3:52 #615
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | |
| on: | |
| #push: | |
| # branches: | |
| # - main | |
| # - "*" | |
| pull_request: | |
| types: [opened, ready_for_review, synchronize, closed] | |
| pull_request_review: | |
| types: [submitted] | |
| permissions: | |
| contents: write # This is required for actions/checkout | |
| pull-requests: write | |
| id-token: write # This is required requesting the JWT | |
| jobs: | |
| auto_assign: | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'pull_request' && github.event.action != 'closed' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: configure aws credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::677043464939:role/GitHubAction-AssumeRoleWithAction | |
| role-session-name: GitHub_to_AWS_via_FederatedOIDC | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| # Hello from AWS: WhoAmI | |
| - name: Sts GetCallerIdentity | |
| run: | | |
| aws sts get-caller-identity | |
| - name: Print repo structure | |
| run: | | |
| pwd | |
| ls -al | |
| ls -al .github || echo ".github directory does not exist" | |
| cat .github/auto_assign.yml || echo "No .github/auto_assign.yml found" | |
| - name: Print working directory and files | |
| run: | | |
| pwd | |
| ls -al .github | |
| cat .github/auto_assign.yml || echo "No auto_assign.yml found" | |
| - name: Assign assignee via GitHub API | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| curl -X POST \ | |
| -H "Authorization: token $GITHUB_TOKEN" \ | |
| -H "Accept: application/vnd.github+json" \ | |
| https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/assignees \ | |
| -d "{\"assignees\":[\"${{ github.actor }}\"]}" | |
| # Add a comment with the S3 preview link | |
| PR_NUMBER=${{ github.event.pull_request.number }} | |
| COMMENT="Please review the changes at the following site: http://${{ secrets.S3_BUCKET_NAME }}/mergeRequest/${PR_NUMBER}/index.html" | |
| curl -X POST \ | |
| -H "Authorization: token $GITHUB_TOKEN" \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -d "{\"body\": \"$COMMENT\"}" \ | |
| https://api.github.com/repos/${{ github.repository }}/issues/${PR_NUMBER}/comments | |
| - name: Assign team reviewer via GitHub API | |
| env: | |
| ORG_PAT: ${{ secrets.ORG_PAT }} | |
| run: | | |
| curl -X POST \ | |
| -H "Authorization: token $ORG_PAT" \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -H "Content-Type: application/json" \ | |
| -d '{"team_reviewers":["ai4sdlc-reviewers"]}' \ | |
| https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/requested_reviewers | |
| # notify final reviewers | |
| notify_final_reviewer: | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'pull_request_review' && github.event.review.state == 'approved' | |
| steps: | |
| - name: Notify final reviewer team | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| ORG_PAT: ${{ secrets.ORG_PAT }} # PAT with repo + read:org for team review request | |
| run: | | |
| PR_NUMBER=${{ github.event.pull_request.number }} | |
| REVIEWER=${{ github.event.review.user.login }} | |
| TEAM_HANDLE="@${{ github.repository_owner }}/ai4sdlc-approval" | |
| #COMMENT="$TEAM_HANDLE PR #$PR_NUMBER has a new review comment from @$REVIEWER and is ready for final review." | |
| COMMENT="$TEAM_HANDLE PR #$PR_NUMBER has a new review comment from @$REVIEWER and is ready for final review. Please review the changes at the following site: http://${{ secrets.S3_BUCKET_NAME }}/mergeRequest/${PR_NUMBER}/index.html" | |
| curl -X POST \ | |
| -H "Authorization: token $GITHUB_TOKEN" \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -H "Content-Type: application/json" \ | |
| -d "{\"body\": \"$COMMENT\"}" \ | |
| https://api.github.com/repos/${{ github.repository }}/issues/$PR_NUMBER/comments | |
| # 2) Request review from the approval team | |
| curl -X POST \ | |
| -H "Authorization: token $ORG_PAT" \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -H "Content-Type: application/json" \ | |
| -d "{\"team_reviewers\":[\"ai4sdlc-approval\"]}" \ | |
| https://api.github.com/repos/${{ github.repository }}/pulls/$PR_NUMBER/requested_reviewers -v | |
| # Build stage - converting md file to html using MkDocs | |
| convert_md_to_html: | |
| runs-on: ubuntu-latest | |
| #if: github.ref != 'refs/heads/main' # Run for non-main branches | |
| if: github.event_name == 'pull_request' && | |
| github.event.action != 'closed' && | |
| github.event.pull_request.base.ref == 'main' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: 3.12 | |
| - name: Install MkDocs and dependencies | |
| run: | | |
| pip install mkdocs mkdocs-material | |
| - name: Build project with MkDocs | |
| run: | | |
| echo "Building your project..." | |
