Workflow Templates

workflow-templates

This directory contains template GitHub Actions Workflows to be incorporated into other repositories in the organization. The templates should be added to .github/workflows within the given repository and updated based on things such as the default branch of the repository and cron schedule. The templates may be modified according to the needs of the given repository if necessary.

Templates

repo-jobs

# This template is intended to be used as a catch-all workflow for automation in github repositories. It will be
# updated when new internal actions are added to this repository. Currently it will run unit tests (pytest), automate
# incrementing semantic version, run sonarqube (with code coverage from unit tests), run codeql, and build and publish
# documentation based on the event triggering the workflow. Each job includes a conditional which will control the flow
# of the events based on the trigger. Delete this section when incorporating this workflow.

name: Repo Actions

on:
  push:
    branches: [main]  # Or the name of the repo's default branch
  pull_request:
    types: [opened, synchronize]
  schedule:
    - cron: 'mins hours * * day'  # See https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule

jobs:
  run-unit-tests:
    if: ${{ github.event_name == 'push' || github.event_name == 'pull_request' }}
    name: Run Unit Tests ${{ matrix.python-version }}
    runs-on: ubuntu-latest
    strategy:
      matrix:
        python-version: [ '3.7', '3.10' ]  # Replace as needed based on python versions used
    steps:
      - name: Check out repository code
        uses: actions/checkout@v3
      - name: Run pytest, Python version ${{ matrix.python-version }}
        uses: GenapsysInc/internal-actions/reusable-actions/pytest@main
        with:
          python-version: ${{ matrix.python-version }}
          requirements-txt: <path to requirements.txt file, or remove this field>
  increment-version:
    if: ${{ github.event_name == 'push' || github.event_name == 'pull_request' }}
    name: Increment Version
    runs-on: ubuntu-latest
    outputs:
      new-version: ${{ steps.run-increment-version.outputs.new-version }}
    steps:
      - name: Run the increment-version action
        id: run-increment-version
        uses: GenapsysInc/internal-actions/reusable-actions/increment-version@main
        with:
          protect-tag: true
          token: ${{ secrets.GH_REST_API_TOKEN }}
  sonarqube:
    if: ${{ github.event_name == 'push' || github.event_name == 'pull_request' }}
    name: SonarQube
    runs-on: ubuntu-latest
    needs: run-unit-tests
    steps:
      - uses: GenapsysInc/internal-actions/reusable-actions/sonarqube@main
        with:
          token: ${{ secrets.SONAR_TOKEN }}
          url: ${{ secrets.SONAR_HOST_URL }}
  codeql:
    if: ${{ github.event_name == 'push' || github.event_name == 'pull_request' || github.event_name == 'schedule' }}
    name: CodeQL ${{ matrix.language }}
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write
    strategy:
      fail-fast: false
      matrix:
        language: [python]  # Add other languages based on the repository
    steps:
      - name: Run CodeQL action with language ${{ matrix.language }}
        uses: GenapsysInc/internal-actions/reusable-actions/codeql@main
        with:
          language: ${{ matrix.language }}
  doc-build:
    if: ${{ github.event_name == 'push' || github.event_name == 'pull_request' }}
    name: Doc Builder
    needs: increment-version
    runs-on: ubuntu-latest
    steps:
      - name: Documentation build and publish
        uses: GenapsysInc/internal-actions/reusable-actions/build-docs@main
        with:
          token: ${{ secrets.GHCR_TOKEN }}
          confluence_secret: ${{ secrets.CONFLUENCE_SECRET }}
          build_confluence: true
          publish_confluence: ${{ github.event_name == 'push' }}
          build_html: true
          publish_html: ${{ github.event_name == 'push' }}
          warn_as_errors: true
          version: ${{ needs.increment-version.outputs.new-version }}
          api_dirs: <space-delimited list of directories with code>
  static-analysis:
    name: Static Analysis
    uses: GenapsysInc/internal-actions/.github/workflows/static-analysis.yml@main
    with:
      requirements-txt: <path/to/requirements.txt>

run-org-policies

# This template is intended to be used to run the org-policies reusable workflow in a given repository. Changes made to
# the called workflow will automatically be included when made by using this template.
name: Org Policies

on:
  push:
    branches: [main]  # Or the name of the repo's default branch
  pull_request:
    types: [opened, synchronize, reopened]
  schedule:
    - cron: 'mins hours * * 0'  # See https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule

jobs:
  run-jobs:
    name: Org Policy Check
    uses: GenapsysInc/internal-actions/.github/workflows/org-policies.yml@main
    secrets:
      token: ${{ secrets.GH_REST_API_TOKEN }}