ci(GITHUB): refactor outer workflow

niall-byrne · Jun 4, 2023 · bd7f259 · bd7f259
1 parent b1ec42c
commit bd7f259
Show file tree

Hide file tree

Showing 24 changed files with 1,096 additions and 779 deletions.
diff --git a/.github/scripts/test_precommit.sh → .github/scripts/job-50-test-precommit.sh b/.github/scripts/test_precommit.sh → .github/scripts/job-50-test-precommit.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# .github/scripts/test_precommit.sh
+# .github/scripts/job-50-test-precommit.sh
 # Performs tests on the pre-commit hooks.
 
 # 1:              The name of a pre-commit test scenario. (See 'main' below.)

diff --git a/.github/scripts/prune_test_releases.sh → ...hub/scripts/job-60-prune-test-releases.sh b/.github/scripts/prune_test_releases.sh → ...hub/scripts/job-60-prune-test-releases.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# .github/scripts/prune_test_releases.sh
+# .github/scripts/job-60-prune-test-releases.sh
 # Remove existing releases on the test repository.
 
 # GITHUB_TOKEN:   The token used to authorize the call.

diff --git a/.github/scripts/test_push.sh → .github/scripts/job-60-test-push.sh b/.github/scripts/test_push.sh → .github/scripts/job-60-test-push.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# .github/scripts/test_push.sh
+# .github/scripts/job-60-test-push.sh
 # Performs pushes against the test repository to trigger rendered workflows.
 
 # 1:              The name of the branch you wish to push.

diff --git a/.github/scripts/template.sh → .github/scripts/task-render-template.sh b/.github/scripts/template.sh → .github/scripts/task-render-template.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# .github/scripts/template.sh
+# .github/scripts/task-render-template.sh
 # Perform automated templating.
 
 # 1:  Optional TOML Formatting

diff --git a/.github/scripts/requirements.sh → ...hub/scripts/task-template-requirements.sh b/.github/scripts/requirements.sh → ...hub/scripts/task-template-requirements.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# .github/scripts/requirements.sh
+# .github/scripts/task-template-requirements.sh
 # Centralized management of template requirements installs.
 
