=javascript" >> ${GITHUB_OUTPUT} - elif [[ -f "go.mod" ]] ; then - echo "lint_lan=go" >> ${GITHUB_OUTPUT} - fi - - - name: Set Lowercase Repo Name - id: lc_repository - env: - REPO_NAME: ${{ steps.repo_env_setup.outputs.repository }} - shell: bash - run: echo "name=${REPO_NAME,,}" >> ${GITHUB_OUTPUT} - - - name: DevOps Repository Checkout - uses: actions/checkout@v4 - with: - repository: "${{ github.repository_owner }}/${{ env.DEVOPS_REPO }}" - token: ${{ secrets.DEVOPS_GITHUB_TOKEN }} - fetch-depth: 0 - persist-credentials: false - ref: ${{ env.DEVOPS_BRANCH }} - path: ${{ env.DEVOPS_REPO }} - - - name: Get Build Config - id: build_config - shell: bash - run: |- - pr_check_prefix=$(cat ${{ env.DEVOPS_REPO }}/app-config/javelin-default/check-config.json | jq -r '.pr_check.keywords') - slack_release_channel_id=$(cat ${{ env.DEVOPS_REPO }}/app-config/javelin-default/notify-config.json | jq -r '.slack.release.channel_id') - echo "pr_check_prefix=${pr_check_prefix}" >> ${GITHUB_OUTPUT} - echo "slack_release_channel_id=${slack_release_channel_id}" >> ${GITHUB_OUTPUT} - outputs: - lint_lan: ${{ steps.repo_env_setup.outputs.lint_lan }} - svc_name: ${{ steps.lc_repository.outputs.name }} - short_sha: ${{ steps.repo_env_setup.outputs.shortsha }} - pr_check_prefix: ${{ steps.build_config.outputs.pr_check_prefix }} - slack_release_channel_id: ${{ steps.build_config.outputs.slack_release_channel_id }} - - javelin-sast-check: - permissions: - contents: 'read' - id-token: 'write' - runs-on: ubuntu-24.04 - steps: - - name: Dummy SAST - shell: bash - run: |- - echo "no SAST for this module" - - javelin-commit-check: - needs: - - javelin-env - permissions: - contents: 'read' - id-token: 'write' - runs-on: ubuntu-24.04 - env: - PR_CHECK_PREFIX: ${{ needs.javelin-env.outputs.pr_check_prefix }} - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - ref: ${{ github.event.pull_request.head.sha }} - persist-credentials: false - - - name: Get the last commit message - id: commit_message - run: | - COMMIT_MESSAGE=$(git show -s --format=%s) - echo "message=${COMMIT_MESSAGE}" >> ${GITHUB_OUTPUT} - - - name: Commit Message Check - shell: bash - env: - COMMIT_MESSAGE: "${{ steps.commit_message.outputs.message }}" - run: |- - CLEAN_COMMIT_MESSAGE=$(echo '${{ env.COMMIT_MESSAGE }}' | sed "s|\"||g") - if [[ "${CLEAN_COMMIT_MESSAGE}" =~ ^(${{ env.PR_CHECK_PREFIX }}) ]]; then - echo "Commit message is valid....!" - else - echo "Commit message does not contain required keywords....!" - exit 1 - fi - - javelin-lint-check: - needs: - - javelin-env + reusable-workflow: permissions: contents: 'read' id-token: 'write' - runs-on: ubuntu-24.04 - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Setup Python Version - if: ${{ needs.javelin-env.outputs.lint_lan == 'python' }} - uses: actions/setup-python@v5 - with: - python-version: ${{ env.PY_VER }} - cache: 'pip' - - - name: Python Lint Check - if: ${{ needs.javelin-env.outputs.lint_lan == 'python' }} - shell: bash - run: |- - pip install flake8 - flake8 . --config=${{ env.PY_LINT_CFG }} --output-file=${{ env.LINT_REPORT_FILE }}.json - - - name: Setup Node Version - if: ${{ needs.javelin-env.outputs.lint_lan == 'javascript' }} - uses: actions/setup-node@v4 - with: - node-version: ${{ env.NODE_VER }} - cache: "npm" - - - name: JavaScript Lint Check - if: ${{ needs.javelin-env.outputs.lint_lan == 'javascript' }} - shell: bash - run: |- - npm install eslint@latest - # npm init @eslint/config@latest - npx