fix: corrected format #4
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Smurf Reusable Workflow | |
| on: | |
| workflow_call: | |
| secrets: | |
| docker-username: | |
| description: 'Docker Hub username' | |
| required: false | |
| docker-password: | |
| description: 'Docker Hub token' | |
| required: false | |
| ecr-registry: | |
| description: 'ECR registry URL' | |
| required: false | |
| AWS_ACCESS_KEY_ID: | |
| required: false | |
| description: 'AWS Access Key ID for direct authentication' | |
| AWS_SECRET_ACCESS_KEY: | |
| required: false | |
| description: 'AWS Secret Access Key for direct authentication' | |
| AWS_SESSION_TOKEN: | |
| required: false | |
| description: 'AWS Session Token for direct authentication' | |
| AZURE_CREDENTIALS: | |
| required: false | |
| description: 'Azure credentials for authentication' | |
| GCP_CREDENTIALS: | |
| required: false | |
| description: 'GCP credentials JSON for authentication' | |
| DIGITALOCEAN_ACCESS_TOKEN: | |
| required: false | |
| description: 'DigitalOcean Personal Access Token' | |
| WORKLOAD_IDENTITY_PROVIDER: | |
| required: false | |
| description: 'GCP Workload Identity Provider identifier' | |
| SERVICE_ACCOUNT: | |
| required: false | |
| description: 'GCP Service Account to use' | |
| DOCKERHUB_USERNAME: | |
| required: false | |
| description: 'Dockerhub Username' | |
| DOCKERHUB_USERNAME: | |
| required: false | |
| description: 'Dockerhub Username' | |
| DOCKERHUB_PASSWORD: | |
| required: false | |
| description: 'Dockerhub Password' | |
| env-vars: | |
| required: false | |
| description: 'Additional environment variables in JSON format' | |
| inputs: | |
| tool: | |
| description: 'Tool to run (selm, stf or sdkr)' | |
| type: string | |
| required: true | |
| command: | |
| description: 'Command to run with tool' | |
| type: string | |
| required: false | |
| branch: | |
| description: 'Branch to checkout' | |
| type: string | |
| default: 'master' | |
| aws-role: | |
| description: 'AWS IAM role ARN to assume' | |
| type: string | |
| required: false | |
| aws-region: | |
| description: 'AWS region' | |
| type: string | |
| default: 'us-east-1' | |
| provider: | |
| description: 'Cloud provider (aws, azure, gcp, digitalocean)' | |
| type: string | |
| required: false | |
| default: 'aws' | |
| aws_auth_method: | |
| description: 'AWS Auth method to use' | |
| type: string | |
| required: false | |
| # Common workspace inputs | |
| working-directory: | |
| description: 'Working directory for command execution' | |
| type: string | |
| required: false | |
| default: '.' | |
| # Helm-specific inputs | |
| eks-cluster: | |
| description: 'EKS cluster name' | |
| type: string | |
| required: false | |
| ecr-repository: | |
| description: 'ECR repository URL' | |
| type: string | |
| required: false | |
| dockerfile-path: | |
| description: 'Path to Dockerfile' | |
| type: string | |
| required: false | |
| helm-values-path: | |
| description: 'Path to Helm values file' | |
| type: string | |
| required: false | |
| helm-chart-path: | |
| description: 'Path to Helm chart' | |
| type: string | |
| required: false | |
| namespace: | |
| description: 'Kubernetes namespace' | |
| type: string | |
| required: false | |
| default: 'testing-smurf' | |
| timeout: | |
| description: 'Timeout in seconds' | |
| type: number | |
| default: 30 | |
| # Docker-specific inputs | |
| image-name: | |
| description: 'Docker image name' | |
| type: string | |
| required: false | |
| image-tag: | |
| description: 'Docker image tag' | |
| type: string | |
| required: false | |
| image-tar: | |
| description: 'Docker image tar' | |
| type: string | |
| required: false | |
| registry-type: | |
| description: 'Container registry type (docker or ecr)' | |
| type: string | |
