Skip to content

chore(deps): update github/codeql-action digest to b6a472f in .github/workflows/codeql.yml (main) #8838

chore(deps): update github/codeql-action digest to b6a472f in .github/workflows/codeql.yml (main)

chore(deps): update github/codeql-action digest to b6a472f in .github/workflows/codeql.yml (main) #8838

Workflow file for this run

name: tester
on:
push:
branches:
- "main"
- "release-**"
pull_request:
types:
- opened
- reopened
- synchronize
- ready_for_review
branches:
- "main"
- "release-**"
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
permissions:
contents: read
jobs:
changes:
permissions:
contents: read # for dorny/paths-filter to fetch a list of changed files
pull-requests: read # for dorny/paths-filter to read pull requests
outputs:
should-run-tests: ${{ steps.changes.outputs.go == 'true' }}
if: github.event.pull_request.draft == false
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
id: changes
with:
filters: |
go:
- '**.go'
- '**.txt' # golden file test output
- 'go.*'
- '**.tmpl'
- '.github/workflows/test.yml'
test:
needs: [changes]
if: needs.changes.outputs.should-run-tests == 'true'
name: Tests
runs-on: ubuntu-24.04
container: ghcr.io/runatlantis/testing-env:latest@sha256:79991418aec4e5dcb1f18dc7b7bdf6ee37302a30a1e374c7bcf3eba9aadef68d
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
# need to setup go toolchain explicitly
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5
with:
go-version-file: go.mod
- run: make test-all
- run: make check-fmt
###########################################################
# Notifying #contributors about test failure on main branch
###########################################################
- name: Slack failure notification
if: ${{ github.ref == 'refs/heads/main' && failure() }}
uses: slackapi/slack-github-action@485a9d42d3a73031f12ec201c457e2162c45d02d # v2.0.0
with:
payload: |
{
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": ":x: Failed GitHub Action:"
}
},
{
"type": "section",
"fields": [
{
"type": "mrkdwn",
"text": "*Workflow:*\n<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }}>"
},
{
"type": "mrkdwn",
"text": "*Job:*\n${{ github.job }}"
},
{
"type": "mrkdwn",
"text": "*Repo:*\n${{ github.repository }}"
}
]
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
skip-test:
needs: [changes]
if: needs.changes.outputs.should-run-tests == 'false'
name: Tests
runs-on: ubuntu-24.04
steps:
- run: 'echo "No build required"'
e2e-github:
runs-on: ubuntu-latest
# dont run e2e tests on forked PRs
if: github.event.pull_request.head.repo.fork == false
env:
TERRAFORM_VERSION: 1.9.2
ATLANTIS_GH_USER: ${{ secrets.ATLANTISBOT_GITHUB_USERNAME }}
ATLANTIS_GH_TOKEN: ${{ secrets.ATLANTISBOT_GITHUB_TOKEN }}
NGROK_AUTH_TOKEN: ${{ secrets.ATLANTISBOT_NGROK_AUTH_TOKEN }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5
with:
go-version-file: go.mod
# This version of TF will be downloaded before Atlantis is started.
# We do this instead of setting --default-tf-version because setting
# that flag starts the download asynchronously so we'd have a race
# condition.
- uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}
- name: Setup ngrok
run: |
wget -q -O ngrok.tar.gz https://bin.equinox.io/a/4no1PS1PoRF/ngrok-v3-3.13.0-linux-amd64.tar.gz
tar -xzf ngrok.tar.gz
chmod +x ngrok
./ngrok version
- name: Setup gitconfig
run: |
git config --global user.email "[email protected]"
git config --global user.name "atlantisbot"
- run: |
make build-service
./scripts/e2e.sh
e2e-gitlab:
runs-on: ubuntu-latest
# dont run e2e tests on forked PRs
if: github.event.pull_request.head.repo.fork == false
env:
TERRAFORM_VERSION: 1.9.2
ATLANTIS_GITLAB_USER: ${{ secrets.ATLANTISBOT_GITLAB_USERNAME }}
ATLANTIS_GITLAB_TOKEN: ${{ secrets.ATLANTISBOT_GITLAB_TOKEN }}
NGROK_AUTH_TOKEN: ${{ secrets.ATLANTISBOT_NGROK_AUTH_TOKEN }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5
with:
go-version-file: go.mod
# This version of TF will be downloaded before Atlantis is started.
# We do this instead of setting --default-tf-version because setting
# that flag starts the download asynchronously so we'd have a race
# condition.
- uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}
- name: Setup ngrok
run: |
wget -q -O ngrok.tar.gz https://bin.equinox.io/a/4no1PS1PoRF/ngrok-v3-3.13.0-linux-amd64.tar.gz
tar -xzf ngrok.tar.gz
chmod +x ngrok
./ngrok version
- name: Setup gitconfig
run: |
git config --global user.email "[email protected]"
git config --global user.name "atlantisbot"
- run: |
make build-service
./scripts/e2e.sh