Skip to content

Commit

Permalink
refactor(GHA): make workflows reusable
Browse files Browse the repository at this point in the history
  • Loading branch information
@josecorella
josecorella committed Jul 9, 2024
1 parent e7801ec commit ef41e45
Show file tree
Hide file tree
Showing 20 changed files with 586 additions and 232 deletions.
68 changes: 68 additions & 0 deletions .github/workflows/check-files.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
# This workflow checks if specfic files were modified,
# if they were they require more than one approval from CODEOWNERS
name: Check Release Files

on:
pull_request:

jobs:
require-approvals:
runs-on: ubuntu-latest
permissions:
issues: write
pull-requests: write
env:
# unfortunately we can't check if the approver is part of the CODEOWNERS. This is a subset of aws/aws-crypto-tools-team
# to add more allowlisted approvers just modify this env variable
maintainers: seebees, texastony, ShubhamChaturvedi7, lucasmcdonald3, josecorella, imabhichow, rishav-karanjit, antonf-amzn, justplaz, ajewellamz
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0

- name: Get Files changed
id: file-changes
shell: bash
run:
# *release.yml files are responsible for releasing builds
# we require multiple approvers if any of those files change
# when adding any release file, it must be appended with *release
# we also want to check if there are changes to this file
echo "FILES=$(git diff --name-only origin/main origin/${GITHUB_HEAD_REF} .github/workflows/*release.yml .github/workflows/check-files.yml | tr '\n' ' ')" >> "$GITHUB_OUTPUT"

- name: Check if FILES is not empty
id: comment
env:
PR_NUMBER: ${{ github.event.number }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
FILES: ${{ steps.file-changes.outputs.FILES }}
if: ${{env.FILES != ''}}
run: |
COMMENT="Detected changes to the release files or to the check-files action"
COMMENT_URL="https://api.github.com/repos/${{ github.repository }}/issues/${PR_NUMBER}/comments"
curl -s -H "Authorization: token ${GITHUB_TOKEN}" -X POST $COMMENT_URL -d "{\"body\":\"$COMMENT\"}"
- name: Check Approvers
id: approvers
if: steps.comment.outcome == 'success'
# if this step fails we want to continue to post a message on the PR.
continue-on-error: true
# we are using this action because it does the heavy lifting for us, it uses the github_token enabled
# for github actions, this is ok because tokens are created for every workflow run and they expire at the end
# of the job
uses: peternied/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
min-required: 2
required-approvers-list: ${{env.maintainers}}

- name: Post Approvers Result
if: steps.approvers.outcome == 'failure'
env:
PR_NUMBER: ${{ github.event.number }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
COMMENT="Changes to the release files or the check-files action requires 2 approvals from CODEOWNERS"
COMMENT_URL="https://api.github.com/repos/${{ github.repository }}/issues/${PR_NUMBER}/comments"
curl -s -H "Authorization: token ${GITHUB_TOKEN}" -X POST $COMMENT_URL -d "{\"body\":\"$COMMENT\"}"
exit 1
12 changes: 7 additions & 5 deletions .github/workflows/ci_codegen.yml
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,12 @@
# This workflow regenerates code using smithy-dafny and checks that the output matches what's checked in.
name: Library Code Generation
on:
pull_request:
push:
branches:
- main
workflow_call:
inputs:
dafny:
description: "The dafny version to run"
required: true
type: string

jobs:
code-generation:
Expand Down Expand Up @@ -38,7 +40,7 @@ jobs:
- name: Setup Dafny
uses: dafny-lang/[email protected]
with:
dafny-version: 4.2.0
dafny-version: ${{ inputs.dafny }}

