From 2fc1e34f97fe6a27c408f1ec3aa961b743b469ee Mon Sep 17 00:00:00 2001 From: Igor Rodionov Date: Fri, 17 May 2024 00:49:06 +0200 Subject: [PATCH] Consolidate shared workflows (#89) ## what * Consolidate shared workflows ## why * Reduce reusable workflows nested levels ## references * DEV-400: Move shared workflows into .github repo with shared- prefix --- .github/workflows/shared-github-action.yml | 79 +++++++++++++++++++ .../workflows/shared-terraform-chatops.yml | 26 ++++++ .github/workflows/shared-terraform-module.yml | 70 ++++++++++++++++ .../workflows/shared-terraform-scheduled.yml | 32 ++++++++ 4 files changed, 207 insertions(+) create mode 100644 .github/workflows/shared-github-action.yml create mode 100644 .github/workflows/shared-terraform-chatops.yml create mode 100644 .github/workflows/shared-terraform-module.yml create mode 100644 .github/workflows/shared-terraform-scheduled.yml diff --git a/.github/workflows/shared-github-action.yml b/.github/workflows/shared-github-action.yml new file mode 100644 index 00000000..ff4b79b8 --- /dev/null +++ b/.github/workflows/shared-github-action.yml @@ -0,0 +1,79 @@ +name: "Shared github action workflow" + +on: + workflow_call: + inputs: + organization: + description: "Repository owner organization (ex. acme for repo acme/example)" + required: false + default: ${{ github.event.repository.owner.login }} + type: string + repository: + description: "Repository name (ex. example for repo acme/example)" + required: false + default: ${{ github.event.repository.name }} + type: string + ref: + description: "The fully-formed ref of the branch or tag that triggered the workflow run" + required: false + default: ${{ github.ref }} + type: string + tests-prefix: + description: "Workflows file name prefix to run as tests" + required: false + type: string + default: 'test-*' + publish: + description: "Whether to publish a new release immediately" + required: false + default: "true" + type: string + runs-on: + description: "Overrides job runs-on setting (json-encoded list)" + type: string + required: false + default: '["ubuntu-latest"]' + +permissions: + contents: write + actions: write + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: false + +jobs: + ci-readme: + uses: cloudposse/github-actions-workflows/.github/workflows/ci-readme.yml@shared-workflows + name: "Readme" + if: ${{ github.event_name == 'push' }} + with: + runs-on: ${{ inputs.runs-on }} + secrets: inherit + + ci-gha: + uses: cloudposse/github-actions-workflows/.github/workflows/ci-github-action.yml@main + name: "CI" + with: + organization: ${{ inputs.organization }} + repository: ${{ inputs.repository }} + ref: ${{ inputs.ref }} + tests-prefix: ${{ inputs.tests-prefix }} + + ci: + runs-on: ${{ fromJSON(inputs.runs-on) }} + if: ${{ always() }} + steps: + - run: | + echo '${{ toJSON(needs) }}' # easier debug + ! ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} + needs: [ ci-gha, ci-readme ] + + release: + needs: [ ci ] + name: "Release" + if: ${{ github.event_name == 'push' }} + uses: cloudposse/.github/.github/workflows/shared-auto-release.yml@main + with: + publish: ${{ inputs.publish }} + secrets: inherit diff --git a/.github/workflows/shared-terraform-chatops.yml b/.github/workflows/shared-terraform-chatops.yml new file mode 100644 index 00000000..7da9c33b --- /dev/null +++ b/.github/workflows/shared-terraform-chatops.yml @@ -0,0 +1,26 @@ +name: "Shared Terraform ChatOps" + +on: + workflow_call: + inputs: + runs-on: + description: "Overrides job runs-on setting (json-encoded list)" + type: string + required: false + default: '["ubuntu-latest"]' + secrets: + github_access_token: + description: "GitHub API token" + required: true + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: false + +jobs: + ci-terraform-chatops: + uses: cloudposse/github-actions-workflows/.github/workflows/ci-terraform-chatops.yml@main + with: + runs-on: ${{ inputs.runs-on }} + secrets: + github_access_token: ${{ secrets.github_access_token }} diff --git a/.github/workflows/shared-terraform-module.yml b/.github/workflows/shared-terraform-module.yml new file mode 100644 index 00000000..7648f8e0 --- /dev/null +++ b/.github/workflows/shared-terraform-module.yml @@ -0,0 +1,70 @@ +name: "Shared terraform module" +on: + workflow_call: + inputs: + runs-on: + description: "Overrides job runs-on setting (json-encoded list)" + type: string + required: false + default: '["ubuntu-latest"]' + secrets: + REPO_ACCESS_TOKEN: + description: "GitHub API token" + required: true + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: false + +jobs: + ci-terraform: + uses: cloudposse/github-actions-workflows/.github/workflows/ci-terraform.yml@shared-workflows + name: "CI" + with: + # Workaround for https://github.com/community/community/discussions/9099 + # We should switch to nofilter once it's fixed + filter-mode: ${{ github.event_name == 'pull_request' && 'diff_context' || 'nofilter' }} + suggestions: "${{ github.event_name == 'pull_request' }}" + runs-on: ${{ inputs.runs-on }} + + ci-readme: + uses: cloudposse/github-actions-workflows/.github/workflows/ci-readme.yml@shared-workflows + name: "Readme" + if: ${{ github.event_name == 'push' }} + with: + runs-on: ${{ inputs.runs-on }} + secrets: inherit + + ci-codeowners: + uses: cloudposse/github-actions-workflows/.github/workflows/ci-codeowners.yml@shared-workflows + name: "CI" + with: + is_fork: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository }} + runs-on: ${{ inputs.runs-on }} + secrets: + github_access_token: ${{ secrets.REPO_ACCESS_TOKEN }} + + ci-labels: + runs-on: ${{ fromJSON(inputs.runs-on) }} + name: "CI / Labels Validate" + steps: + - uses: cloudposse/github-action-release-label-validator@v1 + + ci: + runs-on: ${{ fromJSON(inputs.runs-on) }} + if: ${{ always() }} + steps: + - run: | + echo '${{ toJSON(needs) }}' # easier debug + ! ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} + needs: [ ci-terraform, ci-readme, ci-codeowners, ci-labels ] + + auto-release: + name: "Release" + needs: [ci] + uses: cloudposse/.github/.github/workflows/shared-auto-release.yml@shared-workflows + if: ${{ github.event_name == 'push' }} + with: + runs-on: ${{ inputs.runs-on }} + publish: true + secrets: inherit diff --git a/.github/workflows/shared-terraform-scheduled.yml b/.github/workflows/shared-terraform-scheduled.yml new file mode 100644 index 00000000..c53189b6 --- /dev/null +++ b/.github/workflows/shared-terraform-scheduled.yml @@ -0,0 +1,32 @@ +name: "Shared terraform scheduled" + +on: + workflow_call: + inputs: + runs-on: + description: "Overrides job runs-on setting (json-encoded list)" + type: string + required: false + default: '["ubuntu-latest"]' + secrets: + REPO_ACCESS_TOKEN: + description: "GitHub API token" + required: true + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: false + +jobs: + context: + uses: cloudposse/github-actions-workflows/.github/workflows/scheduled-context.yml@main + with: + runs-on: ${{ inputs.runs-on }} + secrets: + github_access_token: ${{ secrets.REPO_ACCESS_TOKEN }} + + readme: + uses: cloudposse/github-actions-workflows/.github/workflows/scheduled-readme.yml@main + with: + runs-on: ${{ inputs.runs-on }} + secrets: inherit