Allow to publish artifacts by PR comments #2
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # SPDX-FileCopyrightText: (C) 2025 Intel Corporation | |
| # SPDX-License-Identifier: Apache-2.0 | |
| name: Pre-Merge CI Pipeline | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| - release-* | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| pre-checks: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| filtered_projects: ${{ steps.filter-changes.outputs.filtered_projects }} | |
| other_changed_projects: ${{ steps.filter-changes.outputs.other_changed_projects }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: "Verify Branch Name" | |
| uses: open-edge-platform/orch-ci/verify-branch-name@main | |
| - name: "Discover Changed Subfolders" | |
| id: discover-changes | |
| uses: open-edge-platform/orch-ci/discover-changed-subfolders@main | |
| - name: "Filter Out Unwanted Changed Subfolders" | |
| id: filter-changes | |
| run: | | |
| folders_to_remove='[".github",".reuse","LICENSES",".git","os-profiles"]' | |
| changed_projects='${{ steps.discover-changes.outputs.changed_projects }}' | |
| filtered_projects=$(echo "$changed_projects" | jq -cr --argjson folders_to_remove "$folders_to_remove" 'map(select(. as $item | $folders_to_remove | index($item) | not))') | |
| other_changed_projects=$(echo "$changed_projects" | jq -cr --argjson filtered_projects "$filtered_projects" 'map(select(. as $item | $filtered_projects | index($item) | not))') | |
| echo "filtered_projects=$filtered_projects" >> $GITHUB_OUTPUT | |
| echo "other_changed_projects=$other_changed_projects" >> $GITHUB_OUTPUT | |
| pre-merge-pipeline: | |
| needs: pre-checks | |
| if: ${{ needs.pre-checks.outputs.filtered_projects != '[]' }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| project_folder: ${{ fromJson(needs.pre-checks.outputs.filtered_projects) }} | |
| uses: open-edge-platform/orch-ci/.github/workflows/pre-merge.yml@main | |
| with: | |
| run_security_scans: true | |
| run_version_check: true | |
| run_dep_version_check: true | |
| run_build: true | |
| run_lint: true | |
| run_test: true | |
| run_validate_clean_folder: true | |
| run_docker_build: true | |
| run_scan_containers: false | |
| run_artifact: false | |
| prefix_tag_separator: "/" | |
| project_folder: ${{ matrix.project_folder }} | |
| secrets: inherit | |
| pre-merge-os-profiles: | |
| needs: pre-checks | |
| if: ${{ contains(needs.pre-checks.outputs.other_changed_projects, 'os-profiles') }} | |
| uses: open-edge-platform/orch-ci/.github/workflows/pre-merge.yml@main | |
| with: | |
| bootstrap_tools: "yq,nodejs" | |
| run_security_scans: true | |
| run_version_check: true | |
| run_dep_version_check: false | |
| run_build: false | |
| run_lint: true | |
| run_test: true | |
| run_validate_clean_folder: false | |
| run_docker_build: false | |
| run_scan_containers: false | |
| run_artifact: false | |
| prefix_tag_separator: "/" | |
| project_folder: "os-profiles" | |
| secrets: inherit | |
| pre-merge-os-profiles-2: | |
| needs: pre-checks | |
| if: ${{ contains(needs.pre-checks.outputs.other_changed_projects, 'os-profiles') }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - uses: open-edge-platform/orch-ci/.github/actions/bootstrap@main | |
| with: | |
| bootstrap_tools: "yq,aws,oras" | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.NO_AUTH_S3_PUSH_USERNAME }} | |
| aws-secret-access-key: ${{ secrets.NO_AUTH_S3_PUSH_PASSWD }} | |
| aws-region: us-west-2 | |
| - name: "Run validate OS profile" | |
| run: | | |
| cd .github/workflows/scripts && ./validate_os_profiles.sh ${{ secrets.S3_NAME }} | |
| check_if_publish_comment: | |
| runs-on: ubuntu-latest | |
| needs: pre-checks | |
| outputs: | |
| publish: ${{ steps.get_publish_comments.outputs.result }} | |
| steps: | |
| - name: Check if publish PR Comment | |
| id: get_publish_comments | |
| uses: actions/github-script@v6 | |
| with: | |
| script: | | |
| const comments = await github.paginate(github.rest.issues.listComments, { | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: ${{ github.event.pull_request.number }}, | |
| }); | |
| for (const comment of comments) { | |
| if (comment.body.includes('/publish๐ข')) { | |
| console.log('Publish comment found'); | |
| return true; | |
| } | |
| } | |
| return false; | |
| - name: Output PR Comments | |
| run: | | |
| echo "Publish?: ${{ steps.get_pr_comments.outputs.result }}" | |
| pre-merge-publish-osprofiles: | |
| # Trigger publish only after running test on the actual artifacts | |
| needs: [pre-checks, check_if_publish_comment, pre-merge-os-profiles, pre-merge-os-profiles-2] | |
| if: ${{ contains(needs.pre-checks.outputs.other_changed_projects, 'os-profiles') && needs.check_if_publish_comment.outputs.publish == 'true' }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| # Checkout the branch that triggered the workflow to avoid detached HEAD | |
| ref: ${{ github.head_ref }} | |
| - uses: open-edge-platform/orch-ci/.github/actions/bootstrap@main | |
| with: | |
| bootstrap_tools: "yq,aws,oras" | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.NO_AUTH_ECR_PUSH_USERNAME }} | |
| aws-secret-access-key: ${{ secrets.NO_AUTH_ECR_PUSH_PASSWD }} | |
