diff --git a/.github/workflows/cicd-container.yml b/.github/workflows/cicd-container.yml index 7cf91e6..1b118bb 100644 --- a/.github/workflows/cicd-container.yml +++ b/.github/workflows/cicd-container.yml @@ -37,20 +37,20 @@ jobs: IMAGE_BASE="${REGISTRY}/${ORG}/${REPO}" echo "image_base=${IMAGE_BASE}" >> "$GITHUB_OUTPUT" + COMMIT_SHA="${GITHUB_SHA}" + SHORT_SHA="${COMMIT_SHA:0:12}" + echo "commit_sha=${COMMIT_SHA}" >> "$GITHUB_OUTPUT" + echo "commit_sha_short=${SHORT_SHA}" >> "$GITHUB_OUTPUT" + + # Logic to set the primary tag for testing and scanning steps if [ "${GITHUB_EVENT_NAME}" = "pull_request" ]; then PR_NUM="${{ github.event.pull_request.number }}" - PR_TAG="pr-${PR_NUM}-build" - echo "pr_tag=${PR_TAG}" >> "$GITHUB_OUTPUT" - echo "test_image_tag=${PR_TAG}" >> "$GITHUB_OUTPUT" - fi - - if [ "${GITHUB_EVENT_NAME}" = "push" ]; then - COMMIT_SHA="${GITHUB_SHA}" - SHORT_SHA="${COMMIT_SHA:0:12}" - echo "commit_sha=${COMMIT_SHA}" >> "$GITHUB_OUTPUT" - echo "commit_sha_short=${SHORT_SHA}" >> "$GITHUB_OUTPUT" - echo "test_image_tag=${SHORT_SHA}" >> "$GITHUB_OUTPUT" + TEST_TAG="pr-${PR_NUM}-build" + # For manual runs or pushes, use the short commit SHA + else + TEST_TAG="${SHORT_SHA}" fi + echo "test_image_tag=${TEST_TAG}" >> "$GITHUB_OUTPUT" build-and-scan-troute-rnr: name: Build and Scan troute-rnr Container @@ -82,7 +82,7 @@ jobs: codeql-scan: name: CodeQL Scan - if: github.event_name == 'pull_request' || github.event_name == 'push' + if: github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'workflow_dispatch' runs-on: ubuntu-latest permissions: actions: read @@ -94,38 +94,22 @@ jobs: uses: actions/setup-python@v5 with: python-version: ${{ env.PYTHON_VERSION }} - # - name: Install uv - # uses: astral-sh/setup-uv@v5 - # with: - # enable-cache: true - # python-version: ${{ env.PYTHON_VERSION }} - # cache-dependency-glob: "**/uv.lock **/pyproject.toml" - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: languages: python - # Commenting out as binary/wheels are missing - # - name: Install Ingest dependencies - # run: | - # if [ -f "Source/Ingest/pyproject.toml" ]; then - # cd Source/Ingest && uv sync - # fi - # - name: Install troute-rnr dependencies - # run: | - # if [ -f "Source/troute-rnr/pyproject.toml" ]; then - # cd Source/troute-rnr && uv sync - # fi - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 publish-troute-rnr: name: Publish troute-rnr to Registry if: > - github.event_name == 'push' && ( + (github.event_name == 'push' && ( github.ref == 'refs/heads/main' || github.ref == 'refs/heads/development' || startsWith(github.ref, 'refs/tags/v') - ) + )) || + (github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/main') runs-on: ubuntu-latest needs: [setup, build-and-scan-troute-rnr, codeql-scan] steps: diff --git a/terraform/terraform.tfvars b/terraform/terraform.tfvars index c6d7cc2..5031f59 100644 --- a/terraform/terraform.tfvars +++ b/terraform/terraform.tfvars @@ -13,7 +13,7 @@ subnet_name_pattern = "Test-App*" # --- Application Image and Code --- # This would typically be passed in from a CI/CD pipeline -docker_image_uri = "ghcr.io/ngwpc/rnr-aws:main" +docker_image_uri = "ghcr.io/ngwpc/rnr-aws/troute-rnr:latest" lambda_code_bucket_name = "ngwpc-infra-test" #lambda_producer_zip_s3_key = "lambda-zips/data-producer/v1.0.0.zip" #lambda_postproc_zip_s3_key = "lambda-zips/post-processor/v1.0.0.zip"