Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci: improve workflow #23

Merged
merged 10 commits into from
Jul 4, 2024
Merged

ci: improve workflow #23

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
d46e3cc
ci: improver workflow
matt-FFFFFF Jul 4, 2024
c144637
ci: pr-check deal with scenario when no libs have changes
matt-FFFFFF Jul 4, 2024
82a26c4
ci: add debug
matt-FFFFFF Jul 4, 2024
a89539c
ci: doh
matt-FFFFFF Jul 4, 2024
3333827
ci: continue if grep fails
matt-FFFFFF Jul 4, 2024
9ac546b
ci: checklib job condition
matt-FFFFFF Jul 4, 2024
1354aa0
ci: remove go file
matt-FFFFFF Jul 4, 2024
19f44b9
ci: add dir sep
matt-FFFFFF Jul 4, 2024
3b21db4
ci: add wd
matt-FFFFFF Jul 4, 2024
a95c2a9
ci: oops
matt-FFFFFF Jul 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 8 additions & 1 deletion .github/workflows/pr-check.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,13 @@ jobs:
id: libs
run: |
DIFF="$(git diff --name-only origin/${{ github.base_ref }} | xargs dirname | sort | uniq)"
LIBS=$(echo "${DIFF}" | grep '^platform/' | cut -d'/' -f2 | sort | uniq)
LIBDIFF="$(echo "${DIFF}" | grep '^platform/' || true)"
if [ -z "${LIBDIFF}" ]; then
echo "No libraries changed"
echo "list=[]" >> "$GITHUB_OUTPUT"
exit 0
fi
LIBS=$(echo "${LIBDIFF}" | cut -d'/' -f2 | sort | uniq)
JSONARRAY=$(echo "${LIBS}" | jq -R -s -c 'split("\n")'[:-1])
echo "list=${JSONARRAY}" >> "$GITHUB_OUTPUT"
shell: bash
Expand All @@ -35,6 +41,7 @@ jobs:

checklib:
needs: libschanged
if: ${{ needs.libschanged.outputs.list != '[]' }}
runs-on: ubuntu-latest
environment: test
strategy:
Expand Down
71 changes: 28 additions & 43 deletions .github/workflows/update-alz.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,10 @@ permissions:
env:
remote_repository: "Azure/Enterprise-Scale"
alzlib_repository: "Azure/alzlib"
branch_name: "update-platform-alz"
pr_title: "feat: update library (automated)"
library_dir: "platform/alz"
pr_title: "feat: update platform/alz library (automated)"
pr_body: |-
This is an automated 'pull_request' containing updates to the library templates stored in 'lib'.\n
This is an automated 'pull_request' containing updates to the library templates stored in 'platform/alz'.\n
Please review the 'files changed' tab to review changes.

jobs:
Expand All @@ -38,20 +38,11 @@ jobs:
path: ${{ env.remote_repository }}
ref: main

- name: checkout alzlib
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
repository: ${{ env.alzlib_repository }}
path: ${{ env.alzlib_repository }}

- name: setup go
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version-file: ${{ github.workspace }}/${{ env.alzlib_repository }}/go.mod

- name: install alzlibtool
run: go install ./cmd/alzlibtool
working-directory: ${{ github.workspace }}/${{ env.alzlib_repository }}
run: go install github.com/Azure/alzlib/cmd/[email protected]

- uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
id: generate-token
Expand All @@ -66,18 +57,11 @@ jobs:
working-directory: ${{ github.repository }}

- name: Create and checkout branch
id: branch
run: |
BRANCH_URL="repos/${{ github.repository }}/branches"
JQ_FILTER=".[] | select(.name == \"${{ env.branch_name }}\").name"
CHECK_BRANCH_ORIGIN=$(gh api $BRANCH_URL | jq -r "$JQ_FILTER")
if [ -z "$CHECK_BRANCH_ORIGIN" ]
then
echo "Checkout local branch (create new, no origin)..."
git checkout -b ${{ env.branch_name }}
else
echo "Checkout local branch (create new, track from origin)..."
git checkout -b ${{ env.branch_name }} --track origin/${{ env.branch_name }}
fi
BRANCH="platform-alz-${{ github.run_number }}"
echo "name=$BRANCH" >> "$GITHUB_OUTPUT"
git checkout -b "$BRANCH"
working-directory: ${{ github.repository }}
env:
GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
Expand All @@ -86,13 +70,13 @@ jobs:
run: |
alzlibtool convert policydefinition -o \
"${{ github.workspace }}/${{ env.remote_repository }}/src/resources/Microsoft.Authorization/policyDefinitions" \
"${{ github.workspace }}/${{ github.repository }}/platform/alz/policy_definitions"
"${{ github.workspace }}/${{ github.repository }}/${{ env.library_dir }}/policy_definitions"

