add openScienceTeamMember to validate compliance reviewer permissions… #2440
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Pipeline development and production | |
on: | |
push: | |
branches: | |
- master | |
workflow_dispatch: | |
jobs: | |
test: | |
uses: ./.github/workflows/reusable-test.yml | |
with: | |
environment-name: Development | |
secrets: | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
CONTENTFUL_MANAGEMENT_TOKEN: ${{ secrets.CONTENTFUL_MANAGEMENT_TOKEN }} | |
CRN_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.CRN_INTEGRATION_TESTS_ACCESS_TOKEN }} | |
CRN_CONTENTFUL_PREVIEW_ACCESS_TOKEN: ${{ secrets.CRN_INTEGRATION_TESTS_PREVIEW_ACCESS_TOKEN }} | |
build-images: | |
uses: ./.github/workflows/reusable-build-images.yml | |
build-development: | |
uses: ./.github/workflows/reusable-build.yml | |
with: | |
environment-name: Development | |
crn-contentful-env: Development | |
gp2-contentful-env: Development | |
secrets: | |
ACTIVE_CAMPAIGN_TOKEN: ${{ secrets.ACTIVE_CAMPAIGN_TOKEN }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
CONTENTFUL_MANAGEMENT_TOKEN: ${{ secrets.CONTENTFUL_MANAGEMENT_TOKEN }} | |
CRN_AUTH0_SHARED_SECRET: ${{ secrets.CRN_AUTH0_SHARED_SECRET }} | |
CRN_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.CRN_CONTENTFUL_ACCESS_TOKEN }} | |
CRN_CONTENTFUL_PREVIEW_ACCESS_TOKEN: ${{ secrets.CRN_CONTENTFUL_PREVIEW_ACCESS_TOKEN }} | |
CRN_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN: ${{ secrets.CRN_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN }} | |
CRN_OPENAI_API_KEY: ${{ secrets.CRN_OPENAI_API_KEY }} | |
GP2_AUTH0_SHARED_SECRET: ${{ secrets.GP2_AUTH0_SHARED_SECRET }} | |
GP2_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.GP2_CONTENTFUL_ACCESS_TOKEN }} | |
GP2_CONTENTFUL_PREVIEW_ACCESS_TOKEN: ${{ secrets.GP2_CONTENTFUL_PREVIEW_ACCESS_TOKEN }} | |
GP2_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN: ${{ secrets.GP2_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN }} | |
GP2_OPENAI_API_KEY: ${{ secrets.GP2_OPENAI_API_KEY }} | |
SLACK_WEBHOOK: 'n-a' | |
build-analysis-development: | |
needs: [build-development] | |
uses: ./.github/workflows/reusable-build-analysis.yml | |
with: | |
environment-name: Development | |
secrets: | |
BUNDLEWATCH_GITHUB_TOKEN: ${{ secrets.BUNDLEWATCH_GITHUB_TOKEN }} | |
build-production: | |
uses: ./.github/workflows/reusable-build.yml | |
with: | |
environment-name: Production | |
crn-contentful-env: Production | |
gp2-contentful-env: Production | |
secrets: | |
ACTIVE_CAMPAIGN_TOKEN: ${{ secrets.ACTIVE_CAMPAIGN_TOKEN }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
CONTENTFUL_MANAGEMENT_TOKEN: ${{ secrets.CONTENTFUL_MANAGEMENT_TOKEN}} | |
CRN_AUTH0_SHARED_SECRET: ${{ secrets.CRN_AUTH0_SHARED_SECRET }} | |
CRN_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.CRN_CONTENTFUL_ACCESS_TOKEN }} | |
CRN_CONTENTFUL_PREVIEW_ACCESS_TOKEN: ${{ secrets.CRN_CONTENTFUL_PREVIEW_ACCESS_TOKEN }} | |
CRN_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN: ${{ secrets.CRN_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN }} | |
CRN_OPENAI_API_KEY: ${{ secrets.CRN_OPENAI_API_KEY }} | |
GP2_AUTH0_SHARED_SECRET: ${{ secrets.GP2_AUTH0_SHARED_SECRET }} | |
GP2_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.GP2_CONTENTFUL_ACCESS_TOKEN }} | |
GP2_CONTENTFUL_PREVIEW_ACCESS_TOKEN: ${{ secrets.GP2_CONTENTFUL_PREVIEW_ACCESS_TOKEN }} | |
GP2_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN: ${{ secrets.GP2_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN }} | |
GP2_OPENAI_API_KEY: ${{ secrets.GP2_OPENAI_API_KEY }} | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
build-analysis-production: | |
needs: [build-production] | |
