Add BOT_APPROVED_FILES (#441) #1573
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI Checks | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| jobs: | |
| formatting: | |
| runs-on: ubuntu-20.04 | |
| env: | |
| DFX_NETWORK: mainnet | |
| # In order to trigger other workflows after committing formatting changes, we need | |
| # to use the PR Automation App. This secret is not available for external | |
| # contributors. So on PRs that can't access the secret, we don't commit changes and | |
| # instead just fail if the formatting changes are needed. | |
| steps: | |
| - name: Check if commits can be added | |
| id: check_can_add_commit | |
| run: | | |
| echo "can_add_commit=${{ secrets.PR_AUTOMATION_BOT_PUBLIC_PRIVATE_KEY != '' && github.event_name == 'pull_request' }}" >> $GITHUB_OUTPUT | |
| - name: Create GitHub App Token | |
| uses: actions/create-github-app-token@v1 | |
| id: app-token | |
| if: steps.check_can_add_commit.outputs.can_add_commit == 'true' | |
| with: | |
| app-id: ${{ vars.PR_AUTOMATION_BOT_PUBLIC_APP_ID }} | |
| private-key: ${{ secrets.PR_AUTOMATION_BOT_PUBLIC_PRIVATE_KEY }} | |
| - name: Checkout | |
| if: steps.check_can_add_commit.outputs.can_add_commit == 'true' | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| token: ${{ steps.app-token.outputs.token }} | |
| - name: Checkout | |
| if: steps.check_can_add_commit.outputs.can_add_commit == 'false' | |
| uses: actions/checkout@v4 | |
| - name: Install shfmt | |
| run: sudo snap install --classic shfmt | |
| - name: Format shell scripts | |
| run: ./scripts/fmt-sh | |
| - name: Restore dfx.json | |
| run: cp dfx.json.original dfx.json | |
| - name: Check formatting changes | |
| id: check_format | |
| run: | | |
| if git diff --exit-code; then | |
| echo "formatting_needed=false" >> $GITHUB_OUTPUT | |
| else | |
| echo "formatting_needed=true" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Commit Formatting changes | |
| if: steps.check_can_add_commit.outputs.can_add_commit == 'true' && steps.check_format.outputs.formatting_needed == 'true' | |
| uses: EndBug/add-and-commit@v9.1.4 | |
| with: | |
| add: . | |
| default_author: github_actions | |
| message: "Updating formatting" | |
| # do not pull: if this branch is behind, then we might as well let | |
| # the pushing fail | |
| pull_strategy: "NO-PULL" | |
| - name: Fail for formatting issues without GitHub App | |
| if: steps.check_can_add_commit.outputs.can_add_commit == 'false' && steps.check_format.outputs.formatting_needed == 'true' | |
| run: | | |
| echo "Formatting changes are needed but couldn't be committed because the GitHub App secret isn't available or this isn't a pull request." | |
| exit 1 | |
| shell-checks: | |
| needs: formatting | |
| name: ShellCheck | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Install apt-dependencies | |
| run: sudo apt-get update && sudo apt-get install moreutils -yy && command -v more | |
| - uses: actions/checkout@v3 | |
| - name: Run ShellCheck | |
| uses: ludeeus/action-shellcheck@master | |
| env: | |
| SHELLCHECK_OPTS: -e SC1090 -e SC2119 -e SC1091 -e SC2121 -e SC2155 -e SC2094 -e SC2015 | |
| clap-checks: | |
| needs: formatting | |
| name: Clap checks | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Clap works | |
| run: ./bin/clap.test | |
| sns-aggregator-canister-checks: | |
| needs: formatting | |
| name: SNS aggregator tools | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Install apt-dependencies | |
| run: sudo apt-get update && sudo apt-get install moreutils -yy && command -v more | |
| - name: Install cargo binstall | |
| uses: ./.github/actions/install_binstall | |
| - name: Install tools | |
| run: | | |
| . bin/versions.bash | |
| cargo binstall --force --no-confirm "ic-wasm@${IC_WASM_VERSION}" | |
| - name: "Test the sns aggregator version command" | |
