Upgrade requirements with security issues (#1846) #533
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| - push | |
| - pull_request | |
| permissions: | |
| contents: read | |
| env: | |
| COLUMNS: 160 | |
| jobs: | |
| get-changed-files: | |
| name: Get Changed Files | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read # for dorny/paths-filter to fetch a list of changed files | |
| pull-requests: read # for dorny/paths-filter to read pull requests | |
| outputs: | |
| changed-files: ${{ toJSON(steps.changed-files.outputs) }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Get Changed Files | |
| id: changed-files | |
| uses: dorny/paths-filter@v2 | |
| with: | |
| token: ${{ github.token }} | |
| list-files: json | |
| filters: | | |
| repo: | |
| - added|modified: | |
| - '**' | |
| deleted: | |
| - deleted: | |
| - '**' | |
| docs: | |
| - doc/** | |
| state-tree: | |
| - added|modified: &state_tree_added_modified | |
| - setup.py | |
| - golden-pillar-tree/* | |
| - golden-state-tree/* | |
| - tools/**/*.py | |
| os-images-scripts: | |
| - added|modified: &os_images_scripts | |
| - os-images/files/* | |
| - os-images/AWS/files/* | |
| os-images-rockylinux: | |
| - added|modified: | |
| - *state_tree_added_modified | |
| - *os_images_scripts | |
| - os-images/AWS/rockylinux/*.hcl | |
| os-images-amazonlinux: | |
| - added|modified: | |
| - *state_tree_added_modified | |
| - *os_images_scripts | |
| - os-images/AWS/amazonlinux/*.hcl | |
| os-images-amazonlinux2000: | |
| - added|modified: | |
| - *state_tree_added_modified | |
| - *os_images_scripts | |
| - os-images/AWS/amazonlinux2000/*.hcl | |
| os-images-archlinux: | |
| - added|modified: | |
| - *state_tree_added_modified | |
| - *os_images_scripts | |
| - os-images/AWS/archlinux/*.hcl | |
| os-images-centos: | |
| - added|modified: | |
| - *state_tree_added_modified | |
| - *os_images_scripts | |
| - os-images/AWS/centos/*.hcl | |
| os-images-debian: | |
| - added|modified: | |
| - *state_tree_added_modified | |
| - *os_images_scripts | |
| - os-images/AWS/debian/*.hcl | |
| os-images-fedora: | |
| - added|modified: | |
| - *state_tree_added_modified | |
| - *os_images_scripts | |
| - os-images/AWS/fedora/*.hcl | |
| os-images-opensuse: | |
| - added|modified: | |
| - *state_tree_added_modified | |
| - *os_images_scripts | |
| os-images-photon: | |
| - added|modified: | |
| - *state_tree_added_modified | |
| - *os_images_scripts | |
| - os-images/AWS/photon/*.hcl | |
| os-images-ubuntu: | |
| - added|modified: | |
| - *state_tree_added_modified | |
| - *os_images_scripts | |
| - os-images/AWS/ubuntu/*.hcl | |
| os-images-windows: | |
| - added|modified: | |
| - *state_tree_added_modified | |
| - *os_images_scripts | |
| - os-images/AWS/windows/*.hcl | |
| - name: Set Exit Status | |
| if: always() | |
| run: | | |
| mkdir exitstatus | |
| echo "${{ job.status }}" > exitstatus/${{ github.job }}-changed-files | |
| - name: Upload Exit Status | |
| if: always() | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: exitstatus | |
| path: exitstatus | |
| if-no-files-found: error | |
| collect-jobs: | |
| name: Collect Jobs To Run | |
| runs-on: ubuntu-latest | |
| needs: | |
| - get-changed-files | |
| outputs: | |
| jobs: ${{ steps.collect-jobs.outputs.jobs }} | |
| runner-version: ${{ steps.collect-jobs.outputs.runner-version }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up Python 3.10 | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: "3.10" | |
| - name: Install Python Tools Scripts | |
| env: | |
