Skip to content
.github/workflows/stage-3-build.yaml

CCM-14499: Pinning all GitHub Actions to SHAs #2

Sign in to view logs

CCM-14499: Pinning all GitHub Actions to SHAs

CCM-14499: Pinning all GitHub Actions to SHAs #2

Workflow file for this run

.github/workflows/stage-3-build.yaml at cfadb7e
name: "Build stage"

Check failure on line 1 in .github/workflows/stage-3-build.yaml

View workflow run for this annotation

GitHub Actions / .github/workflows/stage-3-build.yaml

Invalid workflow file 

(Line: 56, Col: 9): 'uses' is already defined, (Line: 73, Col: 9): 'uses' is already defined, (Line: 89, Col: 9): 'uses' is already defined, (Line: 105, Col: 9): 'uses' is already defined, (Line: 174, Col: 9): 'uses' is already defined
on:
workflow_call:
inputs:
build_datetime:
description: "Build datetime, set by the CI/CD pipeline workflow"
required: true
type: string
build_timestamp:
description: "Build timestamp, set by the CI/CD pipeline workflow"
required: true
type: string
build_epoch:
description: "Build epoch, set by the CI/CD pipeline workflow"
required: true
type: string
nodejs_version:
description: "Node.js version, set by the CI/CD pipeline workflow"
required: true
type: string
python_version:
description: "Python version, set by the CI/CD pipeline workflow"
required: true
type: string
terraform_version:
description: "Terraform version, set by the CI/CD pipeline workflow"
required: true
type: string
version:
description: "Version of the software, set by the CI/CD pipeline workflow"
required: true
type: string
pr_number:
description: "PR Number if it exists"
required: false
type: string
deploy_proxy:
description: "True if the APIM proxy should be deployed"
required: true
type: string
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
packages: read # This is required for downloading from GitHub Package Registry
jobs:
artefact-jekyll-docs:
name: "Build Docs"
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: "Checkout code"
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 - name: "Build docs"
uses: ./.github/actions/build-docs
with:
version: "${{ inputs.version }}"
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
artefact-oas-spec:
name: "Build OAS spec (${{ matrix.apimEnv }})"
if: (github.event_name == 'push' && github.ref == 'refs/heads/main')
runs-on: ubuntu-latest
needs: [artefact-jekyll-docs]
timeout-minutes: 10
strategy:
matrix:
apimEnv: [internal-dev-pr, internal-dev, int, ref, prod]
steps:
- name: "Checkout code"
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 - name: "Build OAS spec"
uses: ./.github/actions/build-oas-spec
with:
version: "${{ inputs.version }}"
apimEnv: "${{ matrix.apimEnv }}"
buildSandbox: false
nodejs_version: ${{ inputs.nodejs_version }}
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
artefact-oas-spec-sandbox:
name: "Build OAS spec for sandbox"
runs-on: ubuntu-latest
needs: [artefact-jekyll-docs]
timeout-minutes: 10
steps:
- name: "Checkout code"
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 - name: "Build proxies"
uses: ./.github/actions/build-oas-spec
with:
version: "${{ inputs.version }}"
apimEnv: "internal-dev-sandbox"
buildSandbox: true
nodejs_version: ${{ inputs.nodejs_version }}
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
artefact-sdks:
name: "Build SDKs"
runs-on: ubuntu-latest
needs: [artefact-oas-spec]
timeout-minutes: 10
steps:
- name: "Checkout code"
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 - name: "Build sdks"
uses: ./.github/actions/build-sdk
with:
version: "${{ inputs.version }}"
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Take out for now - might add again in the future
# artefact-servers:
# name: "Build servers"
# runs-on: ubuntu-latest
# timeout-minutes: 10
# steps:
# - name: "Checkout code"
# uses: actions/checkout@v5
# - name: "Build servers"
# uses: ./.github/actions/build-server
# with:
# version: "${{ inputs.version }}"
# artefact-libs:
# name: "Build libs"
# runs-on: ubuntu-latest
# timeout-minutes: 10
# steps:
# - name: "Checkout code"
# uses: actions/checkout@v5
# - name: "Build servers"
# uses: ./.github/actions/build-libraries
# with:
# version: "${{ inputs.version }}"
pr-create-dynamic-environment:
name: Create Dynamic Environment
runs-on: ubuntu-latest
outputs:
environment_name: ${{ steps.set-environment.outputs.environment_name }}
steps:
- uses: actions/checkout@v5
- name: Set environment name
id: set-environment
run: echo "environment_name=${{ inputs.pr_number != '' && format('pr{0}', inputs.pr_number) || 'main' }}" >> $GITHUB_OUTPUT
- name: Trigger dynamic environment creation
env:
APP_CLIENT_ID: ${{ secrets.APP_CLIENT_ID }}
APP_PEM_FILE: ${{ secrets.APP_PEM_FILE }}
PR_NUMBER: ${{ inputs.pr_number }}
shell: bash
run: |
.github/scripts/dispatch_internal_repo_workflow.sh \
--infraRepoName "$(echo ${{ github.repository }} | cut -d'/' -f2)" \
--releaseVersion ${{ github.head_ref || github.ref_name }} \
--targetWorkflow "dispatch-deploy-dynamic-env.yaml" \
--targetEnvironment "${{ steps.set-environment.outputs.environment_name }}" \
--targetComponent "api" \
--targetAccountGroup "nhs-notify-supplier-api-dev" \
--terraformAction "apply" \
--overrideProjectName "nhs" \
--overrideRoleName "nhs-main-acct-supplier-api-github-deploy"
artefact-proxies:
name: "Build proxies"
runs-on: ubuntu-latest
if: inputs.deploy_proxy == 'true'
needs: [artefact-oas-spec-sandbox, pr-create-dynamic-environment]
timeout-minutes: 10
env:
PROXYGEN_API_NAME: nhs-notify-supplier
APP_CLIENT_ID: ${{ secrets.APP_CLIENT_ID }}
APP_PEM_FILE: ${{ secrets.APP_PEM_FILE }}
steps:
- name: "Checkout code"
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 - name: "Build proxies"
uses: ./.github/actions/build-proxies
with:
version: "${{ inputs.version }}"
environment: ${{ needs.pr-create-dynamic-environment.outputs.environment_name }}
apimEnv: "internal-dev-sandbox"
runId: "${{ github.run_id }}"
buildSandbox: true
releaseVersion: ${{ github.head_ref || github.ref_name }}