From 8db401e0eef651e866274d93be1a4abaca62e36b Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Mon, 6 Jan 2025 17:49:36 -0800 Subject: [PATCH 1/6] Add results jobs to pr-open, analysis, pr-validate --- .github/workflows/analysis.yml | 10 ++++++++++ .github/workflows/pr-open.yml | 10 ++++++++++ .github/workflows/pr-validate.yml | 8 ++++++++ 3 files changed, 28 insertions(+) diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml index 8dcbf3e4..e471f1f0 100644 --- a/.github/workflows/analysis.yml +++ b/.github/workflows/analysis.yml @@ -60,3 +60,13 @@ jobs: uses: github/codeql-action/upload-sarif@v3 with: sarif_file: "trivy-results.sarif" + + results: + name: Analysis Results + needs: [tests, trivy] + if: always() + runs-on: ubuntu-24.04 + steps: + - if: contains(needs.*.result, 'failure')||contains(needs.*.result, 'canceled') + run: echo "At least one job has failed." && exit 1 + - run: echo "Success!" diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml index e495e6b0..1b09e8d5 100644 --- a/.github/workflows/pr-open.yml +++ b/.github/workflows/pr-open.yml @@ -113,3 +113,13 @@ jobs: -p ZONE=${{ github.event.number }} -p TAG=${{ github.event.number }} ${{ matrix.parameters }} triggers: ('db/' 'libs/' 'api/' 'admin/' 'public/') + + results: + name: PR Results + needs: [builds, deploys] + if: always() + runs-on: ubuntu-24.04 + steps: + - if: contains(needs.*.result, 'failure')||contains(needs.*.result, 'canceled') + run: echo "At least one job has failed." && exit 1 + - run: echo "Success!" diff --git a/.github/workflows/pr-validate.yml b/.github/workflows/pr-validate.yml index 3933e1de..eec2470e 100644 --- a/.github/workflows/pr-validate.yml +++ b/.github/workflows/pr-validate.yml @@ -41,3 +41,11 @@ jobs: Once merged, code will be promoted and handed off to following workflow run. - [Main Merge Workflow](https://github.com/${{ github.repository }}/actions/workflows/merge-main.yml) + + results: + name: Validate Results + if: always() + needs: [pr-description-add] + runs-on: ubuntu-24.04 + steps: + - run: echo "Success!" From 7c7011fbe6188a30f8327321a288e93e7ad4143f Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Mon, 6 Jan 2025 18:06:18 -0800 Subject: [PATCH 2/6] Use shared workflow for pr-validate --- .github/workflows/pr-validate.yml | 49 +++++++++++++------------------ 1 file changed, 20 insertions(+), 29 deletions(-) diff --git a/.github/workflows/pr-validate.yml b/.github/workflows/pr-validate.yml index eec2470e..8108dddb 100644 --- a/.github/workflows/pr-validate.yml +++ b/.github/workflows/pr-validate.yml @@ -11,41 +11,32 @@ concurrency: permissions: {} jobs: - pr-description-add: - name: PR Description Add - env: - DOMAIN: apps.silver.devops.gov.bc.ca - PREFIX: ${{ github.event.repository.name }} + init: + name: Initialize + outputs: + mod-tag: ${{ steps.mod-tag.outputs.mod-tag }} runs-on: ubuntu-24.04 - permissions: - pull-requests: write - timeout-minutes: 1 steps: - - name: Get FAM Route - id: fam - run: echo "route=$(( ${{ github.event.number }} % 50 ))" >> $GITHUB_OUTPUT - - - uses: bcgov-nr/action-pr-description-add@v1.2.0 - env: - DOMAIN: apps.silver.devops.gov.bc.ca - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - add_markdown: | - --- - Thanks for the PR! - - Any successful deployments (not always required) will be available below. - - [api](https://fom-${{ steps.fam.outputs.route }}.${{ env.DOMAIN }}/api) - - [admin](https://fom-${{ steps.fam.outputs.route }}.${{ env.DOMAIN }}/admin) - - [public](https://fom-${{ steps.fam.outputs.route }}.