Added detect-secrets to workflow #175
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Copyright contributors to the Galasa project | |
# | |
# SPDX-License-Identifier: EPL-2.0 | |
# | |
name: Pull Request Build Orchestrator | |
on: | |
pull_request: | |
branches: [main] | |
jobs: | |
# Get modules that were changed as part of this Pull Request, | |
# set that as an output of this job to be passed to the next job. | |
get-changed-modules: | |
name: Get the modules changed in this Pull Request | |
runs-on: ubuntu-latest | |
outputs: | |
platform_changed: ${{ steps.get-changed-modules.outputs.PLATFORM_CHANGED }} | |
buildutils_changed: ${{ steps.get-changed-modules.outputs.BUILDUTILS_CHANGED }} | |
wrapping_changed: ${{ steps.get-changed-modules.outputs.WRAPPING_CHANGED }} | |
gradle_changed: ${{ steps.get-changed-modules.outputs.GRADLE_CHANGED }} | |
maven_changed: ${{ steps.get-changed-modules.outputs.MAVEN_CHANGED }} | |
framework_changed: ${{ steps.get-changed-modules.outputs.FRAMEWORK_CHANGED }} | |
extensions_changed: ${{ steps.get-changed-modules.outputs.EXTENSIONS_CHANGED }} | |
managers_changed: ${{ steps.get-changed-modules.outputs.MANAGERS_CHANGED }} | |
obr_changed: ${{ steps.get-changed-modules.outputs.OBR_CHANGED }} | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v4 | |
- name: Get the modules changed in this Pull Request | |
id: get-changed-modules | |
env: | |
GH_TOKEN: ${{ github.token }} | |
run: | | |
./tools/get-changed-modules-pull-request.sh --pr-number ${{ github.event.number }} | |
find-artifacts: | |
name: Get Workflow Run IDs with artifacts to download for each module | |
runs-on: ubuntu-latest | |
outputs: | |
platform_artifacts_id: ${{ steps.find-artifacts.outputs.platform_artifacts_id }} | |
galasabld_artifacts_id: ${{ steps.find-artifacts.outputs.galasabld_artifacts_id }} | |
openapi2beans_artifacts_id: ${{ steps.find-artifacts.outputs.openapi2beans_artifacts_id }} | |
wrapping_artifacts_id: ${{ steps.find-artifacts.outputs.wrapping_artifacts_id }} | |
gradle_artifacts_id: ${{ steps.find-artifacts.outputs.gradle_artifacts_id }} | |
maven_artifacts_id: ${{ steps.find-artifacts.outputs.maven_artifacts_id }} | |
framework_artifacts_id: ${{ steps.find-artifacts.outputs.framework_artifacts_id }} | |
extensions_artifacts_id: ${{ steps.find-artifacts.outputs.extensions_artifacts_id }} | |
managers_artifacts_id: ${{ steps.find-artifacts.outputs.managers_artifacts_id }} | |
obr_artifacts_id: ${{ steps.find-artifacts.outputs.obr_artifacts_id }} | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v4 | |
- name: Get last successful workflow run with artifacts for each module | |
id: find-artifacts | |
env: | |
GH_TOKEN: ${{ github.token }} | |
run: | | |
./tools/get-last-successful-workflow-run-for-artifacts.sh --repo ${{ github.repository }} | |
- name: Turn script into an executable | |
working-directory: ./tools | |
run: chmod +x detect-secrets.sh | |
- name: Run the detect secrets script | |
working-directory: ./tools | |
run: ./detect-secrets.sh | |
pr-build-platform: | |
name: Build the 'platform' module | |
needs: [get-changed-modules, find-artifacts] | |
uses: ./.github/workflows/pr-platform.yaml | |
secrets: inherit | |
with: | |
changed: ${{ needs.get-changed-modules.outputs.platform_changed }} | |
pr-build-buildutils: | |
name: Build the 'buildutils' module | |
needs: [get-changed-modules, find-artifacts] | |
uses: ./.github/workflows/pr-buildutils.yaml | |
secrets: inherit | |
with: | |
changed: ${{ needs.get-changed-modules.outputs.buildutils_changed }} | |
pr-build-wrapping: | |
name: Build the 'wrapping' module | |
needs: [get-changed-modules, find-artifacts, pr-build-platform] | |
uses: ./.github/workflows/pr-wrapping.yaml | |
secrets: inherit | |
with: | |
changed: ${{ needs.get-changed-modules.outputs.wrapping_changed }} | |
platform-artifact-id: ${{ needs.find-artifacts.outputs.platform_artifacts_id }} | |
pr-build-gradle: | |
name: Build the 'gradle' module | |
needs: [get-changed-modules, find-artifacts, pr-build-platform] | |
