Reorganize workflows (#103)

Signed-off-by: Sergio Castaño Arteaga <[email protected]>
cncf · Sep 28, 2023 · 7435df8 · 7435df8
1 parent 6cfca9d
commit 7435df8
Show file tree

Hide file tree

Showing 3 changed files with 60 additions and 56 deletions.
diff --git a/.github/workflows/build-images.yml b/.github/workflows/build-images.yml
@@ -0,0 +1,51 @@
+name: Build images
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  build-clowarden-dbmigrator-image:
+    if: github.ref == 'refs/heads/main'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-2
+      - name: Login to AWS ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+      - name: Build and push clowarden-dbmigrator image
+        env:
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+        run: |
+          docker build -f database/migrations/Dockerfile -t $ECR_REGISTRY/clowarden-dbmigrator:$GITHUB_SHA .
+          docker push $ECR_REGISTRY/clowarden-dbmigrator:$GITHUB_SHA
+
+  build-clowarden-server-image:
+    if: github.ref == 'refs/heads/main'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-2
+      - name: Login to AWS ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+      - name: Build and push clowarden server image
+        env:
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+        run: |
+          docker build -f clowarden-server/Dockerfile -t $ECR_REGISTRY/clowarden-server:$GITHUB_SHA .
+          docker push $ECR_REGISTRY/clowarden-server:$GITHUB_SHA
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -1,5 +1,10 @@
 name: CI
-on: [push, pull_request]
+
+on:
+  merge_group:
+  pull_request:
+    branches:
+      - main
 
 jobs:
   linter-backend:
@@ -68,53 +73,3 @@ jobs:
         working-directory: ./web
         run: yarn test --watchAll=false --passWithNoTests --verbose --maxWorkers=4
 
-  build-clowarden-dbmigrator-image:
-    if: github.ref == 'refs/heads/main'
-    needs:
-      - linter-backend
-      - tests-backend
-      - tests-frontend
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: us-east-2
-      - name: Login to AWS ECR
-        id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v1
-      - name: Build and push clowarden-dbmigrator image
-        env:
-          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
-        run: |
-          docker build -f database/migrations/Dockerfile -t $ECR_REGISTRY/clowarden-dbmigrator:$GITHUB_SHA .
-          docker push $ECR_REGISTRY/clowarden-dbmigrator:$GITHUB_SHA
-
-  build-clowarden-server-image:
-    if: github.ref == 'refs/heads/main'
-    needs:
-      - linter-backend
-      - tests-backend
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: us-east-2
-      - name: Login to AWS ECR
-        id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v1
-      - name: Build and push clowarden server image
-        env:
-          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
-        run: |
-          docker build -f clowarden-server/Dockerfile -t $ECR_REGISTRY/clowarden-server:$GITHUB_SHA .
-          docker push $ECR_REGISTRY/clowarden-server:$GITHUB_SHA
diff --git a/README.md b/README.md
@@ -1,7 +1,5 @@
 # CLOWarden
 
-[![CI](https://github.com/cncf/clowarden/actions/workflows/ci.yml/badge.svg)](https://github.com/cncf/clowarden/actions/workflows/ci.yml)
-
 **CLOWarden** is a tool that manages the access to resources across multiple services with the initial focus on repositories in a GitHub organization.
 CLOWarden allows you to grant access to an individual user or a defined team of users by submitting a PR to a file that defines access rules.
 
@@ -33,7 +31,7 @@ Let's go through a full example to see how this would work in practice.
 
 Our goal in this example will be to create a new team (named `team1`) with one maintainer and one member, as well as a new repository (named `repo1`). We want to give `team1` write permissions on `repo1`, and we'd also like to add a external collaborator, named `collaborator1`, with read permissions.
 
-The first step will be to create a pull request to add the entries below to the configuration files 
+The first step will be to create a pull request to add the entries below to the configuration files
 
 (*This configuration intentionally introduces a typo so we can describe CLOWarden's PR validation checks -team1 is misspelled-*):
 
@@ -50,7 +48,7 @@ teams:
 repositories:
   - name: repo1
     teams:
-      team1: write              # team1 does not exist! The CLOWarden validation check will report an error in a PR as a comment 
+      team1: write              # team1 does not exist! The CLOWarden validation check will report an error in a PR as a comment
     external_collaborators:
       collaborator1: read
     visibility: public
@@ -76,7 +74,7 @@ The pull request creator can now push a fix to address these issues. Once that's
 
 Now CLOWarden is happy with the changes proposed! This time, it also tried to help the maintainer who will approve the changes by describing in the comment what had changed.
 
-Sometimes this may be easy to spot by just looking at a the diff on the PR. But on other occasions, depending on the changes applied, it can get trickier and be error prone, as just a single extra space or tabulation can have unintented consequences. So CLOWarden simplifies this by analyzing the changes itself and displaying them in an easy to read way as a comment on the PR. 
+Sometimes this may be easy to spot by just looking at a the diff on the PR. But on other occasions, depending on the changes applied, it can get trickier and be error prone, as just a single extra space or tabulation can have unintented consequences. So CLOWarden simplifies this by analyzing the changes itself and displaying them in an easy to read way as a comment on the PR.
 
 Outside of the context of a PR it is possible to view an autdit log of the changes made see the [#Audit tool](Audit tool) below