Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: SocialGouv/workflows
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v1.10.0
Choose a base ref
...
head repository: SocialGouv/workflows
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: master
Choose a head ref
Loading
Showing with 798 additions and 192 deletions.
  1. +11 −1 .github/workflows/release.yml
  2. +54 −0 .github/workflows/use-ks-gh-custom-production.yaml
  3. +1 −1 .github/workflows/use-ks-gh-custom.yaml
  4. +12 −2 .github/workflows/use-ks-gh-deactivate.yaml
  5. +1 −1 .github/workflows/use-ks-gh-manual.yaml
  6. +18 −21 .github/workflows/use-ks-gh-preproduction.yaml
  7. +18 −20 .github/workflows/use-ks-gh-production.yaml
  8. +18 −20 .github/workflows/use-ks-gh-review-auto.yaml
  9. +18 −20 .github/workflows/use-ks-gh-review.yaml
  10. +111 −0 .github/workflows/use-ks-gh-with-env-deactivate.yaml
  11. +71 −0 .github/workflows/use-ks-gh-with-env-preproduction.yaml
  12. +71 −0 .github/workflows/use-ks-gh-with-env-production.yaml
  13. +71 −0 .github/workflows/use-ks-gh-with-env-review-auto.yaml
  14. +71 −0 .github/workflows/use-ks-gh-with-env-review.yaml
  15. +11 −1 .github/workflows/use-ks-wh-deactivate.yaml
  16. +16 −19 .github/workflows/use-ks-wh-preproduction.yaml
  17. +16 −19 .github/workflows/use-ks-wh-production.yaml
  18. +16 −19 .github/workflows/use-ks-wh-review-auto.yaml
  19. +16 −19 .github/workflows/use-ks-wh-review.yaml
  20. +2 −2 .github/workflows/workflows-repository.build-images.yml
  21. +15 −7 .github/workflows/workflows-repository.sync-major-version-branch.yml
  22. +100 −0 CHANGELOG.md
  23. +2 −2 actions/Dockerfile
  24. +1 −1 actions/build-image/action.yaml
  25. +5 −2 actions/debug-manifests/action.yaml
  26. +4 −0 actions/debug-manifests/output/action.yaml
  27. +1 −0 actions/debug-manifests/output/entrypoint.sh
  28. +9 −2 actions/deployment-ending/action.yaml
  29. +4 −1 actions/deployment-starting/action.yaml
  30. +1 −1 actions/semantic-release/action.yaml
  31. +1 −1 actions/trivy-scan-image/action.yaml
  32. +16 −5 boilerplates/ks-gh/.github/workflows/release.yaml
  33. +16 −5 boilerplates/ks-wh/.github/workflows/release.yaml
12 changes: 11 additions & 1 deletion .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -5,13 +5,23 @@ on:
push:
branches: [master]

permissions:
id-token: write # Required for OIDC token generation

jobs:
release:
name: Release
runs-on: ubuntu-latest
steps:
- name: Get GitHub App Token
id: token
uses: SocialGouv/token-bureau@main
with:
token-bureau-url: https://token-bureau.fabrique.social.gouv.fr
audience: socialgouv

- uses: socialgouv/workflows/actions/semantic-release@v1
with:
github-token: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }}
github-token: ${{ steps.token.outputs.token }}
author-name: ${{ secrets.SOCIALGROOVYBOT_NAME }}
author-email: ${{ secrets.SOCIALGROOVYBOT_EMAIL }}
54 changes: 54 additions & 0 deletions .github/workflows/use-ks-gh-custom-production.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
on:
workflow_call:
inputs:
chart:
required: false
type: string
ignoreProjectTemplates:
required: false
type: boolean
environment:
required: false
type: string
inlineValues:
required: false
type: string
inlineSet:
required: false
type: string
kubeconfig:
required: false
type: string
kubeconfigContext:
required: false
type: string
secrets:
KUBECONFIG:
required: true
KS_SENTRY_DSN:
required: false
KS_NOTIFY_MATTERMOST_WEBHOOK_URL:
required: false

jobs:
deploy:
environment: production
name: Custom Pipeline 🛸
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4

- uses: socialgouv/kontinuous/.github/actions/deploy-via-github@v1
with:
kubeconfig: ${{ inputs.kubeconfig || secrets.KUBECONFIG }}
kubeconfigContext: ${{ inputs.kubeconfigContext }}
chart: ${{ inputs.chart }}
ignoreProjectTemplates: ${{ inputs.ignoreProjectTemplates }}
environment: ${{ inputs.environment }}
inlineValues: ${{ inputs.inlineValues }}
inlineSet: ${{ inputs.inlineSet }}
sentryDSN: ${{ secrets.KS_SENTRY_DSN }}
notifyWebhookUrl: ${{ secrets.KS_NOTIFY_MATTERMOST_WEBHOOK_URL }}
projectName: ${{ vars.KS_PROJECT_NAME }}
ciNamespace: ${{ vars.KS_CI_NAMESPACE }}
2 changes: 1 addition & 1 deletion .github/workflows/use-ks-gh-custom.yaml
Original file line number Diff line number Diff line change
@@ -36,7 +36,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4

