Saltar al contenido
mypipelines
Pipelines Actions Gradle Buscar
React· Reusable workflow ·on: workflow_call

React Main Pipeline

React - Main Pipeline

.github/workflows/react-main-pipeline.yml

.github/workflows/react-main-pipeline.yml
name: React - Main Pipeline
on:
workflow_call:
inputs:
# Runner configuration
runner:
description: 'Runner type'
required: false
type: string
default: 'ubuntu-latest'
# Node configuration
node_version:
description: 'Node.js version'
required: false
type: string
default: '24'
package_manager:
description: 'Package manager (npm or yarn)'
required: false
type: string
default: 'yarn'
# Pipeline steps control
run_commit_lint:
description: 'Run commit message validation'
required: false
type: boolean
default: false
run_trufflehog:
description: 'Run TruffleHog secret scanning'
required: false
type: boolean
default: false
trufflehog_only_verified:
description: 'Only report verified secrets'
required: false
type: boolean
default: true
trufflehog_fail_on_findings:
description: 'Fail the workflow if secrets are found'
required: false
type: boolean
default: true
run_dependency_review:
description: 'Run dependency review (PR only)'
required: false
type: boolean
default: false
dependency_review_severity:
description: 'Minimum severity to fail: low, moderate, high, critical'
required: false
type: string
default: 'high'
run_build:
description: 'Run build job'
required: false
type: boolean
default: true
run_test:
description: 'Run test job (includes coverage)'
required: false
type: boolean
default: false
run_code_analysis:
description: 'Run code analysis (requires run_test: true)'
required: false
type: boolean
default: false
code_analysis_tool:
description: 'Code analysis tool: sonar or qodana'
required: false
type: string
default: 'sonar'
skip_quality_gate:
description: 'Skip Quality Gate check'
required: false
type: boolean
default: false
run_deploy:
description: 'Run deployment'
required: false
type: boolean
default: false
deploy_target:
description: 'Deploy target: s3 or amplify'
required: false
type: string
default: 's3'
run_create_issue_on_failure:
description: 'Create GitHub issue on pipeline failure'
required: false
type: boolean
default: false
issue_labels:
description: 'Labels for the failure issue (comma-separated)'
required: false
type: string
default: 'bug,pipeline-failure'
run_notifications:
description: 'Send notifications after pipeline completes'
required: false
type: boolean
default: false
notify_providers:
description: 'Notification providers (comma-separated: slack, teams)'
required: false
type: string
default: 'slack'
notify_mention_on_failure:
description: 'Mention on failure (Slack: @channel, Teams: @General)'
required: false
type: string
default: ''
run_cleanup:
description: 'Delete merged branch after deploy'
required: false
type: boolean
default: false
run_release:
description: 'Create release PR after deploy'
required: false
type: boolean
default: false
# Build options
build_command:
description: 'Build script name (yarn <command>)'
required: false
type: string
default: 'build'
build_output_dir:
description: 'Build output directory (build for CRA, dist for Vite)'
required: false
type: string
default: 'build'
run_lint:
description: 'Run yarn lint during build'
required: false
type: boolean
default: true
run_type_check:
description: 'Run yarn type-check during build (TypeScript projects)'
required: false
type: boolean
default: false
# Test options
test_command:
description: 'Test script name (yarn <command>)'
required: false
type: string
default: 'test'
# Deploy options
environment:
description: 'GitHub environment (develop, staging, production)'
required: false
type: string
default: 'develop'
# Release options
release_target_branch:
description: 'Target branch for release PR'
required: false
type: string
default: 'main'
release_strict_flow:
description: 'Enforce GitFlow on release PR (base must be develop, target must be main)'
required: false
type: boolean
default: true
run_tag:
description: 'Create git tag and GitHub Release after deploy'
required: false
type: boolean
default: false
outputs:
coverage:
description: 'Code coverage percentage'
value: ${{ jobs.test.outputs.coverage_percentage }}
deploy_status:
description: 'Deployment status'
value: ${{ jobs.deploy.outputs.deploy_status }}
deleted_branch:
description: 'Name of deleted branch'
value: ${{ jobs.cleanup.outputs.deleted_branch }}
release_version:
description: 'Release version created'
value: ${{ jobs.release.outputs.version }}
release_pr_url:
description: 'Release PR URL'
value: ${{ jobs.release.outputs.pr_url }}
release_changelog:
description: 'Release changelog'
value: ${{ jobs.release.outputs.changelog }}
jobs:
# ============================================
# COMMIT LINT (parallel, no deps)
# ============================================
commit-lint:
name: Commit Lint
if: inputs.run_commit_lint
uses: ./.github/workflows/shared-commit-lint.yml
with:
runner: ${{ inputs.runner }}