- name: Update library policy set definitions
run: |
alzlibtool convert policysetdefinition -o \
"${{ github.workspace }}/${{ env.remote_repository }}/src/resources/Microsoft.Authorization/policySetDefinitions" \
"${{ github.workspace }}/${{ github.repository }}/platform/alz/policy_set_definitions"
"${{ github.workspace }}/${{ github.repository }}/${{ env.library_dir }}/policy_set_definitions"

- name: Update library policy assignments and archetypes
uses: azure/powershell@53dd145408794f7e80f97cfcca04155c85234709 # v2.0.0
Expand All @@ -108,40 +92,41 @@ jobs:
- name: Check for changes
id: git_status
run: |
mapfile -t "CHECK_GIT_STATUS" < <(git status -s)
mapfile -t "CHECK_GIT_STATUS" < <(git status -s ${{ env.library_dir }})
printf "%s\n" "${CHECK_GIT_STATUS[@]}"
echo "changes=${#CHECK_GIT_STATUS[@]}" >> "$GITHUB_OUTPUT"
working-directory: ${{ github.repository }}
working-directory: ${{ github.workspace }}/${{ github.repository }}

- name: Add files, commit and push
if: steps.git_status.outputs.changes > 0
run: |
echo "Pushing changes to origin..."
git add platform/alz
git add ${{ env.library_dir }}
git commit -m '${{ env.pr_title }}'
git push origin ${{ env.branch_name }}
git push origin ${{ steps.branch.outputs.name }}
working-directory: ${{ github.repository }}

- name: Create pull request
if: steps.git_status.outputs.changes > 0
id: pr
run: |
HEAD_LABEL="${{ github.repository_owner }}:${{ env.branch_name }}"
BASE_LABEL="${{ github.repository_owner }}:$(echo '${{ github.ref }}' | sed 's:refs/heads/::')"
PULL_REQUEST_URL="repos/${{ github.repository }}/pulls"
JQ_FILTER=".[] | select(.head.label == \"$HEAD_LABEL\") | select(.base.label == \"$BASE_LABEL\") | .url"
CHECK_PULL_REQUEST_URL=$(gh api $PULL_REQUEST_URL | jq -r "$JQ_FILTER")
if [ -z "$CHECK_PULL_REQUEST_URL" ]
then
CHECK_PULL_REQUEST_URL=$(gh pr create \
PR="$(gh pr create \
--title "${{ env.pr_title }}" \
--body "${{ env.pr_body }}" \
--base "${{ github.ref }}" \
--head "${{ env.branch_name }}" \
--draft)
--head "${{ steps.branch.outputs.name }}" \
--draft)"
echo "Created new PR: $CHECK_PULL_REQUEST_URL"
else
echo "Existing PR found: $CHECK_PULL_REQUEST_URL"
fi
echo number=$(gh pr view $PR_URL --json number | jq -r '.number') >> "$GITHUB_OUTPUT"
working-directory: ${{ github.repository }}
env:
GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}

- name: close and comment out of date prs
if: steps.git_status.outputs.changes > 0
run: |
PULL_REQUESTS=$(gh pr list --search "title:'${{ env.pr_title }}'" --json number,headRefName)
echo "$PULL_REQUESTS" | jq -r '.[] | select(.number != ${{ steps.pr.outputs.number }}) | .number' | xargs -I {} gh pr close {} --delete-branch --comment "Supersceeded by #${{ steps.pr.outputs.pull-request-number }}"
working-directory: ${{ github.repository }}
env:
GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}