uses: ./.github/workflows/reusable-build-analysis.yml | |
with: | |
environment-name: Production | |
secrets: | |
BUNDLEWATCH_GITHUB_TOKEN: ${{ secrets.BUNDLEWATCH_GITHUB_TOKEN }} | |
deployment-development: | |
needs: [test, build-analysis-development] | |
uses: ./.github/workflows/reusable-deployment.yml | |
with: | |
environment-name: Development | |
crn-contentful-env: Development | |
gp2-contentful-env: Development | |
secrets: | |
ACTIVE_CAMPAIGN_TOKEN: ${{ secrets.ACTIVE_CAMPAIGN_TOKEN }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
CONTENTFUL_MANAGEMENT_TOKEN: ${{ secrets.CONTENTFUL_MANAGEMENT_TOKEN }} | |
CRN_CONTENTFUL_PREVIEW_ACCESS_TOKEN: ${{ secrets.CRN_CONTENTFUL_PREVIEW_ACCESS_TOKEN }} | |
CRN_AUTH0_SHARED_SECRET: ${{ secrets.CRN_AUTH0_SHARED_SECRET }} | |
CRN_CI_AUTH0_CLIENT_SECRET: ${{ secrets.CRN_CI_AUTH0_CLIENT_SECRET }} | |
CRN_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.CRN_CONTENTFUL_ACCESS_TOKEN }} | |
CRN_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN: ${{ secrets.CRN_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN }} | |
CRN_OPENAI_API_KEY: ${{ secrets.CRN_OPENAI_API_KEY }} | |
GP2_AUTH0_SHARED_SECRET: ${{ secrets.GP2_AUTH0_SHARED_SECRET }} | |
GP2_CI_AUTH0_CLIENT_SECRET: ${{ secrets.GP2_CI_AUTH0_CLIENT_SECRET }} | |
GP2_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.GP2_CONTENTFUL_ACCESS_TOKEN }} | |
GP2_CONTENTFUL_PREVIEW_ACCESS_TOKEN: ${{ secrets.GP2_CONTENTFUL_PREVIEW_ACCESS_TOKEN }} | |
GP2_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN: ${{ secrets.GP2_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN }} | |
GP2_OPENAI_API_KEY: ${{ secrets.GP2_OPENAI_API_KEY }} | |
SLACK_WEBHOOK: 'n-a' | |
crn-contentful-migrate-empty: | |
needs: [deployment-development] | |
runs-on: ubuntu-latest | |
container: | |
image: ghcr.io/yldio/asap-hub/node-python-sq:7b77d99657ab3718ed548ba366ffbcbb15315fd8 | |
credentials: | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Setup | |
id: setup | |
uses: ./.github/actions/setup-environment | |
with: | |
environment-name: Development | |
- name: Run Contentful migrations | |
run: | | |
yarn contentful:migration:run:crn | |
env: | |
CONTENTFUL_ENV_ID: Empty | |
CONTENTFUL_MANAGEMENT_ACCESS_TOKEN: ${{ secrets.CONTENTFUL_MANAGEMENT_TOKEN }} | |
CONTENTFUL_SPACE_ID: ${{ steps.setup.outputs.crn-contentful-space-id }} | |
algolia-sync-development-crn: | |
needs: [deployment-development] | |
uses: ./.github/workflows/reusable-crn-algolia-sync.yml | |
with: | |
environment-name: Development | |
contentful-environment-id: Development | |
entity: all | |
secrets: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
CRN_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.CRN_CONTENTFUL_ACCESS_TOKEN }} | |
CONTENTFUL_MANAGEMENT_TOKEN: ${{ secrets.CONTENTFUL_MANAGEMENT_TOKEN }} | |
algolia-sync-development-gp2: | |
needs: [deployment-development] | |
uses: ./.github/workflows/reusable-gp2-algolia-sync.yml | |
with: | |
environment-name: Development | |
contentful-environment-id: Development | |
entity: all | |
secrets: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
GP2_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.GP2_CONTENTFUL_ACCESS_TOKEN }} | |
CONTENTFUL_MANAGEMENT_TOKEN: ${{ secrets.CONTENTFUL_MANAGEMENT_TOKEN }} | |
verify-development: | |
needs: | |
[ | |
deployment-development, | |
algolia-sync-development-crn, | |
algolia-sync-development-gp2, | |
] | |
uses: ./.github/workflows/reusable-verify.yml | |
with: | |
environment-name: Development | |
secrets: | |
FRONTEND_SENTRY_RELEASE_AUTH_TOKEN: ${{ secrets.FRONTEND_SENTRY_RELEASE_AUTH_TOKEN }} | |
deployment-production: | |
needs: [build-analysis-production, verify-development] | |
