-
Notifications
You must be signed in to change notification settings - Fork 0
142 lines (134 loc) · 5.32 KB
/
test.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
---
name: test
on: pull_request
permissions: {}
jobs:
path-filter:
# Get changed files to filter jobs
outputs:
update-aqua-checksums: ${{steps.changes.outputs.update-aqua-checksums}}
renovate-config-validator: ${{steps.changes.outputs.renovate-config-validator}}
ghalint: ${{steps.changes.outputs.ghalint}}
runs-on: ubuntu-latest
permissions: {}
steps:
- uses: dorny/paths-filter@v2
id: changes
with:
filters: |
update-aqua-checksums:
- aqua.yaml
- aqua/*.yaml
- aqua-checksums.json
- .github/workflows/test.yaml
renovate-config-validator:
- renovate.json5
ghalint:
- .github/workflows/*.yaml
- aqua/ghalint.yaml
ghalint:
# Validate GitHub Actions Workflows by ghalint.
needs: path-filter
if: needs.path-filter.outputs.ghalint == 'true'
runs-on: ubuntu-latest
permissions: {}
steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3
- uses: aquaproj/aqua-installer@928a2ee4243a9ee8312d80dc8cbaca88fb602a91 # v2.2.0
with:
aqua_version: v2.16.4
env:
AQUA_GITHUB_TOKEN: ${{github.token}}
- run: ghalint run
env:
GHALINT_LOG_COLOR: always
update-aqua-checksums:
# Update aqua-checksums.json and push a commit
runs-on: ubuntu-latest
needs: path-filter
permissions: {}
if: |
needs.path-filter.outputs.update-aqua-checksums == 'true'
steps:
- name: Checkout
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3
- name: Generate token
id: generate_token
if: "! github.event.pull_request.head.repo.fork"
uses: tibdex/github-app-token@021a2405c7f990db57f5eae5397423dcc554159c # v1
with:
app_id: ${{secrets.APP_ID}}
private_key: ${{secrets.APP_PRIVATE_KEY}}
- uses: aquaproj/aqua-installer@928a2ee4243a9ee8312d80dc8cbaca88fb602a91 # v2.2.0
# Install ghcp
with:
aqua_version: v2.16.4
env:
AQUA_GITHUB_TOKEN: ${{github.token}}
- uses: aquaproj/update-checksum-action@0fef5fa12e81e046bb29078f76b99bb29fa4e696 # v0.2.3
with:
prune: true
skip_push: ${{github.event.pull_request.head.repo.fork}}
env:
# To trigger GitHub Actions Workflow by pushing a commit, GitHub App token is required.
# github.token doesn't trigger GitHub Actions Workflow.
# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow
# > When you use the repository's GITHUB_TOKEN to perform tasks, events triggered by the GITHUB_TOKEN, with the exception of workflow_dispatch and repository_dispatch, will not create a new workflow run.
GITHUB_TOKEN: ${{steps.generate_token.outputs.token}}
renovate-config-validator:
# Validate Renovate Configuration by renovate-config-validator.
uses: suzuki-shunsuke/renovate-config-validator-workflow/.github/workflows/validate.yaml@4a378742d05b4e67aae34039d7c779ac913cd79d # v0.2.3
needs: path-filter
if: needs.path-filter.outputs.renovate-config-validator == 'true'
permissions:
contents: read
enable-automerge:
# Enable automerge to merge pull requests from Renovate automatically.
runs-on: ubuntu-latest
needs:
- status-check
permissions:
contents: write # For enable automerge
pull-requests: write # For enable automerge
# "! failure() && ! cancelled()" is required. success() returns false if dependent jobs are skipped. https://github.com/community/community/discussions/45058
# By default success() is used so we have to override success() by "! failure() && ! cancelled()"
if: |
! failure() && ! cancelled() && github.event.pull_request.user.login == 'renovate[bot]' && contains(github.event.pull_request.body, ' **Automerge**: Enabled.')
steps:
- name: Generate token
id: generate_token
uses: tibdex/github-app-token@021a2405c7f990db57f5eae5397423dcc554159c # v1
with:
app_id: ${{secrets.APP_ID}}
private_key: ${{secrets.APP_PRIVATE_KEY}}
- run: gh -R "$GITHUB_REPOSITORY" pr merge --squash --auto --delete-branch "$PR_NUMBER"
env:
GITHUB_TOKEN: ${{steps.generate_token.outputs.token}} # Use GitHub App to trigger GitHub Actions Workflow by merge commit.
PR_NUMBER: ${{github.event.pull_request.number}}
status-check:
# This job is used for main branch's branch protection rule's status check.
# If all dependent jobs succeed or are skipped this job succeeds.
runs-on: ubuntu-latest
needs:
- update-aqua-checksums
- test
- ghalint
- renovate-config-validator
permissions: {}
if: failure()
steps:
- run: exit 1
test:
uses: suzuki-shunsuke/go-test-workflow/.github/workflows/test.yaml@66610a63dfe5160d97e1b68bc53949ceed18e0db # v0.5.0
with:
aqua_version: v2.16.4
go-version: 1.21.4
permissions:
pull-requests: write
contents: read
prettier:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- run: npm i -g prettier
- run: prettier -c .