Skip to content

🤗 Add Terraform wrapper script #100

🤗 Add Terraform wrapper script

🤗 Add Terraform wrapper script #100

Workflow file for this run

---
name: Features
on:
pull_request:
branches:
- main
paths:
- features/**
push:
branches:
- main
paths:
- features/**
permissions: {}
jobs:
detect-changes:
name: Detect Changes
runs-on: ubuntu-latest
permissions:
contents: read
outputs:
features: ${{ steps.detect_changes.outputs.changes }}
steps:
- name: Checkout
id: checkout
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Build path-filters file
id: build_path_filters
run: bash scripts/path-filter/configuration-generator.sh features
- name: Detect changes
id: detect_changes
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
with:
filters: .github/path-filters/features.yml
preflight-checks:
needs: [detect-changes]
if: ${{ needs.detect-changes.outputs.features != '[]' && github.ref != 'refs/heads/main' }}
name: Preflight Checks
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
packages: read
strategy:
fail-fast: false
matrix:
feature: ${{ fromJson(needs.detect-changes.outputs.features) }}
steps:
- name: Checkout
id: checkout
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Check Version
id: check_version
env:
GH_TOKEN: ${{ github.token }}
run: |
echo "${{ env.GH_TOKEN }}" | skopeo login ghcr.io --username ${{ github.actor }} --password-stdin
version=$(jq -r '.version' features/src/${{ matrix.feature }}/devcontainer-feature.json)
export version
if skopeo list-tags docker://ghcr.io/ministryofjustice/devcontainer-feature/${{ matrix.feature }}; then
feature_exists=true
else
echo "feature_exists=false" >>"${GITHUB_ENV}"
echo "tag_exists=false" >>"${GITHUB_ENV}"
fi
if [[ "${feature_exists}" == "true" ]]; then
checkTag=$(skopeo list-tags docker://ghcr.io/ministryofjustice/devcontainer-feature/${{ matrix.feature }} | jq -r --arg version "${version}" '.Tags | index($version)')
export checkTag
if [[ -z "${imageTag}" ]]; then
echo "tag_exists=false" >>"${GITHUB_ENV}"
else
echo "tag_exists=true" >>"${GITHUB_ENV}"
fi
fi
- name: Check CHANGELOG Updates
id: check_changelog_updates
env:
GH_TOKEN: ${{ github.token }}
run: |
mainSha=$(gh api --method GET /repos/"${GITHUB_REPOSITORY}"/contents/features/src/${{ matrix.feature }}/CHANGELOG.md --field ref="main" | jq -r '.sha')
branchSha=$(gh api --method GET /repos/"${GITHUB_REPOSITORY}"/contents/features/src/${{ matrix.feature }}/CHANGELOG.md --field ref="${GITHUB_HEAD_REF}" | jq -r '.sha')
if [[ -z "${mainSha}" ]]; then
SHA not found for main branch, assuming CHANGELOG.md does not exist
elif [[ -z "${branchSha}" ]]; then
SHA not found for "${GITHUB_HEAD_REF}" branch, assuming CHANGELOG.md does not exist
"changelog_updated=false" >>"${GITHUB_ENV}"
elif [[ "${mainSha}" == "${branchSha}" ]]; then
echo "CHANGELOG.md matches main branch, needs to be updated"
echo "changelog_updated=false" >>"${GITHUB_ENV}"
elif [[ "${mainSha}" != "${branchSha}" ]]; then
echo "CHANGELOG.md does not match main branch, does not need to be updated"
echo "changelog_updated=true" >>"${GITHUB_ENV}"
fi
- name: Evaluate Checks
id: evaluate_checks
run: |
if [[ "${{ env.tag_exists }}" == "true" ]]; then
echo "::error::FAIL: Feature tag already exists"
export failBuild="true"
else
echo "::notice::OK: Feature tag does not exist"
export failBuild="false"
fi
if [[ "${{ env.changelog_updated }}" == "true" ]]; then
echo "::notice::OK: CHANGELOG.md has been updated"
export failBuild="false"
elif [[ "${{ env.changelog_updated }}" == "false" ]]; then
echo "::error::FAIL: CHANGELOG.md needs to be updated"
export failBuild="true"
fi
if [[ "${failBuild}" == "true" ]]; then
exit 1
fi
test:
needs: [detect-changes]
if: ${{ needs.detect-changes.outputs.features != '[]' && github.ref != 'refs/heads/main' }}
name: Test
runs-on: ubuntu-latest
permissions:
contents: read
strategy:
fail-fast: false
matrix:
feature: ${{ fromJson(needs.detect-changes.outputs.features) }}
steps:
- name: Checkout
id: checkout
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Install @devcontainers/cli
id: install_devcontainers_cli
run: npm install --global @devcontainers/cli@latest
- name: Build Image
id: build_image
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
with:
file: images/base/Dockerfile
context: images/base
load: true
tags: ghcr.io/ministryofjustice/devcontainer-base:local-feature-test
- name: Testing ${{ matrix.feature }}
id: test_feature
run: |
devcontainer features test \
--skip-duplicated \
--skip-scenarios \
--project-folder features \
--features ${{ matrix.feature }} \
--base-image ghcr.io/ministryofjustice/devcontainer-base:local-feature-test
- name: Testing ${{ matrix.feature }} scenarios
id: test_feature_scenarios
run: |
devcontainer features test \
--project-folder features \
--features ${{ matrix.feature }} \
--skip-autogenerated \
--skip-duplicated \
--base-image ghcr.io/ministryofjustice/devcontainer-base:local-feature-test
validate:
needs: [detect-changes]
if: ${{ needs.detect-changes.outputs.features != '[]' && github.ref != 'refs/heads/main' }}
name: Validate
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
id: checkout
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Validate
uses: devcontainers/action@1082abd5d2bf3a11abccba70eef98df068277772 # v1.4.3
with:
validate-only: true
base-path-to-features: features/src
publish:
needs: [detect-changes]
if: ${{ needs.detect-changes.outputs.features != '[]' && github.ref == 'refs/heads/main' }}
name: Publish
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
packages: write
strategy:
fail-fast: false
matrix:
feature: ${{ fromJson(needs.detect-changes.outputs.features) }}
steps:
- name: Checkout
id: checkout
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Log in to GitHub Container Registry
id: login_ghcr
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Install @devcontainers/cli
id: install_devcontainers_cli
run: npm install --global @devcontainers/cli@latest
- name: Publish
id: publish
run: |
devcontainer features publish \
--registry ghcr.io \
--namespace ministryofjustice/devcontainer-feature \
./features/src/${{ matrix.feature }}