-
Notifications
You must be signed in to change notification settings - Fork 2
169 lines (160 loc) · 6.03 KB
/
pull_request.yml
File metadata and controls
169 lines (160 loc) · 6.03 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
name: deploy_pr
on:
pull_request:
branches: [main]
permissions: {}
jobs:
dependabot-auto-approve-and-merge:
needs: quality_checks
uses: NHSDigital/eps-common-workflows/.github/workflows/dependabot-auto-approve-and-merge.yml@c8f899f30a6a726859b0277faa73cd9ff7f4de20
secrets:
AUTOMERGE_APP_ID: ${{ secrets.AUTOMERGE_APP_ID }}
AUTOMERGE_PEM: ${{ secrets.AUTOMERGE_PEM }}
permissions:
contents: write
pull-requests: write
get_config_values:
uses: NHSDigital/eps-common-workflows/.github/workflows/get-repo-config.yml@c8f899f30a6a726859b0277faa73cd9ff7f4de20
with:
verify_published_from_main_image: false
permissions:
attestations: read
contents: read
packages: read
quality_checks:
uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@c8f899f30a6a726859b0277faa73cd9ff7f4de20
needs: [get_config_values]
with:
pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
secrets:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
permissions:
contents: read
id-token: write
packages: read
pr_title_format_check:
uses: NHSDigital/eps-common-workflows/.github/workflows/pr_title_check.yml@c8f899f30a6a726859b0277faa73cd9ff7f4de20
permissions:
pull-requests: write
get_issue_number:
runs-on: ubuntu-22.04
needs: quality_checks
outputs:
issue_number: ${{steps.get_issue_number.outputs.result}}
steps:
- uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd
name: get issue number
id: get_issue_number
with:
script: |
if (context.issue.number) {
// Return issue number if present
return context.issue.number;
} else {
// Otherwise return issue number from commit
return (
await github.rest.repos.listPullRequestsAssociatedWithCommit({
commit_sha: context.sha,
owner: context.repo.owner,
repo: context.repo.repo,
})
).data[0].number;
}
result-encoding: string
tag_release:
needs: [get_config_values]
uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@c8f899f30a6a726859b0277faa73cd9ff7f4de20
permissions:
id-token: write
contents: write
packages: write
with:
dry_run: true
pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
branch_name: ${{ github.event.pull_request.head.ref }}
tag_format: ${{ needs.get_config_values.outputs.tag_format }}
get_commit_id:
runs-on: ubuntu-22.04
outputs:
commit_id: ${{ steps.commit_id.outputs.commit_id }}
steps:
- name: Get Commit ID
id: commit_id
run: |
echo "commit_id=${{ github.sha }}" >> "$GITHUB_OUTPUT"
package_code:
needs: [get_issue_number, tag_release, get_config_values]
uses: ./.github/workflows/sam_package_code.yml
with:
pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
permissions:
contents: read
packages: read
id-token: write
release_code:
needs: [get_issue_number, package_code, get_commit_id, get_config_values]
uses: ./.github/workflows/sam_release_code.yml
permissions:
contents: write
id-token: write
with:
IS_PULL_REQUEST: true
STACK_NAME: pfp-pr-${{needs.get_issue_number.outputs.issue_number}}
ARTIFACT_BUCKET_PREFIX: PR-${{needs.get_issue_number.outputs.issue_number}}
TARGET_ENVIRONMENT: dev
APIGEE_ENVIRONMENT: internal-dev
ENABLE_MUTUAL_TLS: false
MTLS_KEY: prescriptions-for-patients-mtls-1
BUILD_ARTIFACT: packaged_code
TRUSTSTORE_FILE: pfp-truststore-pr.pem
VERSION_NUMBER: PR-${{ needs.get_issue_number.outputs.issue_number }}
COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
LOG_LEVEL: DEBUG
LOG_RETENTION_DAYS: 30
TOGGLE_GET_STATUS_UPDATES: true
ENABLE_ALERTS: false
STATE_MACHINE_LOG_LEVEL: ALL
RUN_REGRESSION_TESTS: true
REGRESSION_TEST_PRODUCT: PFP-AWS
FORWARD_CSOC_LOGS: false
DEPLOY_APIGEE: true
ALLOW_NHS_NUMBER_OVERRIDE: true
pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
secrets:
REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
TARGET_SPINE_SERVER: ${{ secrets.DEV_TARGET_SPINE_SERVER }}
TARGET_SERVICE_SEARCH_SERVER: ${{ secrets.DEV_TARGET_SERVICE_SEARCH_SERVER }}
PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PTL_ROLE }}
release_sandbox_code:
needs: [get_issue_number, package_code, get_commit_id, get_config_values]
uses: ./.github/workflows/sam_release_code.yml
permissions:
contents: write
id-token: write
with:
IS_PULL_REQUEST: true
STACK_NAME: pfp-pr-${{needs.get_issue_number.outputs.issue_number}}-sandbox
ARTIFACT_BUCKET_PREFIX: PR-sandbox-${{needs.get_issue_number.outputs.issue_number}}
TARGET_ENVIRONMENT: dev
APIGEE_ENVIRONMENT: internal-dev-sandbox
ENABLE_MUTUAL_TLS: false
MTLS_KEY: prescriptions-for-patients-mtls-1
BUILD_ARTIFACT: packaged_sandbox_code
TRUSTSTORE_FILE: pfp-sandbox-truststore.pem
VERSION_NUMBER: PR-${{ needs.get_issue_number.outputs.issue_number }}
COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }}
LOG_LEVEL: DEBUG
LOG_RETENTION_DAYS: 30
STATE_MACHINE_LOG_LEVEL: ALL
RUN_REGRESSION_TESTS: false
FORWARD_CSOC_LOGS: false
DEPLOY_APIGEE: false
ALLOW_NHS_NUMBER_OVERRIDE: true
pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
secrets:
REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }}
CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }}
TARGET_SPINE_SERVER: sandbox
TARGET_SERVICE_SEARCH_SERVER: sandbox
PROXYGEN_ROLE: ${{ secrets.PROXYGEN_PTL_ROLE }}