generated from nhs-england-tools/repository-template
-
Notifications
You must be signed in to change notification settings - Fork 0
107 lines (105 loc) · 3.64 KB
/
stage-1-commit.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
name: "Commit stage"
on:
workflow_call:
inputs:
build_datetime:
description: "Build datetime, set by the CI/CD pipeline workflow"
required: true
type: string
build_timestamp:
description: "Build timestamp, set by the CI/CD pipeline workflow"
required: true
type: string
build_epoch:
description: "Build epoch, set by the CI/CD pipeline workflow"
required: true
type: string
terraform_version:
description: "Terraform version, set by the CI/CD pipeline workflow"
required: true
type: string
version:
description: "Version of the software, set by the CI/CD pipeline workflow"
required: true
type: string
jobs:
scan-secrets:
runs-on: ubuntu-latest
timeout-minutes: 2
name: "Scan secrets"
steps:
- name: "Checkout code"
uses: actions/checkout@v3
with:
fetch-depth: 0 # Full history is needed to scan all commits
- name: "Scan secrets"
uses: ./.github/actions/scan-secrets
check-file-format:
runs-on: ubuntu-latest
timeout-minutes: 2
name: "Check file format"
steps:
- name: "Checkout code"
uses: actions/checkout@v3
with:
fetch-depth: 0 # Full history is needed to compare branches
- name: "Check file format"
uses: ./.github/actions/check-file-format
check-markdown-format:
runs-on: ubuntu-latest
timeout-minutes: 2
name: "Check markdown format"
steps:
- name: "Checkout code"
uses: actions/checkout@v3
with:
fetch-depth: 0 # Full history is needed to compare branches
- name: "Check markdown format"
uses: ./.github/actions/check-markdown-format
check-terraform-format:
runs-on: ubuntu-latest
timeout-minutes: 2
name: "Check Terraform format"
steps:
- name: "Checkout code"
uses: actions/checkout@v3
- name: "Check Terraform format"
uses: ./.github/actions/check-terraform-format
cloc-repository:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
timeout-minutes: 2
name: "Count lines of code"
steps:
- name: "Checkout code"
uses: actions/checkout@v3
- name: "Count lines of code"
uses: ./.github/actions/cloc-repository
with:
build_datetime: "${{ inputs.build_datetime }}"
build_timestamp: "${{ inputs.build_timestamp }}"
idp_aws_report_upload_account_id: "${{ secrets.IDP_AWS_REPORT_UPLOAD_ACCOUNT_ID }}"
idp_aws_report_upload_region: "${{ secrets.IDP_AWS_REPORT_UPLOAD_REGION }}"
idp_aws_report_upload_role_name: "${{ secrets.IDP_AWS_REPORT_UPLOAD_ROLE_NAME }}"
idp_aws_report_upload_bucket_endpoint: "${{ secrets.IDP_AWS_REPORT_UPLOAD_BUCKET_ENDPOINT }}"
scan-dependencies:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
timeout-minutes: 2
name: "Scan dependencies"
steps:
- name: "Checkout code"
uses: actions/checkout@v3
- name: "Scan dependencies"
uses: ./.github/actions/scan-dependencies
with:
build_datetime: "${{ inputs.build_datetime }}"
build_timestamp: "${{ inputs.build_timestamp }}"
idp_aws_report_upload_account_id: "${{ secrets.IDP_AWS_REPORT_UPLOAD_ACCOUNT_ID }}"
idp_aws_report_upload_region: "${{ secrets.IDP_AWS_REPORT_UPLOAD_REGION }}"
idp_aws_report_upload_role_name: "${{ secrets.IDP_AWS_REPORT_UPLOAD_ROLE_NAME }}"
idp_aws_report_upload_bucket_endpoint: "${{ secrets.IDP_AWS_REPORT_UPLOAD_BUCKET_ENDPOINT }}"