uses: ./.github/workflows/reusable-deployment.yml | |
with: | |
environment-name: Production | |
crn-contentful-env: Production | |
gp2-contentful-env: Production | |
secrets: | |
ACTIVE_CAMPAIGN_TOKEN: ${{ secrets.ACTIVE_CAMPAIGN_TOKEN }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
CONTENTFUL_MANAGEMENT_TOKEN: ${{ secrets.CONTENTFUL_MANAGEMENT_TOKEN }} | |
CRN_AUTH0_SHARED_SECRET: ${{ secrets.CRN_AUTH0_SHARED_SECRET }} | |
CRN_CI_AUTH0_CLIENT_SECRET: ${{ secrets.CRN_CI_AUTH0_CLIENT_SECRET }} | |
CRN_CONTENTFUL_PREVIEW_ACCESS_TOKEN: ${{ secrets.CRN_CONTENTFUL_PREVIEW_ACCESS_TOKEN }} | |
CRN_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.CRN_CONTENTFUL_ACCESS_TOKEN }} | |
CRN_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN: ${{ secrets.CRN_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN }} | |
CRN_OPENAI_API_KEY: ${{ secrets.CRN_OPENAI_API_KEY }} | |
GP2_AUTH0_SHARED_SECRET: ${{ secrets.GP2_AUTH0_SHARED_SECRET }} | |
GP2_CI_AUTH0_CLIENT_SECRET: ${{ secrets.GP2_CI_AUTH0_CLIENT_SECRET }} | |
GP2_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.GP2_CONTENTFUL_ACCESS_TOKEN }} | |
GP2_CONTENTFUL_PREVIEW_ACCESS_TOKEN: ${{ secrets.GP2_CONTENTFUL_PREVIEW_ACCESS_TOKEN }} | |
GP2_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN: ${{ secrets.GP2_CONTENTFUL_WEBHOOK_AUTHENTICATION_TOKEN }} | |
GP2_OPENAI_API_KEY: ${{ secrets.GP2_OPENAI_API_KEY }} | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
algolia-sync-production-crn: | |
needs: [deployment-production] | |
uses: ./.github/workflows/reusable-crn-algolia-sync.yml | |
with: | |
environment-name: Production | |
entity: all | |
contentful-environment-id: Production | |
secrets: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
CONTENTFUL_MANAGEMENT_TOKEN: ${{ secrets.CONTENTFUL_MANAGEMENT_TOKEN }} | |
CRN_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.CRN_CONTENTFUL_ACCESS_TOKEN }} | |
algolia-sync-production-gp2: | |
needs: [deployment-production] | |
uses: ./.github/workflows/reusable-gp2-algolia-sync.yml | |
with: | |
environment-name: Production | |
entity: all | |
contentful-environment-id: Production | |
secrets: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
CONTENTFUL_MANAGEMENT_TOKEN: ${{ secrets.CONTENTFUL_MANAGEMENT_TOKEN }} | |
GP2_CONTENTFUL_ACCESS_TOKEN: ${{ secrets.GP2_CONTENTFUL_ACCESS_TOKEN }} | |
verify-production: | |
needs: | |
[ | |
deployment-production, | |
algolia-sync-production-crn, | |
algolia-sync-production-gp2, | |
] | |
uses: ./.github/workflows/reusable-verify.yml | |
with: | |
environment-name: Production | |
secrets: | |
FRONTEND_SENTRY_RELEASE_AUTH_TOKEN: ${{ secrets.FRONTEND_SENTRY_RELEASE_AUTH_TOKEN }} | |
notify_failure: | |
runs-on: ubuntu-latest | |
needs: | |
[ | |
test, | |
build-images, | |
build-development, | |
build-analysis-development, | |
build-production, | |
build-analysis-production, | |
deployment-development, | |
verify-development, | |
deployment-production, | |
verify-production, | |
] | |
if: failure() | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- uses: ./.github/actions/slack/ | |
with: | |
message: 'Build failed on master branch!' | |
webhook: ${{ secrets.SLACK_WEBHOOK }} | |
status: failure | |
master-pipeline-success: | |
runs-on: ubuntu-latest | |
needs: [verify-production, build-images] | |
if: success() | |
environment: | |
name: Development | |
url: ${{ steps.setup.outputs.crn-app-url }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Setup | |
id: setup | |
uses: ./.github/actions/setup-environment | |
with: | |
environment-name: Production | |
- name: Print success | |
run: | | |
echo "Pipeline development and production successful." |