| required: false | |
| build-path: | |
| description: 'Path to build context' | |
| type: string | |
| required: false | |
| default: '.' | |
| # Terraform-specific inputs | |
| var-file: | |
| description: 'Terraform var file path' | |
| type: string | |
| required: false | |
| destroy: | |
| description: 'Set to true to destroy infrastructure' | |
| type: boolean | |
| required: false | |
| default: false | |
| approvers: | |
| description: 'Comma-separated list of approvers' | |
| type: string | |
| required: false | |
| terraform-version: | |
| description: 'Terraform version to use' | |
| type: string | |
| required: false | |
| default: '1.3.6' | |
| minimum-approvals: | |
| description: 'Minimum approvals required' | |
| type: string | |
| required: false | |
| default: '1' | |
| token-format: | |
| description: 'Token format (access_token or id_token)' | |
| type: string | |
| required: false | |
| default: 'access_token' | |
| access-token-lifetime: | |
| description: 'Access token lifetime in seconds' | |
| type: string | |
| required: false | |
| default: '300s' | |
| gcp-project-id: | |
| description: 'GCP Project ID' | |
| type: string | |
| required: false | |
| gcp-region: | |
| description: 'GCP region' | |
| type: string | |
| required: false | |
| create-credentials-file: | |
| description: 'Create GCP credentials file' | |
| type: string | |
| required: false | |
| default: 'true' | |
| use-gcp-credentials: | |
| description: 'Set to true if GCP credentials are provided' | |
| type: boolean | |
| required: false | |
| default: false | |
| jobs: | |
| smurf-helm: | |
| if: inputs.tool == 'selm' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Check out repo | |
| uses: actions/[email protected] | |
| with: | |
| ref: ${{ inputs.branch }} | |
| - name: Configure AWS credentials with OIDC | |
| if: inputs.aws_auth_method == 'oidc' | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ inputs.aws-role }} | |
| aws-region: ${{ inputs.aws-region }} | |
| - name: Configure AWS credentials with access keys | |
| if: inputs.aws_auth_method == 'keys' | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_SESSION_TOKEN: ${{ secrets.AWS_SESSION_TOKEN }} | |
| AWS_REGION: ${{ inputs.aws-region }} | |
| run: | | |
| aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID | |
| aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY | |
| if [[ -n "$AWS_SESSION_TOKEN" ]]; then | |
| aws configure set aws_session_token $AWS_SESSION_TOKEN | |
| fi | |
| aws configure set region $AWS_REGION | |
| - name: Set environment variables | |
| run: | | |
| echo "AWS_DEFAULT_REGION=${{ inputs.aws-region }}" >> $GITHUB_ENV | |
| echo "EKS_CLUSTER_NAME=${{ inputs.eks-cluster }}" >> $GITHUB_ENV | |
| - name: Smurf Helm | |
| uses: clouddrove/[email protected] | |
| with: | |
| tool: ${{ inputs.tool }} | |
| command: ${{ inputs.command }} | |
| smurf-docker: | |
| if: inputs.tool == 'sdkr' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Checkout code | |
| uses: actions/[email protected] | |
| with: | |
| ref: ${{ inputs.branch }} | |
| - name: Configure AWS credentials with OIDC | |
| if: inputs.aws_auth_method == 'oidc' | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ inputs.aws-role }} | |
| aws-region: ${{ inputs.aws-region }} | |
| - name: Configure AWS credentials with access keys | |
| if: inputs.aws_auth_method == 'keys' | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_SESSION_TOKEN: ${{ secrets.AWS_SESSION_TOKEN }} | |
| AWS_REGION: ${{ inputs.aws-region }} | |
| run: | | |
| aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID | |
| aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY | |
| if [[ -n "$AWS_SESSION_TOKEN" ]]; then | |
| aws configure set aws_session_token $AWS_SESSION_TOKEN | |
