I moved some common ci work into its own repo for linting, static checks etc. Multiple repos will then use this to avoid duplication. Issue I am having is, obviously the checks need to be carried out on the repo that invokes the workflow. How is this made possible? When the common workflow is executed it has no access to the contents of the initial repo. It only checks out itself.
Example source repo:
name: Perform Pre Build Check
on:
push:
workflow_dispatch:
jobs:
checks:
uses: <org>/<common-repo>/.github/workflows/checks.yml#main
Common workflow:
name: Perform Pre-Build Checks
on:
workflow_call:
jobs:
formatting-check:
name: Formatting Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: Run linting check
run: xxxxxx
- name: Install cppcheck
run: sudo apt-get -y install cppcheck
- name: Run cppcheck
run: xxxxx
continue-on-error: true
This is what I ended up doing. Not sure if this was right approach but it worked. Basically just passing in the repo & ref name from current repo that triggered the workflow,
Example source repo:
name: Perform Pre Build Check
on:
push:
workflow_dispatch:
jobs:
checks:
uses: <org>/<common-repo>/.github/workflows/checks.yml#main
with:
repo-name: ${{ github.GITHUB_REPOSITORY }}
ref-name: ${{ github.GITHUB_REF_NAME }}
Common workflow:
name: Perform Pre-Build Checks
on:
workflow_call:
inputs:
repo-name:
required: true
type: string
ref-name:
required: true
type: string
jobs:
formatting-check:
name: Formatting Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
with:
repository: ${{inputs.repo-name}}
ref: ${{inputs.ref-name}}
- name: Run linting check
run: xxxxxx
- name: Install cppcheck
run: sudo apt-get -y install cppcheck
- name: Run cppcheck
run: xxxxx
continue-on-error: true
Related
I have modified the Github workflow on a practice app to make it change version and patch with every push to the master branch.
In Github workflows - it says this process has been successful:
However when I check under releases and tags - no releases or tags are listed.
Is there something I'm missing, here is my pipeline.yml
name: Deployment pipeline
on:
push:
branches:
- master
pull_request:
branches: [master]
types: [opened, synchronize]
jobs:
simple_deployment_pipeline:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout#v3
- uses: actions/setup-node#v3
with:
node-version: '16'
- name: npm install
run: npm install
- name: lint
run: npm run eslint
- name: build
run: npm run build
- name: test
run: npm run test
- name: e2e tests
uses: cypress-io/github-action#v4
with:
build: npm run
start: npm run start-prod
wait-on: http://localhost:5000
tag_release:
needs: [simple_deployment_pipeline]
runs-on: ubuntu-20.04
steps:
- name: Bump version and push tag
uses: anothrNick/github-tag-action#1.36.0
if: ${{ github.event_name == 'push' && !contains(join(github.event.commits.*.message, ' '), '#skip') }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DEFAULT_BUMP: patch
RELEASE_BRANCHES: master
The log under tag_release looks like this:
Your problem, which can be inferred by the error message, is that you haven't checked out the code inside the job. This is noted in the readme of the dependent action.
name: Bump version
on:
push:
branches:
- master
jobs:
build:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout#v3
with:
fetch-depth: '0'
- name: Bump version and push tag
uses: anothrNick/github-tag-action#v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
This is a common mistake, many assume that the code should exist in the job by default, but once you get varying type of workflows you will understand some use cases where you don't actually need to checkout the local git repo.
Take a look at the action you are using and consider sticking to the #v1 tag or at the very least pick a more recent version (1.36 is over a year old).
I have the following two actions, how can I make the second action be executed at the end of the first after making the first one commit and push?
Action1
on:
workflow_dispatch:
inputs:
name: Scrape Data
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#master
- name: Build
run: npm install
- name: Scrape
run: npm run action
- uses: mikeal/publish-to-github-action#master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # GitHub sets this for you
Action2
on:
workflow_dispatch:
inputs:
name: Visit Data
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#master
- name: Build
run: npm install
- name: Scrape
run: npm run visit
- uses: mikeal/publish-to-github-action#master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # GitHub sets this for you
You could use the workflow_run trigger on the second workflow.
Example:
name: Visit Data
on:
workflow_run:
workflows: ['Scrape Data'] # First workflow name
types:
- completed # can also use 'requested'
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#master
- name: Build
run: npm install
- name: Scrape
run: npm run visit
- uses: mikeal/publish-to-github-action#master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Note that you can't use workflow inputs in that case (I observed you had it set, and if it's necessary you would need to use another trigger, for example through the Github API using a workflow dispatch event with a payload).
I am trying to implement a github actions workflow with a job which will plan and apply my terraform code changes only for directory where changes were made. The problem I am currently facing is that I can't figure out how to switch directories so that terraform plan is executed from a directory where code has been updated/changed.
I have a monorepo setup which is as follow:
repo
tf-folder-1
tf-folder-2
tf-folder-3
Each folder contains an independent terraform configuration. So, for example I would like run a workflow only when files change inside tf-folder-1. Such workflow needs to switch to working directory which is tf-folder-1 and then run terraform plan/apply.
jobs:
terraform:
name: "Terraform"
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./tf-folder-1
steps:
- name: Checkout
uses: actions/checkout#v3
- name: Configure AWS credentials from Test account
uses: aws-actions/configure-aws-credentials#v1
with:
role-to-assume: arn:aws:iam::000000000000000:role/deploy-role
aws-region: eu-west-2
- name: Setup Terraform
uses: hashicorp/setup-terraform#v2
...