| aws-region: us-west-2 | |
| - name: Login to Amazon ECR | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| with: | |
| registries: "080137407410" | |
| - name: "Publish OS profiles for development purposes" | |
| working-directory: "os-profiles" | |
| run: | | |
| TAGS=$(git rev-parse --abbrev-ref HEAD | sed 's/\//_/g') make artifact-publish | |
| - name: "Publish comment to PR" | |
| working-directory: "os-profiles" | |
| run: | | |
| TAG=$(git rev-parse --abbrev-ref HEAD | sed 's/\//_/g') | |
| COMMENT="๐๐ Published Artifacts for *os-profiles* with tag _${TAG}_" | |
| curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| --data "{\"body\": \"${COMMENT}\"}" \ | |
| "https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments" | |
| pre-merge-publish-bits: | |
| # Trigger publish only after running test on the actual artifacts | |
| needs: [pre-checks, check_if_publish_comment, pre-merge-pipeline] | |
| if: ${{ contains(needs.pre-checks.outputs.filtered_projects, 'bulk-import-tools') && needs.check_if_publish_comment.outputs.publish == 'true' }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| # Checkout the branch that triggered the workflow to avoid detached HEAD | |
| ref: ${{ github.head_ref }} | |
| - uses: open-edge-platform/orch-ci/.github/actions/bootstrap@main | |
| with: | |
| gh_token: ${{ secrets.SYS_ORCH_GITHUB }} | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.NO_AUTH_ECR_PUSH_USERNAME }} | |
| aws-secret-access-key: ${{ secrets.NO_AUTH_ECR_PUSH_PASSWD }} | |
| aws-region: us-west-2 | |
| - name: Login to Amazon ECR | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| with: | |
| registries: "080137407410" | |
| - name: "Publish OS profiles for development purposes" | |
| working-directory: "bulk-import-tools" | |
| run: | | |
| TAGS=$(git rev-parse --abbrev-ref HEAD | sed 's/\//_/g') make artifact-publish | |
| - name: "Publish comment to PR" | |
| working-directory: "bulk-import-tools" | |
| run: | | |
| TAG=$(git rev-parse --abbrev-ref HEAD | sed 's/\//_/g') | |
| COMMENT="๐๐ Published Artifacts for *bulk-import-tools* with tag _${TAG}_" | |
| curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| --data "{\"body\": \"${COMMENT}\"}" \ | |
| "https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments" | |
| pre-merge-publish: | |
| # Trigger publish only after running test on the actual artifacts | |
| needs: [pre-checks, check_if_publish_comment, pre-merge-pipeline] | |
| if: ${{ needs.pre-checks.outputs.filtered_projects != '[]' && needs.check_if_publish_comment.outputs.publish == 'true' }} | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| project_folder: ${{ fromJson(needs.pre-checks.outputs.filtered_projects) }} | |
| steps: | |
| - name: "skip bit" | |
| if: ${{ matrix.project_folder == 'bulk-import-tools' }} | |
| # Shortcut pipeline, as bulk-import-tool is not a dockerized project. | |
| # TODO: figure out a better way to avoid a red cross in the Github UI. | |
| run: exit 1 | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| # Checkout the branch that triggered the workflow to avoid detached HEAD | |
| ref: ${{ github.head_ref }} | |
| - uses: open-edge-platform/orch-ci/.github/actions/bootstrap@main | |
| with: | |
| gh_token: ${{ secrets.SYS_ORCH_GITHUB }} | |
| - name: "Build Docker container image" | |
| working-directory: ${{ matrix.project_folder }} | |
| run: | | |
| make docker-build | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.NO_AUTH_ECR_PUSH_USERNAME }} | |
| aws-secret-access-key: ${{ secrets.NO_AUTH_ECR_PUSH_PASSWD }} | |
| aws-region: us-west-2 | |
| - name: Login to Amazon ECR | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| with: | |
| registries: "080137407410" | |
| - name: "Publish Docker container image for development purposes" | |
| working-directory: ${{ matrix.project_folder }} | |
| run: | | |
| DOCKER_TAG_PUSH=false DOCKER_TAG_BRANCH_PUSH=true make docker-push | |
| - name: "Publish comment to PR" | |
| working-directory: ${{ matrix.project_folder }} | |
| run: | | |
| TAG=$(git rev-parse --abbrev-ref HEAD | sed 's/\//_/g') | |
| COMMENT="๐๐ Published Artifact for *${{ matrix.project_folder }}* with tag _${TAG}_" | |
| curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| --data "{\"body\": \"${COMMENT}\"}" \ | |
| "https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments" | |
| final-check: | |
| runs-on: ubuntu-latest | |
| if: ${{ always() }} | |
| needs: [pre-merge-pipeline, pre-merge-os-profiles, pre-merge-os-profiles-2] | |
| steps: | |
| - name: Final Status Check | |
| run: | | |
| pre_merge_pipeline_result="${{ needs.pre-merge-pipeline.result }}" | |
| pre_merge_os_profiles_result="${{ needs.pre-merge-os-profiles.result }}" | |
| echo "Pre-merge pipeline result: $pre_merge_pipeline_result" | |
| echo "Pre-merge os-profiles result: $pre_merge_os_profiles_result" | |
| if [ "$pre_merge_pipeline_result" == "success" ] || [ "$pre_merge_pipeline_result" == "skipped" ] || [ "$pre_merge_os_profiles_result" == "success" ]; then | |
| echo "At least one pre-merge check passed successfully." | |
| else | |
| echo "Both pre-merge checks failed or were skipped. PR can't get merged" | |
| exit 1 | |
| fi |