Unlink build and release workflows from internal distribution process (…

…#261) * Unlink build and release workflows from internal distribution process * Adjust workflows to support library specific processes
pleo-io · Jul 9, 2024 · bbe2bfe · bbe2bfe
1 parent d207f2d
commit bbe2bfe
Show file tree

Hide file tree

Showing 3 changed files with 0 additions and 226 deletions.
diff --git a/.github/templates.yaml b/.github/templates.yaml
@@ -1,16 +1,11 @@
 version: v34.10.1
 
 files:
-  - .github/workflows/build-and-test.yaml
   - .github/workflows/codeql-analysis.yaml
   - .github/workflows/pr-help.yaml
-  - .github/workflows/release.yaml
   - .github/workflows/renovate_dependency_management.yaml
   - .autorc.json
   - .github/.kodiak.toml
 
 values:
-  sendOpsLevelDeployNotifications: true
-  deploymentEnabled: false
-  runWizCliDepsScan: false
   renovateCronjobSchedule: '25 6 * * 1-5' # This is UTC -> At 07:25 CET / 08:25 CEST on every day-of-week from Monday through Friday.
diff --git a/.github/workflows/build-and-test.yaml b/.github/workflows/build-and-test.yaml
@@ -138,24 +138,6 @@ jobs:
           check_name: Unit Tests report
           report_paths: "**/build/test-results/test/TEST-*.xml"
 
-      # Run Detekt
-      - name: Run Detekt
-        continue-on-error: true
-        if: ${{ github.ref == 'refs/heads/main' }}
-        run: ./gradlew detekt --stacktrace
-        env:
-          GITHUB_TOKEN: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }}
-          GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }}
-          JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }}
-
-      # Publish Detekt results to GitHub.
-      - name: Publish Detekt SARIF report to GitHub
-        continue-on-error: true
-        if: ${{ github.ref == 'refs/heads/main' }}
-        uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3
-        with:
-          sarif_file: build/reports/detekt/detekt.sarif
-
       - name: Trigger release
         if: ${{ github.ref == 'refs/heads/main' }}
         uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -20,12 +20,7 @@ env:
   publishNodeOpenAPIClient: true
   publishTypeScriptFrontendModels: false
   publishAdditionalProjects: false
-  deploymentEnabled: false
-  environmentTenant: product
-  productionDeploymentEnabled: true
   generateChangelogUpdate: true
-  forceReleaseOpenAPIDocument: 
-  RUN_WIZCLI_CONTAINER_SCAN: true
 
