-
-
Notifications
You must be signed in to change notification settings - Fork 7
130 lines (120 loc) · 4.49 KB
/
test.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
---
name: test
permissions: {}
on: pull_request
jobs:
path-filter:
# Get changed files to filter jobs
outputs:
update-aqua-checksums: ${{steps.changes.outputs.update-aqua-checksums}}
renovate-config-validator: ${{steps.changes.outputs.renovate-config-validator}}
ghalint: ${{steps.changes.outputs.ghalint}}
runs-on: ubuntu-latest
permissions: {}
steps:
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: changes
with:
filters: |
update-aqua-checksums:
- aqua/aqua.yaml
- aqua/imports/*.yaml
- aqua/aqua-checksums.json
- .github/workflows/test.yaml
renovate-config-validator:
- renovate.json5
ghalint:
- .github/workflows/*.yaml
- aqua/imports/ghalint.yaml
update-aqua-checksums:
# Update aqua-checksums.json and push a commit
needs: path-filter
if: needs.path-filter.outputs.update-aqua-checksums == 'true'
uses: aquaproj/update-checksum-workflow/.github/workflows/update-checksum.yaml@01a3dfca0b401e2fa1ff11f2b840d227806deca1 # v0.1.7
permissions:
contents: read
with:
aqua_version: v2.12.1
prune: true
secrets:
gh_app_id: ${{secrets.APP_ID}}
gh_app_private_key: ${{secrets.APP_PRIVATE_KEY}}
test:
uses: suzuki-shunsuke/go-test-workflow/.github/workflows/test.yaml@66610a63dfe5160d97e1b68bc53949ceed18e0db # v0.5.0
with:
aqua_version: v2.12.1
go-version: 1.21.1
golangci-lint-timeout: 120s
permissions:
pull-requests: write
contents: read
build:
runs-on: ubuntu-latest
permissions: {}
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: 1.21.1
- uses: aquaproj/aqua-installer@36dc5833b04eb63f06e3bb818aa6b7a6e6db99a9 # v2.1.2
with:
aqua_version: v2.12.1
- name: dry run
run: bash scripts/test-dry-run.sh
renovate-config-validator:
# Validate Renovate Configuration by renovate-config-validator.
uses: suzuki-shunsuke/renovate-config-validator-workflow/.github/workflows/validate.yaml@35f1c78014c423fd37eb792c73f11ec0898098f4 # v0.2.2
needs: path-filter
if: needs.path-filter.outputs.renovate-config-validator == 'true'
permissions:
contents: read
ghalint:
# Validate GitHub Actions Workflows by ghalint.
needs: path-filter
if: needs.path-filter.outputs.ghalint == 'true'
runs-on: ubuntu-latest
permissions: {}
steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3
- uses: aquaproj/aqua-installer@36dc5833b04eb63f06e3bb818aa6b7a6e6db99a9 # v2.1.2
with:
aqua_version: v2.12.1
env:
AQUA_GITHUB_TOKEN: ${{github.token}}
- run: ghalint run
env:
GHALINT_LOG_COLOR: always
enable-automerge:
needs:
- status-check
if: |
! failure() && ! cancelled() && github.event.pull_request.user.login == 'renovate[bot]' && contains(github.event.pull_request.body, ' **Automerge**: Enabled.')
# Enable automerge to merge pull requests from Renovate automatically.
runs-on: ubuntu-latest
# "! failure() && ! cancelled()" is required. success() returns false if dependent jobs are skipped. https://github.com/community/community/discussions/45058
# By default success() is used so we have to override success() by "! failure() && ! cancelled()"
steps:
- name: Generate token
id: generate_token
uses: tibdex/github-app-token@021a2405c7f990db57f5eae5397423dcc554159c # v1
with:
app_id: ${{secrets.APP_ID}}
private_key: ${{secrets.APP_PRIVATE_KEY}}
- run: gh -R "$GITHUB_REPOSITORY" pr merge --squash --auto --delete-branch "$PR_NUMBER"
env:
GITHUB_TOKEN: ${{steps.generate_token.outputs.token}} # Use GitHub App to trigger GitHub Actions Workflow by merge commit.
PR_NUMBER: ${{github.event.pull_request.number}}
status-check:
# This job is used for main branch's branch protection rule's status check.
# If all dependent jobs succeed or are skipped this job succeeds.
runs-on: ubuntu-latest
needs:
- update-aqua-checksums
- test
- build
- renovate-config-validator
- ghalint
permissions: {}
if: failure()
steps:
- run: exit 1