Bump the all-actions group across 1 directory with 13 updates #89
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Runs all ecosystems cached and concurrently. | |
name: Smoke | |
on: # yamllint disable-line rule:truthy | |
workflow_dispatch: | |
pull_request: | |
paths-ignore: | |
- docs/** | |
- README.md | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SMOKE_TEST_BRANCH: main | |
jobs: | |
discover: | |
runs-on: ubuntu-latest | |
outputs: | |
suites: ${{ steps.suites.outputs.suites }} | |
steps: | |
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
with: | |
submodules: recursive | |
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 | |
if: github.event_name != 'workflow_dispatch' | |
id: changes | |
with: | |
token: "" # use git commands to avoid excessive rate limit usage | |
filters: .github/smoke-filters.yml | |
- name: Generate suites to run | |
id: suites | |
run: | | |
# Write the changes.json file which is an array of paths | |
echo "${{ toJson(steps.changes.outputs.changes) }}" > changes.json | |
cat changes.json | |
# Read smoke-matrix.json, filtering out paths not in changes.json | |
jq -c --argjson changes "$(cat changes.json)" '[.[] | select(.core as $p | $changes | index($p))]' .github/smoke-matrix.json > filtered.json | |
cat filtered.json | |
# Curl the smoke-test tests directory to get a list of tests to run | |
URL=https://api.github.com/repos/dependabot/smoke-tests/contents/tests?ref=${{ env.SMOKE_TEST_BRANCH }} | |
curl $URL > tests.json | |
# Select the names that match smoke-$test*.yaml, where $test is the .text value from filtered.json | |
# We end up with, for example: [{core: "bundler", ecosystem: "rubygems", name: "smoke-bundler.yaml"}] | |
jq -c '.[]' filtered.json | while read -r i; do | |
test=$(echo "$i" | jq -r '.test') | |
jq --argjson i "$i" --arg test "-$test" -r '.[] | select(.name | contains($test)) | {core: ($i | .core), ecosystem: ($i | .ecosystem), name: .name, sha: .sha }' tests.json | |
done | jq -cs . > suites.json | |
# Set the step output | |
echo "suites=$(cat suites.json)" >> $GITHUB_OUTPUT | |
e2e: | |
needs: discover | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
suite: ${{ fromJSON(needs.discover.outputs.suites) }} | |
steps: | |
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
with: | |
submodules: recursive | |
- name: Download CLI | |
run: | | |
gh release download --repo dependabot/cli -p "*linux-amd64.tar.gz" | |
tar xzvf *.tar.gz >/dev/null 2>&1 | |
./dependabot --version | |
- name: Restore Smoke Test | |
id: cache-smoke-test | |
uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
with: | |
path: smoke.yaml | |
key: ${{ matrix.suite.sha }}-${{ matrix.suite.name }} | |
- name: Download test | |
if: steps.cache-smoke-test.outputs.cache-hit != 'true' | |
run: | | |
URL=https://api.github.com/repos/dependabot/smoke-tests/contents/tests/${{ matrix.suite.name }}?ref=${{ env.SMOKE_TEST_BRANCH }} | |
curl $(gh api $URL --jq .download_url) -o smoke.yaml | |
- name: Cache Smoke Test | |
if: steps.cache-smoke-test.outputs.cache-hit != 'true' | |
uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
with: | |
path: smoke.yaml | |
key: ${{ steps.cache-smoke-test.outputs.cache-primary-key }} | |
# Download the Proxy cache. The job is ideally 100% cached so no real calls are made. | |
# Allowed to fail to get out of chicken and egg situations, for example, when adding a new ecosystem. | |
- name: Download cache | |
run: | | |
# The name of the cache is derived from the test name, e.g. smoke-bundler.yaml -> cache-bundler | |
TEST=${{ matrix.suite.name }} | |
# Remove the smoke- and the .yaml or .yml suffix | |
CACHE=${TEST#smoke-} | |
CACHE=${CACHE%.yaml} | |
CACHE=${CACHE%.yml} | |
gh run download --repo dependabot/smoke-tests --name cache-$CACHE --dir cache | |
continue-on-error: true | |
- name: Build ecosystem image | |
run: script/build ${{ matrix.suite.core }} | |
- name: ${{ matrix.suite.core }} | |
id: test | |
env: | |
LOCAL_GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
set -o pipefail | |
./dependabot test \ | |
-f=smoke.yaml \ | |
-o=result.yaml \ | |
--cache=cache \ | |
--timeout=20m \ | |
--updater-image=ghcr.io/dependabot/dependabot-updater-${{ matrix.suite.ecosystem }}:latest \ | |
2>&1 | tee -a log.txt | |
- name: Diff | |
continue-on-error: true | |
run: diff --ignore-space-change smoke.yaml result.yaml && echo "Contents are identical" | |
- name: Create summary | |
run: tail -n100 log.txt | grep -P '\d+/\d+ calls cached \(\d+%\)' >> $GITHUB_STEP_SUMMARY | |
# No upload at the end: | |
# - If a test is uncacheable in some regard, the cache would grow unbounded. | |
# - We should consider erroring if the cache is changed. |