Added concurrency at the root level to ensure that pipeline runs are …

…cancelled when new ones are triggered The needs keyword in the jobs ensures they run sequentially: checkov needs build to complete docker needs checkov to complete If any job fails, the subsequent jobs won't run because of the needs dependency
atulgoel126 · Oct 30, 2024 · c577e14 · c577e14
1 parent 99bb52a
commit c577e14
Showing 1 changed file with 5 additions and 17 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -25,21 +25,16 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
-
       - name: Set up Node.js
         uses: actions/setup-node@v2
         with:
           node-version: '20'
-
       - name: Install dependencies
         run: npm install
-
       - name: Build project
         run: npm run build
-
       - name: Run tests
         run: npm test
-
       - name: CDK Synth
         run: npm run cdk-synth
         env:
@@ -49,40 +44,32 @@ jobs:
   checkov:
     runs-on: ubuntu-latest
     needs: build
-
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
-
       - name: Set up Python
         uses: actions/setup-python@v2
         with:
           python-version: '3.8'
-
       - name: Install Checkov
         run: pip install checkov
-
       - name: Run Checkov
         run: checkov -d .
 
   docker:
     runs-on: ubuntu-latest
     needs: checkov
-
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
-
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
-
       - name: Log in to GitHub Container Registry
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-
       - name: Build Docker image
         uses: docker/build-push-action@v5
         with:
@@ -95,20 +82,17 @@ jobs:
             ghcr.io/${{ github.repository }}/${{ env.DOCKER_IMAGE_NAME }}:${{ env.DOCKER_IMAGE_TAG }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
-
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: ${{ env.DOCKER_IMAGE_NAME }}:${{ env.DOCKER_IMAGE_TAG }}
           format: 'sarif'
           output: 'trivy-results.sarif'
           severity: 'CRITICAL,HIGH'
-
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: 'trivy-results.sarif'
-
       - name: Push Docker image
         if: github.event_name != 'pull_request' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/main-week2-day5-6')
         uses: docker/build-push-action@v5
@@ -119,4 +103,8 @@ jobs:
             ghcr.io/${{ github.repository }}/${{ env.DOCKER_IMAGE_NAME }}:latest
             ghcr.io/${{ github.repository }}/${{ env.DOCKER_IMAGE_NAME }}:${{ env.DOCKER_IMAGE_TAG }}
           cache-from: type=gha
-          cache-to: type=gha,mode=max
+          cache-to: type=gha,mode=max
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true