# ============================================
# SECURITY - TruffleHog (parallel, no deps)
# ============================================
security:
name: Security Scan
if: inputs.run_trufflehog
uses: ./.github/workflows/security-trufflehog.yml
with:
runner: ${{ inputs.runner }}
only_verified: ${{ inputs.trufflehog_only_verified }}
fail_on_findings: ${{ inputs.trufflehog_fail_on_findings }}
secrets: inherit
# ============================================
# SECURITY - Dependency Review (parallel, no deps)
# ============================================
dependency-review:
name: Dependency Review
if: inputs.run_dependency_review
uses: ./.github/workflows/security-dependency-review.yml
with:
runner: ${{ inputs.runner }}
fail_on_severity: ${{ inputs.dependency_review_severity }}
secrets: inherit
# ============================================
# BUILD
# ============================================
build:
name: Build
if: inputs.run_build
uses: ./.github/workflows/react-build.yml
with:
runner: ${{ inputs.runner }}
node_version: ${{ inputs.node_version }}
package_manager: ${{ inputs.package_manager }}
build_command: ${{ inputs.build_command }}
build_output_dir: ${{ inputs.build_output_dir }}
run_lint: ${{ inputs.run_lint }}
run_type_check: ${{ inputs.run_type_check }}
secrets: inherit
# ============================================
# TEST & COVERAGE
# ============================================
test:
name: Test & Coverage
if: inputs.run_test
needs: build
uses: ./.github/workflows/react-test.yml
with:
runner: ${{ inputs.runner }}
node_version: ${{ inputs.node_version }}
package_manager: ${{ inputs.package_manager }}
run_coverage: true
test_command: ${{ inputs.test_command }}
run_code_analysis: ${{ inputs.run_code_analysis }}
code_analysis_tool: ${{ inputs.code_analysis_tool }}
skip_quality_gate: ${{ inputs.skip_quality_gate }}
secrets: inherit
# ============================================
# DEPLOY - S3 or Amplify
# ============================================
deploy:
name: Deploy (${{ inputs.deploy_target }})
if: |
inputs.run_deploy &&
always() &&
needs.build.result == 'success' &&
(needs.test.result == 'success' || needs.test.result == 'skipped')
needs: [build, test]
uses: ./.github/workflows/react-deploy-${{ inputs.deploy_target }}.yml
with:
runner: ${{ inputs.runner }}
environment: ${{ inputs.environment }}
build_output_dir: ${{ inputs.build_output_dir }}
secrets: inherit
# ============================================
# RELEASE - Create release PR
# ============================================
release:
name: Create Release
if: |
inputs.run_release &&
always() &&
needs.deploy.result == 'success'
needs: [deploy]
uses: ./.github/workflows/shared-release.yml
with:
base_branch: ${{ github.ref_name }}
target_branch: ${{ inputs.release_target_branch }}
strict_flow: ${{ inputs.release_strict_flow }}
secrets: inherit
# ============================================
# CLEANUP - Delete merged branch (runs after release PR created)
# ============================================
cleanup:
name: Delete Branch
if: |
inputs.run_cleanup &&
always() &&
needs.deploy.result == 'success' &&
(needs.release.result == 'success' || needs.release.result == 'skipped')
needs: [deploy, release]
uses: ./.github/workflows/shared-delete-branch.yml
secrets: inherit
# ============================================
# TAG - Create git tag and GitHub Release
# ============================================
tag:
name: Tag Release
if: |
inputs.run_tag &&
always() &&
needs.deploy.result == 'success'
needs: [build, test, deploy, cleanup, release]
uses: ./.github/workflows/shared-tag-release.yml
secrets: inherit
# ============================================
# NOTIFY - Notifications (runs last, always)
# ============================================
notify:
name: Notify
if: |
inputs.run_notifications &&
always()
needs: [build, test, deploy, cleanup, release, tag]
uses: ./.github/workflows/shared-notifications.yml
with:
providers: ${{ inputs.notify_providers }}
status: ${{ (needs.build.result == 'failure' || needs.test.result == 'failure' || needs.deploy.result == 'failure') && 'failure' || (needs.build.result == 'cancelled') && 'cancelled' || 'success' }}
environment: ${{ inputs.environment }}
version: ${{ needs.release.outputs.version }}
changelog: ${{ needs.release.outputs.changelog }}
mention_on_failure: ${{ inputs.notify_mention_on_failure }}
secrets: inherit
# ============================================
# CREATE ISSUE - On failure (runs last, always)
# ============================================
create-issue:
name: Create Issue
if: |
inputs.run_create_issue_on_failure &&
always()
needs: [build, test, deploy, cleanup, release, tag]
uses: ./.github/workflows/shared-create-issue-on-failure.yml
with:
status: ${{ (needs.build.result == 'failure' || needs.test.result == 'failure' || needs.deploy.result == 'failure') && 'failure' || 'success' }}
environment: ${{ inputs.environment }}
version: ${{ needs.release.outputs.version }}
changelog: ${{ needs.release.outputs.changelog }}
labels: ${{ inputs.issue_labels }}