eslint . --config ${{ env.NODE_LINT_CFG }} --format json --output-file ${{ env.LINT_REPORT_FILE }}.json - - - name: Setup Golang Version - if: ${{ needs.javelin-env.outputs.lint_lan == 'go' }} - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GO_VER }} - cache: true - - - name: Go Lint Check - if: ${{ needs.javelin-env.outputs.lint_lan == 'go' }} - uses: golangci/golangci-lint-action@v6 - with: - args: --config=${{ env.GO_LINT_CFG }} - version: ${{ env.GOLANGCI_LINT_VERSION }} - working-directory: . - - - name: Upload Lint Report - if: ${{ always() && (needs.javelin-env.outputs.lint_lan == 'python' || needs.javelin-env.outputs.lint_lan == 'javascript' || needs.javelin-env.outputs.lint_lan == 'go') }} - uses: actions/upload-artifact@v4 - with: - name: ${{ env.LINT_REPORT_FILE }} - path: ${{ env.LINT_REPORT_FILE }}.json - retention-days: 1 - - javelin-notify: - needs: - - javelin-env - - javelin-sast-check - - javelin-commit-check - - javelin-lint-check - permissions: - contents: 'read' - id-token: 'write' - runs-on: ubuntu-24.04 - if: ${{ always() && (needs.javelin-sast-check.result != 'success' || needs.javelin-commit-check.result != 'success' || needs.javelin-lint-check.result != 'success') }} - env: - SVC_NAME: ${{ needs.javelin-env.outputs.svc_name }} - COMMIT_SHA: ${{ needs.javelin-env.outputs.short_sha }} - SLACK_CHANNEL_ID: ${{ needs.javelin-env.outputs.slack_release_channel_id }} - JOB_STATUS: "failure" - JOB_STATUS_MARK: ":x:" - SAST_JOB_STATUS: ${{ needs.javelin-sast-check.result }} - COMMIT_JOB_STATUS: ${{ needs.javelin-commit-check.result }} - LINT_JOB_STATUS: ${{ needs.javelin-lint-check.result }} - PR_URL: "https://github.com/${{ github.repository }}/pull/${{ github.event.number }}" - BUILD_URL: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" - PR_AUTHOR: ${{ github.event.pull_request.user.login }} - SLACK_PAYLOAD_JSON: slack-pr-check-payload.json - steps: - - name: DevOps Repository Checkout - uses: actions/checkout@v4 - with: - repository: "${{ github.repository_owner }}/${{ env.DEVOPS_REPO }}" - token: ${{ secrets.DEVOPS_GITHUB_TOKEN }} - fetch-depth: 0 - persist-credentials: false - ref: ${{ env.DEVOPS_BRANCH }} - path: ${{ env.DEVOPS_REPO }} - - - name: Download Report - uses: actions/download-artifact@v4 - with: - name: "${{ env.LINT_REPORT_FILE }}" - - - name: Slack Payload Template - shell: bash - run: |- - envsubst < ${{ env.DEVOPS_REPO }}/slack-notify/${{ env.SLACK_PAYLOAD_JSON }} > ${{ env.SLACK_PAYLOAD_JSON }} - cat ${{ env.SLACK_PAYLOAD_JSON }} - - - name: Slack Notification - id: slack_notify - uses: slackapi/slack-github-action@v2.0.0 - with: - method: chat.postMessage - token: ${{ secrets.SLACK_BOT_TOKEN }} - payload-file-path: "${{ env.SLACK_PAYLOAD_JSON }}" - - - name: Upload Report to Slack - uses: slackapi/slack-github-action@v2.0.0 - with: - method: files.uploadV2 - token: ${{ secrets.SLACK_BOT_TOKEN }} - payload: | - channel_id: "${{ env.SLACK_CHANNEL_ID }}" - thread_ts: ${{ steps.slack_notify.outputs.ts }} - initial_comment: "The Lint Result (${{ env.COMMIT_SHA }})" - file: "${{ env.LINT_REPORT_FILE }}.json" - filename: "${{ env.LINT_REPORT_FILE }}-${{ env.COMMIT_SHA }}.json" \ No newline at end of file + uses: getjavelin/javelin-workflow/.github/workflows/workflow-pr-check.yml@main + secrets: + DEVOPS_GITHUB_TOKEN: ${{ secrets.DEVOPS_GITHUB_TOKEN }} + SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/pr-issues-status.yml b/.github/workflows/pr-issues-status.yml