Workflow Templates
workflow-templates
This directory contains template GitHub Actions Workflows to be incorporated into other repositories in the organization. The templates should be added to .github/workflows
within the given repository and updated based on things such as the default branch of the repository and cron schedule. The templates may be modified according to the needs of the given repository if necessary.
Templates
repo-jobs
# This template is intended to be used as a catch-all workflow for automation in github repositories. It will be
# updated when new internal actions are added to this repository. Currently it will run unit tests (pytest), automate
# incrementing semantic version, run sonarqube (with code coverage from unit tests), run codeql, and build and publish
# documentation based on the event triggering the workflow. Each job includes a conditional which will control the flow
# of the events based on the trigger. Delete this section when incorporating this workflow.
name: Repo Actions
on:
push:
branches: [main] # Or the name of the repo's default branch
pull_request:
types: [opened, synchronize]
schedule:
- cron: 'mins hours * * day' # See https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule
jobs:
run-unit-tests:
if: ${{ github.event_name == 'push' || github.event_name == 'pull_request' }}
name: Run Unit Tests ${{ matrix.python-version }}
runs-on: ubuntu-latest
strategy:
matrix:
python-version: [ '3.7', '3.10' ] # Replace as needed based on python versions used
steps:
- name: Check out repository code
uses: actions/checkout@v3
- name: Run pytest, Python version ${{ matrix.python-version }}
uses: GenapsysInc/internal-actions/reusable-actions/pytest@main
with:
python-version: ${{ matrix.python-version }}
requirements-txt: <path to requirements.txt file, or remove this field>
increment-version:
if: ${{ github.event_name == 'push' || github.event_name == 'pull_request' }}
name: Increment Version
runs-on: ubuntu-latest
outputs:
new-version: ${{ steps.run-increment-version.outputs.new-version }}
steps:
- name: Run the increment-version action
id: run-increment-version
uses: GenapsysInc/internal-actions/reusable-actions/increment-version@main
with:
protect-tag: true
token: ${{ secrets.GH_REST_API_TOKEN }}
sonarqube:
if: ${{ github.event_name == 'push' || github.event_name == 'pull_request' }}
name: SonarQube
runs-on: ubuntu-latest
needs: run-unit-tests
steps:
- uses: GenapsysInc/internal-actions/reusable-actions/sonarqube@main
with:
token: ${{ secrets.SONAR_TOKEN }}
url: ${{ secrets.SONAR_HOST_URL }}
codeql:
if: ${{ github.event_name == 'push' || github.event_name == 'pull_request' || github.event_name == 'schedule' }}
name: CodeQL ${{ matrix.language }}
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [python] # Add other languages based on the repository
steps:
- name: Run CodeQL action with language ${{ matrix.language }}
uses: GenapsysInc/internal-actions/reusable-actions/codeql@main
with:
language: ${{ matrix.language }}
doc-build:
if: ${{ github.event_name == 'push' || github.event_name == 'pull_request' }}
name: Doc Builder
needs: increment-version
runs-on: ubuntu-latest
steps:
- name: Documentation build and publish
uses: GenapsysInc/internal-actions/reusable-actions/build-docs@main
with:
token: ${{ secrets.GHCR_TOKEN }}
confluence_secret: ${{ secrets.CONFLUENCE_SECRET }}
build_confluence: true
publish_confluence: ${{ github.event_name == 'push' }}
build_html: true
publish_html: ${{ github.event_name == 'push' }}
warn_as_errors: true
version: ${{ needs.increment-version.outputs.new-version }}
api_dirs: <space-delimited list of directories with code>
static-analysis:
name: Static Analysis
uses: GenapsysInc/internal-actions/.github/workflows/static-analysis.yml@main
with:
requirements-txt: <path/to/requirements.txt>
run-org-policies
# This template is intended to be used to run the org-policies reusable workflow in a given repository. Changes made to
# the called workflow will automatically be included when made by using this template.
name: Org Policies
on:
push:
branches: [main] # Or the name of the repo's default branch
pull_request:
types: [opened, synchronize, reopened]
schedule:
- cron: 'mins hours * * 0' # See https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule
jobs:
run-jobs:
name: Org Policy Check
uses: GenapsysInc/internal-actions/.github/workflows/org-policies.yml@main
secrets:
token: ${{ secrets.GH_REST_API_TOKEN }}