 # CI only script

diff --git a/.github/scripts/workflow-setup-environment.sh b/.github/scripts/workflow-setup-environment.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+# .github/scripts/workflow-setup-environment.sh
+# Configures environment variables for GitHub Workflows.
+
+# CI only script.
+
+set -eo pipefail
+
+main() {
+
+  ANSIBLE_WORKBENCH_BRANCH_NAME_BASE="master"
+  ANSIBLE_WORKBENCH_BRANCH_NAME_DEVELOPMENT="dev"
+  PROJECT_NAME="ansible-workbench"
+  USER_NAME="niall-byrne"
+  TEMPLATED_NAME="flower-generator"
+  VERBOSE_NOTIFICATIONS="${VERBOSE_NOTIFICATIONS:-0}"
+
+  {
+    echo "ANSIBLE_WORKBENCH_BRANCH_NAME_BASE=${ANSIBLE_WORKBENCH_BRANCH_NAME_BASE}"
+    echo "ANSIBLE_WORKBENCH_BRANCH_NAME_DEVELOPMENT=${ANSIBLE_WORKBENCH_BRANCH_NAME_DEVELOPMENT}"
+    echo "PROJECT_NAME=${PROJECT_NAME}"
+    echo "USER_NAME=${USER_NAME}"
+    echo "TEMPLATED_NAME=${TEMPLATED_NAME}"
+    echo "VERBOSE_NOTIFICATIONS=${VERBOSE_NOTIFICATIONS}"
+  } >> "${GITHUB_ENV}"
+
+}
+
+main "$@"
diff --git a/.github/workflows/.job-00-start.yml b/.github/workflows/.job-00-start.yml
@@ -0,0 +1,37 @@
+---
+name: ansible-workbench-job-start-notification
+
+on:
+  workflow_call:
+    secrets:
+      SLACK_WEBHOOK:
+        description: "Optional, enables Slack notifications."
+        required: false
+
+jobs:
+
+  start_notification:
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Start -- Checkout Repository
+        uses: actions/checkout@v3
+        with:
+          path: 'template'
+
+      - name: Start -- Setup Environment
+        run: |
+          source "./template/.github/scripts/workflow-setup-environment.sh"
+          source "./template/{{cookiecutter.project_slug}}/.github/scripts/setup.sh"
+        env:
+          WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
+
+      - name: Start -- Report Job Status on Success
+        run: |
+          "./template/{{cookiecutter.project_slug}}/.github/scripts/notifications.sh" "${NOTIFICATION}" ":white_check_mark: workflow has started!"
+
+      - name: Start -- Report Job Status on Failure
+        if: failure()
+        run: |
+          "./template/{{cookiecutter.project_slug}}/.github/scripts/notifications.sh" "${NOTIFICATION}" ":x: error reporting job status!"
diff --git a/.github/workflows/.job-00-success.yml b/.github/workflows/.job-00-success.yml
@@ -0,0 +1,37 @@
+---
+name: ansible-workbench-job-start-notification
+
+on:
+  workflow_call:
+    secrets:
+      SLACK_WEBHOOK:
+        description: "Optional, enables Slack notifications."
+        required: false
+
+jobs:
+
+  start_notification:
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Success -- Checkout Repository
+        uses: actions/checkout@v3
+        with:
+          path: 'template'
+
+      - name: Success -- Setup Environment
+        run: |
+          source "./template/.github/scripts/workflow-setup-environment.sh"
+          source "./template/{{cookiecutter.project_slug}}/.github/scripts/setup.sh"
+        env:
+          WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
+
+      - name: Success -- Report Job Status on Success
+        run: |
+          "./template/{{cookiecutter.project_slug}}/.github/scripts/notifications.sh" "${NOTIFICATION}" ":white_check_mark: all checks were successful!"
+
+      - name: Success -- Report Job Status on Failure
+        if: failure()
+        run: |
+          "./template/{{cookiecutter.project_slug}}/.github/scripts/notifications.sh" "${NOTIFICATION}" ":x: error reporting job status!"
diff --git a/.github/workflows/.job-10-security.yml b/.github/workflows/.job-10-security.yml
@@ -0,0 +1,56 @@
+---
+name: ansible-workbench-job-security
+
+on:
+  workflow_call:
+    inputs:
+      CONFIGURATION:
+        description: "The 'cookiecutter.json' file as a configuration object."
+        required: true
+        type: string
+    secrets:
+      SLACK_WEBHOOK:
+        description: "Optional, enables Slack notifications."
+        required: false
+
+env:
+  ANSIBLE_WORKBENCH_SKIP_POETRY: 1
+  ANSIBLE_WORKBENCH_SKIP_PRECOMMIT: 1
+
+jobs:
+
+  run_trufflehog:
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Security Test Repo -- Checkout Repository
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Security Test Repo -- Setup Environment
+        run: |
+          source "./.github/scripts/workflow-setup-environment.sh"
+          source "./{{cookiecutter.project_slug}}/.github/scripts/setup.sh"
+          source "./{{cookiecutter.project_slug}}/.github/scripts/pushed_commit_range.sh"
+        env:
+          GITHUB_CONTEXT: ${{ toJson(github) }}
+          WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
+
+      - name: Security Test -- Run Trufflehog
+        uses: trufflesecurity/[email protected]
+        with:
+          path: .
+          base: ${{ env.PUSHED_COMMIT_START }}
+          head: ${{ env.BRANCH_OR_TAG }}
+
+      - name: Security Test Repo -- Report Job Status on Success
+        if: fromJSON(inputs.CONFIGURATION)._GITHUB_CI_VERBOSE_NOTIFICATIONS == true
+        run: |
+          "./{{cookiecutter.project_slug}}/.github/scripts/notifications.sh" "${NOTIFICATION}" ":white_check_mark: security checks succeeded!"
+
+      - name: Security Test Repo -- Report Job Status on Failure
+        if: failure()
+        run: |
+          "./{{cookiecutter.project_slug}}/.github/scripts/notifications.sh" "${NOTIFICATION}" ":x: security checks failed!"
diff --git a/.github/workflows/.job-30-documentation.yml b/.github/workflows/.job-30-documentation.yml
@@ -0,0 +1,83 @@
+---
+name: ansible-workbench-job-documentation
+
+on:
+  workflow_call:
+    inputs:
+      CONFIGURATION:
+        description: "The 'cookiecutter.json' file as a configuration object."
+        required: true
+        type: string
+    secrets:
+      SLACK_WEBHOOK:
+        description: "Optional, enables Slack notifications."
+        required: false
+
+env:
+  ANSIBLE_WORKBENCH_SKIP_POETRY: 1
