(BSR)[PRO] chore: resolve todos #9426

Workflow file for this run

.github/workflows/dev_on_pull_request_workflow.yml at d473e31

	name: "1 [on_pull_request] Initiate workflow"

	on:
	pull_request:
	branches-ignore:
	- docs

	concurrency:
	group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
	cancel-in-progress: true

	permissions: write-all

	env:
	docker_registry: "europe-west1-docker.pkg.dev/passculture-infra-prod/pass-culture-artifact-registry"

	jobs:
	pcapi-init-job:
	name: "Init job"
	runs-on: ubuntu-22.04
	outputs:
	api-changed: ${{ steps.check-api-changes.outputs.any_modified }}
	api-documentation-changed: ${{ steps.check-api-documentation-changes.outputs.any_modified }}
	pro-changed: ${{ steps.check-pro-changes.outputs.any_modified }}
	dependencies-changed: ${{ steps.check-dependencies-changes.outputs.any_modified }}
	push-tags: ${{ steps.pcapi-tags.outputs.push-tags }}
	checksum-tag: ${{ steps.pcapi-tags.outputs.checksum-tag }}
	checksum-tag-exists: ${{ steps.check-checksum-tag.outputs.tag-exists }}
	checksum-console-tag-exists: ${{ steps.check-console-checksum-tag.outputs.tag-exists }}
	steps:
	- uses: actions/checkout@v4.2.2
	with:
	fetch-depth: 0
	fetch-tags: false
	- name: "Check api folder changes"
	id: check-api-changes
	uses: tj-actions/changed-files@v45
	with:
	files: \|
	api/**
	!api/documentation/**
	!api/src/pcapi/scripts/**/main.py
	!api/src/pcapi/scripts/**/main.sql
	- name: "Check api documentation folder changes"
	id: check-api-documentation-changes
	uses: tj-actions/changed-files@v45
	with:
	files: api/documentation/**
	- name: "Check pro folder changes"
	id: check-pro-changes
	uses: tj-actions/changed-files@v45
	with:
	files: pro/**
	- name: "Check changes in dependencies (frontend + backend)"
	id: check-dependencies-changes
	uses: tj-actions/changed-files@v45
	with:
	files: \|
	api/poetry.lock
	pro/yarn.lock
	# checkout source branch of the pull request
	- uses: actions/checkout@v4.2.2
	with:
	ref: ${{ github.event.pull_request.head.sha }}
	fetch-depth: 0
	fetch-tags: false
	- name: "Define pcapi image tags."
	id: pcapi-tags
	run: \|
	DOCKER_IMAGE="${{ env.docker_registry }}/pcapi"
	API_CHECKSUM=`tar --sort=name --owner=0 --group=0 --mtime='UTC 2019-01-01' -cf - api \| sha1sum \| awk '{ print $1 }'`
	PUSH_TAGS="push-tags=$DOCKER_IMAGE:${{ github.event.pull_request.head.sha }},$DOCKER_IMAGE:$API_CHECKSUM"
	API_TAG="checksum-tag=$API_CHECKSUM"
	echo "PUSH_TAGS=$PUSH_TAGS"
	echo "API_TAG=$API_TAG"
	echo $PUSH_TAGS >> "$GITHUB_OUTPUT"
	echo $API_TAG >> "$GITHUB_OUTPUT"
	- name: "Authentification to Google"
	uses: "google-github-actions/auth@v2"
	with:
	workload_identity_provider: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
	service_account: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
	- name: "Get Secret"
	id: "secrets"
	uses: "google-github-actions/get-secretmanager-secrets@v2"
	with:
	secrets: \|-
	ARTIFACT_REGISTRY_WORKLOAD_IDENTITY_PROVIDER:passculture-metier-ehp/passculture-main-gcp-workload-identity-provider
	ARTIFACT_REGISTRY_SERVICE_ACCOUNT:passculture-metier-ehp/passculture-main-artifact-registry-service-account
	- name: "OpenID Connect Authentication"
	id: "openid-auth"
	uses: "google-github-actions/auth@v2"
	with:
	create_credentials_file: false
	token_format: "access_token"
	workload_identity_provider: ${{ steps.secrets.outputs.ARTIFACT_REGISTRY_WORKLOAD_IDENTITY_PROVIDER }}
	service_account: ${{ steps.secrets.outputs.ARTIFACT_REGISTRY_SERVICE_ACCOUNT }}
	- name: "Docker login"
	id: "docker-login"
	uses: "docker/login-action@v3"
	with:
	registry: "europe-west1-docker.pkg.dev"
	username: "oauth2accesstoken"
	password: "${{ steps.openid-auth.outputs.access_token }}"
	- name: "pcapi"
	id: check-checksum-tag
	run: bash ./.github/workflows/scripts/check-image-tag-exists.sh
	env:
	image: pcapi
	tag: ${{ steps.pcapi-tags.outputs.checksum-tag }}
	token: ${{ steps.openid-auth.outputs.access_token }}
	- name: "pcapi-console"
	id: check-console-checksum-tag
	run: bash ./.github/workflows/scripts/check-image-tag-exists.sh
	env:
	image: pcapi-console
	tag: ${{ steps.pcapi-tags.outputs.checksum-tag }}
	token: ${{ steps.openid-auth.outputs.access_token }}
	- name: "Publish Summary"
	run: \|
	{
	echo "### :rocket: Init Job summary"
	echo "\| Results \| Value \|"
	echo "\| ------------------------------------ \| ----- \|"
	echo "\| commit sha \| ${{ github.sha }} \|"
	echo "\| [api] content changed \| ${{ steps.check-api-documentation-changes.outputs.any_modified }} \|"
	echo "\| [api-documentation] content changed \| ${{ steps.check-api-documentation-changes.outputs.any_modified }} \|"
	echo "\| [pro] content changed \| ${{ steps.check-pro-changes.outputs.any_modified }} \|"
	echo "\| [dependencies] content changed \| ${{ steps.check-dependencies-changes.outputs.any_modified }} \|"
	echo "\| [pcapi] image tag \| ${{ steps.pcapi-tags.outputs.checksum-tag }} \|"
	echo "\| [pcapi] image already exists \| ${{ steps.check-checksum-tag.outputs.tag-exists }} \|"
	echo "\| [pcapi-console] image already exists \| ${{ steps.check-console-checksum-tag.outputs.tag-exists }} \|"
	} >> $GITHUB_STEP_SUMMARY

