-
Notifications
You must be signed in to change notification settings - Fork 467
150 lines (139 loc) · 5.07 KB
/
cicd_3-trunk.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
# Trunk Checks Workflow
#
# This workflow is triggered on pushes to the main branch or manually via workflow_dispatch.
# It orchestrates a comprehensive set of checks, builds, tests, and deployments for the trunk (main) branch.
#
# Key features:
# - Triggered on push to main or manual dispatch
# - Configurable options for reusing previous builds and running all tests
# - Comprehensive checks including build, tests, SonarQube analysis, and CLI artifact building
# - Deployment to the trunk environment
# - Final reporting of the workflow status
name: '-3 Trunk Workflow'
on:
push:
branches:
- main
- master
workflow_dispatch:
inputs:
reuse-previous-build:
description: 'Indicates if the workflow should reuse the previous build'
type: boolean
default: true
build-on-missing-artifacts:
type: boolean
description: 'Indicates if the workflow should build on missing artifacts'
default: false
run-all-tests:
description: 'Run all tests'
type: boolean
default: false
publish-npm-sdk-libs:
description: 'Publish NPM SDKs'
type: boolean
default: false
disable-sonar:
description: 'Disable SonarQube job'
type: boolean
default: false
disable-semgrep:
description: 'Disable Semgrep job'
type: boolean
default: false
jobs:
# Initialize the trunk check process
initialize:
name: Initialize
uses: ./.github/workflows/cicd_comp_initialize-phase.yml
with:
reuse-previous-build: ${{ inputs.reuse-previous-build || github.event_name != 'workflow_dispatch' }}
build-on-missing-artifacts: ${{ inputs.build-on-missing-artifacts || github.event_name != 'workflow_dispatch' }}
validation-level: 'custom'
custom-modules: 'sdk_libs'
# Build job - only runs if no artifacts were found during initialization
build:
name: Trunk Build
needs: [ initialize ]
if: needs.initialize.outputs.found_artifacts == 'false'
uses: ./.github/workflows/cicd_comp_build-phase.yml
permissions:
contents: read
packages: write
# Test job - runs various tests
test:
name: Trunk Test
needs: [ initialize,build ]
if: always() && !failure() && !cancelled()
uses: ./.github/workflows/cicd_comp_test-phase.yml
with:
run-all-tests: ${{ inputs.run-all-tests || false }}
artifact-run-id: ${{ needs.initialize.outputs.artifact-run-id }}
secrets:
DOTCMS_LICENSE: ${{ secrets.DOTCMS_LICENSE }}
permissions:
contents: read
packages: write
# SonarQube analysis job
sonar:
name: Trunk SonarQube
needs: [ initialize, test ]
if: always() && !failure() && !cancelled() && vars.DISABLE_SONAR != 'true'
uses: ./.github/workflows/cicd_comp_sonarqube-phase.yml
with:
artifact-run-id: ${{ needs.initialize.outputs.artifact-run-id }}
secrets:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
semgrep:
name: Trunk Semgrep
needs: [ initialize, test ]
if: always() && !failure() && !cancelled() && vars.DISABLE_SEMGREP != 'true'
uses: ./.github/workflows/cicd_comp_semgrep-phase.yml
with:
artifact-run-id: ${{ needs.initialize.outputs.artifact-run-id }}
secrets:
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
# CLI Build job - builds CLI artifacts
build-cli:
name: CLI Build
needs: [ initialize,test ]
if: always() && !failure() && !cancelled()
uses: ./.github/workflows/cicd_comp_cli-native-build-phase.yml
with:
buildNativeImage: true
artifact-run-id: ${{ needs.initialize.outputs.artifact-run-id }}
branch: ${{ github.ref }}
# Deployment job - deploys to the trunk environment
deployment:
needs: [ initialize,build-cli,sonar,test ]
if: always() && !failure() && !cancelled()
uses: ./.github/workflows/cicd_comp_deployment-phase.yml
with:
artifact-run-id: ${{ needs.initialize.outputs.artifact-run-id }}
publish-npm-sdk-libs: ${{ needs.initialize.outputs.sdk_libs != 'false' && github.event_name != 'workflow_dispatch' }}
environment: trunk
secrets:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
EE_REPO_USERNAME: ${{ secrets.EE_REPO_USERNAME }}
EE_REPO_PASSWORD: ${{ secrets.EE_REPO_PASSWORD }}
NPM_ORG_TOKEN: ${{ secrets.NPM_ORG_TOKEN }}
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
# Finalize job - aggregates results from previous jobs
finalize:
name: Finalize
if: always()
needs: [ initialize, build, build-cli, test, sonar, semgrep, deployment]
uses: ./.github/workflows/cicd_comp_finalize-phase.yml
with:
artifact-run-id: ${{ needs.initialize.outputs.artifact-run-id }}
needsData: ${{ toJson(needs) }}
# Report job - generates and sends the final workflow report
report:
name: Report
if: always()
needs: [ finalize ]
uses: ./.github/workflows/cicd_post-workflow-reporting.yml
secrets:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}