-
Notifications
You must be signed in to change notification settings - Fork 21
100 lines (90 loc) · 3.35 KB
/
pull-request-conditionals.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
name: Filter
# This workflow is triggered on pull requests
on:
pull_request:
# milestoned is added here as a workaround for release-please not triggering PR workflows (PRs should be added to a milestone to trigger the workflow).
types: [milestoned, opened, reopened, synchronize]
# Permissions for the GITHUB_TOKEN used by the workflow.
permissions:
id-token: write # Needed for OIDC-related operations.
contents: read # Allows reading the content of the repository.
pull-requests: write # Allows writing pull request metadata.
packages: read # Allows reading the published GHCR packages
# Default settings for all run commands in the workflow jobs.
defaults:
run:
shell: bash -e -o pipefail {0} # Ensures that scripts fail on error and pipefail is set.
# Abort prior jobs in the same workflow / PR
concurrency:
group: test-${{ github.ref }}
cancel-in-progress: true
jobs:
lint-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: Use Node.js latest
uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
with:
node-version: 20
- name: Set up Homebrew
uses: Homebrew/actions/setup-homebrew@master
- name: Install UDS CLI
shell: bash
# renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver
run: brew install defenseunicorns/tap/uds@0.14.0
- name: Run Formatting Checks
run: uds run lint-check --no-progress
# This job checks if there are changes in specific paths source packages.
check-paths:
needs: lint-check
runs-on: ubuntu-latest
name: Select Jobs
outputs:
packages: ${{ steps.path-filter.outputs.changes }}
steps:
- name: Checkout the code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
# Uses a custom action to filter paths for source packages.
- name: Check src paths
id: path-filter
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
with:
filters: .github/filters.yaml
# This job triggers a separate workflow for each changed source package, if any.
run-package-test:
needs: check-paths
name: Schedule
strategy:
matrix:
package: ${{ fromJSON(needs.check-paths.outputs.packages) }}
flavor: [upstream, registry1, unicorn]
test_type: [install]
# Upgrade tests are included for all flavors, but ONLY for `all` package tests
include:
- package: all
flavor: registry1
test_type: upgrade
- package: all
flavor: upstream
test_type: upgrade
- package: all
flavor: unicorn
test_type: upgrade
uses: ./.github/workflows/test.yaml
with:
package: ${{ matrix.package }}
flavor: ${{ matrix.flavor }}
test_type: ${{ matrix.test_type }}
secrets: inherit # Inherits all secrets from the parent workflow.
evaluate-package-compliance:
needs: run-package-test
name: Compliance Evaluation
strategy:
matrix:
flavor: [upstream, registry1, unicorn]
fail-fast: false
uses: ./.github/workflows/compliance.yaml
with:
flavor: ${{ matrix.flavor }}
secrets: inherit # Inherits all secrets from the parent workflow.