Merge pull request #72 from PaloAltoNetworks/james/more_actions_pinning #111
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: CI/CD | |
| on: | |
| push: | |
| branches: | |
| - master | |
| - develop | |
| pull_request: | |
| schedule: | |
| - cron: "0 0 1 * *" | |
| jobs: | |
| validate: | |
| name: validate | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out source | |
| uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2 | |
| - name: Set up Terraform | |
| uses: hashicorp/setup-terraform@3d8debd658c92063839bc97da5c2427100420dec # v1.3.2 | |
| - name: Validate configuration | |
| run: | | |
| cd ${GITHUB_WORKSPACE}/configuration | |
| terraform init | |
| terraform validate | |
| terraform fmt -check -recursive | |
| - name: Validate deployment | |
| run: | | |
| cd ${GITHUB_WORKSPACE}/deployment | |
| terraform init | |
| terraform fmt -check -recursive | |
| cd ${GITHUB_WORKSPACE}/deployment/modules | |
| for dir in $(find . -type d -not \( -name ".?*" \) -maxdepth 1 -mindepth 1); | |
| do | |
| echo "Checking module ${dir}..." | |
| cd ${GITHUB_WORKSPACE}/deployment/modules/${dir} | |
| terraform init | |
| terraform validate | |
| done | |
| automerge: | |
| name: Auto-merge | |
| needs: [validate] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Auto-merge pull requests from dependabot (patches only) | |
| uses: ridedott/merge-me-action@69ee1395553255991de65aad0d3174444df0686e # master | |
| with: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GITHUB_LOGIN: dependabot[bot] | |
| PRESET: DEPENDABOT_PATCH | |
| release: | |
| name: release | |
| if: github.event_name == 'push' && github.ref != 'refs/heads/develop' | |
| needs: [validate] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2 | |
| - name: Create release and publish | |
| id: release | |
| uses: cycjimmy/semantic-release-action@5982a02995853159735cb838992248c4f0f16166 # v2 | |
| with: | |
| semantic_version: 17.1.1 | |
| extra_plugins: | | |
| conventional-changelog-conventionalcommits@^4.4.0 | |
| @semantic-release/git@^9.0.0 | |
| @semantic-release/exec@^5.0.0 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| docs: | |
| name: docs | |
| if: github.event_name == 'push' && github.ref != 'refs/heads/develop' | |
| needs: [release] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2 | |
| - name: Set up Python 3.8 | |
| uses: actions/setup-python@f38219332975fe8f9c04cca981d674bf22aea1d3 # v2.3.1 | |
| with: | |
| python-version: 3.8 | |
| - name: Install documentation requirements | |
| run: | | |
| pip install -r docs/requirements.txt | |
| - name: Generate documentation | |
| run: | | |
| cd docs | |
| make html | |
| touch _build/html/.nojekyll | |
| - name: Deploy to GitHub Pages | |
| uses: JamesIves/github-pages-deploy-action@b36f842fa378d7cbf6695fcac86ecdcef3af8af3 # v4.2.3 | |
| with: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| BRANCH: gh-pages # The branch the action should deploy to. | |
| FOLDER: docs/_build/html # The folder the action should deploy. | |
| CLEAN: true # Automatically remove deleted files from the deploy branch |