ci(GITHUB): upgrade workflows and notifications

osx-provisioner · Jun 23, 2021 · 854e692 · 854e692
1 parent b13c7de
commit 854e692
Show file tree

Hide file tree

Showing 4 changed files with 174 additions and 59 deletions.
diff --git a/.github/scripts/build.sh b/.github/scripts/build.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+set -eo pipefail
+
+main() {
+
+  pip install poetry
+  poetry install
+
+}
+
+main "$@"
diff --git a/.github/scripts/setup.sh b/.github/scripts/setup.sh
@@ -2,14 +2,14 @@
 
 # shellcheck disable=SC2129
 
+set -eo pipefail
+
 main() {
   BRANCH_OR_TAG="$(echo "${GITHUB_REF}" | sed 's/refs\/heads\///g' | sed 's/refs\/tags\///g')"
-  PROJECT_NAME="role-clamav"
+  WORKFLOW_URL="$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID"
   echo "BRANCH_OR_TAG=${BRANCH_OR_TAG}" >> "$GITHUB_ENV"
   echo "WEBHOOK_URL=${WEBHOOK_URL}" >> "$GITHUB_ENV"
-  echo "PROJECT_NAME=${PROJECT_NAME}" >> "$GITHUB_ENV"
-  echo "NOTIFICATION=${PROJECT_NAME} [${BRANCH_OR_TAG}]" >> "$GITHUB_ENV"
-  echo "USERNAME=osx-provisioner" >> "$GITHUB_ENV"
+  echo "NOTIFICATION=${PROJECT_NAME} [<${WORKFLOW_URL}|${BRANCH_OR_TAG}>]" >> "$GITHUB_ENV"
 }
 
 main
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
@@ -3,19 +3,72 @@ name: role-clamav-push
 
 # Workflow Secrets:
 # SLACK_WEBHOOK              (Required, for slack notifications...)
+# GALAXY_API_KEY             (Required, for Ansible Galaxy Import...)
 
 on:
   push:
   workflow_dispatch:
 
+env:
+  PROJECT_NAME: "role-clamav"
+  USERNAME: "osx-provisioner"
+  VERBOSE_NOTIFICATIONS: 0
+
 jobs:
 
-  documentation_test:
+  create_release:
+    needs: [documentation_test, molecule_lint, osx_build, security_test, start_notification, workflow_lint]
 
     runs-on: ubuntu-latest
 
     steps:
+      - name: Release -- Checkout Repository
+        if: contains(github.ref, '/tags/v')
+        uses: actions/checkout@v1
+
+      - name: Release -- Setup Environment
+        if: contains(github.ref, '/tags/v')
+        run: |
+          source ./.github/scripts/setup.sh
+          echo "{}" > package.json
+        env:
+          WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
+
+      - name: Release -- Generate Changelog
+        if: contains(github.ref, '/tags/v')
+        uses: scottbrenner/[email protected]
+        id: Changelog
+        env:
+          REPO: ${{ github.repository }}
 
+      - name: Release -- Create Github Release
+        if: contains(github.ref, '/tags/v')
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ env.BRANCH_OR_TAG }}
+          release_name: Release ${{ env.BRANCH_OR_TAG }}
+          body: |
+            ${{ steps.Changelog.outputs.changelog }}
+          draft: true
+          prerelease: false
+
+      - name: Release -- Report Job Status (Success)
+        if: contains(github.ref, '/tags/v')
+        run: |
+          ./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: automated release has been created:\nhttps://github.com/${USERNAME}/${PROJECT_NAME}/releases"
+
+      - name: Release -- Report Job Status (Failure)
+        if: failure() && contains(github.ref, '/tags/v')
+        run: |
+          ./.github/scripts/notifications.sh "${NOTIFICATION}" ":x: automated release generation failed!"
+
+  documentation_test:
+
+    runs-on: ubuntu-latest
+
+    steps:
       - name: Documentation Test -- Checkout Repository
         uses: actions/checkout@v1
 
@@ -26,14 +79,16 @@ jobs:
           WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
 