| PIP_INDEX_URL: https://pypi-proxy.saltstack.net/root/local/+simple/ | |
| PIP_EXTRA_INDEX_URL: https://pypi.org/simple | |
| run: | | |
| python3 -m pip install -r requirements/tools.txt | |
| - name: Write Changed Files To A Local File | |
| run: | |
| echo '${{ needs.get-changed-files.outputs.changed-files }}' > changed-files.json | |
| - name: Collect Jobs | |
| id: collect-jobs | |
| run: | |
| tools ci collect-jobs ${{ github.event_name }} changed-files.json | |
| - name: Check It | |
| run: | |
| echo ${{ steps.collect-jobs.outputs.jobs }} | |
| - name: Set Exit Status | |
| if: always() | |
| run: | | |
| mkdir exitstatus | |
| echo "${{ job.status }}" > exitstatus/${{ github.job }}-collect-jobs | |
| - name: Upload Exit Status | |
| if: always() | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: exitstatus | |
| path: exitstatus | |
| if-no-files-found: error | |
| pre-commit: | |
| name: Pre-Commit | |
| uses: ./.github/workflows/pre-commit-action.yml | |
| if: ${{ fromJSON(needs.collect-jobs.outputs.jobs)['pre-commit'] }} | |
| needs: | |
| - collect-jobs | |
| - get-changed-files | |
| with: | |
| changed-files: ${{ needs.get-changed-files.outputs.changed-files }} | |
| rockylinux: | |
| name: RockyLinux | |
| needs: | |
| - collect-jobs | |
| - get-changed-files | |
| if: ${{ fromJSON(needs.collect-jobs.outputs.jobs)['os-images-rockylinux'] }} | |
| uses: ./.github/workflows/build-image-action.yml | |
| with: | |
| distro-name: rockylinux | |
| changed-files: ${{ needs.get-changed-files.outputs.changed-files }} | |
| runner-version: ${{ needs.collect-jobs.outputs.runner-version }} | |
| amazonlinux: | |
| name: AmazonLinux | |
| needs: | |
| - collect-jobs | |
| - get-changed-files | |
| if: ${{ fromJSON(needs.collect-jobs.outputs.jobs)['os-images-amazonlinux'] }} | |
| uses: ./.github/workflows/build-image-action.yml | |
| with: | |
| distro-name: amazonlinux | |
| changed-files: ${{ needs.get-changed-files.outputs.changed-files }} | |
| runner-version: ${{ needs.collect-jobs.outputs.runner-version }} | |
| amazonlinux2000: | |
| name: AmazonLinux2000 | |
| needs: | |
| - collect-jobs | |
| - get-changed-files | |
| if: ${{ fromJSON(needs.collect-jobs.outputs.jobs)['os-images-amazonlinux2000'] }} | |
| uses: ./.github/workflows/build-image-action.yml | |
| with: | |
| distro-name: amazonlinux2000 | |
| changed-files: ${{ needs.get-changed-files.outputs.changed-files }} | |
| runner-version: ${{ needs.collect-jobs.outputs.runner-version }} | |
| archlinux: | |
| name: ArchLinux | |
| needs: | |
| - collect-jobs | |
| - get-changed-files | |
| if: ${{ fromJSON(needs.collect-jobs.outputs.jobs)['os-images-archlinux'] }} | |
| uses: ./.github/workflows/build-image-action.yml | |
| with: | |
| distro-name: archlinux | |
| changed-files: ${{ needs.get-changed-files.outputs.changed-files }} | |
| runner-version: ${{ needs.collect-jobs.outputs.runner-version }} | |
| centos: | |
| name: CentOS | |
| needs: | |
| - collect-jobs | |
| - get-changed-files | |
| if: ${{ fromJSON(needs.collect-jobs.outputs.jobs)['os-images-centos'] }} | |
| uses: ./.github/workflows/build-image-action.yml | |
| with: | |
| distro-name: centos | |
| changed-files: ${{ needs.get-changed-files.outputs.changed-files }} | |
| runner-version: ${{ needs.collect-jobs.outputs.runner-version }} | |
| debian: | |
| name: Debian | |
| needs: | |
| - collect-jobs | |
| - get-changed-files | |
| if: ${{ fromJSON(needs.collect-jobs.outputs.jobs)['os-images-debian'] }} | |
| uses: ./.github/workflows/build-image-action.yml | |
| with: | |
| distro-name: debian | |
