forked from yonatanp-jfrog/bookverse-demo-init
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathgithub-workflow-integration-example.yml
More file actions
318 lines (279 loc) · 12.5 KB
/
github-workflow-integration-example.yml
File metadata and controls
318 lines (279 loc) · 12.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
# =============================================================================
# BookVerse Platform - Enhanced CI/CD Workflow with Comprehensive Reporting
# =============================================================================
#
# This workflow demonstrates how to integrate the enhanced summary and promotion
# failure handling scripts to provide accurate, actionable CI/CD reporting.
#
# Key Features:
# ✅ Accurate job status reporting (fixes false success indicators)
# ✅ Stage lifecycle tracking (shows progression: Unassigned → DEV → QA → etc.)
# ✅ Real artifact information (fixes N/A values)
# ✅ Contextual infrastructure info (only when relevant)
# ✅ Detailed promotion failure analysis (policy-specific guidance)
#
# Authors: BookVerse Platform Team
# Version: 1.0.0
# =============================================================================
name: Enhanced CI/CD with Comprehensive Reporting
on:
workflow_dispatch:
inputs:
force_app_version:
description: 'Force application version creation'
required: false
default: 'false'
type: boolean
target_stage:
description: 'Target stage for promotion'
required: false
default: '${{ vars.PROJECT_KEY }}-QA'
type: choice
options:
- '${{ vars.PROJECT_KEY }}-QA'
- '${{ vars.PROJECT_KEY }}-STAGING'
- 'PROD'
push:
branches: [main]
pull_request:
branches: [main]
jobs:
# Job 1: Code Analysis (Demo-Optimized)
analyze-commit:
name: "Demo: Analyze Commit (Demo-Optimized)"
runs-on: ubuntu-latest
outputs:
should_create_version: ${{ steps.analyze.outputs.should_create_version }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Analyze Commit for Version Creation
id: analyze
run: |
# Demo logic for version creation decision
if [[ "${{ github.event_name }}" == "workflow_dispatch" && "${{ inputs.force_app_version }}" == "true" ]]; then
echo "should_create_version=true" >> $GITHUB_OUTPUT
echo "✅ Version creation forced via workflow dispatch"
elif [[ "${{ github.event_name }}" == "push" && "${{ github.ref }}" == "refs/heads/main" ]]; then
echo "should_create_version=true" >> $GITHUB_OUTPUT
echo "✅ Version creation enabled for main branch push"
else
echo "should_create_version=false" >> $GITHUB_OUTPUT
echo "ℹ️ Version creation skipped (build-info only)"
fi
# Job 2: Build, Test, and Publish (Always Runs)
build-test-publish:
name: "Build & Test (Always Runs)"
runs-on: ubuntu-latest
outputs:
app_version: ${{ steps.version.outputs.app_version }}
docker_tag: ${{ steps.version.outputs.docker_tag }}
coverage_percent: ${{ steps.test.outputs.coverage_percent }}
current_stage: ${{ steps.stage.outputs.current_stage }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: Setup JFrog CLI
uses: jfrog/setup-jfrog-cli@v4
env:
JF_URL: ${{ vars.JFROG_URL }}
with:
oidc-provider-name: ${{ vars.OIDC_PROVIDER_NAME }}
- name: Generate Version Information
id: version
run: |
# Generate semantic version
APP_VERSION="2.7.$(( ${{ github.run_number }} + 24 ))"
DOCKER_TAG="1.5.$(( ${{ github.run_number }} + 25 ))"
echo "app_version=$APP_VERSION" >> $GITHUB_OUTPUT
echo "docker_tag=$DOCKER_TAG" >> $GITHUB_OUTPUT
echo "APP_VERSION=$APP_VERSION" >> $GITHUB_ENV
echo "IMAGE_TAG=$DOCKER_TAG" >> $GITHUB_ENV
echo "✅ Generated versions: App=$APP_VERSION, Docker=$DOCKER_TAG"
- name: Run Tests with Coverage
id: test
run: |
# Simulated test execution with coverage
echo "🧪 Running comprehensive test suite..."
