-
Notifications
You must be signed in to change notification settings - Fork 27
164 lines (160 loc) · 6.18 KB
/
continuous-integration.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
name: Continuous Integration
on:
push:
branches: [master]
tags:
- '*'
pull_request:
env:
SBX_ECR_REGISTRY: "769000229800.dkr.ecr.eu-west-1.amazonaws.com"
PRD_ECR_REGISTRY: "162230498103.dkr.ecr.eu-west-1.amazonaws.com"
REGION: eu-west-1
ECR_IMAGE: datahub-common-transit_model
jobs:
aws_creds:
name: Get ECR Access
runs-on: [self-hosted, dataeng, sandbox]
outputs:
token: ${{ steps.ecr_token.outputs.token }}
steps:
- id: ecr_token
name: Get ECR Token
run: |
echo token=$(aws ecr get-login-password --region $REGION) >> $GITHUB_OUTPUT
rustfmt:
name: Rust fmt check
needs: aws_creds
runs-on: [self-hosted, dataeng, sandbox]
container:
image: 162230498103.dkr.ecr.eu-west-1.amazonaws.com/mutable-rust-ci:latest
credentials:
username: AWS
password: ${{ needs.aws_creds.outputs.token }}
steps:
- uses: actions/checkout@v3
- name: Format
run: make format
- name: Failure Slack notif
if: failure()
run: |
curl -s -X POST -H "Content-Type: application/json" -d '${{ env.SLACK_TEXT }}' ${{ secrets.SLACK_CORE_TOOLS_TEAM_URL }}
env:
SLACK_TEXT: '{"attachments":[{
"pretext": "`transit_model CI` requires your attention",
"text":" :warning: Rust fmt check failed","color":"#D00000",
"fields":[{"title":"Action URL","value": "https://github.com${{ github.action_path }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"}]}]}'
clippy:
name: Clippy check
needs: aws_creds
runs-on: [self-hosted, dataeng, sandbox]
container:
image: 162230498103.dkr.ecr.eu-west-1.amazonaws.com/mutable-rust-ci:latest-proj8.1.0
credentials:
username: AWS
password: ${{ needs.aws_creds.outputs.token }}
steps:
- uses: actions/checkout@v3
- name: Lint
run: make lint
- name: Failure Slack notif
if: failure()
run: |
curl -s -X POST -H "Content-Type: application/json" -d '${{ env.SLACK_TEXT }}' ${{ secrets.SLACK_CORE_TOOLS_TEAM_URL }}
env:
SLACK_TEXT: '{"attachments":[{
"pretext": "`transit_model CI` requires your attention",
"text":" :warning: Clippy check failed","color":"#D00000",
"fields":[{"title":"Action URL","value": "https://github.com${{ github.action_path }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"}]}]}'
audit:
name: Security audit
needs: aws_creds
runs-on: [self-hosted, dataeng, sandbox]
container:
image: 162230498103.dkr.ecr.eu-west-1.amazonaws.com/mutable-rust-ci:latest-proj8.1.0
credentials:
username: AWS
password: ${{ needs.aws_creds.outputs.token }}
continue-on-error: true
steps:
- uses: actions/checkout@v3
- name: Audit
run: |
cargo audit
- name: Failure Slack notif
if: failure()
run: |
curl -s -X POST -H "Content-Type: application/json" -d '${{ env.SLACK_TEXT }}' ${{ secrets.SLACK_CORE_TOOLS_TEAM_URL }}
env:
SLACK_TEXT: '{"attachments":[{
"pretext": "`transit_model CI` requires your attention",
"text":" :warning: Security audit failed","color":"#D00000",
"fields":[{"title":"Action URL","value": "https://github.com${{ github.action_path }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"}]}]}'
tests:
name: Tests
needs: aws_creds
runs-on: [self-hosted, dataeng, sandbox]
container:
image: 162230498103.dkr.ecr.eu-west-1.amazonaws.com/mutable-rust-ci:latest-proj8.1.0
credentials:
username: AWS
password: ${{ needs.aws_creds.outputs.token }}
steps:
- name: Checkout repository and submodules
uses: actions/checkout@v3
with:
submodules: recursive # for tests/NeTEx
- name: Install xmllint
run: apt update && apt install --yes libxml2-utils
- name: Run tests with and without features
run: make test
- name: Failure Slack notif
if: failure()
run: |
curl -s -X POST -H "Content-Type: application/json" -d '${{ env.SLACK_TEXT }}' ${{ secrets.SLACK_CORE_TOOLS_TEAM_URL }}
env:
SLACK_TEXT: '{"attachments":[{
"pretext": "`transit_model CI` requires your attention",
"text":" :warning: Tests failed","color":"#D00000",
"fields":[{"title":"Action URL","value": "https://github.com${{ github.action_path }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"}]}]}'
build-n-push:
needs: [rustfmt, clippy, audit, tests]
if: github.event_name == 'push'
runs-on: [self-hosted, dataeng, sandbox]
steps:
- name: CleanUp
run: |
sudo chown -R $USER .
- uses: actions/checkout@v3
with:
fetch-depth: 0
clean: false
- name: Login to Amazon ECR sandbox
env:
AWS_REGION: eu-west-1
uses: aws-actions/amazon-ecr-login@v1
- name: Login to Amazon ECR shared
env:
AWS_REGION: eu-west-1
uses: aws-actions/amazon-ecr-login@v1
with:
registries: 162230498103
- name: Build and Push to SBX ECR
if: success()
run: |
docker build -t ${SBX_ECR_REGISTRY}/${ECR_IMAGE}:latest .
docker push ${SBX_ECR_REGISTRY}/${ECR_IMAGE}:latest
- name: Push release to Prod ECR
if: success() && startsWith(github.ref, 'refs/tags/')
run: |
TAG=${GITHUB_REF_NAME}
docker tag ${SBX_ECR_REGISTRY}/${ECR_IMAGE}:latest ${PRD_ECR_REGISTRY}/${ECR_IMAGE}:${TAG}
docker push ${PRD_ECR_REGISTRY}/${ECR_IMAGE}:${TAG}
- name: Failure Slack notif
if: failure()
run: |
curl -s -X POST -H "Content-Type: application/json" -d '${{ env.SLACK_TEXT }}' ${{ secrets.SLACK_CORE_TOOLS_TEAM_URL }}
env:
SLACK_TEXT: '{"attachments":[{
"pretext": "`transit_model Publish` requires your attention",
"text":" :warning: Publish on AWS failed","color":"#D00000",
"fields":[{"title":"Action URL","value": "https://github.com${{ github.action_path }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"}]}]}'