Skip to content
Pre-Merge CI Pipeline

feat: Add CONTRIBUTORS.md file #238

Sign in to view logs

feat: Add CONTRIBUTORS.md file

feat: Add CONTRIBUTORS.md file #238

Workflow file for this run

.github/workflows/pre-merge.yml at 48a88da
---
# SPDX-FileCopyrightText: (C) 2025 Intel Corporation
# SPDX-License-Identifier: Apache-2.0
name: Pre-Merge CI Pipeline
on:
pull_request:
branches:
- main
- release-*
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
MARKDOWNLINT_CLI_VER: 0.44.0
jobs:
pre-checks:
runs-on: ubuntu-latest
outputs:
filtered_projects: ${{ steps.filter-changes.outputs.filtered_projects }}
other_changed_projects: ${{ steps.filter-changes.outputs.other_changed_projects }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: "Verify Branch Name"
uses: open-edge-platform/orch-ci/verify-branch-name@main
- name: "Discover Changed Subfolders"
id: discover-changes
uses: open-edge-platform/orch-ci/discover-changed-subfolders@main
- name: "Filter Out Unwanted Changed Subfolders"
id: filter-changes
run: |
folders_to_remove='[".github",".reuse","LICENSES",".git","os-profiles",""]'
changed_projects='${{ steps.discover-changes.outputs.changed_projects }}'
filtered_projects=$(echo "$changed_projects" | jq -cr --argjson folders_to_remove "$folders_to_remove" 'map(select(. as $item | $folders_to_remove | index($item) | not))')
other_changed_projects=$(echo "$changed_projects" | jq -cr --argjson filtered_projects "$filtered_projects" 'map(select(. as $item | $filtered_projects | index($item) | not))')
echo "filtered_projects=$filtered_projects" >> $GITHUB_OUTPUT
echo "other_changed_projects=$other_changed_projects" >> $GITHUB_OUTPUT
pre-merge-root:
needs: pre-checks
if: ${{ contains(needs.pre-checks.outputs.other_changed_projects, '.github') || contains(needs.pre-checks.outputs.other_changed_projects, '.reuse') || contains(needs.pre-checks.outputs.other_changed_projects, 'LICENSES') || contains(needs.pre-checks.outputs.other_changed_projects, '""')}}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
with:
node-version: '18'
- run: |
npm install -g \
"markdownlint-cli@${{ env.MARKDOWNLINT_CLI_VER }}"
- uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
id: setup_python
with:
python-version: '3.13'
- name: Restore cached virtualenv
uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
with:
key: venv-${{ runner.os }}-${{ steps.setup_python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}
path: venv_infra
- name: Run mdlint
run: make mdlint
- name: Run license check
run: make license
pre-merge-pipeline:
needs: pre-checks
if: ${{ needs.pre-checks.outputs.filtered_projects != '[]' }}
strategy:
fail-fast: false
matrix:
project_folder: ${{ fromJson(needs.pre-checks.outputs.filtered_projects) }}
uses: open-edge-platform/orch-ci/.github/workflows/pre-merge.yml@main
with:
run_security_scans: true
run_version_check: true
run_dep_version_check: true
run_build: true
run_lint: true
run_test: true
run_validate_clean_folder: true
run_docker_build: true
run_scan_containers: false
run_artifact: false
prefix_tag_separator: "/"
project_folder: ${{ matrix.project_folder }}
trivy_image_skip: "postgres:16.4"
secrets: inherit
pre-merge-os-profiles:
needs: pre-checks
if: ${{ contains(needs.pre-checks.outputs.other_changed_projects, 'os-profiles') }}
uses: open-edge-platform/orch-ci/.github/workflows/pre-merge.yml@main
with:
bootstrap_tools: "yq,nodejs"
run_security_scans: true
run_version_check: true
run_dep_version_check: false
run_build: false
