-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #261 from im-practices/im-practices-runs-on
PLPT-793 - Replace dyn-, self-hosted
- Loading branch information
Showing
35 changed files
with
2,532 additions
and
2,532 deletions.
There are no files selected for viewing
434 changes: 217 additions & 217 deletions
434
.github/workflows/im-reusable-finish-build-workflow.yml
Large diffs are not rendered by default.
Oops, something went wrong.
400 changes: 200 additions & 200 deletions
400
.github/workflows/im-reusable-setup-build-workflow.yml
Large diffs are not rendered by default.
Oops, something went wrong.
302 changes: 151 additions & 151 deletions
302
.github/workflows/im-reusable-setup-deployment-workflow.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,151 +1,151 @@ | ||
| # The purpose of this workflow is to verify that the branch/tag/sha to deploy is a valid ref | ||
| # and for production deploys to verify that the tag is reachable from the default branch | ||
| # (meaning it has been reviewed and merged into main) and that the release is production | ||
| # ready (it is not a draft/pre-release). | ||
|
|
||
| # Example Usage in a repo's workflow: | ||
| # jobs: | ||
| # setup-deployment-workflow: | ||
| # uses: im-practices/.github/.github/workflows/im-reusable-setup-deployment-workflow.yml@v2 | ||
| # with: | ||
| # runs-on: im-linux | ||
| # ref-to-deploy: v1.2.3 | ||
| # deployment-environment: prod | ||
| # production-environments: 'prod,prod-secondary' | ||
| # default-branch: main | ||
|
|
||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| runs-on: | ||
| description: 'The runner that this workflow will run on.' | ||
| required: false | ||
| type: string | ||
| default: 'im-linux' | ||
| ref-to-deploy: | ||
| description: The branch, tag or sha that will be deployed. | ||
| type: string | ||
| required: true | ||
| deployment-environment: | ||
| description: 'The environment that is being deployed to: dev, qa, stage, stage-secondary, uat, demo, prod, prod-secondary.' | ||
| required: true | ||
| type: string | ||
| production-environments: | ||
| description: Comma separated list of production environments to check against. Defaults to 'prod,prod-secondary' | ||
| required: false | ||
| type: string | ||
| default: 'prod,prod-secondary' | ||
| verify-release-production-ready: | ||
| description: Verify associated release is not draft or prerelease | ||
| required: false | ||
| type: boolean | ||
| default: true | ||
| default-branch: | ||
| description: Default branch of the repository | ||
| required: false | ||
| type: string | ||
| default: main | ||
| workflow-summary: | ||
| description: 'String that will override the default GitHub Summary when provided.' | ||
| type: string | ||
| required: false | ||
|
|
||
| jobs: | ||
| setup-deployment-workflow: | ||
| runs-on: ${{ inputs.runs-on}} | ||
|
|
||
| steps: | ||
| - name: Print inputs | ||
| uses: actions/github-script@v7 | ||
| with: | ||
| script: | | ||
| function printInput(inputName, inputValue, isMultilineInput){ | ||
| if (!inputValue || inputValue.trim().length === 0){ | ||
| core.info(`${inputName}: Not Provided`); | ||
| } else if (isMultilineInput){ | ||
| console.log(`\n${inputName}:\n${inputValue}`); | ||
| } | ||
| else { | ||
| core.info(`${inputName}: ${inputValue}`); | ||
| } | ||
| } | ||
| printInput('runs-on', '${{ inputs.runs-on }}'); | ||
| printInput('ref-to-deploy', '${{ inputs.ref-to-deploy }}'); | ||
| printInput('deployment-environment', '${{ inputs.deployment-environment }}'); | ||
| printInput('production-environments', '${{ inputs.production-environments }}'); | ||
| printInput('verify-release-production-ready', '${{ inputs.verify-release-production-ready }}'); | ||
| printInput('default-branch', '${{ inputs.default-branch }}'); | ||
| printInput('workflow-summary', process.env.SUMMARY, true); | ||
| env: | ||
| SUMMARY: ${{ inputs.workflow-summary }} | ||
|
|
||
| - name: Construct Workflow Summary | ||
| id: summary | ||
| uses: actions/github-script@v7 | ||
| with: | ||
| script: | | ||
| let summary = process.env.SUMMARY; | ||
| if (!summary || summary.trim().length === 0){ | ||
| console.log('A workflow summary was not provided. The default value will be constructed for this workflow run.'); | ||
| summary = ` | ||
| | Deployment Arguments | Value | | ||
| | --- | --- | | ||