| run: ./bin/dfx-software-sns-aggregator-version.test | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| - name: "Test the aggregator wasm download command" | |
| run: ./bin/dfx-software-sns-aggregator-ci-wasm-url.test --verbose | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| - name: Install dfx | |
| uses: dfinity/setup-dfx@main | |
| - name: "Test the aggregator wasm install command" | |
| run: ./bin/dfx-software-sns-aggregator-install.test --verbose | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| ckbtc-checks: | |
| needs: formatting | |
| name: CKBTC tools | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Install apt-dependencies | |
| run: sudo apt-get update && sudo apt-get install moreutils -yy && command -v more | |
| - uses: actions/checkout@v3 | |
| - name: Install dfx | |
| uses: dfinity/setup-dfx@main | |
| - name: Import ckbtc works | |
| run: | | |
| set -euxo pipefail | |
| echo "This modifies files, so make sure the state is clean before and after" | |
| git clean -dfx | |
| bin/dfx-ckbtc-import.test | |
| git clean -dfx | |
| - name: Deploy ckbtc works | |
| run: | | |
| set -euxo pipefail | |
| echo "This modifies files, so make sure the state is clean before and after" | |
| git clean -dfx | |
| bin/dfx-ckbtc-deploy.test | |
| git clean -dfx | |
| - name: Import token works | |
| run: | | |
| set -euxo pipefail | |
| echo "This modifies files, so make sure the state is clean before and after" | |
| git clean -dfx | |
| bin/dfx-token-import.test | |
| git clean -dfx | |
| - name: Deploy token works | |
| run: | | |
| set -euxo pipefail | |
| echo "This modifies files, so make sure the state is clean before and after" | |
| git clean -dfx | |
| bin/dfx-token-deploy.test | |
| git clean -dfx | |
| - name: Install mock bitcoin canister works | |
| run: | | |
| set -euxo pipefail | |
| echo "This modifies files, so make sure the state is clean before and after" | |
| git clean -dfx | |
| bin/dfx-software-mock-bitcoin-install.test | |
| git clean -dfx | |
| nns-dapp-canister-checks: | |
| needs: formatting | |
| name: NNS dapp tools | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: "Test the nns-dapp version command" | |
| run: ./bin/dfx-software-nns-dapp-version.test | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| - name: Install cargo binstall | |
| uses: ./.github/actions/install_binstall | |
| - name: Install tools | |
| run: | | |
| . bin/versions.bash | |
| cargo binstall --force --no-confirm "ic-wasm@${IC_WASM_VERSION}" | |
| - name: "Test the nns-dapp url command" | |
| run: ./bin/dfx-software-nns-dapp-ci-wasm-url.test | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| dfx-canister-url-checks: | |
| needs: formatting | |
| name: Canister URL checks | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Install apt-dependencies | |
| run: sudo apt-get update && sudo apt-get install moreutils -yy && command -v more | |
| - uses: actions/checkout@v3 | |
| - name: Install dfx | |
| uses: dfinity/setup-dfx@main | |
| - name: dfx-canister-url works | |
| run: | | |
| set -euxo pipefail | |
| echo "This modifies files, so make sure the state is clean before and after" | |
| git clean -dfx | |
| bin/dfx-canister-url.test --verbose | |
| git clean -dfx | |
| other-tests: | |
| name: Other tests | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Install apt-dependencies | |
| # Needed for sponge | |
| run: sudo apt-get update && sudo apt-get install moreutils -yy | |
| - name: Install idl2json | |
| run: bin/dfx-software-idl2json-install | |
| - name: Install dfx | |
| uses: dfinity/setup-dfx@main | |
| - name: Install mock exchange rate canister works | |
| run: | | |
| set -euxo pipefail | |
| echo "This modifies files, so make sure the state is clean before and after" | |
| git clean -dfx | |
| bin/dfx-mock-exchange-rate-canister-install.test | |
| git clean -dfx |