-
-
Notifications
You must be signed in to change notification settings - Fork 4
176 lines (165 loc) · 5.81 KB
/
test.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
---
name: test
on: pull_request
permissions: {}
jobs:
path-filter:
# Get changed files to filter jobs
timeout-minutes: 30
outputs:
update-aqua-checksums: ${{steps.changes.outputs.update-aqua-checksums}}
renovate-config-validator: ${{steps.changes.outputs.renovate-config-validator}}
ghalint: ${{steps.changes.outputs.ghalint}}
runs-on: ubuntu-latest
permissions: {}
steps:
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
id: changes
with:
filters: |
update-aqua-checksums:
- aqua.yaml
- aqua/*.yaml
- aqua-checksums.json
- .github/workflows/test.yaml
renovate-config-validator:
- renovate.json5
validate:
- "*.json"
ghalint:
- .github/workflows/*.yaml
- aqua/ghalint.yaml
update-aqua-checksums:
# Update aqua-checksums.json and push a commit
needs: path-filter
if: needs.path-filter.outputs.update-aqua-checksums == 'true'
uses: aquaproj/update-checksum-workflow/.github/workflows/update-checksum.yaml@8bce60cc4475128360bc32f00707abb874ca4a91 # v1.0.3
permissions:
contents: read
with:
aqua_version: v2.42.2
prune: true
secrets:
gh_app_id: ${{secrets.APP_ID}}
gh_app_private_key: ${{secrets.APP_PRIVATE_KEY}}
renovate-config-validator:
# Validate Renovate Configuration by renovate-config-validator.
uses: suzuki-shunsuke/renovate-config-validator-workflow/.github/workflows/validate.yaml@4a378742d05b4e67aae34039d7c779ac913cd79d # v0.2.3
needs: path-filter
if: needs.path-filter.outputs.renovate-config-validator == 'true'
permissions:
contents: read
enable-automerge:
# Enable automerge to merge pull requests from Renovate automatically.
timeout-minutes: 30
runs-on: ubuntu-latest
needs:
- status-check
permissions:
contents: write # For enable automerge
pull-requests: write # For enable automerge
if: |
! failure() && ! cancelled() && github.event.pull_request.user.login == 'renovate[bot]' && contains(github.event.pull_request.body, ' **Automerge**: Enabled.')
steps:
- name: Generate token
id: generate_token
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
with:
app_id: ${{secrets.APP_ID}}
private_key: ${{secrets.APP_PRIVATE_KEY}}
permissions: >-
{
"contents": "write",
"pull-requests": "write"
}
repositories: >-
[
"${{github.event.repository.name}}"
]
- run: gh -R "$GITHUB_REPOSITORY" pr merge --squash --auto --delete-branch "$PR_NUMBER"
env:
GITHUB_TOKEN: ${{steps.generate_token.outputs.token}} # Use GitHub App to trigger GitHub Actions Workflow by merge commit.
PR_NUMBER: ${{github.event.pull_request.number}}
validate-presets:
timeout-minutes: 30
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- uses: aquaproj/aqua-installer@f13c5d2f0357708d85477aabe50fd3f725528745 # v3.1.0
with:
aqua_version: v2.42.2
- run: ci-info run | sed "s/^export //" >> "$GITHUB_ENV"
env:
GITHUB_TOKEN: ${{ github.token }}
- run: |
grep -E "^[^/]+\.json$" "$CI_INFO_TEMP_DIR/pr_all_filenames.txt" | grep -v aqua-checksums.json | while read -r file; do
if [ -f "$file" ]; then
RENOVATE_CONFIG_FILE="$file" npx --package renovate -c renovate-config-validator
fi
done
jsonnetfmt:
timeout-minutes: 15
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- uses: aquaproj/aqua-installer@f13c5d2f0357708d85477aabe50fd3f725528745 # v3.1.0
with:
aqua_version: v2.42.2
- run: jsonnetfmt --test jsonnet/*.jsonnet jsonnet/*.libsonnet
status-check:
# This job is used for main branch's branch protection rule's status check.
# If all dependent jobs succeed or are skipped this job succeeds.
timeout-minutes: 30
runs-on: ubuntu-latest
needs:
- update-aqua-checksums
- validate-presets
- renovate-config-validator
- ghalint
- jsonnet
permissions: {}
if: failure()
steps:
- run: exit 1
ghalint:
# Validate GitHub Actions Workflows by ghalint.
timeout-minutes: 30
needs: path-filter
if: needs.path-filter.outputs.ghalint == 'true'
runs-on: ubuntu-latest
permissions: {}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- uses: aquaproj/aqua-installer@f13c5d2f0357708d85477aabe50fd3f725528745 # v3.1.0
with:
aqua_version: v2.42.2
env:
AQUA_GITHUB_TOKEN: ${{github.token}}
- run: ghalint run
env:
GHALINT_LOG_COLOR: always
jsonnet:
timeout-minutes: 30
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- uses: aquaproj/aqua-installer@f13c5d2f0357708d85477aabe50fd3f725528745 # v3.1.0
with:
aqua_version: v2.42.2
- run: jsonnet --version
- run: |
bash scripts/generate.sh
git add .
if ! git diff --cached --exit-code; then
echo "Please run 'bash scripts/generate.sh'" >&2
echo "::error title=Please run 'bash scripts/generate.sh'::"
exit 1
fi