| mkdocs build | |
| echo "pwd in build project with MKDocs" | |
| pwd | |
| - name: Debug MkDocs Build Output | |
| run: | | |
| echo "Contents of site directory:" | |
| ls -l site | |
| - name: Save artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: site | |
| path: site | |
| # Deployment to test folder in S3 bucket | |
| deploy_to_test: | |
| needs: convert_md_to_html | |
| runs-on: ubuntu-latest | |
| #if: github.event_name == 'pull_request' && github.ref != 'refs/heads/main' # Run for non-main branches | |
| if: github.event_name == 'pull_request' && | |
| github.event.action != 'closed' && | |
| github.event.pull_request.base.ref == 'main' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: site | |
| path: site | |
| - name: configure aws credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| role-to-assume: arn:aws:iam::677043464939:role/GitHubAction-AssumeRoleWithAction | |
| role-session-name: GitHub_to_AWS_via_FederatedOIDC | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| - name: Deploy to Test Environment | |
| env: | |
| S3_BUCKET_NAME: ${{ secrets.S3_BUCKET_NAME }} | |
| PR_NUMBER: ${{ github.event.pull_request.number }} | |
| #GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| #PR_API_URL="https://api.github.com/repos/${GITHUB_REPOSITORY}/commits/${GITHUB_SHA}/pulls" | |
| #PR_NUMBER=$(curl -s -H "Accept: application/vnd.github.groot-preview+json" \ | |
| # -H "Authorization: Bearer $GITHUB_TOKEN" \ | |
| # $PR_API_URL | jq '.[0].number') | |
| echo "pr_number while deploying =$PR_NUMBER" | |
| pwd | |
| aws s3 ls | |
| aws s3 sync site/ s3://$S3_BUCKET_NAME/test | |
| aws s3 sync site/ s3://$S3_BUCKET_NAME/mergeRequest/$PR_NUMBER | |
| # Deployment to production folder in S3 bucket | |
| deploy_to_production: | |
| runs-on: ubuntu-latest | |
| #if: github.ref == 'refs/heads/main' # Run for main branch | |
| if: github.event_name == 'pull_request' && | |
| github.event.action == 'closed' && | |
| github.event.pull_request.merged == true && | |
| github.event.pull_request.base.ref == 'main' | |
| steps: | |
| - name: configure aws credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| role-to-assume: arn:aws:iam::677043464939:role/GitHubAction-AssumeRoleWithAction | |
| role-session-name: GitHub_to_AWS_via_FederatedOIDC | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| #- name: Get PR number from GitHub API | |
| # id: pr | |
| # run: | | |
| # echo "Before pr_number=$PR_NUMBER" | |
| # PR_API_URL="https://api.github.com/repos/${GITHUB_REPOSITORY}/commits/${GITHUB_SHA}/pulls" | |
| # PR_NUMBER=$(curl -s -H "Accept: application/vnd.github.groot-preview+json" \ | |
| # -H "Authorization: Bearer $GITHUB_TOKEN" \ | |
| # $PR_API_URL | jq '.[0].number') | |
| # echo "after pr_number=$PR_NUMBER" | |
| # env: | |
| # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Deploy to Production Environment | |
| env: | |
| S3_BUCKET_NAME: ${{ secrets.S3_BUCKET_NAME }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| PR_NUMBER: ${{ github.event.pull_request.number }} | |
| run: | | |
| echo "inside pr_number=$PR_NUMBER" | |
| echo "Before pr_number=$PR_NUMBER" | |
| #PR_NUMBER=${{ github.event.pull_request.number }} | |
| echo "USING PR_NUMBER =$PR_NUMBER" | |
| #PR_API_URL="https://api.github.com/repos/${GITHUB_REPOSITORY}/commits/${GITHUB_SHA}/pulls" | |
| #PR_NUMBER=$(curl -s -H "Accept: application/vnd.github.groot-preview+json" \ | |
| # -H "Authorization: Bearer $GITHUB_TOKEN" \ | |
| # $PR_API_URL | jq '.[0].number') | |
| echo "after pr_number=$PR_NUMBER" | |
| aws s3 sync s3://$S3_BUCKET_NAME/mergeRequest/$PR_NUMBER s3://$S3_BUCKET_NAME/production/ | |
| echo "deploy complete to production !!!" | |
| # Delete contents of the pr folder | |
| aws s3 rm s3://$S3_BUCKET_NAME/mergeRequest/$PR_NUMBER --recursive | |
| echo "PR folder deleted successfully !!!" | |
| ### | |
| # Build stage - converting md file to html using MkDocs | |
| deploy_to_page : | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'pull_request' && | |
| github.event.action == 'closed' && | |
| github.event.pull_request.merged == true && | |
| github.event.pull_request.base.ref == 'main' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: 3.9 | |
| - name: Install MkDocs and dependencies | |
| run: | | |
| pip install mkdocs mkdocs-material | |
| - name: Build project with MkDocs | |
| run: | | |
| echo "Building your project..." | |
| mkdocs build | |
| echo "pwd in build project with MKDocs" | |
| - name: Add .nojekyll | |
| run: touch site/.nojekyll | |
| - name: Deploy to GitHub Pages | |
| uses: peaceiris/actions-gh-pages@v4 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| publish_dir: ./site | |
| ### | |