feat(env): adds ability to specify the env on root frontend workflow

Author: Ti8m-BigA

.github/examples/frontend_trigger_default_workflow.yml

@@ -1,4 +1,4 @@
-name: "default workflow"
+name: "frontend default workflow"
 
 permissions:
   contents: write
@@ -14,24 +14,46 @@ on:
   merge_group:
     branches: [main, develop]
 jobs:
-  resolve-env:
+  # maps the branch to an environment and sets it as output for the rest of the workflow
+  set-env:
     runs-on: ubuntu-latest
-    environment: ${{ github.ref == 'refs/heads/develop' && 'develop' || 'integration' }}
+    outputs:
+      environment: ${{ steps.map-branch-to-env.outputs.environment }}
+
+    steps:
+      - id: map-branch-to-env
+        shell: bash
+        run: |
+          if [[ "${GITHUB_REF}" == "refs/heads/develop" ]]; then
+            echo "environment=dev" >> "$GITHUB_OUTPUT"
+          elif [[ "${GITHUB_REF}" == "refs/heads/main" ]]; then
+            echo "environment=int" >> "$GITHUB_OUTPUT"
+          else
+            echo "unable to set environment for ref ${GITHUB_REF}"
+          fi
+  # resolves environment specific variables like s3 bucket name or cloudfront distribution id and sets them as output for the rest of the workflow.
+  # this would not be needed if we would use the vars in the called workflows directly without exposing them as inputs (but we want to document needed variables and their purpose in the workflow inputs and not rely on implicit usage of vars in the called workflows)
+  resolve-env-vars:
+    runs-on: ubuntu-latest
+    needs: set-env
+    environment:  ${{ needs.set-env.outputs.environment }}
     outputs:
       frontend_s3_bucket: ${{ steps.out.outputs.frontend_s3_bucket }}
       cloudfront_distribution_id: ${{ steps.out.outputs.cloudfront_distribution_id }}
       aws_region: ${{ steps.out.outputs.aws_region }}
     steps:
       - id: out
         run: |
-          echo "resolving environment specific variables for environment $environment setting outputs for frontend_s3_bucket to ${{ vars.FRONTEND_S3_BUCKET }}"
+          echo "resolving environment specific variables for environment ${{ needs.set-env.outputs.environment }}"
+          echo "frontend_s3_bucket=${{ vars.FRONTEND_S3_BUCKET }}"
           echo "frontend_s3_bucket=${{ vars.FRONTEND_S3_BUCKET }}" >> "$GITHUB_OUTPUT"
+          echo "cloudfront_distribution_id=${{ vars.CLOUDFRONT_DISTRIBUTION_ID }}"
           echo "cloudfront_distribution_id=${{ vars.CLOUDFRONT_DISTRIBUTION_ID }}" >> "$GITHUB_OUTPUT"
 
   frontend-workflow:
     name: '.'
-    uses: ./.github/workflows/frontend_workflow.yml
-    needs: resolve-env
+    uses: blw-ofag-ufag/atlas-code-github-workflows/.github/workflows/frontend_workflow.yml@v1.4.0
+    needs: [set-env, resolve-env-vars]
     secrets:
       GH_ORG_PRIVATE_KEY: ${{ secrets.GH_ORG_PRIVATE_KEY }}
       GH_ORG_GITLEAKS_PRIVATE_KEY: ${{ secrets.GH_ORG_GITLEAKS_PRIVATE_KEY }}
@@ -40,8 +62,9 @@ jobs:
       AWS_OIDC_ROLE_ARN: ${{ secrets.AWS_OIDC_ROLE_ARN }}
       AWS_DEPLOYMENT_ROLE_ARN: ${{ secrets.AWS_DEPLOYMENT_ROLE_ARN }}
     with:
+      environment: ${{ needs.set-env.outputs.environment }}
       app-id: ${{ vars.GH_ORG_APP_ID }}
       gitleaks-app-id: ${{ vars.GH_ORG_GITLEAKS_APP_ID }}
       aws-region: ${{ vars.AWS_REGION }}
-      frontend-s3-bucket: ${{ needs.resolve-env.outputs.frontend_s3_bucket }}
-      cloudfront-distribution-id: ${{ needs.resolve-env.outputs.cloudfront_distribution_id }}
+      frontend-s3-bucket: ${{ needs.resolve-env-vars.outputs.frontend_s3_bucket }}
+      cloudfront-distribution-id: ${{ needs.resolve-env-vars.outputs.cloudfront_distribution_id }}

.github/workflows/frontend_workflow.yml

@@ -1,10 +1,10 @@
 name: "frontend workflow"
 
 permissions:
-    contents: write
-    pull-requests: write
-    id-token: write
-    issues: write
+  contents: write
+  pull-requests: write
+  id-token: write
+  issues: write
 
 on:
   workflow_call:
@@ -29,6 +29,10 @@ on:
         description: "CloudFront distribution ID for cache invalidation"
         required: true
         type: string
+      environment:
+        description: "Deployment environment used to resolve secrets (e.g., dev, int)"
+        required: true
+        type: string
     secrets:
       GH_ORG_PRIVATE_KEY:
         description: "GitHub App private key matching the app-id inputs"
@@ -80,7 +84,7 @@ jobs:
     name: '.'
     if: ${{ github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop') }}
     uses: ./.github/workflows/semantic_release.yml
-    needs: [unit-test-sonarqube, vulnerability-scan]
+    needs: [ unit-test-sonarqube, vulnerability-scan ]
     secrets:
       GH_ORG_PRIVATE_KEY: ${{ secrets.GH_ORG_PRIVATE_KEY }}
     with:
@@ -90,13 +94,13 @@ jobs:
     name: '.'
     if: ${{ github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop') }}
     uses: ./.github/workflows/frontend_build_deploy_s3.yml
-    needs: [semantic-release ]
+    needs: [ semantic-release ]
     secrets:
       AWS_OIDC_ROLE_ARN: ${{ secrets.AWS_OIDC_ROLE_ARN }}
       AWS_DEPLOYMENT_ROLE_ARN: ${{ secrets.AWS_DEPLOYMENT_ROLE_ARN }}
     with:
-      version: ${{ needs.semantic-release.outputs.version }}
-      environment: ${{ github.ref == 'refs/heads/develop' && 'dev' || 'int' }}
+      environment: ${{ inputs.environment }}
+      version: 1.4.0-rc.16
       aws-region: ${{ inputs.aws-region }}
       frontend-s3-bucket: ${{ inputs.frontend-s3-bucket }}
       cloudfront-distribution-id: ${{ inputs.cloudfront-distribution-id }}