# Simulate test results
COVERAGE_PERCENT="85.0"
echo "coverage_percent=$COVERAGE_PERCENT" >> $GITHUB_OUTPUT
echo "COVERAGE_PERCENT=$COVERAGE_PERCENT" >> $GITHUB_ENV
echo "📊 Test Coverage: $COVERAGE_PERCENT%"
- name: Determine Current Stage
id: stage
run: |
# Determine current application stage
CURRENT_STAGE="${{ vars.PROJECT_KEY }}-DEV"
echo "current_stage=$CURRENT_STAGE" >> $GITHUB_OUTPUT
echo "CURRENT_STAGE=$CURRENT_STAGE" >> $GITHUB_ENV
echo "📍 Current Stage: $CURRENT_STAGE"
- name: Build Docker Image
run: |
echo "🐳 Building Docker image: inventory:${{ env.IMAGE_TAG }}"
# Docker build simulation
echo "✅ Docker image built successfully"
- name: Publish Build Info
run: |
echo "📋 Publishing build information to JFrog"
# Build info publication
echo "BUILD_INFO_PUBLISH_STATUS=SUCCESS" >> $GITHUB_ENV
echo "✅ Build info published successfully"
# Job 3: Create Application Version & Promote (Conditional)
create-promote:
name: "Create Application Version & Promote (Conditional)"
runs-on: ubuntu-latest
needs: [analyze-commit, build-test-publish]
if: needs.analyze-commit.outputs.should_create_version == 'true'
outputs:
promotion_status: ${{ steps.promote.outputs.status }}
failure_json: ${{ steps.promote.outputs.failure_json }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Checkout Enhanced Scripts
uses: actions/checkout@v4
with:
repository: 'your-org/bookverse-demo-init' # Replace with actual repo
path: 'enhanced-scripts'
- name: Setup JFrog CLI
uses: jfrog/setup-jfrog-cli@v4
env:
JF_URL: ${{ vars.JFROG_URL }}
with:
oidc-provider-name: ${{ vars.OIDC_PROVIDER_NAME }}
- name: Create Application Version
run: |
echo "📦 Creating application version: ${{ needs.build-test-publish.outputs.app_version }}"
# Application version creation logic
echo "✅ Application version created successfully"
- name: Promote to DEV Stage
run: |
echo "🚀 Promoting to DEV stage"
echo "✅ Successfully promoted to DEV"
- name: Promote to Target Stage
id: promote
run: |
TARGET_STAGE="${{ inputs.target_stage || format('{0}-QA', vars.PROJECT_KEY) }}"
echo "🚀 Attempting promotion to: $TARGET_STAGE"
# Simulate promotion failure with policy violations
# This represents the actual AppTrust API call that failed
FAILURE_JSON='{
"application_key": "${{ vars.PROJECT_KEY }}-inventory",
"version": "${{ needs.build-test-publish.outputs.app_version }}",
"source_stage": "${{ needs.build-test-publish.outputs.current_stage }}",
"target_stage": "'$TARGET_STAGE'",
"promotion_type": "move",
"status": "failed",
"message": "move promotion from '\''${{ needs.build-test-publish.outputs.current_stage }}'\'' to '\''$TARGET_STAGE'\'' failed due to policy violations.",
"evaluations": {
"exit_gate": {
"stage": "${{ needs.build-test-publish.outputs.current_stage }}",
"eval_id": "1970842971956858881",
"decision": "warn",
"explanation": "PR Merge policy {evaluation} failed due to violated policies: [${{ vars.PROJECT_KEY }} DEV Exit - Smoke Test Required]."
},
"entry_gate": {
"stage": "'$TARGET_STAGE'",
"eval_id": "1970842974630850561",
"decision": "warn",
"explanation": "PR Merge policy {evaluation} failed due to violated policies: [${{ vars.PROJECT_KEY }} QA Entry Gate - Evidence Required], [${{ vars.PROJECT_KEY }} QA Entry Gate - SBOM Required], [${{ vars.PROJECT_KEY }} QA Entry - Custom Integration Tests]."
