updated deployment workflow + dummy code change #295
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| branches: [main] | |
| permissions: | |
| id-token: write # Required for requesting the JWT | |
| contents: read # Required for actions/checkout | |
| packages: write # Required for publishing packages/images to gcr | |
| pull-requests: write # Allows the workflow to comment on PRs | |
| jobs: | |
| check-changes: | |
| name: Check Changes | |
| runs-on: ubuntu-latest | |
| outputs: | |
| terraform_changed: ${{ steps.check.outputs.terraform_changed }} | |
| code_changed: ${{ steps.check.outputs.code_changed }} | |
| devcontainer_changed: ${{ steps.check.outputs.devcontainer_changed }} | |
| steps: | |
| - name: Check-out Code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Ensure full checkout | |
| - name: Check for Terraform & Code Changes | |
| id: check | |
| run: | | |
| echo "Processing Pull Request" | |
| BASE_SHA=${{ github.event.pull_request.base.sha }} | |
| HEAD_SHA=${{ github.event.pull_request.head.sha }} | |
| git diff --name-only $BASE_SHA $HEAD_SHA > changed_files.txt | |
| echo $'\nChanged files:' | |
| cat changed_files.txt | |
| echo $'\nChecking for Terraform changes...' | |
| if grep "^infra/terraform/" changed_files.txt | grep -qv "\.md$"; then | |
| echo "terraform_changed=true" >> $GITHUB_OUTPUT | |
| echo "Matching Terraform files:" | |
| grep "^infra/terraform/" changed_files.txt | grep -v "\.md$" | |
| else | |
| echo "terraform_changed=false" >> $GITHUB_OUTPUT | |
| echo "No matching Terraform files" | |
| fi | |
| echo $'\nChecking for Code changes...' | |
| if grep -qE "^(services|packages)/.*\.(py|toml|ya?ml|lock)$" changed_files.txt; then | |
| echo "code_changed=true" >> $GITHUB_OUTPUT | |
| echo "Matching Code files:" | |
| grep -E "^services/|^packages/" changed_files.txt | |
| else | |
| echo "code_changed=false" >> $GITHUB_OUTPUT | |
| echo "No matching Code files" | |
| fi | |
| echo $'\nChecking for Devcontainer changes...' | |
| if grep -qE "^.devcontainer/" changed_files.txt; then | |
| echo "devcontainer_changed=true" >> $GITHUB_OUTPUT | |
| echo "Matching Code files:" | |
| grep -E "^.devcontainer/" changed_files.txt | |
| else | |
| echo "devcontainer_changed=false" >> $GITHUB_OUTPUT | |
| echo "No matching Devcontainer files" | |
| fi | |
| - name: Display check-changes Output | |
| run: | | |
| echo "Terraform changed: ${{ steps.check.outputs.terraform_changed }}" | |
| echo "Code changed: ${{ steps.check.outputs.code_changed }}" | |
| echo "Devcontainer changed: ${{ steps.check.outputs.devcontainer_changed }}" | |
| # The reusable workflow checks if devcontainer file has changed or not, since this is a required job by code-validation which is a required PR check | |
| pre-build-devcontainer: | |
| name: Pre-build Devcontainer | |
| needs: [check-changes] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| if: needs.check-changes.outputs.devcontainer_changed == 'true' | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| if: needs.check-changes.outputs.devcontainer_changed == 'true' | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to GitHub Container Registry | |
| if: needs.check-changes.outputs.devcontainer_changed == 'true' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set-up Devcontainer Environment Variables | |
| if: needs.check-changes.outputs.devcontainer_changed == 'true' | |
| run: | | |
| echo "PWD=${GITHUB_WORKSPACE}" >> $GITHUB_ENV | |
| cp .devcontainer/.env.ci .devcontainer/.env | |
| echo ".devcontainer/.env:" | |
| cat .devcontainer/.env | |
| - name: Pre-build Devcontainer | |
| if: needs.check-changes.outputs.devcontainer_changed == 'true' | |
| uses: devcontainers/[email protected] | |
| with: | |
| imageName: ghcr.io/limorl/monorepo-python-sample-devcontainer | |
| cacheFrom: ghcr.io/limorl/monorepo-python-sample-devcontainer | |
| push: always | |
| # we're checking if code changed in each step and not in job level since validation code checks are required to pass before merging to main | |
| code-validation: | |
| name: Validate Code | |
| needs: [check-changes, pre-build-devcontainer] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check-out Code | |
| if: needs.check-changes.outputs.code_changed == 'true' | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to GitHub Container Registry | |
| if: needs.check-changes.outputs.code_changed == 'true' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set-up Devcontainer Environment Variables | |
| if: needs.check-changes.outputs.code_changed == 'true' | |
| run: | | |
| echo "PWD=${GITHUB_WORKSPACE}" >> $GITHUB_ENV | |
| cp .devcontainer/.env.ci .devcontainer/.env | |
| echo ".devcontainer/.env:" | |
| cat .devcontainer/.env | |
| - name: Run Code Validation in Devcontainer | |
| if: needs.check-changes.outputs.code_changed == 'true' | |
| uses: devcontainers/[email protected] | |
| with: | |
| cacheFrom: ghcr.io/limorl/monorepo-python-sample-devcontainer | |
| push: never | |
| runCmd: | | |
| set -e | |
| echo "Running detect-secrets..." | |
| poetry run pre-commit run detect-secrets --all-files | |
| echo "Running ruff..." | |
| poetry run pre-commit run ruff --all-files --hook-stage push | |
| echo "Running flake8..." | |
| poetry run pre-commit run flake8 --all-files --hook-stage push | |
| echo "Running codespell..." | |
| poetry run pre-commit run codespell --all-files --hook-stage push | |
| echo "Running pytest (unit tests)..." | |
| poetry run pytest -m "not integration and not e2e" | |
| echo "All code validation checks completed!" | |
| # The reusable workflow checks if terraform file has changed or not, since this is a required status check in the CI | |
| terraform-plan: | |
| name: Terraform Plan | |
| needs: [check-changes] | |
| strategy: | |
| matrix: | |
| environment: [dev, staging] | |
| uses: ./.github/workflows/terraform-plan-reusable.yml | |
| with: | |
| environment: ${{ matrix.environment }} | |
| terraform_changed: ${{ needs.check-changes.outputs.terraform_changed }} |