Chore: [AEA-0000] - review security (#296) #262
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: merge to main workflow | ||
| on: | ||
| push: | ||
| branches: [main] | ||
| env: | ||
| BRANCH_NAME: ${{ github.event.ref.BRANCH_NAME }} | ||
| jobs: | ||
| get_asdf_version: | ||
| runs-on: ubuntu-22.04 | ||
| outputs: | ||
| asdf_version: ${{ steps.asdf-version.outputs.version }} | ||
| tag_format: ${{ steps.load-config.outputs.TAG_FORMAT }} | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 | ||
| - name: Get asdf version | ||
| id: asdf-version | ||
| run: echo "version=$(awk '!/^#/ && NF {print $1; exit}' .tool-versions.asdf)" >> "$GITHUB_OUTPUT" | ||
| - name: Load config value | ||
| id: load-config | ||
| run: | | ||
| TAG_FORMAT=$(yq '.TAG_FORMAT' .github/config/settings.yml) | ||
| echo "TAG_FORMAT=$TAG_FORMAT" >> "$GITHUB_OUTPUT" | ||
| quality_checks: | ||
| uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks.yml@a2edde3fb0e9816a25a5ba4923b4d509db83f552 | ||
| needs: [get_asdf_version] | ||
| with: | ||
| asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }} | ||
| secrets: | ||
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | ||
| tag_release: | ||
| needs: [quality_checks, get_asdf_version] | ||
| uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release.yml@a2edde3fb0e9816a25a5ba4923b4d509db83f552 | ||
| with: | ||
| dry_run: true | ||
| asdfVersion: ${{ needs.get_asdf_version.outputs.asdf_version }} | ||
| branch_name: main | ||
| publish_package: false | ||
| tag_format: ${{ needs.get_asdf_version.outputs.tag_format }} | ||
| secrets: inherit | ||
| package_code: | ||
| needs: [tag_release] | ||
| uses: ./.github/workflows/cdk_package_code.yml | ||
| with: | ||
| STACK_NAME: epsam | ||
| VERSION_NUMBER: ${{ needs.tag_release.outputs.version_tag }} | ||
| COMMIT_ID: ${{ github.sha }} | ||
| release_dev: | ||
| needs: [tag_release, package_code] | ||
| uses: ./.github/workflows/release_all_stacks.yml | ||
| with: | ||
| STACK_NAME: epsam | ||
| TARGET_ENVIRONMENT: dev | ||
| VERSION_NUMBER: ${{ needs.tag_release.outputs.version_tag }} | ||
| COMMIT_ID: ${{ github.sha }} | ||
| CDK_APP_NAME: EpsAssistMeApp | ||
| DEPLOY_CODE: true | ||
| LOG_RETENTION_IN_DAYS: 30 | ||
| LOG_LEVEL: "DEBUG" | ||
| CREATE_INT_RELEASE_NOTES: false | ||
| CREATE_PROD_RELEASE_NOTES: false | ||
| MARK_JIRA_RELEASED: false | ||
| CREATE_INT_RC_RELEASE_NOTES: false | ||
| IS_PULL_REQUEST: false | ||
| RUN_REGRESSION_TESTS: true | ||
| secrets: | ||
| CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }} | ||
| CDK_PULL_IMAGE_ROLE: ${{ secrets.DEV_CDK_PULL_IMAGE_ROLE }} | ||
| DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE }} | ||
| INT_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.INT_CLOUD_FORMATION_CHECK_VERSION_ROLE }} | ||
| PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE }} | ||
| DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }} | ||
| REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }} | ||
| SLACK_BOT_TOKEN: ${{ secrets.DEV_SLACK_BOT_TOKEN }} | ||
| SLACK_SIGNING_SECRET: ${{ secrets.DEV_SLACK_SIGNING_SECRET }} | ||
| release_qa: | ||
| needs: [tag_release, package_code, release_dev] | ||
| uses: ./.github/workflows/release_all_stacks.yml | ||
| with: | ||
| STACK_NAME: epsam | ||
| TARGET_ENVIRONMENT: qa | ||
| VERSION_NUMBER: ${{ needs.tag_release.outputs.version_tag }} | ||
| COMMIT_ID: ${{ github.sha }} | ||
| CDK_APP_NAME: EpsAssistMeApp | ||
| DEPLOY_CODE: true | ||
| LOG_RETENTION_IN_DAYS: 30 | ||
| LOG_LEVEL: "DEBUG" | ||
| CREATE_INT_RELEASE_NOTES: false | ||
| CREATE_PROD_RELEASE_NOTES: false | ||
| MARK_JIRA_RELEASED: false | ||
| CREATE_INT_RC_RELEASE_NOTES: false | ||
| IS_PULL_REQUEST: false | ||
| RUN_REGRESSION_TESTS: true | ||
| secrets: | ||
| CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.QA_CLOUD_FORMATION_DEPLOY_ROLE }} | ||
| CDK_PULL_IMAGE_ROLE: ${{ secrets.QA_CDK_PULL_IMAGE_ROLE }} | ||
| DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_CHECK_VERSION_ROLE }} | ||
| INT_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.INT_CLOUD_FORMATION_CHECK_VERSION_ROLE }} | ||
| PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE: ${{ secrets.PROD_CLOUD_FORMATION_CHECK_VERSION_ROLE }} | ||
| DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_EXECUTE_LAMBDA_ROLE }} | ||
| REGRESSION_TESTS_PEM: ${{ secrets.REGRESSION_TESTS_PEM }} | ||
| SLACK_BOT_TOKEN: ${{ secrets.QA_SLACK_BOT_TOKEN }} | ||
| SLACK_SIGNING_SECRET: ${{ secrets.QA_SLACK_SIGNING_SECRET }} | ||