| fi | |
| aws configure set region $AWS_REGION | |
| - name: Set environment variables | |
| run: | | |
| echo "AWS_DEFAULT_REGION=${{ inputs.aws-region }}" >> $GITHUB_ENV | |
| echo "EKS_CLUSTER_NAME=${{ inputs.eks-cluster }}" >> $GITHUB_ENV | |
| - name: Login to Amazon ECR | |
| if: inputs.registry-type == 'ecr' | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - name: Login to Docker Hub | |
| if: inputs.registry-type == 'docker' | |
| run: echo "${{ secrets.docker-password }}" | docker login -u "${{ secrets.docker-username }}" --password-stdin | |
| - name: Smurf Docker | |
| uses: clouddrove/[email protected] | |
| with: | |
| tool: ${{ inputs.tool }} | |
| command: ${{ inputs.command }} | |
| - name: Save Docker Image as Artifact | |
| run: | | |
| docker save ${{ inputs.image-name }}:${{ inputs.image-tag }} -o ${{ inputs.image-tar }} | |
| - name: Upload Docker Image Artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ inputs.image-name }} | |
| path: ${{ inputs.image-tar }} | |
| smurf-docker-scan: | |
| if: inputs.tool == 'sdkr' | |
| runs-on: ubuntu-latest | |
| needs: smurf-docker | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Checkout code | |
| uses: actions/[email protected] | |
| with: | |
| ref: ${{ inputs.branch }} | |
| - name: Download Docker Image Artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ${{ inputs.image-name }} | |
| - name: Load Docker Image | |
| run: | | |
| docker load -i ${{ inputs.image-tar }} | |
| - name: Log into Dockerhub | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: docker.io | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
| - name: Scan Docker Image | |
| uses: docker/scout-action@v1 | |
| with: | |
| command: cves | |
| image: ${{ inputs.image-name }} | |
| smurf-terraform: | |
| if: inputs.tool == 'stf' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/[email protected] | |
| with: | |
| ref: ${{ inputs.branch }} | |
| # Configure cloud provider authentication based on provider type | |
| - name: Configure AWS credentials with OIDC | |
| if: inputs.aws_auth_method == 'oidc' | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ inputs.aws-role }} | |
| aws-region: ${{ inputs.aws-region }} | |
| - name: Configure AWS credentials with access keys | |
| if: inputs.aws_auth_method == 'keys' | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_SESSION_TOKEN: ${{ secrets.AWS_SESSION_TOKEN }} | |
| AWS_REGION: ${{ inputs.aws-region }} | |
| run: | | |
| aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID | |
| aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY | |
| if [[ -n "$AWS_SESSION_TOKEN" ]]; then | |
| aws configure set aws_session_token $AWS_SESSION_TOKEN | |
| fi | |
| aws configure set region $AWS_REGION | |
| echo "AWS_REGION=$AWS_REGION" >> $GITHUB_ENV | |
| - name: Azure Login | |
| if: inputs.provider == 'azure' | |
| uses: azure/login@v1 | |
| with: | |
| creds: ${{ secrets.AZURE_CREDENTIALS }} | |
| - name: GCP Authentication | |
| if: inputs.provider == 'gcp' && inputs.use-gcp-credentials | |
| uses: google-github-actions/auth@v1 | |
| with: | |
| credentials_json: ${{ secrets.GCP_CREDENTIALS }} | |
| service_account: ${{ inputs.SERVICE_ACCOUNT }} | |
| workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }} | |
| token_format: ${{ inputs.token-format }} | |
| access_token_lifetime: ${{ inputs.access-token-lifetime }} | |
| create_credentials_file: ${{ inputs.create-credentials-file == 'true' }} | |
| - name: Set GCP Project | |
| if: inputs.provider == 'gcp' && inputs.gcp-project-id | |
| run: | | |
| gcloud config set project ${{ inputs.gcp-project-id }} | |
| - name: Smurf Terraform | |
| uses: clouddrove/[email protected] | |
| with: | |
| tool: ${{ inputs.tool }} | |
| command: ${{ inputs.command }} |