generated from Skatteetaten/vagrant-hashistack-template
-
Notifications
You must be signed in to change notification settings - Fork 13
227 lines (204 loc) · 7.81 KB
/
on_pr_push_master.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
name: CI/CD
on:
pull_request:
branches: [ master ]
types: [ opened, synchronize, reopened, edited, closed, labeled, unlabeled ]
push:
branches: [ master ]
jobs:
linter:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Super-Linter
# todo: use github/super-linter when will be resolved https://github.com/github/super-linter/issues/708
uses: Neha-Sinha2305/super-linter@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
VALIDATE_ANSIBLE: true
VALIDATE_BASH: true
VALIDATE_DOCKER_HADOLINT: true
VALIDATE_GO: true
VALIDATE_HTML: true
# VALIDATE_JAVA: false
VALIDATE_JSON: true
VALIDATE_MD: true
VALIDATE_OPENAPI: true
VALIDATE_PYTHON: true
VALIDATE_PYTHON_PYLINT: true
VALIDATE_PYTHON_FLAKE8: true
VALIDATE_RUBY: true
VALIDATE_SQL: true
VALIDATE_TERRAFORM: true
VALIDATE_XML: true
docker-auth:
runs-on: ubuntu-latest
steps:
- uses: actions/upload-artifact@v2
with:
name: docker-auth
path: ~/.docker/config.json
enforce-changelog:
runs-on: ubuntu-latest
if: github.event.action != 'closed' && github.event_name == 'pull_request'
steps:
- uses: actions/checkout@v1
- uses: dangoslen/changelog-enforcer@v1.1.1
with:
changeLogPath: 'CHANGELOG.md'
skipLabel: 'skip-changelog'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
test:
needs: docker-auth
runs-on: macos-latest
strategy:
matrix:
consul_acl: [ "consul_acl_enabled", "consul_acl_disabled" ]
consul_acl_default_policy: [ "consul_acl_deny" ]
nomad_acl: [ "nomad_acl_enabled", "nomad_acl_disabled" ]
hashicorp_binary: [ "hashicorp_enterprise" ]
steps:
- uses: actions/checkout@v2
- name: set consul acl (enabled/disabled)
id: consul_acl
run: |
if [ "$test_consul_acl" == 'consul_acl_enabled' ]
then
echo "::set-output name=consul_acl::true"
else
echo "::set-output name=consul_acl::false"
fi
env:
test_consul_acl: ${{ matrix.consul_acl }}
- name: set consul acl default policy (allow/deny)
id: consul_acl_default_policy
run: |
if [ "$test_consul_acl_default_policy" == 'consul_acl_allow' ]
then
echo "::set-output name=default_policy::allow"
else
echo "::set-output name=default_policy::deny"
fi
env:
test_consul_acl_default_policy: ${{ matrix.consul_acl_default_policy }}
- name: set nomad acl (enabled/disabled)
id: nomad_acl
run: |
if [ "$test_nomad_acl" == 'nomad_acl_enabled' ]
then
echo "::set-output name=nomad_acl::true"
else
echo "::set-output name=nomad_acl::false"
fi
env:
test_nomad_acl: ${{ matrix.nomad_acl }}
- name: set hashicorp binary (oss/enterprise)
id: hashicorp_binary
run: |
if [ "$test_hashicorp_binary" == 'hashicorp_oss' ]
then
echo "::set-output name=consul_enterprise::false"
echo "::set-output name=nomad_enterprise::false"
echo "::set-output name=vault_enterprise::false"
else
echo "::set-output name=consul_enterprise::true"
echo "::set-output name=nomad_enterprise::true"
echo "::set-output name=vault_enterprise::true"
fi
env:
test_hashicorp_binary: ${{ matrix.hashicorp_binary }}
- name: Make .env_override in template_example dir in order to matrix test
if: github.repository == 'skatteetaten/vagrant-hashistack-template'
run: python .github/action/create-env.py
env:
ENVKEY_env_override: true
ENVKEY_consul_acl: ${{ steps.consul_acl.outputs.consul_acl }}
ENVKEY_consul_acl_default_policy: ${{ steps.consul_acl_default_policy.outputs.default_policy }}
ENVKEY_nomad_acl: ${{ steps.nomad_acl.outputs.nomad_acl }}
ENVKEY_consul_enterprise: ${{ steps.hashicorp_binary.outputs.consul_enterprise }}
ENVKEY_nomad_enterprise: ${{ steps.hashicorp_binary.outputs.nomad_enterprise }}
ENVKEY_vault_enterprise: ${{ steps.hashicorp_binary.outputs.vault_enterprise }}
FILE_NAME: template_example/.env_override
- name: Run make template_example
if: github.repository == 'skatteetaten/vagrant-hashistack-template'
run: make template_example
- name: Make .env_override in template dir in order to matrix test
if: github.repository != 'skatteetaten/vagrant-hashistack-template'
run: python .github/action/create-env.py
env:
ENVKEY_env_override: true
ENVKEY_consul_acl: ${{ steps.consul_acl.outputs.consul_acl }}
ENVKEY_consul_acl_default_policy: ${{ steps.consul_acl_default_policy.outputs.default_policy }}
ENVKEY_nomad_acl: ${{ steps.nomad_acl.outputs.nomad_acl }}
ENVKEY_consul_enterprise: ${{ steps.hashicorp_binary.outputs.consul_enterprise }}
ENVKEY_nomad_enterprise: ${{ steps.hashicorp_binary.outputs.nomad_enterprise }}
ENVKEY_vault_enterprise: ${{ steps.hashicorp_binary.outputs.vault_enterprise }}
FILE_NAME: .env_override
- uses: actions/download-artifact@v2
with:
name: docker-auth
path: docker/conf/config.json
- name: Run make test-standalone
if: github.repository != 'skatteetaten/vagrant-hashistack-template'
run: make test-standalone
release-prerequisites:
if: |
contains(github.event.pull_request.labels.*.name, 'major') ||
contains(github.event.pull_request.labels.*.name, 'minor') ||
contains(github.event.pull_request.labels.*.name, 'patch')
runs-on: ubuntu-latest
outputs:
bump: ${{ steps.bump.outputs.match }}
next_version: ${{ steps.split_tag.outputs._0 }}
log_entry: ${{ steps.changelog_reader.outputs.log_entry }}
steps:
- uses: actions/checkout@v2
- name: Require PR label (major/minor/patch)
id: bump
uses: zwaldowski/match-label-action@v1
with:
allowed: major,minor,patch
- name: Bump version and push tag
id: next_version
uses: anothrNick/github-tag-action@1.26.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DEFAULT_BUMP: ${{ steps.bump.outputs.match }}
DRY_RUN: true
- uses: rishabhgupta/split-by@v1
id: split_tag
with:
string: ${{ steps.next_version.outputs.new_tag }}
split-by: '-'
- name: Find and replace
run: python .github/action/find-replace.py
env:
FIND: "'"
REPLACE: "'\\''"
FILE_TO_MODIFY: CHANGELOG.md
- name: Get Changelog Entry
id: changelog_reader
uses: mindsers/changelog-reader-action@v1.1.0
with:
version: ${{ steps.next_version.outputs.version }}
path: CHANGELOG.md
release:
if: github.event.action == 'closed' && github.event.pull_request.merged == true
needs:
- release-prerequisites
- test
runs-on: macos-latest
steps:
- name: Create Release on github
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ needs.release-prerequisites.outputs.next_version }}
release_name: Release v${{ needs.release-prerequisites.outputs.next_version }}
body: |
${{ needs.release-prerequisites.outputs.log_entry }}
draft: false
prerelease: false