oisy-wallet/.github/workflows/binding-checks.yml at 3c9c63221429f3258cd4ff12995d14fb8a94fd76 · dfinity/oisy-wallet · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
name: Binding Checks

on:
  pull_request:
  merge_group:
  workflow_dispatch:

permissions: {}

jobs:
  generate:
    runs-on: ubuntu-24.04
    permissions:
      contents: read
      pull-requests: write
    steps:
      - name: Create GitHub App Token
        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
        id: app-token
        continue-on-error: true
        with:
          app-id: ${{ vars.PR_AUTOMATION_BOT_PUBLIC_APP_ID }}
          private-key: ${{ secrets.PR_AUTOMATION_BOT_PUBLIC_PRIVATE_KEY }}

      - name: Check if commits can be added
        id: check_can_add_commit
        run: |
          echo steps.app-token.outputs.token null $TOKEN_IS_NULL
          echo steps.app-token.outputs.token empty $TOKEN_IS_EMPTY
          echo "can_add_commit=$CAN_ADD_COMMIT" >> $GITHUB_OUTPUT
        env:
          TOKEN_IS_NULL: ${{ steps.app-token.outputs.token == null }}
          TOKEN_IS_EMPTY: ${{ steps.app-token.outputs.token == '' }}
          CAN_ADD_COMMIT: ${{ steps.app-token.outputs.token != '' && github.event_name == 'pull_request' }}

      - name: Checkout code
        if: steps.check_can_add_commit.outputs.can_add_commit == 'true'
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          repository: ${{ github.event.pull_request.head.repo.full_name }}
          ref: ${{ github.event.pull_request.head.ref }}
          token: ${{ steps.app-token.outputs.token }}
          persist-credentials: false

      - name: Checkout code
        if: steps.check_can_add_commit.outputs.can_add_commit == 'false'
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

      - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1
        id: changes
        with:
          filters: |
            src:
              - # Any new or changed canisters
                'dfx.json'
              - # Any new or changed .did files
                '**/*.did'
              - # Scripts, GitHub actions that contain 'backend' in their path.
                '**/*backend*'
              - # The backend source code
                'src/backend/**'
              - 'src/shared/**'
              - # Rust files such as Cargo.lock, Cargo.toml and rust-toolchain.toml
                '**/Cargo*'
              - '**/*rust*'
              - # Scripts that download external Candid files, with false positives.
                'scripts/build.*.sh'
              - # Scripts that generate the declarations.
                'scripts/generate.sh'
              - # Scripts that download the candid files.
                'scripts/did.sh'
              - # This workflow
                '.github/workflows/binding-checks.yml'

      - name: Build oisy-backend WASM
        if: steps.changes.outputs.src == 'true'
        uses: ./.github/actions/oisy-backend
        with:
          network: local

      - name: Prepare
        if: steps.changes.outputs.src == 'true'
        uses: ./.github/actions/prepare

      - name: Install rust
        run: scripts/setup rust

      - name: Install dfx
        if: steps.changes.outputs.src == 'true'
        uses: dfinity/setup-dfx@e50c04f104ee4285ec010f10609483cf41e4d365 # main

      - name: Install other tools
        if: steps.changes.outputs.src == 'true'
        run: scripts/setup cargo-binstall candid-extractor didc

      - name: Generate bindings
        if: steps.changes.outputs.src == 'true'
        run: npm run generate

      - name: Check bindings
        id: check_changes
        if: steps.changes.outputs.src == 'true'
        run: |
          if [[ -n "$(git status --porcelain)" ]]; then
            echo "changes_detected=true" >> $GITHUB_OUTPUT
          else
            echo "changes_detected=false" >> $GITHUB_OUTPUT
          fi

      - name: Commit bindings
        if: steps.changes.outputs.src == 'true' && steps.check_can_add_commit.outputs.can_add_commit == 'true' && steps.check_changes.outputs.changes_detected == 'true'
        uses: ./.github/actions/add-and-commit
        with:
          message: '🤖 Apply bindings changes'
          token: ${{ steps.app-token.outputs.token }}

      - name: Provide diff
        if: steps.changes.outputs.src == 'true' && steps.check_can_add_commit.outputs.can_add_commit == 'false' && steps.check_changes.outputs.changes_detected == 'true'
        run: |
          echo "FIX: Please execute npm run generate"
          git diff
          exit 1

  binding-checks-pass:
    needs: ['generate']
    if: ${{ always() }}
    runs-on: ubuntu-24.04
    permissions:
      contents: read
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
      - uses: ./.github/actions/needs_success
        with:
          needs: '${{ toJson(needs) }}'