Fix: [AEA-4349] - run cfn_guard #3142
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: deploy_pr | |
| on: | |
| pull_request: | |
| branches: [main] | |
| env: | |
| BRANCH_NAME: ${{ github.event.pull_request.head.ref }} | |
| jobs: | |
| quality_checks: | |
| uses: ./.github/workflows/quality_checks.yml | |
| secrets: | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| pr_title_format_check: | |
| uses: ./.github/workflows/pr_title_check.yml | |
| get_issue_number: | |
| runs-on: ubuntu-latest | |
| needs: quality_checks | |
| outputs: | |
| issue_number: ${{steps.get_issue_number.outputs.result}} | |
| steps: | |
| - uses: actions/github-script@v7 | |
| name: get issue number | |
| id: get_issue_number | |
| with: | |
| script: | | |
| if (context.issue.number) { | |
| // Return issue number if present | |
| return context.issue.number; | |
| } else { | |
| // Otherwise return issue number from commit | |
| return ( | |
| await github.rest.repos.listPullRequestsAssociatedWithCommit({ | |
| commit_sha: context.sha, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| }) | |
| ).data[0].number; | |
| } | |
| result-encoding: string | |
| get_commit_id: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| commit_id: ${{ steps.commit_id.outputs.commit_id }} | |
| steps: | |
| - name: Get Commit ID | |
| id: commit_id | |
| run: | | |
| echo "commit_id=${{ github.sha }}" >> "$GITHUB_OUTPUT" | |
| package_code: | |
| needs: get_issue_number | |
| uses: ./.github/workflows/sam_package_code.yml | |
| release_code: | |
| needs: [get_issue_number, package_code, get_commit_id] | |
| uses: ./.github/workflows/sam_release_code.yml | |
| with: | |
| STACK_NAME: pfp-pr-${{needs.get_issue_number.outputs.issue_number}} | |
| ARTIFACT_BUCKET_PREFIX: PR-${{needs.get_issue_number.outputs.issue_number}} | |
| TARGET_ENVIRONMENT: dev-pr | |
| ENABLE_MUTUAL_TLS: false | |
| BUILD_ARTIFACT: packaged_code | |
| TRUSTSTORE_FILE: pfp-truststore.pem | |
| VERSION_NUMBER: PR-${{ needs.get_issue_number.outputs.issue_number }} | |
| COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }} | |
| LOG_LEVEL: DEBUG | |
| LOG_RETENTION_DAYS: 30 | |
| TOGGLE_GET_STATUS_UPDATES: true | |
| secrets: | |
| CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }} | |
| TARGET_SPINE_SERVER: ${{ secrets.DEV_TARGET_SPINE_SERVER }} | |
| TARGET_SERVICE_SEARCH_SERVER: ${{ secrets.DEV_TARGET_SERVICE_SEARCH_SERVER }} | |
| release_code_old: | |
| needs: [get_issue_number, package_code, get_commit_id] | |
| uses: ./.github/workflows/sam_release_code.yml | |
| with: | |
| STACK_NAME: pr-${{needs.get_issue_number.outputs.issue_number}} | |
| ARTIFACT_BUCKET_PREFIX: PR-${{needs.get_issue_number.outputs.issue_number}} | |
| TARGET_ENVIRONMENT: dev-pr | |
| ENABLE_MUTUAL_TLS: false | |
| BUILD_ARTIFACT: packaged_code_old | |
| TRUSTSTORE_FILE: truststore.pem | |
| VERSION_NUMBER: PR-${{ needs.get_issue_number.outputs.issue_number }} | |
| COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }} | |
| LOG_LEVEL: DEBUG | |
| LOG_RETENTION_DAYS: 30 | |
| secrets: | |
| CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }} | |
| TARGET_SPINE_SERVER: ${{ secrets.DEV_TARGET_SPINE_SERVER }} | |
| TARGET_SERVICE_SEARCH_SERVER: ${{ secrets.DEV_TARGET_SERVICE_SEARCH_SERVER }} | |
| release_sandbox_code: | |
| needs: [get_issue_number, package_code, get_commit_id] | |
| uses: ./.github/workflows/sam_release_code.yml | |
| with: | |
| STACK_NAME: pfp-pr-${{needs.get_issue_number.outputs.issue_number}}-sandbox | |
| ARTIFACT_BUCKET_PREFIX: PR-sandbox-${{needs.get_issue_number.outputs.issue_number}} | |
| TARGET_ENVIRONMENT: dev-pr | |
| ENABLE_MUTUAL_TLS: false | |
| BUILD_ARTIFACT: packaged_sandbox_code | |
| TRUSTSTORE_FILE: pfp-sandbox-truststore.pem | |
| VERSION_NUMBER: PR-${{ needs.get_issue_number.outputs.issue_number }} | |
| COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }} | |
| LOG_LEVEL: DEBUG | |
| LOG_RETENTION_DAYS: 30 | |
| DOMAIN_NAME_EXPORT: eps-route53-resources:EPS-domain | |
| ZONE_ID_EXPORT: eps-route53-resources:EPS-ZoneID | |
| secrets: | |
| CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }} | |
| TARGET_SPINE_SERVER: sandbox | |
| TARGET_SERVICE_SEARCH_SERVER: sandbox | |
| release_sandbox_code_old: | |
| needs: [get_issue_number, package_code, get_commit_id] | |
| uses: ./.github/workflows/sam_release_code.yml | |
| with: | |
| STACK_NAME: pr-sandbox-${{needs.get_issue_number.outputs.issue_number}} | |
| ARTIFACT_BUCKET_PREFIX: PR-sandbox-${{needs.get_issue_number.outputs.issue_number}} | |
| TARGET_ENVIRONMENT: dev-pr | |
| ENABLE_MUTUAL_TLS: false | |
| BUILD_ARTIFACT: packaged_sandbox_code_old | |
| TRUSTSTORE_FILE: sandbox-truststore.pem | |
| VERSION_NUMBER: PR-${{ needs.get_issue_number.outputs.issue_number }} | |
| COMMIT_ID: ${{ needs.get_commit_id.outputs.commit_id }} | |
| LOG_LEVEL: DEBUG | |
| LOG_RETENTION_DAYS: 30 | |
| DOMAIN_NAME_EXPORT: route53-resources:domain | |
| ZONE_ID_EXPORT: route53-resources:ZoneID | |
| secrets: | |
| CLOUD_FORMATION_DEPLOY_ROLE: ${{ secrets.DEV_CLOUD_FORMATION_DEPLOY_ROLE }} | |
| TARGET_SPINE_SERVER: sandbox | |
| TARGET_SERVICE_SEARCH_SERVER: sandbox |