+  ANSIBLE_WORKBENCH_SKIP_PRECOMMIT: 1
+
+jobs:
+
+  check_markdown_links:
+
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+      matrix:
+        python-version: ${{ fromJSON(inputs.CONFIGURATION)._GITHUB_CI_DEFAULT_PYTHON_VERSIONS }}
+      max-parallel: ${{ fromJSON(inputs.CONFIGURATION)._GITHUB_CI_DEFAULT_CONCURRENCY }}
+
+    steps:
+      - name: Documentation Test -- Checkout Repository
+        uses: actions/checkout@v3
+        with:
+          path: 'template'
+
+      - name: Documentation Test -- Setup Environment
+        run: |
+          source "./template/.github/scripts/workflow-setup-environment.sh"
+          source "./template/{{cookiecutter.project_slug}}/.github/scripts/setup.sh"
+        env:
+          WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
+
+      - name: Documentation Test -- Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Documentation Test -- Install Template Requirements
+        run: |
+          source "./template/.github/scripts/task-template-requirements.sh"
+
+      - name: Documentation Test -- Render Template
+        run: |
+          source "./template/.github/scripts/task-render-template.sh"
+
+      - name: Documentation Test -- Check Markdown Links For Template
+        uses: gaurav-nelson/github-action-markdown-link-check@v1
+        with:
+          config-file: 'template/{{cookiecutter.project_slug}}/.github/config/actions/gaurav-nelson-github-action-markdown-link-check.json'
+          use-quiet-mode: 'no'
+          use-verbose-mode: 'yes'
+          folder-path: 'template, template/.github/workflows'
+          max-depth: 1
+
+      - name: Documentation Test -- Check Markdown Links For Rendered Template
+        uses: gaurav-nelson/github-action-markdown-link-check@v1
+        with:
+          config-file: 'template/{{cookiecutter.project_slug}}/.github/config/actions/gaurav-nelson-github-action-markdown-link-check.json'
+          use-quiet-mode: 'no'
+          use-verbose-mode: 'yes'
+          folder-path: ${{ env.TEMPLATED_NAME }}
+          max-depth: -1
+
+      - name: Documentation Test -- Report Job Status on Success
+        if: fromJSON(inputs.CONFIGURATION)._GITHUB_CI_VERBOSE_NOTIFICATIONS == true
+        run: |
+          "./template/{{cookiecutter.project_slug}}/.github/scripts/notifications.sh" "${NOTIFICATION}" ":white_check_mark: documentation checks succeeded!"
+
+      - name: Documentation Test -- Report Job Status on Failure
+        if: failure()
+        run: |
+          "./template/{{cookiecutter.project_slug}}/.github/scripts/notifications.sh" "${NOTIFICATION}" ":x: documentation checks failed!"
diff --git a/.github/workflows/.job-40-molecule.yml b/.github/workflows/.job-40-molecule.yml
@@ -0,0 +1,89 @@
+---
+name: ansible-workbench-job-molecule
+
+on:
+  workflow_call:
+    inputs:
+      CONFIGURATION:
+        description: "The 'cookiecutter.json' file as a configuration object."
+        required: true
+        type: string
+    secrets:
+      SLACK_WEBHOOK:
+        description: "Optional, enables Slack notifications."
+        required: false
+
+env:
+  ANSIBLE_WORKBENCH_SKIP_POETRY: 0
+  ANSIBLE_WORKBENCH_SKIP_PRECOMMIT: 0
+
+jobs:
+
+  run_molecule_lint:
+
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+      matrix:
+        python-version: ${{ fromJSON(inputs.CONFIGURATION)._GITHUB_CI_DEFAULT_PYTHON_VERSIONS }}
+      max-parallel: ${{ fromJSON(inputs.CONFIGURATION)._GITHUB_CI_DEFAULT_CONCURRENCY }}
+
+    steps:
+      - name: Molecule Lint Test -- Checkout Repository
+        uses: actions/checkout@v3
+        with:
+          path: 'template'
+
+      - name: Molecule Lint Test -- Setup Environment
+        run: |
+          source "./template/.github/scripts/workflow-setup-environment.sh"
+          source "./template/{{cookiecutter.project_slug}}/.github/scripts/setup.sh"
+        env:
+          WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
+
+      - name: Molecule Lint Test -- Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Molecule Lint Test -- Install Template Requirements
+        run: |
+          source "./template/.github/scripts/task-template-requirements.sh"
+
+      - name: Molecule Lint Test -- Initialize Cache Locations
+        run: |
+          mkdir -p ~/.cache/pypoetry/virtualenvs
+          source "./template/{{cookiecutter.project_slug}}/.github/scripts/ansible_cache.sh"  \
+            "$(pwd)/ansible_cache"                                                          \
+            ~/.cache
+
+      - name: Molecule Lint Test -- Mount Ansible Cache
+        uses: actions/cache@v3
+        with:
+          key: ansible-${{ hashFiles('./template/{{cookiecutter.project_slug}}/requirements.yml') }}-${{ env.CACHE_TTL }}
+          path: ansible_cache
+
+      - name: Molecule Lint Test -- Mount Poetry Cache
+        uses: actions/cache@v3
+        with:
+          key: poetry-${{ hashFiles('./template/{{cookiecutter.project_slug}}/pyproject.toml') }}-${{ runner.os }}-${{ env.CACHE_TTL }}
+          path: ~/.cache/pypoetry/virtualenvs
+
+      - name: Molecule Lint Test -- Render Template
+        run: |
+          source "./template/.github/scripts/task-render-template.sh"
+
+      - name: Molecule Lint Test -- Lint Rendered Template With Default Scenario
+        run: |
+          cd "${TEMPLATED_NAME}"
+          poetry run molecule lint
+
+      - name: Molecule Lint Test -- Report Job Status on Success
+        if: fromJSON(inputs.CONFIGURATION)._GITHUB_CI_VERBOSE_NOTIFICATIONS == true
+        run: |
+          "./template/{{cookiecutter.project_slug}}/.github/scripts/notifications.sh" "${NOTIFICATION}" ":white_check_mark: molecule linting checks succeeded!"
+
+      - name: Molecule Lint Test -- Report Job Status on Failure
+        if: failure()
+        run: |
+          "./template/{{cookiecutter.project_slug}}/.github/scripts/notifications.sh" "${NOTIFICATION}" ":x: molecule linting checks failed!"