Skip to content
push-main

feat: refactor gha-workflow-validator validation (#585) #470

Sign in to view logs

feat: refactor gha-workflow-validator validation (#585)

feat: refactor gha-workflow-validator validation (#585) #470

Workflow file for this run

.github/workflows/push-main.yml at 8867f68
name: push-main
on:
push:
branches:
- main
jobs:
ci-lint:
runs-on: ubuntu-latest
steps:
- name: Checkout repo (needed to reference local action)
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: ci-lint
uses: ./actions/ci-lint-ts
with:
# general inputs
checkout-repo: "false"
# grafana inputs
metrics-job-name: ci-lint
gc-basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }}
gc-host: ${{ secrets.GRAFANA_INTERNAL_HOST }}
gc-org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }}
pnpm-version: "^9.0.0"
ci-prettier:
runs-on: ubuntu-latest
steps:
- name: Checkout repo (needed to reference local action)
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: ci-prettier
uses: ./actions/ci-prettier
with:
# general inputs
checkout-repo: "false"
# grafana inputs
metrics-job-name: ci-prettier
gc-basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }}
gc-host: ${{ secrets.GRAFANA_INTERNAL_HOST }}
gc-org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }}
pnpm-version: "^9.0.0"
ci-test:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
actions: read
steps:
- name: Checkout repo (needed to reference local action)
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Get GATI read-only test token
uses: ./actions/setup-github-token
id: setup-github-token
with:
aws-role-arn:
${{ secrets.AWS_OIDC_GLOBAL_READ_ONLY_TOKEN_ISSUER_ROLE_ARN }}
aws-lambda-url: ${{ secrets.AWS_LAMBDA_RELENG_GATI }}
aws-region: ${{ secrets.AWS_REGION }}
- name: ci-test
uses: ./actions/ci-test-ts
with:
# Somewhat of a smell since we expose this token to _all_ tests that this action runs
# But it's read-only. This was added in for the e2e tests inside the go-mod-validator action.
#
# We decided to keep the testing steps all in one place rather than split them out to handle this edge case.
github-token: ${{ steps.setup-github-token.outputs.access-token }}
# general inputs
checkout-repo: "false"
# grafana inputs
metrics-job-name: ci-test
gc-basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }}
gc-host: ${{ secrets.GRAFANA_INTERNAL_HOST }}
gc-org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }}
pnpm-version: "^9.0.0"
cicd-build-publish-artifacts-dev:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: write
packages: write
pull-requests: write
issues: read
actions: read
steps:
- name: Checkout repo (needed to reference local action)
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
- name: cicd-build-publish-artifacts-dev
uses: ./actions/cicd-build-publish-artifacts-ts
with:
# general inputs
checkout-repo: "false"
# grafana inputs
metrics-job-name: cicd-build-publish-artifacts-dev
gc-basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }}
gc-host: ${{ secrets.GRAFANA_INTERNAL_HOST }}
gc-org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }}
pnpm-version: "^9.0.0"
cd-release:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
actions: read
steps:
- name: Checkout repo (needed to reference local action)
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
- name: cd-release
uses: ./actions/cicd-changesets
with:
# general inputs
git-user: app-token-issuer-releng-renovate[bot]
git-email: app-token-issuer-releng-renovate[bot]@users.noreply.github.com
# aws inputs
aws-region: ${{ secrets.AWS_REGION }}
aws-role-arn: ${{ secrets.AWS_OIDC_IAM_ROLE_ARN_GATI }}
aws-lambda-url: ${{ secrets.AWS_LAMBDA_URL_GATI }}
# grafana inputs
metrics-job-name: cd-release
gc-basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }}
gc-host: ${{ secrets.GRAFANA_INTERNAL_HOST }}
gc-org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }}
pnpm-version: "^9.0.0"