| changed-files: ${{ needs.get-changed-files.outputs.changed-files }} | |
| runner-version: ${{ needs.collect-jobs.outputs.runner-version }} | |
| fedora: | |
| name: Fedora | |
| needs: | |
| - collect-jobs | |
| - get-changed-files | |
| if: ${{ fromJSON(needs.collect-jobs.outputs.jobs)['os-images-fedora'] }} | |
| uses: ./.github/workflows/build-image-action.yml | |
| with: | |
| distro-name: fedora | |
| changed-files: ${{ needs.get-changed-files.outputs.changed-files }} | |
| runner-version: ${{ needs.collect-jobs.outputs.runner-version }} | |
| opensuse: | |
| name: Opensuse | |
| needs: | |
| - collect-jobs | |
| - get-changed-files | |
| if: ${{ fromJSON(needs.collect-jobs.outputs.jobs)['os-images-opensuse'] }} | |
| uses: ./.github/workflows/build-image-action.yml | |
| with: | |
| distro-name: opensuse | |
| changed-files: ${{ needs.get-changed-files.outputs.changed-files }} | |
| runner-version: ${{ needs.collect-jobs.outputs.runner-version }} | |
| photon: | |
| name: PhotonOS | |
| needs: | |
| - collect-jobs | |
| - get-changed-files | |
| if: ${{ fromJSON(needs.collect-jobs.outputs.jobs)['os-images-photon'] }} | |
| uses: ./.github/workflows/build-image-action.yml | |
| with: | |
| distro-name: photon | |
| changed-files: ${{ needs.get-changed-files.outputs.changed-files }} | |
| runner-version: ${{ needs.collect-jobs.outputs.runner-version }} | |
| ubuntu: | |
| name: Ubuntu | |
| needs: | |
| - collect-jobs | |
| - get-changed-files | |
| if: ${{ fromJSON(needs.collect-jobs.outputs.jobs)['os-images-ubuntu'] }} | |
| uses: ./.github/workflows/build-image-action.yml | |
| with: | |
| distro-name: ubuntu | |
| changed-files: ${{ needs.get-changed-files.outputs.changed-files }} | |
| runner-version: ${{ needs.collect-jobs.outputs.runner-version }} | |
| windows: | |
| name: Windows | |
| needs: | |
| - collect-jobs | |
| - get-changed-files | |
| if: ${{ fromJSON(needs.collect-jobs.outputs.jobs)['os-images-windows'] }} | |
| uses: ./.github/workflows/build-image-action.yml | |
| with: | |
| distro-name: windows | |
| changed-files: ${{ needs.get-changed-files.outputs.changed-files }} | |
| runner-version: ${{ needs.collect-jobs.outputs.runner-version }} | |
| generate-configs: | |
| name: Generate Configuration Files | |
| if: ${{ fromJSON(needs.collect-jobs.outputs.jobs)['generate-configs'] }} | |
| uses: ./.github/workflows/generate-configs-action.yml | |
| needs: | |
| - collect-jobs | |
| - get-changed-files | |
| - rockylinux | |
| - amazonlinux | |
| - amazonlinux2000 | |
| - archlinux | |
| - centos | |
| - debian | |
| - fedora | |
| - opensuse | |
| - photon | |
| - ubuntu | |
| - windows | |
| set-pipeline-exit-status: | |
| # This step is just so we can make github require this step, to pass checks | |
| # on a pull request instead of requiring all | |
| name: Set the ${{ github.workflow }} Pipeline Exit Status | |
| runs-on: ubuntu-latest | |
| if: always() | |
| needs: | |
| - collect-jobs | |
| - pre-commit | |
| - generate-configs | |
| steps: | |
| - name: Download Exit Status Files | |
| if: always() | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: exitstatus | |
| path: exitstatus | |
| - name: Delete Exit Status Artifacts | |
| if: always() | |
| uses: geekyeggo/delete-artifact@v2 | |
| with: | |
| name: exitstatus | |
| failOnError: false | |
| - name: Set Pipeline Exit Status | |
| run: | | |
| tree exitstatus | |
| grep -RE 'failure|cancelled' exitstatus/ && exit 1 || exit 0 | |
| - name: Done | |
| if: always() | |
| run: | |
| echo "All worflows finished" |