- uses: socialgouv/kontinuous/.github/actions/deploy-via-github@v1
with:
14 changes: 12 additions & 2 deletions .github/workflows/use-ks-gh-deactivate.yaml
Original file line number Diff line number Diff line change
@@ -25,13 +25,16 @@ on:
KS_NOTIFY_MATTERMOST_WEBHOOK_URL:
required: false

permissions:
id-token: write # Required for OIDC token generation

jobs:
deploy:
name: Deactivate Pipeline ♻️
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4

- uses: socialgouv/kontinuous/.github/actions/deploy-via-github@v1
id: deployment
@@ -71,12 +74,19 @@ jobs:
env: ${{ steps.deployment-vars.outputs.deployment-name }}
desc: Deployment was pruned

- name: Get GitHub App Token
id: token
uses: SocialGouv/token-bureau@main
with:
token-bureau-url: https://token-bureau.fabrique.social.gouv.fr
audience: socialgouv

- name: Clean review sub environment
uses: socialgouv/deployments@v1
continue-on-error: true
with:
step: delete-env
token: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }}
token: ${{ steps.token.outputs.token }}
env: ${{ steps.deployment-vars.outputs.deployment-name }}
desc: Environment was pruned

2 changes: 1 addition & 1 deletion .github/workflows/use-ks-gh-manual.yaml
Original file line number Diff line number Diff line change
@@ -36,7 +36,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4

- uses: socialgouv/kontinuous/.github/actions/deploy-via-github@v1
with:
39 changes: 18 additions & 21 deletions .github/workflows/use-ks-gh-preproduction.yaml
Original file line number Diff line number Diff line change
@@ -14,7 +14,9 @@ on:
kubeconfigContext:
required: false
type: string


permissions:
id-token: write # Required for OIDC token generation

jobs:
deploy:
@@ -25,13 +27,20 @@ jobs:
manifests-images: ${{ steps.deployment-ending.outputs.manifests-images }}
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Get GitHub App Token
id: token
uses: SocialGouv/token-bureau@main
with:
token-bureau-url: https://token-bureau.fabrique.social.gouv.fr
audience: socialgouv

- uses: socialgouv/workflows/actions/deployment-starting@v1
id: deployment-starting
with:
token: ${{ secrets.GITHUB_TOKEN }}
pat: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }}
pat: ${{ steps.token.outputs.token }}
environment-scope: preproduction

- uses: socialgouv/kontinuous/.github/actions/deploy-via-github@v1
@@ -50,23 +59,11 @@ jobs:
- uses: socialgouv/workflows/actions/deployment-ending@v1
id: deployment-ending
with:
pat: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }}
pat: ${{ steps.token.outputs.token }}
token: ${{ secrets.GITHUB_TOKEN }}
deployment-id: ${{ steps.deployment-starting.outputs.deployment-id }}
deployment-name: ${{ steps.deployment-starting.outputs.deployment-name }}
deployment-ok: ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }}

trivy:
name: 🕵️ Trivy vulnerability scanner
needs: [deploy]
runs-on: ubuntu-latest
strategy:
fail-fast: false
max-parallel: 3
matrix:
imageRef: ${{ fromJson(needs.deploy.outputs.manifests-images) }}
steps:
- uses: socialgouv/workflows/actions/trivy-scan-image@v1
with:
image: ${{ matrix.imageRef }}
token: ${{ secrets.GITHUB_TOKEN }}
deployment-name:
${{ steps.deployment-starting.outputs.deployment-name }}
deployment-ok:
${{ steps.deployment.outcome == 'success' && 'true' || 'false' }}
provider: ${{ steps.deployment.outputs.provider }}
38 changes: 18 additions & 20 deletions .github/workflows/use-ks-gh-production.yaml
Original file line number Diff line number Diff line change
@@ -15,6 +15,9 @@ on:
required: false
type: string

permissions:
id-token: write # Required for OIDC token generation

jobs:
deploy:
name: 🐳 Deploy Production on Kubernetes
@@ -24,13 +27,20 @@ jobs:
manifests-images: ${{ steps.deployment-ending.outputs.manifests-images }}
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Get GitHub App Token
id: token
uses: SocialGouv/token-bureau@main
with:
token-bureau-url: https://token-bureau.fabrique.social.gouv.fr
audience: socialgouv

- uses: socialgouv/workflows/actions/deployment-starting@v1
id: deployment-starting
with:
token: ${{ secrets.GITHUB_TOKEN }}
pat: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }}
pat: ${{ steps.token.outputs.token }}
environment-scope: production