}
}
}'
echo "failure_json=$FAILURE_JSON" >> $GITHUB_OUTPUT
echo "status=failed" >> $GITHUB_OUTPUT
echo "❌ Promotion to $TARGET_STAGE failed due to policy violations"
echo "$FAILURE_JSON"
exit 1
# Enhanced Summary Generation (Always Runs)
generate-comprehensive-summary:
name: "📊 Generate Comprehensive Summary"
runs-on: ubuntu-latest
needs: [analyze-commit, build-test-publish, create-promote]
if: always() # Always run, regardless of previous job outcomes
steps:
- name: Checkout Enhanced Scripts
uses: actions/checkout@v4
with:
repository: 'your-org/bookverse-demo-init' # Replace with actual repo
path: 'scripts'
- name: Setup Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: Generate Enhanced CI/CD Summary
run: |
# Set up environment variables from job outputs
export SERVICE_NAME="inventory"
export APP_VERSION="${{ needs.build-test-publish.outputs.app_version || 'N/A' }}"
export BUILD_NAME="${{ vars.PROJECT_KEY }}-inventory_CI"
export BUILD_NUMBER="${{ github.run_number }}"
export GITHUB_SHA="${{ github.sha }}"
export GITHUB_REF_NAME="${{ github.ref_name }}"
# Map job conclusions to our status format
export JOB_1_STATUS="${{ needs.analyze-commit.result }}"
export JOB_2_STATUS="${{ needs.build-test-publish.result }}"
export JOB_3_STATUS="${{ needs.create-promote.result }}"
# Stage and promotion information
export CURRENT_STAGE="${{ needs.build-test-publish.outputs.current_stage || format('{0}-DEV', vars.PROJECT_KEY) }}"
export TARGET_STAGE="${{ inputs.target_stage || format('{0}-QA', vars.PROJECT_KEY) }}"
# Promotion failure detection
if [[ "${{ needs.create-promote.result }}" == "failure" ]]; then
export PROMOTION_FAILED="true"
export FAILURE_DATA='${{ needs.create-promote.outputs.failure_json }}'
else
export PROMOTION_FAILED="false"
fi
# Artifact information
export IMAGE_TAG="${{ needs.build-test-publish.outputs.docker_tag }}"
export COVERAGE_PERCENT="${{ needs.build-test-publish.outputs.coverage_percent }}"
export BUILD_INFO_PUBLISH_STATUS="SUCCESS"
# Generate comprehensive summary
chmod +x scripts/scripts/integrated_workflow_summary.sh
VERBOSE=1 scripts/scripts/integrated_workflow_summary.sh
env:
GITHUB_STEP_SUMMARY: ${{ github.step_summary }}
- name: Upload Summary Artifact
uses: actions/upload-artifact@v4
if: always()
with:
name: workflow-summary
path: |
${{ github.step_summary }}
retention-days: 30
# =============================================================================
# Usage Instructions:
# =============================================================================
#
# 1. Replace 'your-org/bookverse-demo-init' with your actual repository
# 2. Ensure the enhanced scripts are available in your repository
# 3. Configure the following repository variables:
# - JFROG_URL: Your JFrog platform URL
# - OIDC_PROVIDER_NAME: Your OIDC provider name
#
# 4. The workflow will automatically:
# - Generate accurate job status reports
# - Show stage lifecycle progression
# - Display real artifact information
# - Provide detailed promotion failure analysis
# - Create actionable remediation guidance
#
# 5. When promotion fails, developers will see:
# - Specific policy violations
# - Required evidence types
# - Step-by-step remediation actions
# - Documentation links
# - Support contact information
#
# 6. The summary addresses all reported issues:
# ✅ Job 3 status shows FAILED instead of Completed when promotion fails
# ✅ Lifecycle path shows: Unassigned → DEV → 🚫 QA → STAGING → PROD
# ✅ Docker image shows: inventory:1.5.26 instead of N/A
# ✅ Infrastructure components explained contextually
# ✅ Promotion failure details with policy-specific guidance
# =============================================================================