	build-pcapi:
	name: "[pcapi] build docker image."
	needs: [pcapi-init-job]
	if: needs.pcapi-init-job.outputs.api-changed == 'true' && needs.pcapi-init-job.outputs.checksum-tag-exists == 'false'
	uses: ./.github/workflows/dev_on_workflow_build_docker_image.yml
	with:
	ref: ${{ github.event.pull_request.head.sha }}
	image: pcapi
	tag: ${{ needs.pcapi-init-job.outputs.checksum-tag }}
	secrets:
	GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
	GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}

	# Always build pcapi-tests image if api changed
	build-pcapi-tests:
	name: "[pcapi-tests] build docker image."
	needs: [pcapi-init-job]
	if: needs.pcapi-init-job.outputs.api-changed == 'true' && needs.pcapi-init-job.outputs.checksum-tag-exists == 'false'
	uses: ./.github/workflows/dev_on_workflow_build_docker_image.yml
	with:
	ref: ${{ github.event.pull_request.head.sha }}
	image: pcapi-tests
	tag: ${{ needs.pcapi-init-job.outputs.checksum-tag }}
	secrets:
	GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
	GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}

	build-pcapi-console:
	name: "[pcapi-console] build docker image."
	needs: [pcapi-init-job]
	if: (needs.pcapi-init-job.outputs.api-changed == 'true' \|\| needs.pcapi-init-job.outputs.pro-changed == 'true') && needs.pcapi-init-job.outputs.checksum-console-tag-exists == 'false'
	uses: ./.github/workflows/dev_on_workflow_build_docker_image.yml
	with:
	ref: ${{ github.event.pull_request.head.sha }}
	image: pcapi-console
	tag: ${{ needs.pcapi-init-job.outputs.checksum-tag }}
	secrets:
	GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
	GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}

