temp remove pull_request_target #1019
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous Integration | ||
| on: | ||
| pull_request: {} | ||
| permissions: | ||
| contents: read | ||
| jobs: | ||
| qa: | ||
| permissions: | ||
| contents: read | ||
| uses: ./.github/workflows/qa.yml | ||
| with: | ||
| ref: ${{ github.event.pull_request.head.sha }} | ||
| debug: | ||
| run: echo ${{ github.event.pull_request.head.sha }} | ||
| publish-qa-results: | ||
| name: Publish QA Results | ||
| permissions: | ||
| contents: read | ||
| pull-requests: write | ||
| if: always() && (needs.qa.result != 'skipped' && needs.qa.result != 'cancelled') | ||
| needs: | ||
| - qa | ||
| uses: "./.github/workflows/publish-qa-results.yml" | ||
| with: | ||
| api-test-outcome: ${{ needs.qa.outputs.api-test-outcome }} | ||
| api-test-coverage-markdown-report: ${{ needs.qa.outputs.api-test-coverage-markdown-report }} | ||
| python-test-outcome: ${{ needs.qa.outputs.python-test-outcome }} | ||
| python-test-coverage-markdown-report: ${{ needs.qa.outputs.python-test-coverage-markdown-report }} | ||
| web-test-outcome: ${{ needs.qa.outputs.web-test-outcome }} | ||
| web-test-coverage-markdown-report: ${{ needs.qa.outputs.web-test-coverage-markdown-report }} | ||
| eslint-outcome: ${{ needs.qa.outputs.eslint-outcome }} | ||
| ruff-outcome: ${{ needs.qa.outputs.ruff-outcome }} | ||
| mypy-outcome: ${{ needs.qa.outputs.mypy-outcome }} | ||
| tflint-outcome: ${{ needs.qa.outputs.tflint-outcome }} | ||
| pr-number: ${{ github.event.pull_request.number }} | ||
| write-summary: true | ||
| write-comment: true | ||
| build: | ||
| permissions: | ||
| contents: read | ||
| packages: write | ||
| name: Build deployment artifacts | ||
| uses: ./.github/workflows/build.yml | ||
| with: | ||
| ref: ${{ github.event.pull_request.head.sha }} | ||
| docker-image-push: true | ||
| docker-image-args-ref: ${{ github.ref }} | ||
| docker-image-tag-latest: false | ||
| docker-image-tag-pr: "${{ github.event.pull_request.number }}" | ||
| docker-image-upload-attestations: true | ||
| docker-image-artifacts-retention-days: 14 | ||
| docker-image-version: "rc-pr-${{ github.event.pull_request.number }}" | ||
| build-api-image: false | ||
| build-console-image: true | ||
| build-api-functions: true | ||
| api-function-artifact-retention-days: 14 | ||
| build-python-functions: true | ||
| python-function-artifact-retention-days: 14 | ||
| build-web: true | ||
| web-artifact-retention-days: 14 | ||
| web-dotenv: | | ||
| API_URL=https://api.staging.cpf.usdr.dev | ||
| aws-auth: | ||
| name: Configure AWS Credentials | ||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
| uses: ./.github/workflows/aws-auth.yml | ||
| with: | ||
| aws-region: us-west-2 | ||
| secrets: | ||
| role-to-assume: ${{ secrets.CI_ROLE_ARN }} | ||
| gpg-passphrase: ${{ secrets.TFPLAN_SECRET }} | ||
| tf-plan: | ||
| name: Plan Terraform | ||
| permissions: | ||
| contents: read | ||
| needs: | ||
| - aws-auth | ||
| - build | ||
| uses: ./.github/workflows/terraform-plan.yml | ||
| with: | ||
| ref: ${{ github.event.pull_request.head.sha }} | ||
| concurrency-group: run_terraform-staging | ||
| api-functions-artifacts-key: ${{ needs.build.outputs.api-functions-artifacts-key }} | ||
| api-functions-artifacts-path: ${{ needs.build.outputs.api-functions-artifacts-path }} | ||
| console-image: ${{ needs.build.outputs.console-image-full-name }} | ||
| python-functions-artifacts-key: ${{ needs.build.outputs.python-functions-artifacts-key }} | ||
| python-functions-artifacts-path: ${{ needs.build.outputs.python-functions-artifacts-path }} | ||
| web-artifacts-key: ${{ needs.build.outputs.web-artifacts-key }} | ||
| web-artifacts-path: ${{ needs.build.outputs.web-artifacts-path }} | ||
| aws-region: us-west-2 | ||
| environment-key: staging | ||
| tf-backend-config-file: staging.s3.tfbackend | ||
| tf-var-file: staging.tfvars | ||
| upload-artifacts: false | ||
| artifacts-retention-days: 14 | ||
| secrets: | ||
| aws-access-key-id: ${{ needs.aws-auth.outputs.aws-access-key-id }} | ||
| aws-secret-access-key: ${{ needs.aws-auth.outputs.aws-secret-access-key }} | ||
| aws-session-token: ${{ needs.aws-auth.outputs.aws-session-token }} | ||
| datadog-api-key: ${{ secrets.DATADOG_API_KEY }} | ||
| datadog-app-key: ${{ secrets.DATADOG_APP_KEY }} | ||
| gpg-passphrase: ${{ secrets.TFPLAN_SECRET }} | ||
| publish-tf-plan: | ||
| name: Publish Terraform Plan | ||
| permissions: | ||
| contents: read | ||
| pull-requests: write | ||
| if: always() && (needs.tf-plan.result != 'skipped' && needs.tf-plan.result != 'cancelled') | ||
| needs: | ||
| - tf-plan | ||
| uses: ./.github/workflows/publish-terraform-plan.yml | ||
| with: | ||
| write-summary: true | ||
| write-comment: true | ||
| pr-number: ${{ github.event.pull_request.number }} | ||
| tf-fmt-outcome: ${{ needs.tf-plan.outputs.fmt-outcome }} | ||
| tf-init-outcome: ${{ needs.tf-plan.outputs.init-outcome }} | ||
| tf-plan-outcome: ${{ needs.tf-plan.outputs.plan-outcome }} | ||
| tf-plan-summary: ${{ needs.tf-plan.outputs.plan-summary-markdown }} | ||
| tf-validate-outcome: ${{ needs.tf-plan.outputs.validate-outcome }} | ||
| tf-validate-output: ${{ needs.tf-plan.outputs.validate-output }} | ||
