diff --git a/.github/labeler.yml b/.github/labeler.yml new file mode 100644 index 0000000..57830a6 --- /dev/null +++ b/.github/labeler.yml @@ -0,0 +1,14 @@ +team:backend: +- app/src/* +- app/src/**/* + +team:qa: +- app/tests/* +- app/tests/**/* + +team:docs: +- app/README.md + +team:devops: +- app/Dockerfile +- app/Taskfile.yml diff --git a/.github/workflows/team-label.yml b/.github/workflows/team-label.yml new file mode 100644 index 0000000..056f1a1 --- /dev/null +++ b/.github/workflows/team-label.yml @@ -0,0 +1,13 @@ +name: Label PR + +on: + pull_request: + types: [opened, edited, synchronize] + +jobs: + label-pr: + runs-on: ubuntu-latest + steps: + - uses: actions/labeler@v3 + with: + repo-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/README.md b/README.md index f60b27b..6874071 100755 --- a/README.md +++ b/README.md @@ -140,5 +140,3 @@ combing everything in a single file that makes everything hard to read - `documentation`: please try to document all the things you are doing as possible - `etc`: feel free to impress us with things you usually do in your projects, we want to know the way you work - - diff --git a/github.png b/github.png new file mode 100644 index 0000000..d5aca7a Binary files /dev/null and b/github.png differ diff --git a/pipelines.md b/pipelines.md new file mode 100644 index 0000000..6ead5ad --- /dev/null +++ b/pipelines.md @@ -0,0 +1,35 @@ +# Pipelines + +We use Github Actions as a service provider to orchestrate our CI/CD pipelines. + +All workflows are contained within the `.github/workflows` directory. + +### unit-test.yml +This workflow is triggered whenever a PR is created, updated or reopened. The workflow runs unit tests (npm test). + +A Branch protection rule has been set for the `main` branch which requires this check/workflow to pass sucessfully before a PR can be merged into the `main` branch. + +![Required Checks](github.png) + +### build-deploy-main.yml +This workflow is triggered when a PR to the `main` branch is merged. The worklfow builds and deploys a docker image with tag `main` to Amazon ECR. + +N/B: Due to a limitation with Github actions, the workflow is triggered when a PR is closed (not merged) and an if condition is used to skip/continue the workflow jobs. This means that this workflow would be triggered when a PR is dismissed and not necessarilly merged. + +To circumvent this, since merging a PR triggers a push into the target branch, you can change the workflow to be triggered on every push to the `main` branch and set branch protection rules to disable direct commits (besides PRs) into the `main` branch. + + +### build-deploy-release.yml +This workflow is triggered when a new release is published and an if condition is used to skip/continue the workflow jobs depending on whether the release target branch is `main`. The workflow builds and deploys to Amazon ECR a docker image with tag = the tag created by the release. + +N/B: Just like with the `build-deploy-main` workflow, this workflow is always triggered when a release is published because of limitations with Github Actions. + + +### team-label.yml +This workflow is triggered whenever a PR is created or updated. It sets the correct team label based on the location of file changes. + +The `labeler.yml` file contains a list of labels and path globs to match to apply the label. + + +## Authenticating to Amazon ECR +There are several ways to authenticate against Amazon ECR (Access keys, IAM roles) but for the sake of simplicity, the workflows use access keys. Following best practices, Least privilege Permissions were granted to the credentials. \ No newline at end of file