From d261fac8ad2a51c606bdb27400bf6f0957a130bc Mon Sep 17 00:00:00 2001
From: Ricardo Campos <ricardo.campos@encora.com>
Date: Wed, 24 Aug 2022 13:54:26 -0300
Subject: [PATCH] ci: adjust release and merge main flows (#19)

* ci: adjust release and merge main flows

* ci: fix job needs

* New commit to trigger jobs

* ci: fix env name

* ci: add debug mode to codeql
---
 .github/workflows/merge-main.yml |  1 +
 .github/workflows/pr-close.yml   | 62 +++++++++++++++++++++++++++-----
 .github/workflows/pr-open.yml    | 23 +++++-------
 3 files changed, 64 insertions(+), 22 deletions(-)

diff --git a/.github/workflows/merge-main.yml b/.github/workflows/merge-main.yml
index bafbbc0..2e8a96d 100644
--- a/.github/workflows/merge-main.yml
+++ b/.github/workflows/merge-main.yml
@@ -51,6 +51,7 @@ jobs:
       - name: Initialize
         uses: github/codeql-action/init@v2
         with:
+          debug: true
           languages: java
 
       - name: Set up JDK 17
diff --git a/.github/workflows/pr-close.yml b/.github/workflows/pr-close.yml
index 6f4b132..af19057 100644
--- a/.github/workflows/pr-close.yml
+++ b/.github/workflows/pr-close.yml
@@ -11,8 +11,13 @@ on:
       - "**.yaml"
 
 env:
+  REGISTRY: ghcr.io
   NAME: nrbestapi
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   # Clean up OpenShift when PR closed, no conditions
   cleanup-openshift:
@@ -84,20 +89,61 @@ jobs:
           release_name: ${{ steps.changelog.outputs.tag }}
           body: ${{ steps.changelog.outputs.clean_changelog }}
 
-  # Promote images when PR merged and branch = main
-  promote-images:
-    name: Promote DEV images to TEST
-    runs-on: ubuntu-latest
+  # If merged, then handle any image promotion
+  image-backend:
+    name: Backend Image Promotion
+    outputs:
+      build: ${{ steps.check.outputs.build }}
+    env:
+      COMPONENT: backend
+      PREV: ${{ github.event.number }}
+      ZONE: test
+    environment:
+      name: test
+    runs-on: ubuntu-22.04
     if: github.event.pull_request.merged == true && github.event.pull_request.base.ref == 'main'
     steps:
-      - name: Promote Image to TEST
+      - name: Check for image changes
+        id: check
+        run: |
+          # Vars
+          IMG_PREV="${{ env.REGISTRY }}/${{ github.repository }}:${{ env.PREV }}-${{ env.COMPONENT }}"
+          IMG_ZONE="${{ env.REGISTRY }}/${{ github.repository }}:${{ env.ZONE }}-${{ env.COMPONENT }}"
+          # Make sure an image exists to promote; grab SHA
+          if [[ ! $(docker pull "${IMG_PREV}") ]]; then
+              echo -e "\n No images to promote"
+              exit 0
+          fi
+          SHA_PREV=$(docker inspect -f '{{.Id}}' "${IMG_PREV}")
+          # Use blank SHA for promoted image, unless a real one exists instead
+          SHA_ZONE=""
+          if [[ $(docker pull "${IMG_ZONE}") ]]; then
+            SHA_ZONE=$(docker inspect -f '{{.Id}}' "${IMG_ZONE}")
+          fi
+          # Output SHAs
+          echo -e "\n${IMG_PREV}: ${SHA_PREV}"
+          echo -e "${IMG_ZONE}: ${SHA_ZONE}\n"
+          # If different, then trigger updates
+          if [[ "${SHA_PREV}" != "${SHA_ZONE}" ]]; then
+            echo "::set-output name=build::true"
+            echo "Image has changed"
+            # Login to OpenShift and select project
+            oc login --token=${{ secrets.OC_TOKEN }} --server=${{ secrets.OC_SERVER }}
+            oc project ${{ secrets.OC_NAMESPACE }}
+            oc delete is/${{ env.NAME }}-${{ env.ZONE}}-${{ env.COMPONENT }} || true
+            exit 0
+          fi
+          echo "Image promotion not required"
+
+      - name: Promote Service API Image
+        if: steps.check.outputs.build == 'true'
         uses: shrink/actions-docker-registry-tag@v2
         with:
-          registry: ghcr.io
+          registry: ${{ env.REGISTRY }}
           repository: ${{ github.repository }}
-          target: ${{ github.event.number }}-service-api
+          target: ${{ env.PREV }}-${{ env.COMPONENT }}
           tags: |
-            test-service-api
+            ${{ env.ZONE }}-${{ env.COMPONENT }}
 
   # Notify when PR merged and branch = main
   merge-notification:
diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml
index 60d9a5c..236fc60 100644
--- a/.github/workflows/pr-open.yml
+++ b/.github/workflows/pr-open.yml
@@ -7,15 +7,11 @@ env:
   REGISTRY: ghcr.io
   NAME: nrbestapi
 
-jobs:
-  cancel-prev-runs:
-    name: Cancel Previous Runs
-    runs-on: ubuntu-latest
-    steps:
-      - uses: n1hility/cancel-previous-runs@v2
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 
+jobs:
   pr-validation:
     name: Pull Request Label Validation
     runs-on: ubuntu-latest
@@ -76,8 +72,6 @@ jobs:
   validate:
     name: Code validation
     runs-on: ubuntu-latest
-    needs:
-      - cancel-prev-runs
     steps:
       - uses: actions/checkout@v3
       - uses: actions/cache@v2
@@ -110,8 +104,8 @@ jobs:
           path: target/site/checkstyle.html
           retention-days: 5
 
-  test:
-    name: Test Code
+  sonarcloud:
+    name: Test Code and Static Analysis
     runs-on: ubuntu-latest
     needs:
       - validate
@@ -201,6 +195,7 @@ jobs:
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v2
         with:
+          debug: true
           languages: java
 
       - name: Set up JDK 17
@@ -231,7 +226,7 @@ jobs:
     runs-on: ubuntu-latest
     needs:
       - security
-      - test
+      - sonarcloud
     permissions:
       contents: read
       packages: write
@@ -275,7 +270,7 @@ jobs:
     name: DEV Deployment
     needs:
       - security
-      - test
+      - sonarcloud
       - build-service-api
     runs-on: ubuntu-latest
     timeout-minutes: 15