I have a workflow which I want to run as a schedule job. But its also run based on another workflow is success or not. As now its not running as schedule but it works if the other workflow is success.
My workflow:
name: Security
on:
workflow_run:
workflows: ["My other workflow"]
types:
- completed
schedule:
- cron: '0 3 * * *'
env:
IMAGE: ghcr.io/${{ github.repository }}:${{ github.sha }}
GITHUB_USERNAME: x-access-token
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
jobs:
app-dependencies-vulnerabilities:
name: Scan for vulnerability
if: github.event.workflow_run.conclusion == 'success'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v3
- name: Running snyk
uses: snyk/actions/gradle#master
with:
command: monitor
args: --org=myorg --project-name=${{ github.repository }} --remote-repo-url=https://github.com/${{ github.repository }}.git
json: true
I think this workflow is not running as excepted schedule job because I have this conditon? if: github.event.workflow_run.conclusion == 'success', am I right? How can I make it run as schedule AND based on the other workflow is success or not?
Thank you!
Your assumption is correct. To check if your workflow is being triggered via a cron job (scheduled event), you may do:
if: ${{ github.event_name == 'schedule' }}
In your case, your if condition should look:
if: ${{ (github.event.workflow_run.conclusion == 'success') || (github.event_name == 'schedule') }}
Related
I would like to setup a workflow in github yml such that I have some default values for variables and also would like to be able to manually provide the values to these variables when running the workflow manually.
I understood that we can use workflow_dispatch to set some input variables when running manually. However, when the workflow is executed as part of a code push, these variables (runTests and uploadArtifacts) are coming as null.
name: Example
on:
workflow_dispatch:
inputs:
runTests:
description: run tests
required: true
default: true
type: Boolean
uploadArtifacts:
description: upload artifacts
required: true
default: false
type: Boolean
push:
branches:
- master
- main
- release/*
jobs:
Build_Job:
runs-on: [self-hosted, raya]
steps:
- name: Publish drop artifact
if: ${{ inputs.uploadArtifacts }}
uses: actions/upload-artifact#v2
with:
name: Installer
path: "${{ runner.temp }}/AppxPackages/"
It's the expected behavior, as the inputs will be set only if the workflow_dispacth event is used to trigger the workflow.
If you want the workflow to perform a default operation when the code is pushed, you would need to implement the if condition differently.
Example:
on:
push:
workflow_dispatch:
inputs:
test1:
description: test1
required: false
default: false
type: boolean
test2:
description: test2
required: false
default: true
type: boolean
jobs:
job1: # will always run
runs-on: ubuntu-latest
steps:
- run: |
echo ${{ inputs.test1 }}
echo ${{ inputs.test2 }}
echo ${{ github.event_name }}
job2: # will only run on a workflow_dispatch event, if test1 input is true
runs-on: ubuntu-latest
if: ${{ inputs.test1 }}
steps:
- run: |
echo ${{ inputs.test1 }}
echo ${{ inputs.test2 }}
echo ${{ github.event_name }}
job3: # will only run on a workflow_dispatch event, if test2 input is true
runs-on: ubuntu-latest
if: ${{ inputs.test2 }}
steps:
- run: |
echo ${{ inputs.test1 }}
echo ${{ inputs.test2 }}
echo ${{ github.event_name }}
job4: # will only run on a push event
runs-on: ubuntu-latest
if: ${{ github.event_name == 'push' }}
steps:
- run: |
echo ${{ inputs.test1 }}
echo ${{ inputs.test2 }}
echo ${{ github.event_name }}
job5: # will only run on a push event OR if inputs.test2 is true on a workflow_dispatch event
runs-on: ubuntu-latest
if: ${{ github.event_name == 'push' || inputs.test2 }}
steps:
- run: |
echo ${{ inputs.test1 }}
echo ${{ inputs.test2 }}
echo ${{ github.event_name }}
I understand that what you want to achieve is something similar to the job5 example above (you could even add a github.ref context variable to the expression if you only want a job to be executed if the branch name is something specific).
I made some tests if you want to have a look:
workflow file
workflow run (push event)
workflow run (workflow_dispatch event with default value)
I have a workflow named Security with three jobs. The last job take care of sending notifications to slack about failed jobs. This is my slack notification job:
reportFailure:
name: Slack notification
needs: [ dependencies-vulnerabilities, image-vulnerabilities ]
if: ${{ failure() }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: Slack notification
uses: rtCamp/action-slack-notify#v2
env:
SLACK_CHANNEL: my-channel
SLACK_COLOR: '#ff0000'
SLACK_ICON: https://library.kissclipart.com/20181123/hqe/kissclipart-mail-error-icon-clipart-computer-icons-email-0b0e6595c8731682.jpg
SLACK_TITLE: ${{ github.repository }}
SLACK_MESSAGE: "`${{ github.workflow }} / ${{ github.job }}` failed !!"
SLACK_USERNAME: workflowBot
MSG_MINIMAL: actions url,commit
SLACK_FOOTER: ''
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
This line SLACK_MESSAGE: "${{ github.workflow }} / ${{ github.job }} failed !!" shows me that reportFailure with this env ${{ github.job }}.
How can I tell in SLACK_MESSAGE when one or all previous jobs failed and the name of the jobs? I want to show a list even if there is one or more jobs failed. Outcome should me something like:
Workflow: Security | Jobs: dependencies-vulnerabilities, image-vulnerabilities failed!! or if there is only one failed then:
Workflow: Security | Jobs: image-vulnerabilities failed!!
