Update README.md #8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: AWS CodeBuild CI | |
on: | |
release: | |
types: [ published ] | |
pull_request: | |
types: [ opened, synchronize, reopened, labeled, unlabeled ] | |
branches: [ main ] | |
workflow_dispatch: | |
inputs: | |
aws-sdk-kotlin-pr: | |
description: aws-sdk-kotlin PR number (optional) | |
type: number | |
required: false | |
smithy-kotlin-pr: | |
description: smithy-kotlin PR number (optional) | |
type: number | |
required: false | |
check-pr: | |
description: I verified that the PRs are not running any malicious code (If running for an external contributor) | |
required: true | |
type: boolean | |
default: false | |
env: | |
SDK_PR: ${{ inputs.aws-sdk-kotlin-pr }} | |
SMITHY_PR: ${{ inputs.smithy-kotlin-pr }} | |
permissions: | |
id-token: write | |
contents: read | |
# Allow one instance of this workflow per pull request, and cancel older runs when new changes are pushed | |
concurrency: | |
group: ci-codebuild-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
e2e-tests: | |
if: github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Verify PRs are not running malicious code | |
if: ${{ (inputs.aws-sdk-kotlin-pr != '' || inputs.smithy-kotlin-pr != '') && inputs.check-pr == false }} | |
run: | | |
echo Please verify the PRs are not running any malicious code and mark the checkbox true when running the workflow | |
exit 1 | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }} | |
aws-region: us-west-2 | |
- name: Run E2E Tests | |
id: e2e-tests | |
uses: aws-actions/aws-codebuild-run-build@v1 | |
with: | |
project-name: gh-aws-sdk-kotlin-e2e-tests | |
env-vars-for-codebuild: SDK_PR, SMITHY_PR | |
- name: Cancel build | |
if: ${{ cancelled() }} | |
env: | |
BUILD_ID: ${{ steps.e2e-tests.outputs.aws-build-id }} | |
run: | | |
if [ ! -z "$BUILD_ID"]; then | |
echo "cancelling in-progress build: id=$BUILD_ID" | |
aws codebuild stop-build --id $BUILD_ID | |
fi | |
service-check-batch-and-artifact-size-metrics: | |
if: github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Verify PRs are not running malicious code | |
if: ${{ (inputs.aws-sdk-kotlin-pr != '' || inputs.smithy-kotlin-pr != '') && inputs.check-pr == false }} | |
run: | | |
echo Please verify the PRs are not running any malicious code and mark the checkbox true when running the workflow | |
exit 1 | |
- name: Checkout sources | |
uses: actions/checkout@v2 | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }} | |
aws-region: us-west-2 | |
- name: Run Service Check Batch and Calculate Artifact Size Metrics | |
id: svc-check-batch | |
run: | | |
REPOSITORY=$(echo ${{ github.repository }} | cut -d '/' -f 2) # Remove repo owner from name | |
.github/scripts/run-codebuild-batch-job.sh \ | |
--project gh-aws-sdk-kotlin-svc-check-batch \ | |
--source ${{ github.event.pull_request.head.sha }} \ | |
--pr-number ${{ github.event.number }} \ | |
--repository $REPOSITORY \ | |
--external-contributor-sdk-pr-number ${{ inputs.aws-sdk-kotlin-pr }} \ | |
--external-contributor-smithy-pr-number ${{ inputs.smithy-kotlin-pr }} | |
- name: Cancel build | |
if: ${{ cancelled() }} | |
env: | |
BUILD_ID: ${{ steps.svc-check-batch.outputs.aws-build-id }} | |
run: | | |
if [ ! -z "$BUILD_ID" ]; then | |
echo "cancelling in-progress batch build: id=$BUILD_ID" | |
aws codebuild stop-build --id $BUILD_ID | |
fi | |
- name: Collect Artifact Size Metrics | |
run: ./gradlew collectDelegatedArtifactSizeMetrics -PpullRequest=${{ github.event.number }} | |
- name: Analyze Artifact Size Metrics | |
run: ./gradlew analyzeArtifactSizeMetrics | |
- name: Show Results | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
const getComments = | |
`query { | |
repository(owner:"${context.repo.owner}", name:"${context.repo.repo}"){ | |
pullRequest(number: ${context.issue.number}) { | |
id | |
comments(last:100) { | |
nodes { | |
id | |
body | |
author { | |
login | |
} | |
isMinimized | |
} | |
} | |
} | |
} | |
}` | |
const response = await github.graphql(getComments) | |
const comments = response.repository.pullRequest.comments.nodes | |
for (const i in comments) { | |
if (comments[i].author.login == 'github-actions' && !comments[i].isMinimized && comments[i].body.startsWith('Affected Artifacts')) { | |
const hideComment = | |
`mutation { | |
minimizeComment(input:{subjectId:"${comments[i].id}", classifier:OUTDATED}){ | |
clientMutationId | |
} | |
}` | |
await github.graphql(hideComment) | |
} | |
} | |
const fs = require('node:fs') | |
const comment = fs.readFileSync('./build/reports/metrics/artifact-analysis.csv', 'utf8') | |
const writeComment = | |
`mutation { | |
addComment(input:{body:"""${comment}""", subjectId:"${response.repository.pullRequest.id}"}){ | |
clientMutationId | |
} | |
}` | |
await github.graphql(writeComment) | |
- name: Evaluate Result | |
if: ${{ !contains(github.event.pull_request.labels.*.name, 'acknowledge-artifact-size-increase') }} | |
run: | | |
cd build/reports/metrics | |
cat has-significant-change.txt | grep false || { | |
echo An artifact increased in size by more than allowed or a new artifact was created. | |
exit 1 | |
} | |
release-artifact-size-metrics: | |
if: github.event_name == 'release' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v2 | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }} | |
aws-region: us-west-2 | |
- name: Calculate Artifact Size Metrics | |
id: svc-check-batch | |
run: | | |
REPOSITORY=$(echo ${{ github.repository }} | cut -d '/' -f 2) | |
.github/scripts/run-codebuild-batch-job.sh \ | |
--project gh-aws-sdk-kotlin-svc-check-batch \ | |
--source ${{ github.event.pull_request.head.sha }} \ | |
--repository $REPOSITORY \ | |
--release ${{ github.event.release.tag_name }} | |
- name: Cancel build | |
if: ${{ cancelled() }} | |
env: | |
BUILD_ID: ${{ steps.svc-check-batch.outputs.aws-build-id }} | |
run: | | |
if [ ! -z "$BUILD_ID" ]; then | |
echo "cancelling in-progress batch build: id=$BUILD_ID" | |
aws codebuild stop-build --id $BUILD_ID | |
fi | |
- name: Collect Artifact Size Metrics | |
run: ./gradlew collectDelegatedArtifactSizeMetrics -Prelease=${{ github.event.release.tag_name }} | |
- name: Save Artifact Size Metrics | |
run: | | |
cd build/reports/metrics/ | |
REPOSITORY=$(echo ${{ github.repository }} | cut -d '/' -f 2) # Remove repo owner from name | |
aws s3 cp artifact-size-metrics.csv s3://${{ secrets.ARTIFACT_METRICS_BUCKET }}/$REPOSITORY-${{ github.event.release.tag_name }}-release.csv | |
aws s3 cp artifact-size-metrics.csv s3://${{ secrets.ARTIFACT_METRICS_BUCKET }}/$REPOSITORY-latest-release.csv | |
- name: Put Artifact Size Metrics in CloudWatch | |
run: ./gradlew putArtifactSizeMetricsInCloudWatch -Prelease=${{ github.event.release.tag_name }} |