       - name: Documentation Test -- Documentation Validation
-        uses: gaurav-nelson/[email protected].11
+        uses: gaurav-nelson/[email protected].12
         with:
           use-quiet-mode: 'no'
           use-verbose-mode: 'yes'
 
       - name: Documentation Test -- Report Success
+        if: ${{ env.VERBOSE_NOTIFICATIONS  == '1' }}
         run: |
           ./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: documentation test was successful!"
+
       - name: Documentation Test -- Report Failure
         if: failure()
         run: |
@@ -48,9 +103,9 @@ jobs:
         python-version: [3.8]
 
     steps:
-
       - name: Molecule Lint -- Checkout Repository
         uses: actions/checkout@v1
+
       - name: Molecule Lint -- Set up Python ${{ matrix.python-version }}
         uses: actions/setup-python@v1
         with:
@@ -61,6 +116,7 @@ jobs:
           source ./.github/scripts/setup.sh
         env:
           WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
+
       - name: Molecule Lint -- Install Requirements
         run: |
           pip install poetry
@@ -71,61 +127,61 @@ jobs:
           poetry run molecule lint
 
       - name: Molecule Lint -- Report Job Status (Success)
+        if: ${{ env.VERBOSE_NOTIFICATIONS  == '1' }}
         run: |
           ./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: molecule linting was successful!"
+
       - name: Molecule Lint -- Report Job Status (Failure)
         if: failure()
         run: |
           ./.github/scripts/notifications.sh "${NOTIFICATION}" ":x: molecule linting has failed!"
 
-  release:
-    needs: [molecule_lint, documentation_test, security_test]
+  osx_build:
 
-    runs-on: ubuntu-latest
+    runs-on: macos-${{ matrix.os }}
+    strategy:
+      max-parallel: 4
+      matrix:
+        os: [10.15]
+        platform: [x86_64]
+        python-version: [3.8.10]
+        scenario: ["no_clamwatch", "clamwatch"]
 
     steps:
-
-      - name: Release -- Checkout Repository
-        if: contains(github.ref, '/tags/v')
+      - name: OSX Build -- Checkout
         uses: actions/checkout@v1
 
-      - name: Release -- Setup Environment
-        if: contains(github.ref, '/tags/v')
+      - name: OSX Build -- Setup python
+        uses: actions/setup-python@v2
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: OSX Build -- Setup Environment
         run: |
           source ./.github/scripts/setup.sh
-          NEWTAG=${BRANCH_OR_TAG}
-          echo "NEWTAG=${NEWTAG}" >> $GITHUB_ENV
-          echo "{}" > package.json
+          source ./.github/scripts/build.sh
         env:
           WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
 
-      - name: Release -- Generate Changelog
-        if: contains(github.ref, '/tags/v')
-        uses: scottbrenner/[email protected]
-        id: Changelog
-        env:
-          REPO: ${{ github.repository }}
-      - name: Release -- Create Github Release
-        if: contains(github.ref, '/tags/v')
-        uses: actions/create-release@v1
+      - name: OSX Build -- Molecule Scenario
+        run: |
+          poetry run molecule test -s "${SCENARIO}"
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          tag_name: ${{ env.NEWTAG }}
-          release_name: Release ${{ env.NEWTAG }}
-          body: |
-            ${{ steps.Changelog.outputs.changelog }}
-          draft: true
-          prerelease: false
+          SCENARIO: ${{ matrix.scenario}}
 