- name: Setup .NET Core SDK ${{ matrix.dotnet-version }}
uses: actions/setup-dotnet@v4
Expand Down
31 changes: 9 additions & 22 deletions .github/workflows/ci_examples_java.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,31 +2,20 @@
name: Java Examples

on:
pull_request:
push:
branches:
- main
workflow_dispatch:
# Manual trigger for this workflow, either the normal version
# or the nightly build that uses the latest Dafny prerelease
# (accordingly to the "nightly" parameter).
workflow_call:
inputs:
nightly:
description: "Run the nightly build"
dafny:
description: "The Dafny version to run"
required: true
type: string
regenerate-code:
description: "Regenerate code using smithy-dafny"
required: false
default: false
type: boolean
schedule:
# Nightly build against Dafny's nightly prereleases,
# for early warning of verification issues or regressions.
# Timing chosen to be adequately after Dafny's own nightly build,
# but this might need to be tweaked:
# https://github.com/dafny-lang/dafny/blob/master/.github/workflows/deep-tests.yml#L16
- cron: "30 16 * * *"

jobs:
testJava:
# Don't run the nightly build on forks
if: github.event_name != 'schedule' || github.repository_owner == 'aws'
strategy:
max-parallel: 1
matrix:
Expand Down Expand Up @@ -57,11 +46,9 @@ jobs:
- name: Setup Dafny
uses: dafny-lang/[email protected]
with:
# A && B || C is the closest thing to an if .. then ... else ... or ?: expression the GitHub Actions syntax supports.
dafny-version: ${{ (github.event_name == 'schedule' || inputs.nightly) && 'nightly-latest' || '4.2.0' }}
dafny-version: ${{ inputs.dafny }}

- name: Regenerate code using smithy-dafny if necessary
if: ${{ github.event_name == 'schedule' || inputs.nightly }}
uses: ./.github/actions/polymorph_codegen
with:
dafny: ${{ env.DAFNY_VERSION }}
Expand Down
25 changes: 20 additions & 5 deletions .github/workflows/ci_examples_net.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,17 @@
name: dotnet examples

on:
pull_request:
push:
branches:
- main
workflow_call:
inputs:
dafny:
description: "The Dafny version to run"
required: true
type: string
regenerate-code:
description: "Regenerate code using smithy-dafny"
required: false
default: false
type: boolean

jobs:
dotNetExamples:
Expand Down Expand Up @@ -36,7 +43,15 @@ jobs:
- name: Setup Dafny
uses: dafny-lang/[email protected]
with:
dafny-version: ${{ '4.2.0' }}
dafny-version: ${{ inputs.dafny }}

- name: Regenerate code using smithy-dafny if necessary
uses: ./.github/actions/polymorph_codegen
with:
dafny: ${{ env.DAFNY_VERSION }}
library: DynamoDbEncryption
diff-generated-code: false
update-and-regenerate-mpl: true

- name: Download Dependencies
working-directory: ./${{ matrix.library }}
Expand Down
32 changes: 10 additions & 22 deletions .github/workflows/ci_test_java.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,31 +2,20 @@
name: Library Java tests

on:
pull_request:
push:
branches:
- main
workflow_dispatch:
# Manual trigger for this workflow, either the normal version
# or the nightly build that uses the latest Dafny prerelease
# (accordingly to the "nightly" parameter).
workflow_call:
inputs:
nightly:
description: "Run the nightly build"
dafny:
description: "The Dafny version to run"
required: true
type: string
regenerate-code:
description: "Regenerate code using smithy-dafny"
required: false
default: false
type: boolean
schedule:
# Nightly build against Dafny's nightly prereleases,
# for early warning of verification issues or regressions.
# Timing chosen to be adequately after Dafny's own nightly build,
# but this might need to be tweaked:
# https://github.com/dafny-lang/dafny/blob/master/.github/workflows/deep-tests.yml#L16
- cron: "30 16 * * *"

jobs:
testJava:
# Don't run the nightly build on forks
if: github.event_name != 'schedule' || github.repository_owner == 'aws'
strategy:
matrix:
library: [DynamoDbEncryption]
Expand All @@ -51,11 +40,10 @@ jobs:
- name: Setup Dafny
uses: dafny-lang/[email protected]
with:
# A && B || C is the closest thing to an if .. then ... else ... or ?: expression the GitHub Actions syntax supports.
dafny-version: ${{ (github.event_name == 'schedule' || inputs.nightly) && 'nightly-latest' || '4.2.0' }}
dafny-version: ${{ inputs.dafny }}

