Skip to content
CI/CD main branch

Merge pull request #956 from NHSDigital/dependabot/npm_and_yarn/build… #789

Sign in to view logs

Merge pull request #956 from NHSDigital/dependabot/npm_and_yarn/build…

Merge pull request #956 from NHSDigital/dependabot/npm_and_yarn/build… #789

Workflow file for this run

.github/workflows/cicd-2-main-branch.yaml at 7ce1730
name: 'CI/CD main branch'
on:
push:
branches: [main]
# Set concurrency at the workflow level to ensure the same commit runs tests and deployment consistently
concurrency: deploy-workflow-main
jobs:
metadata:
name: 'Set CI/CD metadata'
runs-on: ubuntu-latest
timeout-minutes: 1
outputs:
build_datetime: ${{ steps.variables.outputs.build_datetime }}
build_timestamp: ${{ steps.variables.outputs.build_timestamp }}
build_epoch: ${{ steps.variables.outputs.build_epoch }}
nodejs_version: ${{ steps.variables.outputs.nodejs_version }}
python_version: ${{ steps.variables.outputs.python_version }}
terraform_version: ${{ steps.variables.outputs.terraform_version }}
version: ${{ steps.variables.outputs.version }}
tag: ${{ steps.variables.outputs.tag }}
steps:
- name: 'Checkout code'
uses: actions/checkout@v6
- name: 'Set CI/CD variables'
id: variables
run: |
datetime=$(date -u +'%Y-%m-%dT%H:%M:%S%z')
echo "build_datetime=$datetime" >> $GITHUB_OUTPUT
echo "build_timestamp=$(date --date=$datetime -u +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
echo "build_epoch=$(date --date=$datetime -u +'%s')" >> $GITHUB_OUTPUT
echo "nodejs_version=$(grep "^nodejs" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
echo "python_version=$(grep "^python" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
echo "terraform_version=$(grep "^terraform" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
echo "version=${GITHUB_REF}"
# Scan the commit
commit-stage:
name: 'Commit stage'
needs: [metadata]
uses: ./.github/workflows/stage-1-commit.yaml
with:
build_datetime: '${{ needs.metadata.outputs.build_datetime }}'
build_timestamp: '${{ needs.metadata.outputs.build_timestamp }}'
build_epoch: '${{ needs.metadata.outputs.build_epoch }}'
nodejs_version: '${{ needs.metadata.outputs.nodejs_version }}'
python_version: '${{ needs.metadata.outputs.python_version }}'
terraform_version: '${{ needs.metadata.outputs.terraform_version }}'
version: '${{ needs.metadata.outputs.version }}'
secrets: inherit
# Test the integrated code
test-stage:
name: 'Test stage'
needs: [metadata]
uses: ./.github/workflows/stage-2-test.yaml
with:
build_datetime: '${{ needs.metadata.outputs.build_datetime }}'
build_timestamp: '${{ needs.metadata.outputs.build_timestamp }}'
build_epoch: '${{ needs.metadata.outputs.build_epoch }}'
nodejs_version: '${{ needs.metadata.outputs.nodejs_version }}'
python_version: '${{ needs.metadata.outputs.python_version }}'
terraform_version: '${{ needs.metadata.outputs.terraform_version }}'
version: '${{ needs.metadata.outputs.version }}'
secrets: inherit
# Build the final artefact with the integrated code
build-stage: # Recommended maximum execution time is 3 minutes
name: 'Build stage'
needs: [metadata, commit-stage, test-stage]
uses: ./.github/workflows/stage-3-build.yaml
with:
build_datetime: '${{ needs.metadata.outputs.build_datetime }}'
build_timestamp: '${{ needs.metadata.outputs.build_timestamp }}'
build_epoch: '${{ needs.metadata.outputs.build_epoch }}'
nodejs_version: '${{ needs.metadata.outputs.nodejs_version }}'
python_version: '${{ needs.metadata.outputs.python_version }}'
terraform_version: '${{ needs.metadata.outputs.terraform_version }}'
version: '${{ needs.metadata.outputs.version }}'
commit_sha: '${{ github.sha }}'
secrets: inherit
deploy-stage:
name: Deploy stage
needs: [build-stage]
permissions:
id-token: write
uses: ./.github/workflows/stage-4-deploy.yaml
with:
environments: '["review","dev","preprod","prod"]'
commit_sha: ${{ github.sha }}
secrets: inherit
notify-failure:
name: 'Notify failure'
runs-on: ubuntu-latest
if: ${{ failure() }}
needs: [commit-stage, test-stage, build-stage, deploy-stage]
steps:
- name: Determine failed stages
id: failed_stages
run: |
failed_stages=""
if [[ "${{ needs.commit-stage.result }}" == "failure" ]]; then
failed_stages="${failed_stages}• Commit stage\n"
fi
if [[ "${{ needs.test-stage.result }}" == "failure" ]]; then
failed_stages="${failed_stages}• Test stage\n"
fi
if [[ "${{ needs.build-stage.result }}" == "failure" ]]; then
failed_stages="${failed_stages}• Build stage\n"
fi
if [[ "${{ needs.deploy-stage.result }}" == "failure" ]]; then
failed_stages="${failed_stages}• Deploy stage (check workflow for environment)\n"
fi
# Format for Slack (remove trailing newline)
failed_stages=$(echo -e "$failed_stages" | sed -e :a -e '/^\n*$/{$d;N;ba' -e '}')
# Use delimiter for multiline output
echo "stages<<EOF" >> $GITHUB_OUTPUT
echo "$failed_stages" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
- name: Notify Slack
uses: slackapi/slack-github-action@v2.1.1
with:
webhook: ${{ secrets.SLACK_WEBHOOK_DEV_NOTIFICATIONS_URL }}
webhook-type: incoming-webhook
payload: |
blocks:
- type: section
text:
type: mrkdwn
text: ":warning: Main branch CI/CD workflow failed:"
- type: section
fields:
- type: mrkdwn
text: |-
*Workflow:*
<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }}>
- type: mrkdwn
text: |-
*Commit:*
<${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }}|${{ github.sha }}>
- type: mrkdwn
text: |-
*Repo:*
${{ github.repository }}
- type: section
text:
type: mrkdwn
text: |-
*Failed Stages:*
${{ steps.failed_stages.outputs.stages }}