Install prod keyring from yum-test alongside the dev or staging keyri… #2482
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: ci | |
| on: | |
| - push | |
| - pull_request | |
| - merge_group | |
| # Only build for latest push/PR unless it's main or release/ | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !startsWith( github.ref, 'refs/heads/release/' ) && !startsWith( github.ref, 'refs/heads/gh-readonly-queue/' ) }} | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-latest | |
| container: | |
| image: quay.io/fedora/fedora:37 | |
| steps: | |
| - run: dnf install -y git make | |
| - uses: actions/checkout@v5 | |
| with: | |
| persist-credentials: false | |
| - name: Install dependencies | |
| run: | | |
| make test-deps | |
| pip install poetry==2.1.1 | |
| poetry install --no-ansi | |
| - name: Run linters | |
| run: | | |
| git config --global --add safe.directory '*' | |
| make lint | |
| build-rpm: | |
| runs-on: ubuntu-latest | |
| container: | |
| image: quay.io/fedora/fedora:37 | |
| steps: | |
| - run: dnf install -y git make | |
| - uses: actions/checkout@v5 | |
| with: | |
| persist-credentials: false | |
| - name: Install dependencies | |
| run: | | |
| make build-deps | |
| - name: Build RPM | |
| run: | | |
| git config --global --add safe.directory '*' | |
| make build-rpm | |
| - name: Check reproducibility | |
| run: | | |
| make test-deps | |
| make reprotest | |
| launcher-tests: | |
| runs-on: ubuntu-latest | |
| container: | |
| image: quay.io/fedora/fedora:37 | |
| steps: | |
| - run: dnf install -y make | |
| - uses: actions/checkout@v5 | |
| with: | |
| persist-credentials: false | |
| - name: Install dependencies | |
| run: | | |
| make test-deps | |
| pip install poetry==2.1.1 | |
| poetry install --no-ansi | |
| - name: Run launcher tests | |
| run: | | |
| make test-launcher | |
| # If the most recent commit message contains "openqa" (case insensitive), run the openqa job | |
| check-openqa: | |
| runs-on: ubuntu-latest | |
| # Do not start until all other checks have passed | |
| needs: | |
| - lint | |
| - build-rpm | |
| - launcher-tests | |
| outputs: | |
| should-run: ${{ steps.check.outputs.should-run }} | |
| env: | |
| COMMIT_MSG: ${{ github.event.head_commit.message }} | |
| steps: | |
| - name: Check commit message | |
| id: check | |
| run: | | |
| if echo "${COMMIT_MSG}" | grep -iq "openqa"; then | |
| echo "running OpenQA job" | |
| echo "should-run=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "skipping OpenQA job" | |
| echo "should-run=false" >> $GITHUB_OUTPUT | |
| fi | |
| openqa: | |
| uses: ./.github/workflows/openqa.yml | |
| secrets: inherit | |
| needs: [check-openqa] | |
| # Run only if: | |
| # 1. This is a push (not pull_request) | |
| # 2. We're not on main | |
| # 3. We're not on a merge queue branch | |
| # 4. The "openqa" string is present | |
| if: | | |
| github.event_name == 'push' && github.ref != 'refs/heads/main' && !startsWith( github.ref, 'refs/heads/gh-readonly-queue/' ) | |
| && needs.check-openqa.outputs.should-run == 'true' |