Update nick-fields/assert-action action to v2 #607
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous Integration | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| jobs: | |
| generate-ref: | |
| name: Generate Ref | |
| runs-on: ubuntu-latest | |
| outputs: | |
| REF: ${{ steps.generate-ref.outputs.ref }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - id: generate-ref | |
| name: Generate Ref | |
| run: | | |
| if [ "${{ github.event_name }}" == "pull_request" ] ; then | |
| ref=$(php -r "echo str_replace('/', '-SLASH-', '${{ github.event.pull_request.head.ref }}');") | |
| echo "$ref" | |
| printf "::set-output name=ref::%s" $ref | |
| exit 0 | |
| fi | |
| echo "${GITHUB_REF##*/}" | |
| echo "::set-output name=ref::${GITHUB_REF##*/}" | |
| lint-dockerfile: | |
| name: Lint Dockerfile | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Lint Dockerfile | |
| uses: docker://hadolint/hadolint:latest-debian | |
| with: | |
| entrypoint: hadolint | |
| args: generate-comments/Dockerfile-build | |
| build-docker-image: | |
| name: Build Docker image | |
| needs: | |
| - generate-ref | |
| - lint-dockerfile | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - run: mkdir ./docker-image/ | |
| - run: docker version | |
| - run: docker images | |
| env: | |
| REF: ${{ needs.generate-ref.outputs.ref }} | |
| - run: docker build --no-cache -t "$(echo "ghcr.io/${GITHUB_REPOSITORY}:${REF}" | tr '[:upper:]' '[:lower:]')" ./generate-comments/ -f generate-comments/Dockerfile-build --target=runtime | |
| env: | |
| REF: ${{ needs.generate-ref.outputs.ref }} | |
| - run: docker tag "$(echo "ghcr.io/${GITHUB_REPOSITORY}:${REF}" | tr '[:upper:]' '[:lower:]')" "$(echo "ghcr.io/${GITHUB_REPOSITORY}:sha-${GITHUB_SHA}" | tr '[:upper:]' '[:lower:]')" | |
| env: | |
| REF: ${{ needs.generate-ref.outputs.ref }} | |
| - run: echo -e "$(echo "ghcr.io/${GITHUB_REPOSITORY}:${REF}" | tr '[:upper:]' '[:lower:]')" | xargs -I % sh -c 'docker run -v /tmp/trivy:/var/lib/trivy -v /var/run/docker.sock:/var/run/docker.sock -t aquasec/trivy:latest --cache-dir /var/lib/trivy image --exit-code 1 --no-progress --format table %' | |
| env: | |
| REF: ${{ needs.generate-ref.outputs.ref }} | |
| - run: docker save "$(echo "ghcr.io/${GITHUB_REPOSITORY}:sha-${GITHUB_SHA}" | tr '[:upper:]' '[:lower:]')" | gzip -9 > ./docker-image/image.tar | |
| if: github.actor == 'dependabot[bot]' | |
| - run: docker images | |
| - name: Upload Images | |
| if: github.actor == 'dependabot[bot]' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: docker-image | |
| path: ./docker-image | |
| - name: Login to GitHub Container Registry | |
| if: github.actor != 'dependabot[bot]' | |
| run: | | |
| echo "${{ secrets.GITHUB_TOKEN }}" | \ | |
| docker login ghcr.io \ | |
| --username "${GITHUB_ACTOR}" \ | |
| --password-stdin | |
| - name: Push branch image to GitHub Container Registry | |
| if: github.actor != 'dependabot[bot]' | |
| run: | | |
| docker push $(echo "ghcr.io/${GITHUB_REPOSITORY}:${REF}" | tr '[:upper:]' '[:lower:]') | |
| env: | |
| REF: ${{ needs.generate-ref.outputs.ref }} | |
| - name: Push commit sha image to GitHub Container Registry | |
| if: github.actor != 'dependabot[bot]' | |
| run: | | |
| docker push $(echo "ghcr.io/${GITHUB_REPOSITORY}:sha-${GITHUB_SHA}" | tr '[:upper:]' '[:lower:]') | |
| comment-composer-lock-diff: | |
| name: Comment composer.lock diff | |
| needs: | |
| - build-docker-image | |
| runs-on: ubuntu-latest | |
| if: ${{ github.event_name == 'pull_request' }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Check if composer.lock has changed | |
| id: composer-lock-changed | |
| uses: tj-actions/changed-files@v42 | |
| with: | |
| files: composer.lock | |
| - name: Download Images | |
| if: github.actor == 'dependabot[bot]' | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: docker-image | |
| path: ./docker-image | |
| - run: docker load --input ./docker-image/image.tar | |
| if: github.actor == 'dependabot[bot]' | |
| - run: git branch | |
| - run: sed -i $(echo "s/main/sha-$GITHUB_SHA/g") action.yaml | |
| - name: Comment composer.lock diff | |
| if: github.actor != 'dependabot[bot]' | |
| uses: ./ | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Comment composer.lock diff | |
| id: composerdiff | |
| uses: ./ | |
| with: | |
| dryRun: yes | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Show production table | |
| run: echo "${PRODUCTION}" | |
| env: | |
| PRODUCTION: ${{ steps.composerdiff.outputs.production }} | |
| - name: Show development table | |
| run: echo "${DEVELOPMENT}" | |
| env: | |
| DEVELOPMENT: ${{ steps.composerdiff.outputs.development }} | |
| - name: Assert Production Output | |
| if: steps.composer-lock-changed.outputs.any_changed == 'true' && ((steps.composerdiff.outputs.development == '' && steps.composerdiff.outputs.production != '') || (steps.composerdiff.outputs.development != '' && steps.composerdiff.outputs.production != '')) | |
| uses: nick-fields/assert-action@v2 | |
| with: | |
| expected: "| Prod Packages" | |
| actual: ${{ steps.composerdiff.outputs.production }} | |
| comparison: startsWith | |
| - name: Assert Development Output | |
| if: steps.composer-lock-changed.outputs.any_changed == 'true' && ((steps.composerdiff.outputs.development != '' && steps.composerdiff.outputs.production == '') || (steps.composerdiff.outputs.development != '' && steps.composerdiff.outputs.production != '')) | |
| uses: nick-fields/assert-action@v2 | |
| with: | |
| expected: "🚧 Composer Development Dependency changes 🚧" | |
| actual: ${{ steps.composerdiff.outputs.development }} | |
| comparison: startsWith |