-      - name: Release -- Report Job Status (Success)
-        if: contains(github.ref, '/tags/v')
+      - name: OSX Build -- Report Job Status (Success)
+        if: ${{ env.VERBOSE_NOTIFICATIONS  == '1' }}
         run: |
-          ./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: automated release has been created:\nhttps://github.com/${USERNAME}/${PROJECT_NAME}/releases"
-      - name: Release -- Report Job Status (Failure)
-        if: failure() && contains(github.ref, '/tags/v')
+          ./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: OSX ${{ matrix.os }}, molecule test scenario '${SCENARIO}' was successful"
+        env:
+          SCENARIO: ${{ matrix.scenario}}
+
+      - name: OSX Build -- Report Job Status (Failure)
+        if: failure()
         run: |
-          ./.github/scripts/notifications.sh "${NOTIFICATION}" ":x: automated release generation failed!"
+          ./.github/scripts/notifications.sh "${NOTIFICATION}" ":x: OSX ${{ matrix.os }}, molecule test scenario '${SCENARIO}' failed!"
+        env:
+          SCENARIO: ${{ matrix.scenario}}
 
   security_test:
 
@@ -136,9 +192,9 @@ jobs:
         python-version: [3.8]
 
     steps:
-
       - name: Security Test -- Checkout Repository
         uses: actions/checkout@v1
+
       - name: Security Test -- Set up Python ${{ matrix.python-version }}
         uses: actions/setup-python@v1
         with:
@@ -151,7 +207,7 @@ jobs:
           WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
 
       - name: Security Test -- Run Gitleaks
-        uses: zricethezav/gitleaks-action@master
+        uses: zricethezav/gitleaks-action@v1.6.0
 
       - name: Security Test -- Check Dependencies
         run: |
@@ -161,46 +217,87 @@ jobs:
           safety check
 
       - name: Security Test -- Report Job Status on Success
+        if: ${{ env.VERBOSE_NOTIFICATIONS  == '1' }}
         run: |
           ./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: security checks were successful!"
+
       - name: Security Test -- Report Job Status on Failure
         if: failure()
         run: |
           ./.github/scripts/notifications.sh "${NOTIFICATION}" ":x: security checks failed!"
 
-  workflow_lint:
+  start_notification:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Start -- Checkout Repository
+        uses: actions/checkout@v1
+
+      - name: Start -- Setup Environment
+        run: |
+          source ./.github/scripts/setup.sh
+        env:
+          WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
+
+      - name: Start -- Report Job Status on Success
+        run: |
+          ./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: workflow has started!"
+
+      - name: Start -- Report Job Status on Failure
+        if: failure()
+        run: |
+          ./.github/scripts/notifications.sh "${NOTIFICATION}" ":x: error reporting job status!"
+
+  success_notification:
+    needs: [create_release]
 
     runs-on: ubuntu-latest
-    strategy:
-      max-parallel: 4
-      matrix:
-        python-version: [3.8]
 
     steps:
+      - name: Success -- Checkout Repository
+        uses: actions/checkout@v1
+
+      - name: Success -- Setup Environment
+        run: |
+          source ./.github/scripts/setup.sh
+        env:
+          WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
 
+      - name: Success -- Report Job Status on Success
+        run: |
+          ./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: all checks were successful!"
+
+      - name: Success -- Report Job Status on Failure
+        if: failure()
+        run: |
+          ./.github/scripts/notifications.sh "${NOTIFICATION}" ":x: error reporting job status!"
+
+  workflow_lint:
+
+    runs-on: ubuntu-latest
+
+    steps:
       - name: Workflow Lint -- Checkout Repository
         uses: actions/checkout@v1
-      - name: Workflow Lint -- Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v1
-        with:
-          python-version: ${{ matrix.python-version }}
 
       - name: Workflow Lint -- Setup Environment
         run: |
           source ./.github/scripts/setup.sh
         env:
           WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
-      - name: Workflow Lint -- Install Requirements
-        run: |
-          pip install yamllint
 
       - name: Workflow Lint -- Run Linter
-        run: |
-          yamllint .github/workflows
+        uses: ibiqlik/action-yamllint@v3
+        with:
+          format: standard
+          file_or_dir: ./.github/workflows
+          config_file: ./.yamllint
 
       - name: Workflow Lint -- Report Job Status (Success)
+        if: ${{ env.VERBOSE_NOTIFICATIONS  == '1' }}
         run: |
           ./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: workflow linting was successful!"
+
       - name: Workflow Lint -- Report Job Status (Failure)
         if: failure()
         run: |