Skip to content

Added detect-secrets to workflow #175

Added detect-secrets to workflow

Added detect-secrets to workflow #175

#
# Copyright contributors to the Galasa project
#
# SPDX-License-Identifier: EPL-2.0
#
name: Pull Request Build Orchestrator
on:
pull_request:
branches: [main]
jobs:
# Get modules that were changed as part of this Pull Request,
# set that as an output of this job to be passed to the next job.
get-changed-modules:
name: Get the modules changed in this Pull Request
runs-on: ubuntu-latest
outputs:
platform_changed: ${{ steps.get-changed-modules.outputs.PLATFORM_CHANGED }}
buildutils_changed: ${{ steps.get-changed-modules.outputs.BUILDUTILS_CHANGED }}
wrapping_changed: ${{ steps.get-changed-modules.outputs.WRAPPING_CHANGED }}
gradle_changed: ${{ steps.get-changed-modules.outputs.GRADLE_CHANGED }}
maven_changed: ${{ steps.get-changed-modules.outputs.MAVEN_CHANGED }}
framework_changed: ${{ steps.get-changed-modules.outputs.FRAMEWORK_CHANGED }}
extensions_changed: ${{ steps.get-changed-modules.outputs.EXTENSIONS_CHANGED }}
managers_changed: ${{ steps.get-changed-modules.outputs.MANAGERS_CHANGED }}
obr_changed: ${{ steps.get-changed-modules.outputs.OBR_CHANGED }}
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Get the modules changed in this Pull Request
id: get-changed-modules
env:
GH_TOKEN: ${{ github.token }}
run: |
./tools/get-changed-modules-pull-request.sh --pr-number ${{ github.event.number }}
find-artifacts:
name: Get Workflow Run IDs with artifacts to download for each module
runs-on: ubuntu-latest
outputs:
platform_artifacts_id: ${{ steps.find-artifacts.outputs.platform_artifacts_id }}
galasabld_artifacts_id: ${{ steps.find-artifacts.outputs.galasabld_artifacts_id }}
openapi2beans_artifacts_id: ${{ steps.find-artifacts.outputs.openapi2beans_artifacts_id }}
wrapping_artifacts_id: ${{ steps.find-artifacts.outputs.wrapping_artifacts_id }}
gradle_artifacts_id: ${{ steps.find-artifacts.outputs.gradle_artifacts_id }}
maven_artifacts_id: ${{ steps.find-artifacts.outputs.maven_artifacts_id }}
framework_artifacts_id: ${{ steps.find-artifacts.outputs.framework_artifacts_id }}
extensions_artifacts_id: ${{ steps.find-artifacts.outputs.extensions_artifacts_id }}
managers_artifacts_id: ${{ steps.find-artifacts.outputs.managers_artifacts_id }}
obr_artifacts_id: ${{ steps.find-artifacts.outputs.obr_artifacts_id }}
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Get last successful workflow run with artifacts for each module
id: find-artifacts
env:
GH_TOKEN: ${{ github.token }}
run: |
./tools/get-last-successful-workflow-run-for-artifacts.sh --repo ${{ github.repository }}
- name: Turn script into an executable
working-directory: ./tools
run: chmod +x detect-secrets.sh
- name: Run the detect secrets script
working-directory: ./tools
run: ./detect-secrets.sh
pr-build-platform:
name: Build the 'platform' module
needs: [get-changed-modules, find-artifacts]
uses: ./.github/workflows/pr-platform.yaml
secrets: inherit
with:
changed: ${{ needs.get-changed-modules.outputs.platform_changed }}
pr-build-buildutils:
name: Build the 'buildutils' module
needs: [get-changed-modules, find-artifacts]
uses: ./.github/workflows/pr-buildutils.yaml
secrets: inherit
with:
changed: ${{ needs.get-changed-modules.outputs.buildutils_changed }}
pr-build-wrapping:
name: Build the 'wrapping' module
needs: [get-changed-modules, find-artifacts, pr-build-platform]
uses: ./.github/workflows/pr-wrapping.yaml
secrets: inherit
with:
changed: ${{ needs.get-changed-modules.outputs.wrapping_changed }}
platform-artifact-id: ${{ needs.find-artifacts.outputs.platform_artifacts_id }}
pr-build-gradle:
name: Build the 'gradle' module
needs: [get-changed-modules, find-artifacts, pr-build-platform]