 jobs:
   determine-version:
@@ -414,201 +409,3 @@ jobs:
           SLACK_USERNAME: GitHub Actions
           SLACK_ICON_EMOJI: ":crashingrocket:"
           SLACK_FOOTER: ""
-
-  publish-docker-image:
-    name: Publish Docker image
-    runs-on: ubuntu-latest-8-cores
-    permissions:
-      id-token: write
-      contents: read
-    timeout-minutes: 30
-    steps:
-      # Checkout the code to publish.
-      - name: Checkout code
-        if: env.deploymentEnabled == 'true'
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4
-        with:
-          fetch-depth: 0
-          ref: main
-
-      # Setup a JDK environment for running Gradle publishing tasks.
-      - name: Setup JDK 17
-        if: env.deploymentEnabled == 'true'
-        uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
-        with:
-          java-version: 17
-          distribution: temurin
-
-      # Build the project and generate Docker Image
-      - name: Build project (Gradle)
-        if: env.deploymentEnabled == 'true'
-        run: ./gradlew build -x test --stacktrace
-        env:
-          GITHUB_TOKEN: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }}
-          GRADLE_USER: ${{ secrets.GITHUB_ACTOR }}
-          GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }}
-          JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }}
-
-      # Login to DockerHub for fetching and pushing Docker images.
-      - name: Login to DockerHub
-        if: env.deploymentEnabled == 'true'
-        uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
-        with:
-          username: pleodeployments
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      # Setup Buildx for Docker operations.
-      - name: Setup Buildx
-        if: env.deploymentEnabled == 'true'
-        uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3
-
-      # Build Docker image and cache Docker image/layers.
-      - name: Build Docker Image
-        if: env.deploymentEnabled == 'true'
-        uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5
-        with:
-          context: .
-          tags: ${{ github.sha }}
-          load: true
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-          build-args: |
-            github_sha=${{ github.sha }}
-            GRADLE_USER=${{ secrets.GITHUB_ACTOR }}
-            GRADLE_READ_KEY=${{ secrets.GH_REGISTRY_GRADLE_TOKEN }}
-
-      - name: Scan Docker Image with Wiz-CLI
-        if: ${{ env.deploymentEnabled == 'true' && env.RUN_WIZCLI_CONTAINER_SCAN == 'true' }}
-        uses: pleo-io/reusable-actions/wizcli@main
-        id: image_scan
-        with:
-          scan_container: ${{ env.RUN_WIZCLI_CONTAINER_SCAN }}
-          container_tag: ${{ github.sha }}
-          deps_policy: Pleo-Default-vulnerabilities-policy
-          wiz_client_id: ${{ secrets.WIZ_CLIENT_ID }}
-          wiz_client_secret: ${{ secrets.WIZ_CLIENT_SECRET }}
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Configure shared services AWS credentials
-        if: ${{ env.deploymentEnabled == 'true' && steps.image_scan.outcome == 'success' }}
-        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
-        with:
-          role-to-assume: arn:aws:iam::${{vars.AWS_ACCOUNT_ID_SHARED_SERVICES}}:role/github/repository/${{ github.event.repository.name }}-github-actions
-          role-session-name: GitHubActions
-          aws-region: eu-west-1
-          special-characters-workaround: true
-
-      - name: Login to Amazon ECR shared-services
-        if: ${{ env.deploymentEnabled == 'true' && steps.image_scan.outcome == 'success' }}
-        uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
-
-      - name: Push Docker Image to AWS ECR shared services
-        if: ${{ env.deploymentEnabled == 'true' && steps.image_scan.outcome == 'success' }}
-        run: |
-          ecr_repo_url="${{ vars.AWS_ACCOUNT_ID_SHARED_SERVICES }}.dkr.ecr.eu-west-1.amazonaws.com/pleo/${{ github.event.repository.name }}:${{ github.sha }}"
-          docker tag ${{ github.sha }} ${ecr_repo_url}
-          docker push ${ecr_repo_url}
-          docker rmi -f ${ecr_repo_url}
-
-  get-env-variables:
-    name: Prepare env variables
-    outputs:
-      deploymentEnabled: ${{ steps.env-variables.outputs.deploymentEnabled }}
-      environmentTenant: ${{ steps.env-variables.outputs.environmentTenant }}
-    runs-on: ubuntu-latest
-    steps:
-      - name: Set output variables
-        id: env-variables
-        run: |
-          echo "deploymentEnabled=${{ env.deploymentEnabled }}" >> "$GITHUB_OUTPUT"
-          echo "environmentTenant=${{ env.environmentTenant }}" >> "$GITHUB_OUTPUT"
-
-  trigger-deploy-gitops-product-dev:
-    name: Trigger deployment (GitOps)- Update product-dev image
-    concurrency: update-image-tag
-    needs:
-      - publish-docker-image
-      - get-env-variables
-    if: needs.get-env-variables.outputs.deploymentEnabled == 'true' && needs.get-env-variables.outputs.environmentTenant == 'product'
-    uses: pleo-io/reusable-workflows/.github/workflows/update-image-tag.yaml@main
-    with:
-      environment: product-dev
-      image_tag: ${{ github.sha }}
-    secrets:
-      application_id: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_APP_ID }}
-      application_private_key: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_PRIVATE_KEY }}
-
-  trigger-deploy-gitops-product-staging:
-    name: Trigger deployment (GitOps)- Update product-staging image
-    concurrency: update-image-tag
-    needs:
-      - publish-docker-image
-      - get-env-variables
-    if: needs.get-env-variables.outputs.deploymentEnabled == 'true' && needs.get-env-variables.outputs.environmentTenant == 'product'
-    uses: pleo-io/reusable-workflows/.github/workflows/update-image-tag.yaml@main
-    with:
-      environment: product-staging
-      image_tag: ${{ github.sha }}
-    secrets:
-      application_id: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_APP_ID }}
-      application_private_key: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_PRIVATE_KEY }}
-
-  trigger-deploy-gitops-tooling-production:
-    name: Trigger deployment (GitOps)- Update tooling-production image
-    concurrency: update-image-tag
-    needs:
-      - publish-docker-image
-      - get-env-variables
-    if: needs.get-env-variables.outputs.deploymentEnabled == 'true' && needs.get-env-variables.outputs.environmentTenant == 'tooling'
-    uses: pleo-io/reusable-workflows/.github/workflows/update-image-tag.yaml@main
-    with:
-      environment: tooling-production
-      image_tag: ${{ github.sha }}
-    secrets:
-      application_id: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_APP_ID }}
-      application_private_key: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_PRIVATE_KEY }}
-
-  trigger-deploy-gitops-data-integration-dev:
-    name: Trigger deployment (GitOps)- Update data-integration-dev image
-    concurrency: update-image-tag
-    needs:
-      - publish-docker-image
-      - get-env-variables
-    if: needs.get-env-variables.outputs.deploymentEnabled == 'true' && needs.get-env-variables.outputs.environmentTenant == 'data-integration'
-    uses: pleo-io/reusable-workflows/.github/workflows/update-image-tag.yaml@main
-    with:
-      environment: data-integration-dev
-      image_tag: ${{ github.sha }}
-    secrets:
-      application_id: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_APP_ID }}
-      application_private_key: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_PRIVATE_KEY }}
-
-  trigger-deploy-gitops-data-integration-staging:
-    name: Trigger deployment (GitOps)- Update data-integration-dev image
-    concurrency: update-image-tag
-    needs:
-      - publish-docker-image
-      - get-env-variables
-    if: needs.get-env-variables.outputs.deploymentEnabled == 'true' && needs.get-env-variables.outputs.environmentTenant == 'data-integration'
-    uses: pleo-io/reusable-workflows/.github/workflows/update-image-tag.yaml@main
-    with:
-      environment: data-integration-staging
-      image_tag: ${{ github.sha }}
-    secrets:
-      application_id: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_APP_ID }}
-      application_private_key: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_PRIVATE_KEY }}
-
-  trigger-deploy-gitops-data-integration-production:
-    name: Trigger deployment (GitOps)- Update data-integration-dev image
-    concurrency: update-image-tag
-    needs:
-      - publish-docker-image
-      - get-env-variables
-    if: needs.get-env-variables.outputs.deploymentEnabled == 'true' && needs.get-env-variables.outputs.environmentTenant == 'data-integration'
-    uses: pleo-io/reusable-workflows/.github/workflows/update-image-tag.yaml@main
-    with:
-      environment: data-integration-production
-      image_tag: ${{ github.sha }}
-    secrets:
-      application_id: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_APP_ID }}
-      application_private_key: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_PRIVATE_KEY }}