| | Deployment Environment | \`${{ inputs.deployment-environment }}\` | | ||
| | Ref to Deploy | \`${{ inputs.ref-to-deploy }}\` | | ||
| | Actor | \`${{ github.actor }}\` | | ||
| | Workflow Source | \`${{ github.ref_name }}\` - SHA: \`${{ github.sha }}\` |`; | ||
| } else { | ||
| console.log('A workflow summary was provided and will be used instead of the default value.'); | ||
| } | ||
| console.log('Workflow Summary:'); | ||
| console.log(summary); | ||
| core.setOutput('summary', summary); | ||
| env: | ||
| SUMMARY: ${{ inputs.workflow-summary }} | ||
|
|
||
| - run: echo '${{ steps.summary.outputs.summary }}' >> $GITHUB_STEP_SUMMARY | ||
|
|
||
| # In this job, always checkout the default branch (not the tag that was provided as an input). | ||
| # Also use fetch-depth: 0 to retrieve the history and tags so we can check if a tag is | ||
| # exists, is reachable from the default branch and is production ready. | ||
| - name: Checkout Repository | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| ref: ${{ inputs.default-branch }} | ||
| fetch-depth: 0 | ||
|
|
||
| - name: Verify Tag Exists | ||
| uses: im-open/[email protected] | ||
| with: | ||
| branch-tag-sha: ${{ inputs.ref-to-deploy }} | ||
|
|
||
| - name: Determine if deployment is to Prod | ||
| id: check-env | ||
| uses: actions/github-script@v7 | ||
| with: | ||
| script: | | ||
| const prodEnvsRaw = '${{ inputs.production-environments }}'; | ||
| if (!prodEnvsRaw || prodEnvsRaw.length === 0){ | ||
| core.setFailure('A list of production environments must be provided.'); | ||
| return; | ||
| } | ||
| const prodEnvs = prodEnvsRaw.split(',').map(e => e.trim()); | ||
| const deploymentEnv = '${{ inputs.deployment-environment }}'.trim(); | ||
| const isProd = prodEnvs.includes(deploymentEnv); | ||
| core.setOutput('IS_PROD', isProd); | ||
| - uses: im-open/is-tag-reachable-from-default-branch@v1 | ||
| if: steps.check-env.outputs.IS_PROD == 'true' | ||
| with: | ||
| tag: ${{ inputs.ref-to-deploy }} | ||
| default-branch: ${{ inputs.default-branch }} | ||
| error-if-not-reachable: true # This only runs for prod environments, so if the tag is not in main, it should fail | ||
|
|
||
| - uses: im-open/is-release-production-ready@v1 | ||
| if: steps.check-env.outputs.IS_PROD == 'true' && inputs.verify-release-production-ready == 'true' | ||
| with: | ||
| token: ${{ secrets.GITHUB_TOKEN }} | ||
| release-tag: ${{ inputs.ref-to-deploy }} | ||
| fail-for-prerelease: true # This only runs for prod environments, so if the release is not production ready it should fail | ||
| # The purpose of this workflow is to verify that the branch/tag/sha to deploy is a valid ref | ||
| # and for production deploys to verify that the tag is reachable from the default branch | ||
| # (meaning it has been reviewed and merged into main) and that the release is production | ||
| # ready (it is not a draft/pre-release). | ||
|
|
||
| # Example Usage in a repo's workflow: | ||
| # jobs: | ||
| # setup-deployment-workflow: | ||
| # uses: im-practices/.github/.github/workflows/im-reusable-setup-deployment-workflow.yml@v2 | ||
| # with: | ||
| # runs-on: im-linux | ||
| # ref-to-deploy: v1.2.3 | ||
| # deployment-environment: prod | ||
| # production-environments: 'prod,prod-secondary' | ||
| # default-branch: main | ||
|
|
||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| runs-on: | ||
| description: 'The runner that this workflow will run on.' | ||
| required: false | ||
| type: string | ||
| default: 'im-linux' | ||
| ref-to-deploy: | ||
| description: The branch, tag or sha that will be deployed. | ||
| type: string | ||
| required: true | ||
| deployment-environment: | ||
| description: 'The environment that is being deployed to: dev, qa, stage, stage-secondary, uat, demo, prod, prod-secondary.' | ||
| required: true | ||
| type: string | ||
| production-environments: | ||
| description: Comma separated list of production environments to check against. Defaults to 'prod,prod-secondary' | ||
| required: false | ||
| type: string | ||
| default: 'prod,prod-secondary' | ||
| verify-release-production-ready: | ||
| description: Verify associated release is not draft or prerelease | ||
| required: false | ||
| type: boolean | ||
| default: true | ||
| default-branch: | ||
| description: Default branch of the repository | ||
| required: false | ||
| type: string | ||