Thanks for help!
In my GitHub workflow I had to add a Pre-CI job to get the commit message of the PR which I use in if condition of my main-job. Now the issue here as pre_ci job always runs, I'll get workflow status as success whether main-job runs or skips.
pre_ci:
name: Check Build Condition
if: ${{ github.event_name == 'pull_request' }}
runs-on: ubuntu-latest
steps:
- name: Checkout Project
uses: actions/checkout#v2
with:
fetch-depth: 2
- name: "[Pull Request] Get commit message"
id: pr_get_commit_message
run: echo ::set-output name=pr_commit_message::$(git log --format=%B -n 1 HEAD^2)
outputs:
commit_message: ${{ steps.pr_get_commit_message.outputs.pr_commit_message }}
main-job:
runs-on: ubuntu-latest
timeout-minutes: 10
needs: pre_ci
if: ${{ (github.event_name == 'pull_request' && !contains(needs.pre_ci.outputs.commit_message, '#skipCI')) }}
steps:
- name: echo
run: |
echo "Main job executed"
Is there a way I can set the workflow status a skip if main-job skips
P.S screenshot of skipped workflow
I am following this.
https://github.community/t/github-actions-manual-trigger-approvals/16233/83
- name: Clone Repository (Latest)
uses: actions/checkout#v2
if: github.event.inputs.git-ref == ''
- name: Clone Repository (Custom Ref)
uses: actions/checkout#v2
if: github.event.inputs.git-ref != ''
with:
ref: ${{ github.event.inputs.git-ref }}
This works fine but multiple-step makes the workflow bigger.
I was trying something more compact.
like determining the commit SHA in env.
env:
COMMIT_HASH: ${{ github.event.inputs.git-ref != '' && github.event.inputs.git-ref || github.sha }}
this works fine but looks like a ugly hack to me. any suggestions.
I am trying to avoid extra steps,tha's all.
You could consider using the haya14busa/action-cond action.
It is useful when the if-else operation is needed to set dynamic configuration of other steps (don't need to duplicate the whole step to set different values in a few parameters).
Examples:
- name: Determine Checkout Depth
uses: haya14busa/action-cond#v1
id: fetchDepth
with:
cond: ${{ condition }}
if_true: '0' # string value
if_false: '1' # string value
- name: Checkout
uses: actions/checkout#v2
with:
fetch-depth: ${{ steps.fetchDepth.outputs.value }}
or
steps:
- uses: haya14busa/action-cond#v1
id: condval
with:
cond: ${{ github.event_name == 'pull_request' }}
if_true: "value for pull request event"
if_false: "value for non pull request event"
- name: Use conditional value
run: echo "${{ steps.condval.outputs.value }}"
So I have the following workflow and its working perfectly. I now want to enhance it and when I am doing a PR to master, I want to set NETLIFY_DEPLOY_TO_PROD: false instead of it being true? Do I have to duplicate this all in a new workflow, or could do some inline if check of github.event_name === push ? true : false
name: 'Netlify Deploy'
on:
push:
branches: [ master ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- uses: jsmrcaga/action-netlify-deploy#master
with:
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
NETLIFY_SITE_ID: ${{ secrets.SITE_ID }}
NETLIFY_DEPLOY_MESSAGE: "${{ github.event.head_commit.message }}"
NETLIFY_DEPLOY_TO_PROD: true
You could set an environment variable to indicate if deploy to prod should happen, and change it depending on the event name:
name: Netlify Deploy
on:
push:
branches:
- master
pull_request:
branches:
- master
env:
DEPLOY: false
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: Deploy on pushes
if: github.event_name == 'push'
run: echo 'DEPLOY=true' >> "$GITHUB_ENV"
- uses: jsmrcaga/action-netlify-deploy#master
with:
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
NETLIFY_SITE_ID: ${{ secrets.SITE_ID }}
NETLIFY_DEPLOY_MESSAGE: ${{ github.event.head_commit.message }}
NETLIFY_DEPLOY_TO_PROD: ${{ env.DEPLOY }}
You want to use github action expressions for this as it's quicker and you don't need any other unnecessary steps. I would only use steps to run scripts when they are more complex in nature
Reference: https://docs.github.com/en/actions/reference/context-and-expression-syntax-for-github-actions
Example 1: Trigger on push
- uses: jsmrcaga/action-netlify-deploy#master
with:
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
NETLIFY_SITE_ID: ${{ secrets.SITE_ID }}
NETLIFY_DEPLOY_MESSAGE: "${{ github.event.head_commit.message }}"
NETLIFY_DEPLOY_TO_PROD: ${{ github.event_name == 'push' }}
Example 2 & Solution: Trigger on push and branch is master
NOTE: You only need to check for branch master if you are planning to let this workflow run on other branches. Otherwise you can just use example 1 above that sets variable to true if event name is push only.
- uses: jsmrcaga/action-netlify-deploy#master
with:
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
NETLIFY_SITE_ID: ${{ secrets.SITE_ID }}
NETLIFY_DEPLOY_MESSAGE: "${{ github.event.head_commit.message }}"
NETLIFY_DEPLOY_TO_PROD: ${{ github.event_name == 'push' && contains(github.ref, 'master') }}