fix(dir): coverage test run #3727
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright AGNTCY Contributors (https://github.com/agntcy) | |
| # SPDX-License-Identifier: Apache-2.0 | |
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - "v*.*.*" | |
| - "!gui/**" | |
| pull_request: | |
| permissions: | |
| contents: write | |
| packages: write | |
| id-token: write | |
| pull-requests: write | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| changes: | |
| name: Detect Changes | |
| runs-on: ubuntu-latest | |
| outputs: | |
| code: ${{ steps.result.outputs.code }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Check for code changes | |
| uses: dorny/paths-filter@v3 | |
| id: filter | |
| with: | |
| filters: | | |
| code: | |
| - '!gui/**' | |
| - '!docs/**' | |
| - '!README.md' | |
| - '!CHANGELOG.md' | |
| - '!CONTRIBUTING.md' | |
| - '!CODE_OF_CONDUCT.md' | |
| - '!SECURITY.md' | |
| - '!LICENSE.md' | |
| - '!MAINTAINERS.md' | |
| - '!CONTRIBUTORS.md' | |
| - '!AUTHZ.md' | |
| - '!API_SPEC.md' | |
| - '!RELEASE.md' | |
| - '!.gitignore' | |
| - name: Determine result | |
| id: result | |
| run: | | |
| # Always run for tag pushes (releases), otherwise use paths-filter result | |
| if [[ "${{ startsWith(github.ref, 'refs/tags/') }}" == "true" ]]; then | |
| echo "code=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "code=${{ steps.filter.outputs.code }}" >> $GITHUB_OUTPUT | |
| fi | |
| lint: | |
| name: Lint | |
| needs: changes | |
| if: needs.changes.outputs.code == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Go | |
| uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 | |
| with: | |
| go-version: "1.25.7" | |
| - name: Setup Taskfile | |
| shell: bash | |
| run: sh -c "$(curl --location https://taskfile.dev/install.sh)" -- -d -b ~/.local/bin | |
| - name: Setup lint cache | |
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: | | |
| ~/.cache/golangci-lint | |
| ~/.cache/go-build | |
| key: lint-cache-${{ runner.os }}-${{ hashFiles('**/*.sum') }} | |
| restore-keys: | | |
| lint-cache-${{ runner.os }}- | |
| - name: Run linters | |
| run: | | |
| task lint | |
| license: | |
| name: License | |
| needs: changes | |
| if: needs.changes.outputs.code == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Taskfile | |
| shell: bash | |
| run: sh -c "$(curl --location https://taskfile.dev/install.sh)" -- -d -b ~/.local/bin | |
| - name: Setup license cache | |
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: | | |
| **/.licensei.cache | |
| key: license-cache-${{ runner.os }}-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| license-cache-${{ runner.os }}- | |
| - name: License cache | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| task license:cache | |
| - name: License | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| task license | |
| verify: | |
| name: Verify | |
| needs: changes | |
| if: needs.changes.outputs.code == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Taskfile | |
| shell: bash | |
| run: sh -c "$(curl --location https://taskfile.dev/install.sh)" -- -d -b ~/.local/bin | |
| - name: Check auto-generated code | |
| run: | | |
| sha1sum ./install/charts/dir/apiserver/charts/envoy-authz-0.1.0.tgz | |
| task gen | |
| if [[ -n "$(git status --porcelain)" ]]; then | |
| echo "There are uncommitted changes after running 'task gen'. Please commit these changes." | |
| sha1sum ./install/charts/dir/apiserver/charts/envoy-authz-0.1.0.tgz | |
| tar -xzf ./install/charts/dir/apiserver/charts/envoy-authz-0.1.0.tgz | |
| cat ./envoy-authz/Chart.yaml | |
| sha1sum ./envoy-authz/Chart.yaml | |
| git status --porcelain | |
| git diff | |
| exit 1 | |
| fi | |
| build: | |
| name: Build | |
| needs: | |
| - lint | |
| - license | |
| - verify | |
| uses: ./.github/workflows/reusable-build.yaml | |
| with: | |
| image_repo: ghcr.io/agntcy | |
| image_tag: ${{ github.sha }} | |
| build_coverage_images: true | |
| test: | |
| name: Test | |
| needs: | |
| - build | |
| uses: ./.github/workflows/reusable-test.yaml | |
| with: | |
| image_repo: ghcr.io/agntcy | |
| image_tag: ${{ github.sha }} | |
| secrets: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| release: | |
| name: Release | |
| if: ${{ startsWith(github.ref, 'refs/tags/') }} | |
| needs: | |
| - test | |
| uses: ./.github/workflows/reusable-release.yaml | |
| with: | |
| image_repo: ghcr.io/agntcy | |
| release_tag: ${{ github.ref_name }} | |
| integration: | |
| name: Run integration tests | |
| runs-on: ubuntu-latest | |
| needs: | |
| - release | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| fetch-depth: 0 | |
| - name: Run tests | |
| uses: ./.github/actions/trigger-integrations | |
| with: | |
| github-token: ${{ secrets.AGNTCY_BUILD_BOT_GH_TOKEN }} | |
| success: | |
| name: Success | |
| # https://github.com/actions/runner/issues/2566 | |
| # https://github.com/actions/toolkit/issues/581 | |
| # Success if all needed jobs either passed or were skipped (no failures/cancellations) | |
| if: ${{ !cancelled() && !contains(needs.*.result, 'cancelled') && !contains(needs.*.result, 'failure') }} | |
| needs: | |
| - changes | |
| - test | |
| - release | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Echo Success | |
| run: | | |
| if [[ "${{ needs.changes.outputs.code }}" == "true" ]]; then | |
| echo "::notice Success! All code checks passed." | |
| else | |
| echo "::notice Success! No code changes detected, skipped builds and tests." | |
| fi |