Scan All Demo Apps #6
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Orchestrating workflow: Scan all demo apps in parallel | |
| # Manually triggered - dispatches a11y-scan workflows in sibling repos | |
| # so SARIF results appear in each repo's own Code Scanning alerts | |
| name: Scan All Demo Apps | |
| on: | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| jobs: | |
| scan: | |
| name: Scan ${{ matrix.repo }} | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| strategy: | |
| fail-fast: false | |
| max-parallel: 5 | |
| matrix: | |
| include: | |
| - repo: a11y-demo-app-001 | |
| - repo: a11y-demo-app-002 | |
| - repo: a11y-demo-app-003 | |
| - repo: a11y-demo-app-004 | |
| - repo: a11y-demo-app-005 | |
| steps: | |
| - name: Dispatch a11y-scan workflow in ${{ matrix.repo }} | |
| env: | |
| GH_TOKEN: ${{ secrets.DISPATCH_PAT }} | |
| run: | | |
| BEFORE=$(date -u +%Y-%m-%dT%H:%M:%SZ) | |
| echo "before=$BEFORE" >> "$GITHUB_ENV" | |
| echo "Dispatching a11y-scan workflow for ${{ matrix.repo }} (after $BEFORE)..." | |
| gh workflow run a11y-scan.yml \ | |
| --repo devopsabcs-engineering/${{ matrix.repo }} \ | |
| --ref main | |
| echo "Dispatch sent to ${{ matrix.repo }}" | |
| - name: Wait for workflow run to appear | |
| env: | |
| GH_TOKEN: ${{ secrets.DISPATCH_PAT }} | |
| run: | | |
| echo "Waiting for a11y-scan run created after ${{ env.before }}..." | |
| for i in $(seq 1 30); do | |
| RUN_ID=$(gh run list \ | |
| --repo devopsabcs-engineering/${{ matrix.repo }} \ | |
| --workflow a11y-scan.yml \ | |
| --json databaseId,createdAt,event \ | |
| --jq "[.[] | select(.createdAt >= \"${{ env.before }}\" and .event == \"workflow_dispatch\")] | .[0].databaseId") | |
| if [ -n "$RUN_ID" ] && [ "$RUN_ID" != "null" ]; then | |
| echo "Found workflow run: $RUN_ID" | |
| echo "run_id=$RUN_ID" >> "$GITHUB_ENV" | |
| exit 0 | |
| fi | |
| echo "Attempt $i: run not found yet, waiting 10s..." | |
| sleep 10 | |
| done | |
| echo "::error::Timed out waiting for a11y-scan run to appear in ${{ matrix.repo }}" | |
| exit 1 | |
| - name: Wait for workflow to complete | |
| env: | |
| GH_TOKEN: ${{ secrets.DISPATCH_PAT }} | |
| run: | | |
| echo "Watching a11y-scan run ${{ env.run_id }} in ${{ matrix.repo }}..." | |
| gh run watch ${{ env.run_id }} \ | |
| --repo devopsabcs-engineering/${{ matrix.repo }} \ | |
| --exit-status | |
| echo "${{ matrix.repo }} scan completed successfully" |