run_lint: true
run_test: true
run_validate_clean_folder: false
run_docker_build: false
run_scan_containers: false
run_artifact: false
prefix_tag_separator: "/"
project_folder: "os-profiles"
secrets: inherit
pre-merge-os-profiles-2:
needs: pre-checks
if: ${{ contains(needs.pre-checks.outputs.other_changed_projects, 'os-profiles') }}
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
# Checkout the branch that triggered the workflow to avoid detached HEAD
ref: ${{ github.head_ref }}
- uses: open-edge-platform/orch-ci/.github/actions/bootstrap@main
with:
bootstrap_tools: "yq,aws,oras"
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
with:
aws-access-key-id: ${{ secrets.NO_AUTH_S3_PUSH_USERNAME }}
aws-secret-access-key: ${{ secrets.NO_AUTH_S3_PUSH_PASSWD }}
aws-region: us-west-2
- name: "Run validate OS profile"
run: |
cd .github/workflows/scripts && ./validate_os_profiles.sh ${{ secrets.S3_NAME }}
# TODO: generalize this part of the CI for all subcomponents
- name: "Get PR Description"
id: get_pr_description
run: |
PR_DESCRIPTION=$(curl -s \
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}" \
| jq -r '.body')
PUBLISH=$(echo "$PR_DESCRIPTION" | grep -q '/publish🚢' && echo true || echo false)
echo $PUBLISH
echo "PUBLISH=$PUBLISH" >> $GITHUB_ENV
- name: Configure AWS credentials
if: ${{ env.PUBLISH == 'true' }}
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
with:
aws-access-key-id: ${{ secrets.NO_AUTH_ECR_PUSH_USERNAME }}
aws-secret-access-key: ${{ secrets.NO_AUTH_ECR_PUSH_PASSWD }}
aws-region: us-west-2
- name: Login to Amazon ECR
if: ${{ env.PUBLISH == 'true' }}
uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
with:
registries: "080137407410"
- if: ${{ env.PUBLISH == 'true'}}
name: "Publish OS profiles for development purposes"
working-directory: "os-profiles"
run: |
TAGS=$(git rev-parse --abbrev-ref HEAD | sed 's/\//_/g') make artifact-publish
- if: ${{ env.PUBLISH == 'true' }}
name: "Publish comment to PR"
working-directory: "os-profiles"
run: |
ALL_PROFILES=$(find *.yaml)
OCI_REPOSITORY="edge-orch/en/files/os-profile"
REGISTRY="registry-rs.edgeorchestration.intel.com"
TAG=$(git rev-parse --abbrev-ref HEAD | sed 's/\//_/g')
COMMENT="🚀🚀 Published OSProfiles with tag \"${TAG}\"!"
for profile in $ALL_PROFILES; do
COMMENT+="\n- oci://${REGISTRY}/${OCI_REPOSITORY}/${profile}:${TAG}"
done
curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept: application/vnd.github.v3+json" \
--data "{\"body\": \"$COMMENT\"}" \
"https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments"
final-check:
runs-on: ubuntu-latest
if: ${{ always() }}
needs: [pre-merge-root, pre-merge-pipeline, pre-merge-os-profiles, pre-merge-os-profiles-2]
steps:
- name: Final Status Check
run: |
pre_merge_root_pipeline="${{ needs.pre-merge-root.result }}"
pre_merge_pipeline="${{ needs.pre-merge-pipeline.result }}"
pre_merge_os_profiles="${{ needs.pre-merge-os-profiles.result }}"
pre_merge_os_profiles_2="${{ needs.pre-merge-os-profiles-2.result }}"
results=("pre_merge_root_pipeline" "pre_merge_pipeline" "pre_merge_os_profiles" "pre_merge_os_profiles_2")
status="OK"
for result in "${results[@]}"; do
pipeline_result=$(eval echo \$$result)
echo "${result} result: $pipeline_result"
if [[ "$pipeline_result" != "success" && "$pipeline_result" != "skipped" ]]; then
status="KO"
fi
done
if [[ "$status" == "OK" ]]; then
echo "Pre-merge check passed successfully."
else
echo "All pre-merge checks failed or were skipped. PR can't get merged"
exit 1
fi