-
Notifications
You must be signed in to change notification settings - Fork 21
109 lines (98 loc) · 3.36 KB
/
pull-request-conditionals.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
# Copyright 2024 Defense Unicorns
# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
name: Filter
# This workflow is triggered on pull requests
on:
pull_request:
# milestoned is added here as a workaround for release-please not triggering PR workflows (PRs should be added to a milestone to trigger the workflow).
types: [milestoned, opened, reopened, synchronize]
paths-ignore:
- "**.md"
- "**.jpg"
- "**.png"
- "**.gif"
- "**.svg"
- docs/**
- .vscode/**
- .gitignore
- renovate.json
- .release-please-config.json
- .codespellrc
- release-please-config.json
- CODEOWNERS
- LICENSE
# Permissions for the GITHUB_TOKEN used by the workflow.
permissions:
id-token: write # Needed for OIDC-related operations.
contents: read # Allows reading the content of the repository.
pull-requests: write # Allows writing pull request metadata.
packages: read # Allows reading the published GHCR packages
# Default settings for all run commands in the workflow jobs.
defaults:
run:
shell: bash -e -o pipefail {0} # Ensures that scripts fail on error and pipefail is set.
# Abort prior jobs in the same workflow / PR
concurrency:
group: test-${{ github.ref }}
cancel-in-progress: true
jobs:
lint-check:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: lint-check
uses: ./.github/actions/lint-check
# This job checks if there are changes in specific paths source packages.
check-paths:
needs: lint-check
runs-on: ubuntu-latest
name: Select Jobs
outputs:
packages: ${{ steps.path-filter.outputs.changes }}
steps:
- name: Checkout the code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
# Uses a custom action to filter paths for source packages.
- name: Check src paths
id: path-filter
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
with:
filters: .github/filters.yaml
# This job triggers a separate workflow for each changed source package, if any.
run-package-test:
needs: check-paths
name: Schedule
strategy:
matrix:
package: ${{ fromJSON(needs.check-paths.outputs.packages) }}
flavor: [upstream, registry1, unicorn]
test_type: [install]
# Upgrade tests are included for all flavors, but ONLY for `all` package tests
include:
- package: all
flavor: registry1
test_type: upgrade
- package: all
flavor: upstream
test_type: upgrade
- package: all
flavor: unicorn
test_type: upgrade
uses: ./.github/workflows/test.yaml
with:
package: ${{ matrix.package }}
flavor: ${{ matrix.flavor }}
test_type: ${{ matrix.test_type }}
secrets: inherit # Inherits all secrets from the parent workflow.
evaluate-package-compliance:
needs: run-package-test
name: Compliance Evaluation
strategy:
matrix:
flavor: [upstream, registry1, unicorn]
fail-fast: false
uses: ./.github/workflows/compliance.yaml
with:
flavor: ${{ matrix.flavor }}
secrets: inherit # Inherits all secrets from the parent workflow.