| default: main | ||
| workflow-summary: | ||
| description: 'String that will override the default GitHub Summary when provided.' | ||
| type: string | ||
| required: false | ||
|
|
||
| jobs: | ||
| setup-deployment-workflow: | ||
| runs-on: ${{ inputs.runs-on}} | ||
|
|
||
| steps: | ||
| - name: Print inputs | ||
| uses: actions/github-script@v7 | ||
| with: | ||
| script: | | ||
| function printInput(inputName, inputValue, isMultilineInput){ | ||
| if (!inputValue || inputValue.trim().length === 0){ | ||
| core.info(`${inputName}: Not Provided`); | ||
| } else if (isMultilineInput){ | ||
| console.log(`\n${inputName}:\n${inputValue}`); | ||
| } | ||
| else { | ||
| core.info(`${inputName}: ${inputValue}`); | ||
| } | ||
| } | ||
| printInput('runs-on', '${{ inputs.runs-on }}'); | ||
| printInput('ref-to-deploy', '${{ inputs.ref-to-deploy }}'); | ||
| printInput('deployment-environment', '${{ inputs.deployment-environment }}'); | ||
| printInput('production-environments', '${{ inputs.production-environments }}'); | ||
| printInput('verify-release-production-ready', '${{ inputs.verify-release-production-ready }}'); | ||
| printInput('default-branch', '${{ inputs.default-branch }}'); | ||
| printInput('workflow-summary', process.env.SUMMARY, true); | ||
| env: | ||
| SUMMARY: ${{ inputs.workflow-summary }} | ||
|
|
||
| - name: Construct Workflow Summary | ||
| id: summary | ||
| uses: actions/github-script@v7 | ||
| with: | ||
| script: | | ||
| let summary = process.env.SUMMARY; | ||
| if (!summary || summary.trim().length === 0){ | ||
| console.log('A workflow summary was not provided. The default value will be constructed for this workflow run.'); | ||
| summary = ` | ||
| | Deployment Arguments | Value | | ||
| | --- | --- | | ||
| | Deployment Environment | \`${{ inputs.deployment-environment }}\` | | ||
| | Ref to Deploy | \`${{ inputs.ref-to-deploy }}\` | | ||
| | Actor | \`${{ github.actor }}\` | | ||
| | Workflow Source | \`${{ github.ref_name }}\` - SHA: \`${{ github.sha }}\` |`; | ||
| } else { | ||
| console.log('A workflow summary was provided and will be used instead of the default value.'); | ||
| } | ||
| console.log('Workflow Summary:'); | ||
| console.log(summary); | ||
| core.setOutput('summary', summary); | ||
| env: | ||
| SUMMARY: ${{ inputs.workflow-summary }} | ||
|
|
||
| - run: echo '${{ steps.summary.outputs.summary }}' >> $GITHUB_STEP_SUMMARY | ||
|
|
||
| # In this job, always checkout the default branch (not the tag that was provided as an input). | ||
| # Also use fetch-depth: 0 to retrieve the history and tags so we can check if a tag is | ||
| # exists, is reachable from the default branch and is production ready. | ||
| - name: Checkout Repository | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| ref: ${{ inputs.default-branch }} | ||
| fetch-depth: 0 | ||
|
|
||
| - name: Verify Tag Exists | ||
| uses: im-open/[email protected] | ||
| with: | ||
| branch-tag-sha: ${{ inputs.ref-to-deploy }} | ||
|
|
||
| - name: Determine if deployment is to Prod | ||
| id: check-env | ||
| uses: actions/github-script@v7 | ||
| with: | ||
| script: | | ||
| const prodEnvsRaw = '${{ inputs.production-environments }}'; | ||
| if (!prodEnvsRaw || prodEnvsRaw.length === 0){ | ||
| core.setFailure('A list of production environments must be provided.'); | ||
| return; | ||
| } | ||
| const prodEnvs = prodEnvsRaw.split(',').map(e => e.trim()); | ||
| const deploymentEnv = '${{ inputs.deployment-environment }}'.trim(); | ||
| const isProd = prodEnvs.includes(deploymentEnv); | ||
| core.setOutput('IS_PROD', isProd); | ||
| - uses: im-open/is-tag-reachable-from-default-branch@v1 | ||
| if: steps.check-env.outputs.IS_PROD == 'true' | ||
| with: | ||
| tag: ${{ inputs.ref-to-deploy }} | ||
| default-branch: ${{ inputs.default-branch }} | ||
| error-if-not-reachable: true # This only runs for prod environments, so if the tag is not in main, it should fail | ||
|
|
||
| - uses: im-open/is-release-production-ready@v1 | ||
| if: steps.check-env.outputs.IS_PROD == 'true' && inputs.verify-release-production-ready == 'true' | ||
| with: | ||
| token: ${{ secrets.GITHUB_TOKEN }} | ||
| release-tag: ${{ inputs.ref-to-deploy }} | ||
| fail-for-prerelease: true # This only runs for prod environments, so if the release is not production ready it should fail |
Oops, something went wrong.