Skip to content

Adding perms for github CI role #103

Adding perms for github CI role

Adding perms for github CI role #103

Workflow file for this run

name: "CI/CD publish"
on:
pull_request:
types: [closed]
branches:
- main
jobs:
metadata:
name: "Set CI/CD metadata"
runs-on: ubuntu-latest
if: github.event.pull_request.merged == true
timeout-minutes: 1
outputs:
build_datetime: ${{ steps.variables.outputs.build_datetime }}
build_timestamp: ${{ steps.variables.outputs.build_timestamp }}
build_epoch: ${{ steps.variables.outputs.build_epoch }}
nodejs_version: ${{ steps.variables.outputs.nodejs_version }}
python_version: ${{ steps.variables.outputs.python_version }}
terraform_version: ${{ steps.variables.outputs.terraform_version }}
version: ${{ steps.variables.outputs.version }}
steps:
- name: "Checkout code"
uses: actions/checkout@v4
- name: "Set CI/CD variables"
id: variables
run: |
datetime=$(date -u +'%Y-%m-%dT%H:%M:%S%z')
echo "build_datetime=$datetime" >> $GITHUB_OUTPUT
echo "build_timestamp=$(date --date=$datetime -u +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
echo "build_epoch=$(date --date=$datetime -u +'%s')" >> $GITHUB_OUTPUT
echo "nodejs_version=$(grep "^nodejs" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
echo "python_version=$(grep "^nodejs" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
echo "terraform_version=$(grep "^terraform" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
# TODO: Get the version, but it may not be the .version file as this should come from the CI/CD Pull Request Workflow
echo "version=$(head -n 1 .version 2> /dev/null || echo unknown)" >> $GITHUB_OUTPUT
- name: "List variables"
run: |
export BUILD_DATETIME="${{ steps.variables.outputs.build_datetime }}"
export BUILD_TIMESTAMP="${{ steps.variables.outputs.build_timestamp }}"
export BUILD_EPOCH="${{ steps.variables.outputs.build_epoch }}"
export NODEJS_VERSION="${{ steps.variables.outputs.nodejs_version }}"
export PYTHON_VERSION="${{ steps.variables.outputs.python_version }}"
export TERRAFORM_VERSION="${{ steps.variables.outputs.terraform_version }}"
export VERSION="${{ steps.variables.outputs.version }}"
make list-variables
publish:
name: "Publish packages"
runs-on: ubuntu-latest
needs: [metadata]
if: github.event.pull_request.merged == true
timeout-minutes: 3
steps:
- name: "Checkout code"
uses: actions/checkout@v4
- name: "Get the artefacts"
run: |
echo "Getting the artefacts created by the build stage ..."
# TODO: Use either action/cache or action/upload-artifact
- name: "Create release"
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ needs.metadata.outputs.version }}
release_name: Release ${{ needs.metadata.outputs.version }}
body: |
Release of ${{ needs.metadata.outputs.version }}
draft: false
prerelease: false
# - name: "Upload release asset"
# uses: actions/upload-release-asset@v1
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# with:
# upload_url: "${{ steps.create_release.outputs.upload_url }}"
# asset_path: ./*
# asset_name: repository-template-${{ needs.metadata.outputs.version }}.tar.gz
# asset_content_type: "application/gzip"
success:
name: "Success notification"
runs-on: ubuntu-latest
needs: [publish]
steps:
- name: "Check prerequisites for notification"
id: check
run: echo "secret_exist=${{ secrets.TEAMS_NOTIFICATION_WEBHOOK_URL != '' }}" >> $GITHUB_OUTPUT
- name: "Notify on publishing packages"
if: steps.check.outputs.secret_exist == 'true'
uses: nhs-england-tools/notify-msteams-action@v1.0.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
teams-webhook-url: ${{ secrets.TEAMS_NOTIFICATION_WEBHOOK_URL }}
message-title: "Notification title"
message-text: "This is a notification body"
link: ${{ github.event.pull_request.html_url }}