	run-mypy-cop:
	name: "MyPy cop"
	needs: [pcapi-init-job]
	if: \|
	github.event_name == 'pull_request' &&
	needs.pcapi-init-job.outputs.api-changed == 'true'
	uses: ./.github/workflows/dev_on_workflow_mypy_cop.yml

	update-api-client-template:
	name: "Update api client template"
	needs: [pcapi-init-job, build-pcapi]
	uses: ./.github/workflows/dev_on_workflow_update_api_client_template.yml
	concurrency:
	group: update-api-client-template-${{ github.ref }}
	cancel-in-progress: true
	with:
	PCAPI_DOCKER_TAG: ${{ needs.pcapi-init-job.outputs.checksum-tag }}
	TRIGGER_ONLY_ON_API_CHANGE: true
	TRIGGER_ONLY_ON_DEPENDENCY_CHANGE: true
	CACHE_BUCKET_NAME: "passculture-infra-prod-github-runner-cache"
	api-changed: ${{ needs.pcapi-init-job.outputs.api-changed }}
	dependencies-changed: ${{ needs.pcapi-init-job.outputs.dependencies-changed }}
	secrets:
	GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
	GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}

	test-api:
	name: "Tests api"
	needs: [pcapi-init-job, build-pcapi-tests]
	uses: ./.github/workflows/dev_on_workflow_tests_api.yml
	with:
	tag: ${{ needs.pcapi-init-job.outputs.checksum-tag }}
	secrets:
	GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
	GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}

	test-api-documentation:
	name: "Tests API documentation"
	needs: [pcapi-init-job]
	if: needs.pcapi-init-job.outputs.api-documentation-changed == 'true'
	uses: ./.github/workflows/dev_on_workflow_tests_api_documentation.yml
	secrets:
	GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
	GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}

	test-pro:
	name: "Tests pro"
	needs: [pcapi-init-job]
	if: needs.pcapi-init-job.outputs.pro-changed == 'true'
	uses: ./.github/workflows/dev_on_workflow_tests_pro.yml
	with:
	CACHE_BUCKET_NAME: "passculture-infra-prod-github-runner-cache"
	secrets:
	GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
	GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}

	test-pro-e2e:
	name: "Tests pro E2E"
	needs: [pcapi-init-job, build-pcapi]
	uses: ./.github/workflows/dev_on_workflow_tests_pro_e2e.yml
	if: always() &&
	!cancelled() &&
	needs.pcapi-init-job.outputs.api-changed == 'true' \|\|
	needs.pcapi-init-job.outputs.pro-changed == 'true'
	with:
	tag: ${{ needs.build-pcapi.result == 'skipped' && 'latest' \|\| needs.pcapi-init-job.outputs.checksum-tag }}
	CACHE_BUCKET_NAME: "passculture-infra-prod-github-runner-cache"
	secrets:
	GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
	GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}

	merge-allure-reports:
	name: "Merge Allure Reports and Push to Allure Repository"
	needs: [pcapi-init-job, test-pro, test-pro-e2e]
	runs-on: ubuntu-22.04
	if: \|
	always() &&
	!cancelled() &&
	needs.pcapi-init-job.outputs.pro-changed == 'true' &&
	(needs.test-pro.result == 'success' \|\| needs.test-pro-e2e.result == 'success')
	steps:
	- name: "Install Allure CLI via Yarn"
	run: yarn global add allure-commandline

	- name: "Download Allure results artifacts for pro"
	uses: actions/download-artifact@v4
	with:
	name: allure-results-pro-unit
	path: allure-results/pro-unit

	# - name: "Download Allure results artifacts for pro E2E"
	# uses: actions/download-artifact@v4
	# with:
	# name: allure-results-pro-e2e
	# path: allure-results/pro-e2e

