Merge pull request #180 from noqdev/fix/en-1767-update-github-actions

Update GitHub Actions templates
noqdev · Mar 2, 2023 · 909ef39 · 909ef39
2 parents b92fcf9 + 3b42d0d
commit 909ef39
Show file tree

Hide file tree

Showing 6 changed files with 60 additions and 125 deletions.
diff --git a/iambic/github/templates/iambic-detect.yml b/iambic/github/templates/iambic-detect.yml
@@ -0,0 +1,22 @@
+name: Run Iambic Detect
+on:
+  workflow_dispatch:
+  schedule:
+    - cron:  '*/15 * * * *'
+jobs:
+  iambic-import:
+    runs-on: ubuntu-latest
+    environment: production
+    name: Detect Cloud and Google Environment changes
+    timeout-minutes: 13 # this job is scheduled for every 15 min, setting it to 13 to have some margin
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.ref }}
+      cancel-in-progress: false
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - name: trigger_workflow
+        id: trigger_workflow
+        run: |
+          echo "trigger workflow"
diff --git a/iambic/github/templates/iambic-expire.yml b/iambic/github/templates/iambic-expire.yml
@@ -0,0 +1,25 @@
+name: Run Iambic Expire
+on:
+  workflow_dispatch:
+  schedule:
+    - cron:  '5 * * * *' # every every hour at minute 5
+
+
+jobs:
+  iambic-expire:
+    runs-on: ubuntu-latest
+    environment: production
+    if: github.ref == 'refs/heads/main'
+    name: Check expire resources
+    timeout-minutes: 30 # If periodic expires takes more than 30min to run, we probably have performance issue
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.ref }}
+      cancel-in-progress: false
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - name: trigger_workflow
+        id: trigger_workflow
+        run: |
+          echo "trigger workflow"
diff --git a/iambic/github/templates/iambic-git-apply-via-pr-comments.yml b/iambic/github/templates/iambic-git-apply-via-pr-comments.yml
diff --git a/iambic/github/templates/iambic-git-plan.yml b/iambic/github/templates/iambic-git-plan.yml
diff --git a/iambic/github/templates/iambic-import.yml b/iambic/github/templates/iambic-import.yml
@@ -1,44 +1,22 @@
 name: Run Iambic Import
 on:
+  workflow_dispatch:
   schedule:
-    - cron:  '*/15 * * * *'
+    - cron:  '0 */4 * * *' # import at minute 0 past every 4th hour
 jobs:
   iambic-import:
-    runs-on: self-hosted
+    runs-on: ubuntu-latest
+    environment: production
     name: Import Cloud and Google Environment
+    timeout-minutes: 60 # Setting this to 60 min for now. If this takes longer, it needs better performance improvement
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.ref }}
+      cancel-in-progress: false
     permissions:
       id-token: write
       contents: read
     steps:
-      - uses: actions/checkout@v3
-        with:
-          repository: __TEMPLATE_IAMBIC_REPO
-          token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
-          path: './iambic-templates'
-      - uses: actions/checkout@v3
-        with:
-          repository: noqdev/iambic
-          token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
-          path: './iambic'
-      - name: Configure AWS Credentials
-        if: ${{ !env.ACT }}
-        uses: aws-actions/configure-aws-credentials@v1
-        with:
-          role-to-assume: __TEMPLATE_IAMBIC_ASSUME_ROLE_ARN
-          aws-region: __TEMPLATE_IAMBIC_AWS_REGION
-      - name: Configure AWS Credentials for Local Execution
-        if: ${{ env.ACT }}
+      - name: trigger_workflow
+        id: trigger_workflow
         run: |
-          mkdir ~/.aws
-          echo $CREDS_FILE | base64 -d > ~/.aws/credentials
-      - name: import
-        id: plan
-        env:
-          COMMIT_EMAIL: __TEMPLATE_IAMBIC_COMMIT_EMAIL
-          COMMIT_USERNAME: "Iambic Automation"
-          COMMIT_MESSAGE: "Automatic import"
-        run: |
-          cd ./iambic-templates && git fetch origin && git checkout -b task/auto-baseline-${GITHUB_RUN_ID} origin/main && cd ../
-          docker-compose -f ./iambic/docker-compose-cicd.yaml run -v ~/.ssh/:/root/.ssh/ -v $(pwd)/iambic-templates/:/root/.iambic/repos/ iambic-cicd /bin/bash -c "python -m iambic.lambda.app import --repo-dir /root/.iambic/repos && cat proposed_changes.json > /root/.iambic/repos/proposed_changes.json " 2>&1 | tee plan-output.txt
-          cd ./iambic-templates && git config user.email "${COMMIT_EMAIL}" && git config user.name "${COMMIT_USERNAME}" && git add . && git commit -m "${COMMIT_MESSAGE}" && git push origin HEAD:main
-        continue-on-error: true
+          echo "trigger workflow"
diff --git a/iambic/github/utils.py b/iambic/github/utils.py
@@ -10,10 +10,8 @@ def create_workflow_files(
     repo_dir: str, repo_name: str, commit_email: str, assume_role_arn: str, region: str
 ):
     replacement_val_map = {
-        "__TEMPLATE_IAMBIC_REPO": repo_name,
-        "__TEMPLATE_IAMBIC_COMMIT_EMAIL": commit_email,
-        "__TEMPLATE_IAMBIC_ASSUME_ROLE_ARN": assume_role_arn,
-        "__TEMPLATE_IAMBIC_AWS_REGION": region,
+        # Leave the example here
+        # "__TEMPLATE_IAMBIC_COMMIT_EMAIL": commit_email,
     }
 
     file_paths = glob.glob(f"{os.path.dirname(__file__)}/**/*.yaml", recursive=True)