-
Notifications
You must be signed in to change notification settings - Fork 15
152 lines (142 loc) · 5.6 KB
/
test.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
---
name: test
on: pull_request
permissions: {}
env:
AQUA_POLICY_CONFIG: ${{ github.workspace }}/aqua/policy.yaml
AQUA_LOG_COLOR: always
jobs:
path-filter:
# Get changed files to filter jobs
outputs:
update-aqua-checksums: ${{steps.changes.outputs.update-aqua-checksums}}
renovate-config-validator: ${{steps.changes.outputs.renovate-config-validator}}
ghalint: ${{steps.changes.outputs.ghalint}}
runs-on: ubuntu-latest
permissions: {}
steps:
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: changes
with:
filters: |
update-aqua-checksums:
- aqua/aqua.yaml
- aqua/imports/*.yaml
- aqua/aqua-checksums.json
- .github/workflows/test.yaml
renovate-config-validator:
- renovate.json
ghalint:
- .github/workflows/*.yaml
- aqua/imports/ghalint.yaml
enable-automerge:
# Enable automerge to merge pull requests from Renovate automatically.
runs-on: ubuntu-latest
needs:
- status-check
permissions:
contents: write # For enable automerge
pull-requests: write # For enable automerge
# "! failure() && ! cancelled()" is required. success() returns false if dependent jobs are skipped.
# https://github.com/community/community/discussions/45058
# By default success() is used so we have to override success() by "! failure() && ! cancelled()"
if: |
! failure() && ! cancelled() && github.event.pull_request.user.login == 'renovate[bot]' && contains(github.event.pull_request.body, ' **Automerge**: Enabled.')
steps:
- name: Generate token
id: generate_token
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
with:
app_id: ${{secrets.APP_ID_AQUAPROJ_AQUA}}
private_key: ${{secrets.APP_PRIVATE_KEY_AQUAPROJ_AQUA}}
- run: gh -R "$GITHUB_REPOSITORY" pr merge --squash --auto --delete-branch "$PR_NUMBER"
env:
GITHUB_TOKEN: ${{steps.generate_token.outputs.token}} # Use GitHub App to trigger GitHub Actions Workflow by merge commit.
PR_NUMBER: ${{github.event.pull_request.number}}
status-check:
# This job is used for main branch's branch protection rule's status check.
# If all dependent jobs succeed or are skipped this job succeeds.
runs-on: ubuntu-latest
needs:
- renovate-config-validator
- test
- typos
- ghalint
- update-aqua-checksums
permissions: {}
if: failure()
steps:
- run: exit 1
renovate-config-validator:
# Validate Renovate Configuration by renovate-config-validator.
uses: suzuki-shunsuke/renovate-config-validator-workflow/.github/workflows/validate.yaml@35f1c78014c423fd37eb792c73f11ec0898098f4 # v0.2.2
needs: path-filter
if: needs.path-filter.outputs.renovate-config-validator == 'true'
permissions:
contents: read
test:
uses: ./.github/workflows/deploy.yaml
permissions:
contents: write
with:
is_pr: true
update-aqua-checksums:
# Update aqua-checksums.json and push a commit
runs-on: ubuntu-latest
needs: path-filter
permissions: {}
if: |
needs.path-filter.outputs.update-aqua-checksums == 'true'
steps:
- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Generate token
id: generate_token
if: "! github.event.pull_request.head.repo.fork"
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
with:
app_id: ${{secrets.APP_ID_AQUAPROJ_AQUA}}
private_key: ${{secrets.APP_PRIVATE_KEY_AQUAPROJ_AQUA}}
- uses: aquaproj/aqua-installer@36dc5833b04eb63f06e3bb818aa6b7a6e6db99a9 # v2.1.2
# Install ghcp
with:
aqua_version: v2.13.1
env:
AQUA_GITHUB_TOKEN: ${{github.token}}
- uses: aquaproj/update-checksum-action@0fef5fa12e81e046bb29078f76b99bb29fa4e696 # v0.2.3
with:
prune: true
skip_push: ${{github.event.pull_request.head.repo.fork}}
env:
# To trigger GitHub Actions Workflow by pushing a commit, GitHub App token is required.
# github.token doesn't trigger GitHub Actions Workflow.
# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow
# > When you use the repository's GITHUB_TOKEN to perform tasks, events triggered by the GITHUB_TOKEN, with the exception of workflow_dispatch and repository_dispatch, will not create a new workflow run.
GITHUB_TOKEN: ${{steps.generate_token.outputs.token}}
ghalint:
# Validate GitHub Actions Workflows by ghalint.
needs: path-filter
if: needs.path-filter.outputs.ghalint == 'true'
runs-on: ubuntu-latest
permissions: {}
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- uses: aquaproj/aqua-installer@36dc5833b04eb63f06e3bb818aa6b7a6e6db99a9 # v2.1.2
with:
aqua_version: v2.13.1
env:
AQUA_GITHUB_TOKEN: ${{github.token}}
- run: ghalint run
env:
GHALINT_LOG_COLOR: always
typos:
runs-on: ubuntu-latest
permissions: {}
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- uses: aquaproj/aqua-installer@36dc5833b04eb63f06e3bb818aa6b7a6e6db99a9 # v2.1.2
with:
aqua_version: v2.13.1
env:
AQUA_GITHUB_TOKEN: ${{github.token}}
- run: typos