SDK Validation Status #305089
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "SDK Validation Status" | |
| on: | |
| check_run: | |
| types: [completed] | |
| # Azure DevOps pipelines (which report the "SDK Validation" check runs) do not re-trigger when a | |
| # PR is reopened, so the "check_run" event alone would never refresh the status. Re-evaluate the | |
| # existing check runs on reopen using pull_request_target (privileged, runs in the target branch). | |
| pull_request_target: | |
| types: [reopened] | |
| permissions: | |
| contents: read | |
| checks: read | |
| statuses: write | |
| id-token: write | |
| jobs: | |
| sdk-validation-status: | |
| if: | | |
| github.event_name == 'pull_request_target' || | |
| (github.event.check_run.check_suite.app.name == 'Azure Pipelines' && | |
| contains(github.event.check_run.name, 'SDK Validation')) | |
| name: "SDK Validation Status" | |
| runs-on: ubuntu-slim | |
| steps: | |
| # *** IMPORTANT *** | |
| # For workflows that are triggered by the pull_request_target event, the workflow runs in the | |
| # context of the base of the pull request. You should make sure that you do not check out, | |
| # build, or run untrusted code from the head of the pull request. | |
| - uses: actions/checkout@v6 | |
| with: | |
| # Only needs .github folder for automation, not the files in the PR (analyzed in a | |
| # separate workflow). | |
| # | |
| # Uses the .github folder from the PR base branch (pull_request_target trigger), | |
| # or the repo default branch (other triggers). | |
| sparse-checkout: | | |
| .github | |
| # Only run the login and get token steps when the repository is azure-rest-api-specs-pr | |
| - if: github.event.repository.name == 'azure-rest-api-specs-pr' | |
| name: Azure Login with Workload Identity Federation | |
| uses: azure/login@v3 | |
| with: | |
| client-id: "205398f1-715f-40a7-8d52-856097f28281" | |
| tenant-id: "72f988bf-86f1-41af-91ab-2d7cd011db47" | |
| allow-no-subscriptions: true | |
| - if: github.event.repository.name == 'azure-rest-api-specs-pr' | |
| name: Get ADO Token via Managed Identity | |
| run: | | |
| # Get token for Azure DevOps resource | |
| ADO_TOKEN=$(az account get-access-token --resource "499b84ac-1321-427f-aa17-267ca6975798" --query "accessToken" -o tsv) | |
| echo "ADO_TOKEN=$ADO_TOKEN" >> "$GITHUB_ENV" | |
| - name: Install dependencies for github-script actions | |
| uses: ./.github/actions/install-deps-github-script | |
| - name: "SDK Validation Set Status" | |
| id: sdk-validation-status | |
| uses: actions/github-script@v8 | |
| with: | |
| script: | | |
| const setStatus = | |
| (await import('${{ github.workspace }}/.github/workflows/src/spec-gen-sdk-status.js')).default; | |
| return await setStatus({ github, context, core }); | |
| - if: ${{ always() && steps.sdk-validation-status.outputs.head_sha }} | |
| name: Upload artifact with head SHA | |
| uses: ./.github/actions/add-empty-artifact | |
| with: | |
| name: head-sha | |
| value: ${{ steps.sdk-validation-status.outputs.head_sha }} | |
| - if: ${{ always() && steps.sdk-validation-status.outputs.issue_number }} | |
| name: Upload artifact with issue number | |
| uses: ./.github/actions/add-empty-artifact | |
| with: | |
| name: issue-number | |
| value: ${{ steps.sdk-validation-status.outputs.issue_number }} |