${{ env.DOMAIN }}/public) - - Once merged, code will be promoted and handed off to following workflow run. - - [Main Merge Workflow](https://github.com/${{ github.repository }}/actions/workflows/merge-main.yml) + - name: Get PR Number Mod 50 + id: mod-tag + run: echo "mod-tag=$(( ${{ github.event.number }} % 50 ))" >> $GITHUB_OUTPUT + + validate: + name: Validate PR + needs: [init] + uses: bcgov/quickstart-openshift-helpers/.github/workflows/.pr-validate.yml@v0.8.3 + with: + markdown_links: | + - [api](https://fom-${{ needs.init.outputs.mod-tag }}.${{ env.DOMAIN }}/api) + - [admin](https://fom-${{ needs.init.outputs.mod-tag }}.${{ env.DOMAIN }}/admin) + - [public](https://fom-${{ needs.init.outputs.mod-tag }}.${{ env.DOMAIN }}/public) results: name: Validate Results if: always() - needs: [pr-description-add] + needs: [validate] runs-on: ubuntu-24.04 steps: + - if: contains(needs.*.result, 'failure')||contains(needs.*.result, 'canceled') + run: echo "At least one job has failed." && exit 1 - run: echo "Success!" From bd92fed1076debb8fb604dc74b0cb47ab73de8eb Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Mon, 6 Jan 2025 18:26:36 -0800 Subject: [PATCH 3/6] Let Trivy run w/o prereq --- .github/workflows/analysis.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml index e471f1f0..bb4bcf41 100644 --- a/.github/workflows/analysis.yml +++ b/.github/workflows/analysis.yml @@ -39,7 +39,6 @@ jobs: trivy: name: Trivy Security Scan if: ${{ ! github.event.pull_request.draft }} - needs: [tests] permissions: security-events: write runs-on: ubuntu-24.04 From d4869f53455e10ab6dfff60f593082065cd8f180 Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Mon, 6 Jan 2025 18:46:00 -0800 Subject: [PATCH 4/6] Envar for domain --- .github/workflows/pr-validate.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/pr-validate.yml b/.github/workflows/pr-validate.yml index 8108dddb..3111414c 100644 --- a/.github/workflows/pr-validate.yml +++ b/.github/workflows/pr-validate.yml @@ -24,6 +24,8 @@ jobs: validate: name: Validate PR needs: [init] + env: + DOMAIN: apps.silver.devops.gov.bc.ca uses: bcgov/quickstart-openshift-helpers/.github/workflows/.pr-validate.yml@v0.8.3 with: markdown_links: | From ffad154e360ba7ebc3459963d8ad6bbad4ff408c Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Mon, 6 Jan 2025 18:49:22 -0800 Subject: [PATCH 5/6] Fix domain var --- .github/workflows/pr-validate.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/pr-validate.yml b/.github/workflows/pr-validate.yml index 3111414c..0aa17e95 100644 --- a/.github/workflows/pr-validate.yml +++ b/.github/workflows/pr-validate.yml @@ -24,14 +24,12 @@ jobs: validate: name: Validate PR needs: [init] - env: - DOMAIN: apps.silver.devops.gov.bc.ca uses: bcgov/quickstart-openshift-helpers/.github/workflows/.pr-validate.yml@v0.8.3 with: markdown_links: | - - [api](https://fom-${{ needs.init.outputs.mod-tag }}.${{ env.DOMAIN }}/api) - - [admin](https://fom-${{ needs.init.outputs.mod-tag }}.${{ env.DOMAIN }}/admin) - - [public](https://fom-${{ needs.init.outputs.mod-tag }}.${{ env.DOMAIN }}/public) + - [api](https://fom-${{ needs.init.outputs.mod-tag }}.apps.silver.devops.gov.bc.ca/api) + - [admin](https://fom-${{ needs.init.outputs.mod-tag }}.apps.silver.devops.gov.bc.ca/admin) + - [public](https://fom-${{ needs.init.outputs.mod-tag }}.apps.silver.devops.gov.bc.ca/public) results: name: Validate Results From 91bdd38b511371d7d86dc8da172b621c1948cce2 Mon Sep 17 00:00:00 2001 From: Derek Roberts Date: Mon, 6 Jan 2025 18:51:16 -0800 Subject: [PATCH 6/6] Workflow permissions --- .github/workflows/pr-validate.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/pr-validate.yml b/.github/workflows/pr-validate.yml index 0aa17e95..9224926b 100644 --- a/.github/workflows/pr-validate.yml +++ b/.github/workflows/pr-validate.yml @@ -24,6 +24,8 @@ jobs: validate: name: Validate PR needs: [init] + permissions: + pull-requests: write uses: bcgov/quickstart-openshift-helpers/.github/workflows/.pr-validate.yml@v0.8.3 with: markdown_links: |