- name: Regenerate code using smithy-dafny if necessary
if: ${{ github.event_name == 'schedule' || inputs.nightly }}
if: ${{ inputs.regenerate-code }}
uses: ./.github/actions/polymorph_codegen
with:
dafny: ${{ env.DAFNY_VERSION }}
Expand Down
32 changes: 9 additions & 23 deletions .github/workflows/ci_test_net.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,32 +2,20 @@
name: test dotnet

on:
pull_request:
push:
branches:
- main
workflow_dispatch:
# Manual trigger for this workflow, either the normal version
# or the nightly build that uses the latest Dafny prerelease
# (accordingly to the "nightly" parameter).
workflow_call:
inputs:
nightly:
description: "Run the nightly build"
dafny:
description: "The Dafny version to run"
required: true
type: string
regenerate-code:
description: "Regenerate code using smithy-dafny"
required: false
default: false
type: boolean
schedule:
# Nightly build against Dafny's nightly prereleases,
# for early warning of verification issues or regressions.
# Timing chosen to be adequately after Dafny's own nightly build,
# but this might need to be tweaked:
# https://github.com/dafny-lang/dafny/blob/master/.github/workflows/deep-tests.yml#L16
- cron: "30 16 * * *"

jobs:
testDotNet:
# Don't run the nightly build on forks
# Disabled until we reintroduce DynamoDbEncryption, since a matrix vector cannot be empty
if: (github.event_name != 'schedule' || github.repository_owner == 'aws')
strategy:
matrix:
library: [DynamoDbEncryption]
Expand Down Expand Up @@ -56,11 +44,9 @@ jobs:
- name: Setup Dafny
uses: dafny-lang/[email protected]
with:
# A && B || C is the closest thing to an if .. then ... else ... or ?: expression the GitHub Actions syntax supports.
dafny-version: ${{ (github.event_name == 'schedule' || inputs.nightly) && 'nightly-latest' || '4.2.0' }}
dafny-version: ${{ inputs.dafny }}

- name: Regenerate code using smithy-dafny if necessary
if: ${{ github.event_name == 'schedule' || inputs.nightly }}
uses: ./.github/actions/polymorph_codegen
with:
dafny: ${{ env.DAFNY_VERSION }}
Expand Down
31 changes: 24 additions & 7 deletions .github/workflows/ci_test_vector_java.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,23 @@
name: Library Java Test Vectors

on:
pull_request:
push:
branches:
- main
workflow_call:
inputs:
dafny:
description: "The Dafny version to run"
required: true
type: string
regenerate-code:
description: "Regenerate code using smithy-dafny"
required: false
default: false
type: boolean

jobs:
testJava:
strategy:
matrix:
library: [TestVectors]
java-version: [8, 11, 16, 17]
os: [
# Run on ubuntu image that comes pre-configured with docker
Expand Down Expand Up @@ -41,7 +49,16 @@ jobs:
- name: Setup Dafny
uses: dafny-lang/[email protected]
with:
dafny-version: "4.2.0"
dafny-version: ${{ inputs.dafny }}

- name: Regenerate code using smithy-dafny if necessary
if: ${{ inputs.regenerate-code }}
uses: ./.github/actions/polymorph_codegen
with:
dafny: ${{ env.DAFNY_VERSION }}
library: ${{ matrix.library }}
diff-generated-code: false
update-and-regenerate-mpl: true

- name: Setup Java ${{ matrix.java-version }}
uses: actions/setup-java@v4
Expand All @@ -51,13 +68,13 @@ jobs:

- name: Build TestVectors implementation
shell: bash
working-directory: ./TestVectors
working-directory: ${{matrix.library}}
run: |
# This works because `node` is installed by default on GHA runners
CORES=$(node -e 'console.log(os.cpus().length)')
make build_java CORES=$CORES
- name: Test TestVectors
working-directory: ./TestVectors
working-directory: ${{matrix.library}}
run: |
make test_java
Loading

0 comments on commit ef41e45

Please sign in to comment.