- uses: socialgouv/kontinuous/.github/actions/deploy-via-github@v1
@@ -49,23 +59,11 @@ jobs:
- uses: socialgouv/workflows/actions/deployment-ending@v1
id: deployment-ending
with:
pat: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }}
pat: ${{ steps.token.outputs.token }}
token: ${{ secrets.GITHUB_TOKEN }}
deployment-id: ${{ steps.deployment-starting.outputs.deployment-id }}
deployment-name: ${{ steps.deployment-starting.outputs.deployment-name }}
deployment-ok: ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }}

trivy:
name: 🕵️ Trivy vulnerability scanner
needs: [deploy]
runs-on: ubuntu-latest
strategy:
fail-fast: false
max-parallel: 3
matrix:
imageRef: ${{ fromJson(needs.deploy.outputs.manifests-images) }}
steps:
- uses: socialgouv/workflows/actions/trivy-scan-image@v1
with:
image: ${{ matrix.imageRef }}
token: ${{ secrets.GITHUB_TOKEN }}
deployment-name:
${{ steps.deployment-starting.outputs.deployment-name }}
deployment-ok:
${{ steps.deployment.outcome == 'success' && 'true' || 'false' }}
provider: ${{ steps.deployment.outputs.provider }}
38 changes: 18 additions & 20 deletions .github/workflows/use-ks-gh-review-auto.yaml
Original file line number Diff line number Diff line change
@@ -15,6 +15,9 @@ on:
required: false
type: string

permissions:
id-token: write # Required for OIDC token generation

jobs:
deploy:
name: 🐳 Deploy Review on Kubernetes
@@ -24,13 +27,20 @@ jobs:
manifests-images: ${{ steps.deployment-ending.outputs.manifests-images }}
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Get GitHub App Token
id: token
uses: SocialGouv/token-bureau@main
with:
token-bureau-url: https://token-bureau.fabrique.social.gouv.fr
audience: socialgouv

- uses: socialgouv/workflows/actions/deployment-starting@v1
id: deployment-starting
with:
token: ${{ secrets.GITHUB_TOKEN }}
pat: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }}
pat: ${{ steps.token.outputs.token }}
environment-scope: review

- uses: socialgouv/kontinuous/.github/actions/deploy-via-github@v1
@@ -49,23 +59,11 @@ jobs:
- uses: socialgouv/workflows/actions/deployment-ending@v1
id: deployment-ending
with:
pat: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }}
pat: ${{ steps.token.outputs.token }}
token: ${{ secrets.GITHUB_TOKEN }}
deployment-id: ${{ steps.deployment-starting.outputs.deployment-id }}
deployment-name: ${{ steps.deployment-starting.outputs.deployment-name }}
deployment-ok: ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }}

trivy:
name: 🕵️ Trivy vulnerability scanner
needs: [deploy]
runs-on: ubuntu-latest
strategy:
fail-fast: false
max-parallel: 3
matrix:
imageRef: ${{ fromJson(needs.deploy.outputs.manifests-images) }}
steps:
- uses: socialgouv/workflows/actions/trivy-scan-image@v1
with:
image: ${{ matrix.imageRef }}
token: ${{ secrets.GITHUB_TOKEN }}
deployment-name:
${{ steps.deployment-starting.outputs.deployment-name }}
deployment-ok:
${{ steps.deployment.outcome == 'success' && 'true' || 'false' }}
provider: ${{ steps.deployment.outputs.provider }}
38 changes: 18 additions & 20 deletions .github/workflows/use-ks-gh-review.yaml
Original file line number Diff line number Diff line change
@@ -15,6 +15,9 @@ on:
required: false
type: string

permissions:
id-token: write # Required for OIDC token generation

jobs:
deploy:
name: 🐳 Deploy Review on Kubernetes
@@ -24,13 +27,20 @@ jobs:
manifests-images: ${{ steps.deployment-ending.outputs.manifests-images }}
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Get GitHub App Token
id: token
uses: SocialGouv/token-bureau@main
with:
token-bureau-url: https://token-bureau.fabrique.social.gouv.fr
audience: socialgouv

- uses: socialgouv/workflows/actions/deployment-starting@v1
id: deployment-starting
with:
token: ${{ secrets.GITHUB_TOKEN }}
pat: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }}
pat: ${{ steps.token.outputs.token }}
environment-scope: review

- uses: socialgouv/kontinuous/.github/actions/deploy-via-github@v1
@@ -49,23 +59,11 @@ jobs:
- uses: socialgouv/workflows/actions/deployment-ending@v1
id: deployment-ending
with:
pat: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }}
pat: ${{ steps.token.outputs.token }}
token: ${{ secrets.GITHUB_TOKEN }}
deployment-id: ${{ steps.deployment-starting.outputs.deployment-id }}
deployment-name: ${{ steps.deployment-starting.outputs.deployment-name }}
deployment-ok: ${{ steps.deployment.outcome == 'success' && 'true' || 'false' }}

trivy:
name: 🕵️ Trivy vulnerability scanner
needs: [deploy]
runs-on: ubuntu-latest
strategy:
fail-fast: false
max-parallel: 3
matrix:
imageRef: ${{ fromJson(needs.deploy.outputs.manifests-images) }}
steps:
- uses: socialgouv/workflows/actions/trivy-scan-image@v1
with:
image: ${{ matrix.imageRef }}
token: ${{ secrets.GITHUB_TOKEN }}
deployment-name:
${{ steps.deployment-starting.outputs.deployment-name }}
deployment-ok:
${{ steps.deployment.outcome == 'success' && 'true' || 'false' }}
provider: ${{ steps.deployment.outputs.provider }}
Loading