index e14950d..0d95830 100644 --- a/.github/workflows/pr-issues-status.yml +++ b/.github/workflows/pr-issues-status.yml @@ -7,167 +7,15 @@ on: branches: - "main" -env: - env_var: ${{ vars.ENV_CONTEXT_VAR }} - DEVOPS_REPO: "javelin-cloud" - DEVOPS_BRANCH: "main" - PROJECT_NAME: "Javelin" - ISSUE_FIELD_NAME: "Status" - PR_ISSUE_STATUS: "Merged" - jobs: - javelin-env: - permissions: - contents: 'read' - id-token: 'write' - if: github.event.pull_request.merged == true - runs-on: ubuntu-24.04 - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Setting up Repo Env - id: repo_env_setup - shell: bash - run: |- - echo "repository=$(basename ${{ github.repository }})" >> ${GITHUB_OUTPUT} - - - name: Set Lowercase Repo Name - id: lc_repository - env: - REPO_NAME: ${{ steps.repo_env_setup.outputs.repository }} - shell: bash - run: echo "name=${REPO_NAME,,}" >> ${GITHUB_OUTPUT} - - - name: DevOps Repository Checkout - uses: actions/checkout@v4 - with: - repository: "${{ github.repository_owner }}/${{ env.DEVOPS_REPO }}" - token: ${{ secrets.DEVOPS_GITHUB_TOKEN }} - fetch-depth: 0 - persist-credentials: false - ref: ${{ env.DEVOPS_BRANCH }} - path: ${{ env.DEVOPS_REPO }} - - - name: Get Build Config - id: build_config - shell: bash - run: |- - slack_release_channel_id=$(cat ${{ env.DEVOPS_REPO }}/app-config/javelin-default/notify-config.json | jq -r '.slack.release.channel_id') - echo "slack_release_channel_id=${slack_release_channel_id}" >> ${GITHUB_OUTPUT} - outputs: - svc_name: ${{ steps.lc_repository.outputs.name }} - slack_release_channel_id: ${{ steps.build_config.outputs.slack_release_channel_id }} - - javelin-issue-status: + reusable-workflow: permissions: contents: 'read' id-token: 'write' issues: 'write' repository-projects: 'write' - if: github.event.pull_request.merged == true - runs-on: ubuntu-24.04 - steps: - - name: DevOps Repository Checkout - uses: actions/checkout@v4 - with: - repository: "${{ github.repository_owner }}/${{ env.DEVOPS_REPO }}" - token: ${{ secrets.DEVOPS_GITHUB_TOKEN }} - fetch-depth: 0 - persist-credentials: false - ref: ${{ env.DEVOPS_BRANCH }} - path: ${{ env.DEVOPS_REPO }} - - - name: Extract Issue Number - id: get_issue_number - shell: bash - run: |- - ISSUE_NUMBER=$(echo "${{ github.event.pull_request.title }}" | grep -oE "#[0-9]+" | sed 's/#//') || true - if [[ -z "${ISSUE_NUMBER}" ]] && [[ ! -z "${{ github.event.pull_request.body }}" ]] ; then - ISSUE_NUMBER=$(echo "${{ github.event.pull_request.body }}" | grep -oE "#[0-9]+" | sed 's/#//') || true - fi - if [[ ! -z "${ISSUE_NUMBER}" ]] ; then - echo "issue_number=${ISSUE_NUMBER}" >> ${GITHUB_OUTPUT} - fi - - - name: Extract Global Issue Number - id: get_global_issue_number - if: steps.get_issue_number.outputs.issue_number - env: - GH_TOKEN: ${{ secrets.DEVOPS_GITHUB_TOKEN_CLASSIC }} - ISSUE_NUMBER: ${{ steps.get_issue_number.outputs.issue_number }} - run: |- - cd ${{ env.DEVOPS_REPO }}/reference/scripts - chmod a+x issue-tracker.sh - GLOBAL_ISSUE_ID=$(./issue-tracker.sh ${{ env.PROJECT_NAME }} ${{ github.repository }} ${{ env.ISSUE_NUMBER }} id) - PROJECT_NUMBER=$(gh project list --owner ${{ github.repository_owner }} --format json | jq -r '.projects[] | select(.title == "${{ env.PROJECT_NAME }}") | .number') - echo "project_number=${PROJECT_NUMBER}" >> ${GITHUB_OUTPUT} - echo "global_issue_id=${GLOBAL_ISSUE_ID}" >> ${GITHUB_OUTPUT} - - - name: Update Issue Status - if: steps.get_global_issue_number.outputs.global_issue_id - uses: