Merge pull request #12 from NujSuper/dev_test_prod

Dev test prod

Author: craignuj

.github/workflows/deploy.yml

@@ -8,20 +8,19 @@ on:
 
 permissions:
   id-token: write
-  contents: write
+  contents: read
 
 jobs:
-  strategy:
-    matrix:
-      env: [dev, prod, test]
+  build-deploy:
+    strategy:
+      matrix:
+        env: [dev, test, prod]
     name: Build Docker
     runs-on: ubuntu-latest
     environment: ${{ matrix.env }}
     steps:
       - name: Checkout code
         uses: actions/checkout@v6
-        with:
-          ref: ${{ github.ref }}
 
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v5
@@ -41,5 +40,5 @@ jobs:
           ECR_REPOSITORY: 'ssh_bastion'
           IMAGE_TAG: latest
         run: |
-          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:latest -t $ECR_REGISTRY/$ECR_REPOSITORY:${{ github.sha }} -t $ECR_REGISTRY/$ECR_REPOSITORY:${{ github.ref_name }} .
-          docker push $ECR_REGISTRY/$ECR_REPOSITORY --all-tags
+          docker build -t "$ECR_REGISTRY"/"$ECR_REPOSITORY":latest -t "$ECR_REGISTRY"/"$ECR_REPOSITORY":${{ github.sha }} -t "$ECR_REGISTRY/$ECR_REPOSITORY":${{ github.ref_name }} .
+          docker push "$ECR_REGISTRY/$ECR_REPOSITORY" --all-tags

.github/workflows/lint-workflows.yml

@@ -0,0 +1,31 @@
+name: Lint Workflows
+
+on:
+  pull_request:
+    paths:
+      - '.github/workflows/**'
+
+permissions:
+  contents: read
+
+jobs:
+  actionlint:
+    name: actionlint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - name: Download actionlint
+        id: get_actionlint
+        run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
+        shell: bash
+      - name: Check workflow files
+        run: ${{ steps.get_actionlint.outputs.executable }} -color
+        shell: bash
+
+  yamllint:
+    name: yamllint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run yamllint
+        run: yamllint .github/workflows/

.github/workflows/pr.yml

@@ -4,21 +4,22 @@ on:
   pull_request:
   workflow_call:
 
+permissions:
+  contents: read
+
 jobs:
   docker-build:
     name: Build Docker
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
         uses: actions/checkout@v6
-        with:
-          ref: ${{ github.ref }}
 
-      - name: Build, tag, and push the image to Amazon ECR
+      - name: Build Docker image (local only)
         id: build-image
         env:
           ECR_REGISTRY: local.test
           ECR_REPOSITORY: 'ssh_bastion'
           IMAGE_TAG: latest
         run: |
-          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:latest .
+          docker build -t "$ECR_REGISTRY/$ECR_REPOSITORY:latest" .

.yamllint.yml

@@ -0,0 +1,6 @@
+extends: default
+rules:
+  line-length:
+    max: 200 
+  truthy:
+    allowed-values: ['true', 'false', 'on', 'off']