So far, I have the above terraform job but it only runs for statically defined working-directory. It doesn't work with a use case where it should run the workflow when changes happen within specific folder. Can someone advise how to fix this pipeline?
Thanks
GitHub Actions has path filtering you can take advantage of when you are working with workflows that are triggered off a push or push_request event.
For example say you have a monorepo with the directories, tf_1, tf_2, and tf_3. You can do something like below for when changes occur to the directory tf_1.
name: Demonstrate GitHub Actions on Monorepo
on:
push:
branches:
- master
paths:
- 'tf_1/**'
defaults:
run:
working-directory: tf_1
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v1
For more details on path filtering, please refer to the GitHub Actions syntax documentation.
You can use a GitHub action that outputs the directories where the files have changed/modified, for example, this one: Changed-files or even perform the calculation with a shell step using git diff.
If you use the GHA suggested you can set the input dir_names to true, which would output unique changed directories instead of filenames, based on the results of that you can change the directory to run your Terraform operations.
Here is the solution to run multiple jobs based on number of directories that have been update.
In the below snippet you can see directories job which will check which directories have been updated, later it output an array or switch which is then used in matrix strategy for terraform job.
jobs:
directories:
name: "Directory-changes"
runs-on: ubuntu-latest
steps:
- uses: theappnest/terraform-monorepo-action#master
id: directories
with:
ignore: |
aws/**/policies
aws/**/templates
aws/**/scripts
- run: echo ${{ steps.directories.outputs.modules }}
outputs:
dirs: ${{ steps.directories.outputs.modules }}
terraform:
name: "Terraform"
runs-on: ubuntu-latest
needs: directories
strategy:
matrix:
directories: ${{ fromJson(needs.directories.outputs.dirs) }}
defaults:
run:
working-directory: ${{ matrix.directories }}
steps:
- name: Checkout
uses: actions/checkout#v3
- name: Setup Terraform
uses: hashicorp/setup-terraform#v2
with:
cli_config_credentials_token: ${{ secrets.TF_CLOUD_TEAM_API_TOKEN_PREPROD }}
- name: Terraform Format
id: fmt
run: terraform fmt -check
- name: Terraform Init
id: init
run: terraform init
- name: Terraform Validate
id: validate
run: terraform validate -no-color
- name: Terraform Plan
id: plan
if: github.event_name == 'pull_request'
run: terraform plan -no-color -input=false
continue-on-error: true
I have to do the following, every time a commit is done (so it can also be done by editing the file from the browser on Github), a Github action is called.
The Github action has to do the following:
Run the command found in the package.json or just run the ncc build command
What such a thing:
"build": "ncc build"
To then commit the build files.
After committing with the push, the 4 Github action test must be run.
How do you advise me to do?
I thought of such a thing:
on:
push:
branches:
- master
name: Build
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
name: Check out current commit
- name: Install
run: npm install
- name: Build
run: npm run build
- name: Commit
run: |
git config --local user.email "41898282+github-actions[bot]#users.noreply.github.com"
git config --local user.name "github-actions[bot]"
git add .
git commit -m "Build" -a
- name: Push
uses: ad-m/github-push-action#master
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
branch: ${{ github.ref }}
At the moment the test is like this for example, how can I do?
Test.yml
on:
push:
branches:
- master
name: "Testing"
jobs:
test_the_action:
name: Test the action
runs-on: ubuntu-18.04
steps:
- uses: actions/checkout#v2
- uses: suisei-cn/actions-download-file#master
id: downloadfile
name: Download a file
with:
url: "[API Endpoint](https://api.github.com/repos/suisei-cn/actions-download-file)"
target: public/
auto-match: true
- name: Display the file
run: head -n8 public/actions-download-file
There are two options. You can add jobs for each test in your main yml with the needs keyword or call your test yml with the workflow run event as trigger.
Option 1 with needs keyword:
on:
push:
branches:
- master
name: Build
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- <your-build-steps>
test1:
name: Test
runs-on: ubuntu-latest
needs: build
steps:
- <your-test-steps>
Option 2 with workflow run as trigger:
on:
workflow_run:
workflows: ["<name-of-your-main-workflow>"]
types:
- completed
name: "Testing"
jobs:
test_the_action:
This option works only on default branch.
I am trying to deploy to AWS using Github actions. The only problem is, that I have a main repo and frontend and backend submodules inside it.
This is the script I am using for deploy:
name: Deploy
on:
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout source code
uses: actions/checkout#v2
- name: Generate deployment package
run: git submodule update --init --recursive
run: zip -r deploy.zip . -x '*.git*'
- name: Get timestamp
uses: gerred/actions/current-time#master
id: current-time
- name: Run string replace
uses: frabert/replace-string-action#master
id: format-time
with:
pattern: '[:\.]+'
string: "${{ steps.current-time.outputs.time }}"
replace-with: '-'
flags: 'g'
- name: Deploy to EB
uses: einaregilsson/beanstalk-deploy#v18
with:
aws_access_key: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_key: ${{ secrets.AWS_SECRET_KEY }}
application_name: test-stage
environment_name: Testenv-env
version_label: "${{ steps.format-time.outputs.replaced }}"
region: eu-center-1
deployment_package: deploy.zip
The problem is while it is creating a zip. It does not include submodules. Without submodules the project almost contains nothing. Is it possible somehow to iclude them? Or do you have any better solutions for this?
Consulting the actions/checkout documentation, there is a submodules argument (default value false) that controls whether the checkout includes submodules. So, you likely want
steps:
- name: Checkout source code
uses: actions/checkout#v2
with:
submodules: true