titoportas/update-project-fields@v0.1.0 - with: - project-url: https://github.com/orgs/${{ github.repository_owner }}/projects/${{ steps.get_global_issue_number.outputs.project_number }} - github-token: ${{ secrets.DEVOPS_GITHUB_TOKEN_CLASSIC }} - item-id: ${{ steps.get_global_issue_number.outputs.global_issue_id }} - field-keys: ${{ env.ISSUE_FIELD_NAME }} - field-values: ${{ env.PR_ISSUE_STATUS }} - - # - name: Update Issue Status - # if: steps.get_global_issue_number.outputs.global_issue_id - # env: - # GH_TOKEN: ${{ secrets.DEVOPS_GITHUB_TOKEN_CLASSIC }} - # ISSUE_NUMBER: ${{ steps.get_issue_number.outputs.issue_number }} - # GLOBAL_ISSUE_ID: ${{ steps.get_global_issue_number.outputs.global_issue_id }} - # PROJECT_NUMBER: ${{ steps.get_global_issue_number.outputs.project_number }} - # OUTPUT_LIMIT: "10000" - # run: |- - # PROJECT_ID=$(gh project list --owner ${{ github.repository_owner }} --format json | jq -r '.projects[] | select(.title == "${{ env.PROJECT_NAME }}") | .id') - # ISSUE_FIELD_ID=$(gh project field-list ${{ env.PROJECT_NUMBER }} --owner ${{ github.repository_owner }} -L ${{ env.OUTPUT_LIMIT }} --format json | jq -r '.fields[] | select(.name == "${{ env.ISSUE_FIELD_NAME }}") | .id') - # PR_ISSUE_STATUS_ID=$(gh project field-list ${{ env.PROJECT_NUMBER }} --owner ${{ github.repository_owner }} -L ${{ env.OUTPUT_LIMIT }} --format json | jq -r '.fields[] | select(.id == "${ISSUE_FIELD_ID}") | .options[] | select(.name == "${{ env.PR_ISSUE_STATUS }}") | .id') - # gh project item-edit --id "${{ env.GLOBAL_ISSUE_ID }}" --field-id "${ISSUE_FIELD_ID}" --single-select-option-id "${PR_ISSUE_STATUS_ID}" --project-id "${PROJECT_ID}" - - javelin-notify: - needs: - - javelin-env - - javelin-issue-status - permissions: - contents: 'read' - id-token: 'write' - runs-on: ubuntu-24.04 - if: ${{ always() && (github.event.pull_request.merged == true) && (needs.javelin-issue-status.result != 'success') }} - env: - SVC_NAME: ${{ needs.javelin-env.outputs.svc_name }} - SLACK_CHANNEL_ID: ${{ needs.javelin-env.outputs.slack_release_channel_id }} - JOB_STATUS: ${{ needs.javelin-issue-status.result }} - JOB_STATUS_MARK: ":x:" - PR_URL: "https://github.com/${{ github.repository }}/pull/${{ github.event.number }}" - BUILD_URL: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" - PR_AUTHOR: ${{ github.event.pull_request.user.login }} - SLACK_PAYLOAD_JSON: slack-pr-issue-status-payload.json - steps: - - name: DevOps Repository Checkout - uses: actions/checkout@v4 - with: - repository: "${{ github.repository_owner }}/${{ env.DEVOPS_REPO }}" - token: ${{ secrets.DEVOPS_GITHUB_TOKEN }} - fetch-depth: 0 - persist-credentials: false - ref: ${{ env.DEVOPS_BRANCH }} - path: ${{ env.DEVOPS_REPO }} - - - name: Slack Payload Template - shell: bash - run: |- - envsubst < ${{ env.DEVOPS_REPO }}/slack-notify/${{ env.SLACK_PAYLOAD_JSON }} > ${{ env.SLACK_PAYLOAD_JSON }} - cat ${{ env.SLACK_PAYLOAD_JSON }} - - - name: Slack Notification - uses: slackapi/slack-github-action@v2.0.0 - with: - method: chat.postMessage - token: ${{ secrets.SLACK_BOT_TOKEN }} - payload-file-path: "${{ env.SLACK_PAYLOAD_JSON }}" \ No newline at end of file + uses: getjavelin/javelin-workflow/.github/workflows/workflow-pr-issues-status.yml@main + secrets: + DEVOPS_GITHUB_TOKEN: ${{ secrets.DEVOPS_GITHUB_TOKEN }} + DEVOPS_GITHUB_TOKEN_CLASSIC: ${{ secrets.DEVOPS_GITHUB_TOKEN_CLASSIC }} + SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} \ No newline at end of file