-
Notifications
You must be signed in to change notification settings - Fork 36
271 lines (242 loc) · 7.62 KB
/
ci.yaml
File metadata and controls
271 lines (242 loc) · 7.62 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
# Copyright AGNTCY Contributors (https://github.com/agntcy)
# SPDX-License-Identifier: Apache-2.0
name: CI
on:
push:
branches:
- main
tags:
- "v*.*.*"
- "!gui/**"
pull_request:
permissions:
contents: write
packages: write
id-token: write
pull-requests: write
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
changes:
name: Detect Changes
runs-on: ubuntu-latest
outputs:
code: ${{ steps.result.outputs.code }}
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Check for code changes
uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1
id: filter
with:
filters: |
code:
- '!gui/**'
- '!docs/**'
- '!README.md'
- '!CHANGELOG.md'
- '!CONTRIBUTING.md'
- '!CODE_OF_CONDUCT.md'
- '!SECURITY.md'
- '!LICENSE.md'
- '!MAINTAINERS.md'
- '!CONTRIBUTORS.md'
- '!AUTHZ.md'
- '!API_SPEC.md'
- '!RELEASE.md'
- '!.gitignore'
- name: Determine result
id: result
run: |
# Always run for tag pushes (releases), otherwise use paths-filter result
if [[ "${{ startsWith(github.ref, 'refs/tags/') }}" == "true" ]]; then
echo "code=true" >> $GITHUB_OUTPUT
else
echo "code=${{ steps.filter.outputs.code }}" >> $GITHUB_OUTPUT
fi
lint:
name: Lint
needs: changes
if: needs.changes.outputs.code == 'true'
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: "1.26.1"
cache-dependency-path: "**/*.sum"
- name: Install Task
uses: go-task/setup-task@3be4020d41929789a01026e0e427a4321ce0ad44 #v2.0.0
- name: Setup lint cache
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: |
~/.cache/golangci-lint
~/.cache/go-build
key: lint-cache-${{ runner.os }}-${{ hashFiles('**/*.sum') }}
restore-keys: |
lint-cache-${{ runner.os }}-
- name: Run linters
run: |
task lint
license:
name: License
needs: changes
if: needs.changes.outputs.code == 'true'
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- name: Install Task
uses: go-task/setup-task@3be4020d41929789a01026e0e427a4321ce0ad44 #v2.0.0
- name: Setup license cache
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: |
**/.licensei.cache
key: license-cache-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
restore-keys: |
license-cache-${{ runner.os }}-
- name: License cache
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
task license:cache
- name: License
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
task license
verify:
name: Verify
needs: changes
if: needs.changes.outputs.code == 'true'
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- name: Install Task
uses: go-task/setup-task@3be4020d41929789a01026e0e427a4321ce0ad44 #v2.0.0
- name: Check auto-generated code
run: |
task gen
if [[ -n "$(git status --porcelain)" ]]; then
echo "There are uncommitted changes after running 'task gen'. Please commit these changes."
exit 1
fi
build:
name: Build
needs:
- lint
- license
- verify
uses: ./.github/workflows/reusable-build.yaml
with:
image_repo: ghcr.io/agntcy
image_tag: ${{ github.sha }}
build_coverage_images: true
test:
name: Test
needs:
- build
uses: ./.github/workflows/reusable-test.yaml
with:
image_repo: ghcr.io/agntcy
image_tag: ${{ github.sha }}
upload-codecov:
name: Upload all coverage artifacts to Codecov
needs: [test]
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
strategy:
fail-fast: false
matrix:
include:
- artifact_name: coverage-unit
codecov_flag: unit
artifact_path: .coverage/unit
- artifact_name: coverage-e2e-Local
codecov_flag: e2e-Local
artifact_path: .
- artifact_name: coverage-e2e-Network
codecov_flag: e2e-Network
artifact_path: .
# NOTE: Currently MCP and Federation coverage is excluded within Upload E2E coverage artifact job
# - artifact_name: coverage-e2e-MCP
# codecov_flag: e2e-MCP
# coverage_path: .coverage/e2e
# - artifact_name: coverage-e2e-Federation
# codecov_flag: e2e-Federation
# coverage_path: .coverage/e2e
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- name: Download coverage artifact
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: ${{ matrix.artifact_name }}
path: ${{ matrix.artifact_path }} # NOTE: Image artifacts are store in separate directory than coverage
- name: Upload to Codecov
uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
with:
codecov_yml_path: .codecov.yml
files: "**/*.out"
flags: ${{ matrix.codecov_flag }}
verbose: true
use_oidc: true
release:
name: Release
if: ${{ startsWith(github.ref, 'refs/tags/') }}
needs:
- test
uses: ./.github/workflows/reusable-release.yaml
with:
image_repo: ghcr.io/agntcy
release_tag: ${{ github.ref_name }}
integration:
name: Run integration tests
runs-on: ubuntu-latest
needs:
- release
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- name: Run tests
uses: ./.github/actions/trigger-integrations
with:
github-token: ${{ secrets.AGNTCY_BUILD_BOT_GH_TOKEN }}
success:
name: Success
# https://github.com/actions/runner/issues/2566
# https://github.com/actions/toolkit/issues/581
# Success if all needed jobs either passed or were skipped (no failures/cancellations)
if: ${{ !cancelled() && !contains(needs.*.result, 'cancelled') && !contains(needs.*.result, 'failure') }}
needs:
- changes
- test
- upload-codecov
- release
runs-on: ubuntu-latest
steps:
- name: Echo Success
run: |
if [[ "${{ needs.changes.outputs.code }}" == "true" ]]; then
echo "::notice Success! All code checks passed."
else
echo "::notice Success! No code changes detected, skipped builds and tests."
fi