Initial version of reusable workflow for trigger-gitlab-pipeline

NordSecurity · Oct 16, 2024 · 6cba12f · 6cba12f
1 parent 940714d
commit 6cba12f
Show file tree

Hide file tree

Showing 2 changed files with 99 additions and 7 deletions.
diff --git a/.github/workflows/trigger-gitlab-pipeline.yml b/.github/workflows/trigger-gitlab-pipeline.yml
@@ -0,0 +1,72 @@
+name: Trigger GitLab pipeline
+on:
+  workflow_call:
+    inputs:
+      triggered-ref:
+        description: 'GitLab project ref to trigger'
+        required: true
+        type: string
+      schedule:
+        description: 'Indication if it is a automatically scheduled request'
+        required: false
+        default: false
+        type: boolean
+      cancel-outdated-pipelines:
+        description: 'If set to true, it will cancel previous pipelines that are running for the same github ref'
+        required: false
+        default: true
+        type: boolean
+    secrets:
+      ci-api-v4-url:
+        description: 'GitLab API v4 root URL'
+        required: true
+      access-token:
+        description: 'GitLab API access token'
+        required: true
+      trigger-token:
+        description: 'GitLab API trigger token'
+        required: true
+      project-id:
+        description: 'GitLab project ID'
+        required: true
+
+jobs:
+  trigger-gitlab-pipeline:
+    runs-on: [self-hosted, gitlab]
+    if: |
+      github.event_name == 'schedule' ||
+      github.event_name == 'push' ||
+      (
+        github.event_name == 'pull_request_target' &&
+        github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name &&
+        github.event.label.name == 'run tests'
+      )
+    steps:
+      # Note: actions/checkout will run in the context of the caller workflow
+      #       meaning, that we cannot use checkout defaults, and must specify
+      #       this repo explicitly, to get its contents
+      #
+      #       There might be a better way to do that, but I would like to avoid
+      #       making this as inputs or secrets to have less manipulatable inputs
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        with:
+          repository: NordSecurity/trigger-gitlab-pipeline
+          ref: LLT-5701_implement_reusable_workflow_to_enable_workflow_pinning_on_non_ephemeral_runners # Change to "main" after merge or figure out how to find out which reference was called
+      - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        with:
+          node-version: 20
+      - name: Dependencies install
+        run: npm install
+      - name: Run triggering script
+        run: node index.js # It will not be accessible as of now, but it is enough for testing.
+        env:
+          TRIGGERED_REF: ${{ inputs.triggered-ref }}
+          SCHEDULE: ${{ inputs.schedule }}
+          CANCEL_OUTDATED_PIPELINES: ${{ inputs.cancel-outdated-pipelines }}
+          CI_API_V4_URL: ${{ secrets.ci-api-v4-url }}
+          ACCESS_TOKEN: ${{ secrets.access-token }}
+          TRIGGER_TOKEN: ${{ secrets.trigger-token }}
+          PROJECT_ID: ${{ secrets.project-id }}
+
+
+
diff --git a/index.js b/index.js
@@ -115,15 +115,35 @@ async function execute (inputConfig, githubConfig) {
     return resp.id;
 }
 
+function getEnv(name) {
+    const val: string = process.env[name] || ''
+    if (options && options.required && !val) {
+        throw new Error(`Environment variable not supplied: ${name}`)
+     }
+    return val;
+}
+
+function getBooleanEnv(name) {
+  const trueValue = ['true', 'True', 'TRUE']
+  const falseValue = ['false', 'False', 'FALSE']
+  const val = getEnv(name)
+  if (trueValue.includes(val)) return true
+  if (falseValue.includes(val)) return false
+  throw new TypeError(
+    `Input could not be converted to boolean value: ${name}\n` +
+      `Supported boolean input list: \`true | True | TRUE | false | False | FALSE\``
+  )
+}
+
 async function main () {
     const inputConfig = {
-        apiUrl: core.getInput('ci-api-v4-url', { required: true }),
-        accesToken: core.getInput('access-token', { required: true }),
-        triggerToken: core.getInput('trigger-token', { required: true }),
-        projectId: core.getInput('project-id', { required: true }),
-        triggeredRef: core.getInput('triggered-ref', { required: true }),
-        schedule: core.getBooleanInput('schedule', { required: false }),
-        cancelOutdatedPipelines: core.getBooleanInput('cancel-outdated-pipelines', { required: false })
+        apiUrl: getEnv('CI_API_V4_URL'),
+        accesToken: getEnv('ACCESS_TOKEN'),
+        triggerToken: getEnv('TRIGGER_TOKEN'),
+        projectId: getEnv('PROJECT_ID'),
+        triggeredRef: getEnv('TRIGGERED_REF'),
+        schedule: getBooleanEnv('SCHEDULE'),
+        cancelOutdatedPipelines: getBooleanEnv('CANCEL_OUTDATED_PIPELINES')
     };
 
     const githubConfig = {