uses: ./.github/workflows/pr-gradle.yaml | |
secrets: inherit | |
with: | |
changed: ${{ needs.get-changed-modules.outputs.gradle_changed }} | |
platform-artifact-id: ${{ needs.find-artifacts.outputs.platform_artifacts_id }} | |
pr-build-maven: | |
name: Build the 'maven' module | |
needs: [get-changed-modules, find-artifacts, pr-build-gradle] | |
uses: ./.github/workflows/pr-maven.yaml | |
secrets: inherit | |
with: | |
changed: ${{ needs.get-changed-modules.outputs.maven_changed }} | |
gradle-artifact-id: ${{ needs.find-artifacts.outputs.gradle_artifacts_id }} | |
pr-build-framework: | |
name: Build the 'framework' module | |
needs: [get-changed-modules, find-artifacts, pr-build-buildutils, pr-build-wrapping, pr-build-maven] | |
uses: ./.github/workflows/pr-framework.yaml | |
secrets: inherit | |
with: | |
changed: ${{ needs.get-changed-modules.outputs.framework_changed }} | |
platform-artifact-id: ${{ needs.find-artifacts.outputs.platform_artifacts_id }} | |
openapi2beans-artifact-id: ${{ needs.find-artifacts.outputs.openapi2beans_artifacts_id }} | |
wrapping-artifact-id: ${{ needs.find-artifacts.outputs.wrapping_artifacts_id }} | |
gradle-artifact-id: ${{ needs.find-artifacts.outputs.gradle_artifacts_id }} | |
maven-artifact-id: ${{ needs.find-artifacts.outputs.maven_artifacts_id }} | |
pr-build-extensions: | |
name: Build the 'extensions' module | |
needs: [get-changed-modules, find-artifacts, pr-build-framework] | |
uses: ./.github/workflows/pr-extensions.yaml | |
secrets: inherit | |
with: | |
changed: ${{ needs.get-changed-modules.outputs.extensions_changed }} | |
platform-artifact-id: ${{ needs.find-artifacts.outputs.platform_artifacts_id }} | |
wrapping-artifact-id: ${{ needs.find-artifacts.outputs.wrapping_artifacts_id }} | |
gradle-artifact-id: ${{ needs.find-artifacts.outputs.gradle_artifacts_id }} | |
maven-artifact-id: ${{ needs.find-artifacts.outputs.maven_artifacts_id }} | |
framework-artifact-id: ${{ needs.find-artifacts.outputs.framework_artifacts_id }} | |
pr-build-managers: | |
name: Build the 'managers' module | |
needs: [get-changed-modules, find-artifacts, pr-build-framework] | |
uses: ./.github/workflows/pr-managers.yaml | |
secrets: inherit | |
with: | |
changed: ${{ needs.get-changed-modules.outputs.managers_changed }} | |
platform-artifact-id: ${{ needs.find-artifacts.outputs.platform_artifacts_id }} | |
wrapping-artifact-id: ${{ needs.find-artifacts.outputs.wrapping_artifacts_id }} | |
gradle-artifact-id: ${{ needs.find-artifacts.outputs.gradle_artifacts_id }} | |
maven-artifact-id: ${{ needs.find-artifacts.outputs.maven_artifacts_id }} | |
framework-artifact-id: ${{ needs.find-artifacts.outputs.framework_artifacts_id }} | |
pr-build-obr: | |
name: Build the 'obr' module | |
needs: [get-changed-modules, find-artifacts, pr-build-extensions, pr-build-managers] | |
uses: ./.github/workflows/pr-obr.yaml | |
secrets: inherit | |
with: | |
changed: ${{ needs.get-changed-modules.outputs.obr_changed }} | |
platform-artifact-id: ${{ needs.find-artifacts.outputs.platform_artifacts_id }} | |
galasabld-artifact-id: ${{ needs.find-artifacts.outputs.galasabld_artifacts_id }} | |
wrapping-artifact-id: ${{ needs.find-artifacts.outputs.wrapping_artifacts_id }} | |
gradle-artifact-id: ${{ needs.find-artifacts.outputs.gradle_artifacts_id }} | |
maven-artifact-id: ${{ needs.find-artifacts.outputs.maven_artifacts_id }} | |
framework-artifact-id: ${{ needs.find-artifacts.outputs.framework_artifacts_id }} | |
extensions-artifact-id: ${{ needs.find-artifacts.outputs.extensions_artifacts_id }} | |
managers-artifact-id: ${{ needs.find-artifacts.outputs.managers_artifacts_id }} | |
# This is required as all previous jobs are optional based on if a module has changed. | |
# This job is set in the branch protection rules as required to merge a Pull Request. | |
end-pull-request-build: | |
name: Pull Request build was successful | |
needs: [pr-build-obr] | |
runs-on: ubuntu-latest | |
steps: | |
- name: End of Pull Request build | |
run: | | |
echo "Pull Request build was successful" |