chore: update from template #353
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "+ CI/CD" | ||
| on: | ||
| pull_request: | ||
| branches: [main] | ||
| types: [opened, synchronize, reopened, closed] | ||
| push: | ||
| branches: ["main"] | ||
| # Manual trigger for any branch | ||
| workflow_dispatch: | ||
| concurrency: | ||
| group: ${{ github.workflow }}-${{ github.ref_name }}-${{ github.event.pull_request.number || github.sha }} | ||
| cancel-in-progress: true | ||
| jobs: | ||
| lint: | ||
| # Skip on pull_request:closed as merge commits also triggeres this and they share the same concurrency group | ||
| if: | | ||
| !contains(github.event.head_commit.message, '[skip ci]') && | ||
| !(github.event_name == 'pull_request' && github.event.action == 'closed') | ||
| uses: ./.github/workflows/_lint.yml | ||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
| packages: read | ||
| secrets: | ||
| GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} | ||
|
Check failure on line 30 in .github/workflows/ci-cd.yml
|
||
| audit: | ||
| # Skip on pull_request:closed as merge commits also triggeres this and they share the same concurrency group | ||
| if: | | ||
| !contains(github.event.head_commit.message, '[skip ci]') && | ||
| !(github.event_name == 'pull_request' && github.event.action == 'closed') | ||
| uses: ./.github/workflows/_audit.yml | ||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
| packages: read | ||
| secrets: | ||
| GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} | ||
| test: | ||
| # Skip on pull_request:closed as merge commits also triggeres this and they share the same concurrency group | ||
| if: | | ||
| !contains(github.event.head_commit.message, '[skip ci]') && | ||
| !(github.event_name == 'pull_request' && github.event.action == 'closed') | ||
| uses: ./.github/workflows/_test.yml | ||
| permissions: | ||
| attestations: write | ||
| contents: read | ||
| id-token: write | ||
| packages: write | ||
| secrets: | ||
| GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} | ||
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | ||
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | ||
| AIGNOSTICS_FOUNDRY_CORE_LOGFIRE_TOKEN: ${{ secrets.AIGNOSTICS_FOUNDRY_CORE_LOGFIRE_TOKEN }} | ||
| AIGNOSTICS_FOUNDRY_CORE_SENTRY_DSN: ${{ secrets.AIGNOSTICS_FOUNDRY_CORE_SENTRY_DSN }} | ||
| publish_package: | ||
| if: startsWith(github.ref, 'refs/tags/v') | ||
| needs: [lint, audit, test] | ||
| uses: ./.github/workflows/_package-publish.yml | ||
| permissions: | ||
| contents: write | ||
| id-token: write | ||
| packages: read | ||
| secrets: | ||
| GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} | ||
| SLACK_RELEASE_BOT_TOKEN: ${{ secrets.SLACK_RELEASE_BOT_TOKEN }} | ||