	- name: "Merge Allure Results"
	run: \|
	mkdir -p allure-results
	cp -r allure-results/pro-unit/* allure-results/

	- name: "Clone Allure Report Repository to Retrieve History"
	env:
	TOKEN: ${{ secrets.PAT_ALLURE_REPORTS_TEMP }}
	run: \|
	git clone https://x-access-token:${TOKEN}@github.com/fseguin-pass/allure-reports-temp.git allure-report-temp
	mkdir -p allure-results/history
	if [ -d "allure-report-temp/history" ]; then
	cp -r allure-report-temp/history/* allure-results/history/
	fi

	- name: "Generate Allure Report with History"
	run: allure generate allure-results --single-file --clean -o allure-report

	- name: "Upload Allure Report as artifact"
	uses: actions/upload-artifact@v4
	with:
	name: allure-report
	path: allure-report/index.html

	dependabot-auto-merge:
	name: "Dependabot"
	needs: test-pro
	if: github.actor == 'dependabot[bot]'
	uses: ./.github/workflows/dev_on_workflow_dependabot_auto_merge.yml

	# Deploy on firebase if pro tests are ok OR job was skipped (= no changes in pro folder)
	deploy-pro-on-firebase-pullrequest:
	name: "[PRO] Deploy PR version for validation"
	needs: [pcapi-init-job, test-pro]
	if: always() && (needs.test-pro.result == 'success' \|\| needs.test-pro.result == 'skipped')
	uses: ./.github/workflows/dev_on_workflow_deploy_pro_pr_version_generic.yml
	secrets:
	GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
	GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
	with:
	ENV: "testing"
	CHANNEL: ""
	REF: "${{ github.ref }}"
	CACHE_BUCKET_NAME: "passculture-infra-prod-github-runner-cache"
	is_pull_request: true

	# Push docker images to registry
	push-pcapi:
	name: "Push pcapi docker image to registry"
	needs: [pcapi-init-job, test-api, test-pro-e2e]
	uses: ./.github/workflows/dev_on_workflow_push_docker_image.yml
	with:
	image: pcapi
	commit-hash: ${{ github.event.pull_request.head.sha }}
	checksum-tag: ${{ needs.pcapi-init-job.outputs.checksum-tag }}
	secrets:
	GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
	GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}

	push-pcapi-console:
	name: "Push pcapi-console docker image to registry"
	needs: [pcapi-init-job, test-api, test-pro-e2e]
	uses: ./.github/workflows/dev_on_workflow_push_docker_image.yml
	with:
	image: pcapi-console
	commit-hash: ${{ github.event.pull_request.head.sha }}
	checksum-tag: ${{ needs.pcapi-init-job.outputs.checksum-tag }}
	secrets:
	GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
	GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}

	# Deploy pullrequest to testing environment
	# If image builds were successfull OR image was already present in registry
	deploy:
	name: "Deploy PullRequest to testing environment"
	needs:
	[
	pcapi-init-job,
	push-pcapi,
	push-pcapi-console,
	deploy-pro-on-firebase-pullrequest,
	]
	if: \|
	always() &&
	!cancelled() &&
	github.actor != 'dependabot[bot]' &&
	(needs.push-pcapi.result == 'success' && needs.push-pcapi-console.result == 'success') \|\|
	(needs.pcapi-init-job.outputs.checksum-console-tag-exists == 'true' && needs.pcapi-init-job.outputs.checksum-console-tag-exists == 'true')
	uses: ./.github/workflows/dev_on_workflow_deploy_pullrequests.yml
	with:
	environment: pullrequest
	app_version: ${{ needs.pcapi-init-job.outputs.checksum-tag }}
	pro_url: ${{ needs.deploy-pro-on-firebase-pullrequest.outputs.pro_url }}
	secrets:
	GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
	GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

(BSR)[PRO] chore: resolve todos #9426

Workflow file

(BSR)[PRO] chore: resolve todos #9426

Jobs

Run details

Workflow file for this run