-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathaction.yml
More file actions
140 lines (138 loc) · 5.68 KB
/
action.yml
File metadata and controls
140 lines (138 loc) · 5.68 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
name: "gh-action_releasability"
description: "gh-action client for ops-releasability checks"
author: "RE Team"
inputs:
ignore-failure:
description: Optional, do not fail the gh-action in case of failure in releasability checks
required: false
default: "false"
organization:
description: GitHub organization name
required: true
repository:
description: GitHub repository name
required: true
branch:
description: Branch name
required: true
version:
description: The version to check
required: true
commit-sha:
description: The GitHub commit SHA to use
required: true
releasabily-env:
description: For development purposes, the environment to use (prod, staging or dev). Defaults to production.
required: false
default: prod
outputs:
status:
description: Provide the exit code returned by the releasability checks
value: ${{ steps.checks.outputs.status }}
logs:
description: Logs from releasability checks
value: ${{ steps.checks.outputs.logs }}
releasabilityCheckDependencies:
description: Result from releasability check CheckDependencies
value: ${{ steps.checks.outputs.releasabilityCheckDependencies }}
releasabilityQA:
description: Result from releasability check QA
value: ${{ steps.checks.outputs.releasabilityQA }}
releasabilityJira:
description: Result from releasability check Jira
value: ${{ steps.checks.outputs.releasabilityJira }}
releasabilityCheckPeacheeLanguagesStatistics:
description: Result from releasability check CheckPeacheeLanguagesStatistics
value: ${{ steps.checks.outputs.releasabilityCheckPeacheeLanguagesStatistics }}
releasabilityQualityGate:
description: Result from releasability check QualityGate
value: ${{ steps.checks.outputs.releasabilityQualityGate }}
releasabilityParentPOM:
description: Result from releasability check ParentPOM
value: ${{ steps.checks.outputs.releasabilityParentPOM }}
releasabilityGitHub:
description: Result from releasability check GitHub
value: ${{ steps.checks.outputs.releasabilityGitHub }}
releasabilityCheckManifestValues:
description: Result from releasability check CheckManifestValues
value: ${{ steps.checks.outputs.releasabilityCheckManifestValues }}
releasabilityCheckLicenses:
description: Result from releasability check CheckLicenses
value: ${{ steps.checks.outputs.releasabilityCheckLicenses }}
runs:
using: "composite"
steps:
- id: setup_python
name: Setup python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: "3.14"
- uses: SonarSource/ci-github-actions/config-pip@v1
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
env:
prod: "064493320159"
staging: "308147251410"
dev: "597611216173"
with:
aws-region: eu-central-1
role-to-assume: "arn:aws:iam::${{ env[inputs.releasabily-env] }}:role/ReleasbilityChecksCICDRole"
- name: Install requirements
run: |
pip install pipenv
pipenv install --deploy
shell: bash
working-directory: ${{ github.action_path }}
- name: Trigger releasability checks
id: checks
shell: bash
working-directory: ${{ github.action_path }}
run: |
# Validate inputs before using them
if [[ ! "${{ inputs.organization }}" =~ ^[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]$ ]]; then
echo "::error::Invalid organization name format"
exit 1
fi
if [[ ! "${{ inputs.repository }}" =~ ^[a-zA-Z0-9][a-zA-Z0-9._\s-]*[a-zA-Z0-9]$ ]] || [[ "${{ inputs.repository }}" =~ \.git$ ]]; then
echo "::error::Invalid repository name format. Repository names must:"
echo " - Start with an alphanumeric character"
echo " - End with an alphanumeric character"
echo " - Can contain alphanumeric characters, dots, underscores, spaces, and hyphens"
echo " - Cannot end with .git"
exit 1
fi
if [[ ! "${{ inputs.branch }}" =~ ^[a-zA-Z0-9][a-zA-Z0-9/_.\+\-]*$ ]]; then
echo "::error::Invalid branch name format. Branch names must:"
echo " - Start with an alphanumeric character"
echo " - Can contain alphanumeric characters, forward slashes, dots, hyphens, and plus signs"
echo " - Examples: master, feat/tom/build-1234, release/1.0.0, 4.32.0+12345"
exit 1
fi
# inputs.version validation is done in the releasability check
if [[ ! "${{ inputs.commit-sha }}" =~ ^[a-fA-F0-9]{7,40}$ ]]; then
echo "::error::Invalid commit SHA format. Must be a valid Git commit hash (7-40 hexadecimal characters)"
exit 1
fi
if [[ ! "${{ inputs.releasabily-env }}" =~ ^(prod|staging|dev)$ ]]; then
echo "::error::Invalid environment specified"
exit 1
fi
pipenv run releasability
env:
INPUT_ORGANIZATION: ${{ inputs.organization }}
INPUT_REPOSITORY: ${{ inputs.repository }}
INPUT_BRANCH: ${{ inputs.branch }}
INPUT_VERSION: ${{ inputs.version }}
INPUT_COMMIT_SHA: ${{ inputs.commit-sha}}
PYTHONUNBUFFERED: "1" # that way logs are printed live
- name: Print execution
run: |
echo "${{ steps.checks.outputs.logs }}"
echo "Exit code: ${{ steps.checks.outputs.status }}"
shell: bash
- name: Check status and fail if necessary
if: ${{ inputs.ignore-failure == 'false' && steps.checks.outputs.status != 0 }}
run: |
echo "::error:: Releasability checks reported some errors."
exit 1
shell: bash