uses: ./.github/workflows/pr-gradle.yaml
secrets: inherit
with:
changed: ${{ needs.get-changed-modules.outputs.gradle_changed }}
platform-artifact-id: ${{ needs.find-artifacts.outputs.platform_artifacts_id }}
pr-build-maven:
name: Build the 'maven' module
needs: [get-changed-modules, find-artifacts, pr-build-gradle]
uses: ./.github/workflows/pr-maven.yaml
secrets: inherit
with:
changed: ${{ needs.get-changed-modules.outputs.maven_changed }}
gradle-artifact-id: ${{ needs.find-artifacts.outputs.gradle_artifacts_id }}
pr-build-framework:
name: Build the 'framework' module
needs: [get-changed-modules, find-artifacts, pr-build-buildutils, pr-build-wrapping, pr-build-maven]
uses: ./.github/workflows/pr-framework.yaml
secrets: inherit
with:
changed: ${{ needs.get-changed-modules.outputs.framework_changed }}
platform-artifact-id: ${{ needs.find-artifacts.outputs.platform_artifacts_id }}
openapi2beans-artifact-id: ${{ needs.find-artifacts.outputs.openapi2beans_artifacts_id }}
wrapping-artifact-id: ${{ needs.find-artifacts.outputs.wrapping_artifacts_id }}
gradle-artifact-id: ${{ needs.find-artifacts.outputs.gradle_artifacts_id }}
maven-artifact-id: ${{ needs.find-artifacts.outputs.maven_artifacts_id }}
pr-build-extensions:
name: Build the 'extensions' module
needs: [get-changed-modules, find-artifacts, pr-build-framework]
uses: ./.github/workflows/pr-extensions.yaml
secrets: inherit
with:
changed: ${{ needs.get-changed-modules.outputs.extensions_changed }}
platform-artifact-id: ${{ needs.find-artifacts.outputs.platform_artifacts_id }}
wrapping-artifact-id: ${{ needs.find-artifacts.outputs.wrapping_artifacts_id }}
gradle-artifact-id: ${{ needs.find-artifacts.outputs.gradle_artifacts_id }}
maven-artifact-id: ${{ needs.find-artifacts.outputs.maven_artifacts_id }}
framework-artifact-id: ${{ needs.find-artifacts.outputs.framework_artifacts_id }}
pr-build-managers:
name: Build the 'managers' module
needs: [get-changed-modules, find-artifacts, pr-build-framework]
uses: ./.github/workflows/pr-managers.yaml
secrets: inherit
with:
changed: ${{ needs.get-changed-modules.outputs.managers_changed }}
platform-artifact-id: ${{ needs.find-artifacts.outputs.platform_artifacts_id }}
wrapping-artifact-id: ${{ needs.find-artifacts.outputs.wrapping_artifacts_id }}
gradle-artifact-id: ${{ needs.find-artifacts.outputs.gradle_artifacts_id }}
maven-artifact-id: ${{ needs.find-artifacts.outputs.maven_artifacts_id }}
framework-artifact-id: ${{ needs.find-artifacts.outputs.framework_artifacts_id }}
pr-build-obr:
name: Build the 'obr' module
needs: [get-changed-modules, find-artifacts, pr-build-extensions, pr-build-managers]
uses: ./.github/workflows/pr-obr.yaml
secrets: inherit
with:
changed: ${{ needs.get-changed-modules.outputs.obr_changed }}
platform-artifact-id: ${{ needs.find-artifacts.outputs.platform_artifacts_id }}
galasabld-artifact-id: ${{ needs.find-artifacts.outputs.galasabld_artifacts_id }}
wrapping-artifact-id: ${{ needs.find-artifacts.outputs.wrapping_artifacts_id }}
gradle-artifact-id: ${{ needs.find-artifacts.outputs.gradle_artifacts_id }}
maven-artifact-id: ${{ needs.find-artifacts.outputs.maven_artifacts_id }}
framework-artifact-id: ${{ needs.find-artifacts.outputs.framework_artifacts_id }}
extensions-artifact-id: ${{ needs.find-artifacts.outputs.extensions_artifacts_id }}
managers-artifact-id: ${{ needs.find-artifacts.outputs.managers_artifacts_id }}
# This is required as all previous jobs are optional based on if a module has changed.
# This job is set in the branch protection rules as required to merge a Pull Request.
end-pull-request-build:
name: Pull Request build was successful
needs: [pr-build-obr]
runs-on: ubuntu-latest
steps:
- name: End of Pull Request build
run: |
echo "Pull Request build was successful"