Testing new workflow

microsoft · Feb 15, 2025 · 77a982c · 77a982c
1 parent a3c0edf
commit 77a982c
Show file tree

Hide file tree

Showing 2 changed files with 111 additions and 2 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -1,7 +1,8 @@
 name: CI
 on:
-  - push
-  - pull_request
+  workflow_run:
+    workflows: [Pre-CI]
+    types: [completed]
 
 env:
   GO_BUILD_CMD: 'go build "-ldflags=-s -w" -trimpath'
@@ -13,7 +14,21 @@ env:
   GOTESTSUM_CMD_RAW: "gotestsum --format standard-verbose --debug --raw-command -- go tool test2json -t"
 
 jobs:
+  on-success:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    steps:
+      - run: echo 'The triggering workflow passed'
+  on-failure:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.workflow_run.conclusion == 'failure' }}
+    steps:
+      - run:
+          echo 'The triggering workflow failed, hence no permission to continue CI'
+          exit 1
+
   lint:
+    needs: [on-success]
     runs-on: "windows-2022"
     strategy:
       fail-fast: false
@@ -49,6 +64,7 @@ jobs:
           GOOS: ${{ matrix.goos }}
 
   protos:
+    needs: [on-success]
     runs-on: "windows-2022"
 
     env:
@@ -112,6 +128,7 @@ jobs:
         working-directory: "${{ github.workspace }}/go/src/github.com/Microsoft/hcsshim"
 
   verify-vendor:
+    needs: [on-success]
     runs-on: "windows-2022"
     env:
       GOPROXY: "https://proxy.golang.org,direct"
@@ -179,6 +196,7 @@ jobs:
 
   go-gen:
     name: Go Generate
+    needs: [on-success]
     runs-on: "windows-2022"
     steps:
       - name: Checkout

diff --git a/.github/workflows/pre.yml b/.github/workflows/pre.yml
@@ -0,0 +1,91 @@
+name: Pre-CI
+on: 
+  push:
+  pull_request_target:
+    # branches:
+    #   - main # The workflow would be run based on the workflow file of the base branch to protect against malicious workflow in the PR.
+
+env:
+  LCOW_ARTIFACT_PROJECT: "ContainerPlatform"
+  LCOW_ARTIFACT_FEED: "ContainerPlat-Dev"
+  LCOW_ARTIFACT_NAME: "azurelinux-uvm"
+  LCOW_ARTIFACT_VERSION: "*.*.*"
+  LINUX_BOOT_FILES_PATH: ${{ github.workspace }}/LinuxBootFiles
+
+jobs:
+  # This job downloads the Linux boot files from the Azure Artifact feed and
+  # create the rootfs containing the local Linux-GCS. It needs to be run on
+  # the 1ES github runner pool in order to access the Azure Artifact feed.
+  donwload-linux-boot-files:
+    runs-on:
+      - ubuntu-latest
+      # - self-hosted
+      # - 1ES.Pool=containerplat-github-runner-pool-east-us-2
+      # - 1ES.ImageOverride=github-mms-ubuntu-22
+    permissions:
+      id-token: write   # This is required for OIDC login (azure/login) to succeed
+      contents: read    # This is required for actions/checkout to succeed
+    steps:
+    - name: Check access
+      if: ${{ github.event.pull_request.author_association != 'COLLABORATOR' && github.event.pull_request.author_association != 'OWNER' }}
+      run: |
+        echo "Author association: ${{ github.event.pull_request.author_association }}"
+        echo "Pull Request: ${{ github.event.pull_request }}"
+
+        echo "Event not triggered by a collaborator. Will not continue CI."
+        exit 1
+    
+    # Install Azure CLI and login to Azure
+    - name: Azure OIDC Login
+      uses: azure/login@v2
+      with:
+        client-id: "930a0428-2b45-4cf9-9afe-b81bde516504"
+        tenant-id: "72f988bf-86f1-41af-91ab-2d7cd011db47"
+        allow-no-subscriptions: true
+
+    - name: Download Linux artifact from feed
+      uses: azure/cli@v2
+      with:
+        azcliversion: latest
+        inlineScript: |
+          az extension add --name azure-devops
+          export DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1
+
+          az artifacts universal download \
+          --organization "https://msazure.visualstudio.com/" \
+          --project ${{ env.LCOW_ARTIFACT_PROJECT }} \
+          --scope project \
+          --feed  ${{ env.LCOW_ARTIFACT_FEED }} \
+          --name  ${{ env.LCOW_ARTIFACT_NAME }} \
+          --version ${{ env.LCOW_ARTIFACT_VERSION }} \
+          --path ./downloaded_artifacts
+
+    - name: Show downloaded lcow artifacts
+      run: find ./downloaded_artifacts -maxdepth 3 -ls
+
+    - name: Create directory for storing linux artifacts
+      run: |
+        mkdir -p ./linux_artifacts/
+
+    - name: Copy Linux kernel and rootfs tar files
+      run: |
+        mv ./downloaded_artifacts/LinuxBootFiles/kernel ./linux_artifacts/
+        mv ./downloaded_artifacts/LinuxBootFiles/vmlinux ./linux_artifacts/
+        mv ./downloaded_artifacts/rootfs-*.tar.gz ./linux_artifacts/
+
+    # This is a workaround to overcome the limitation of actions/upload-artifact@v4 used in later jobs.
+    # See https://github.com/actions/upload-artifact/tree/v4/?tab=readme-ov-file#permission-loss.
+    - name: Tar the files to preserve file permissions prior to upload
+      run: |
+        cd linux_artifacts
+        tar -cvf linux_artifacts.tar .
+
+    # Upload the Linux boot files so that they can be used in later jobs.
+    - name: Upload Linux artifact
+      uses: actions/upload-artifact@v4
+      with:
+        name: linux_artifact
+        path: linux_artifact.tar
+        if-no-files-found: error
+        overwrite: true
+        retention-days: 1