Changes for API handler implementation update for OS Resource in apiv2 as per the day2 upgrade #1222
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # SPDX-FileCopyrightText: (C) 2025 Intel Corporation | |
| # SPDX-License-Identifier: Apache-2.0 | |
| name: Pre-Merge CI Pipeline | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| - release-* | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: {} | |
| env: | |
| MARKDOWNLINT_CLI_VER: 0.44.0 | |
| jobs: | |
| pre-checks: | |
| permissions: | |
| contents: read | |
| runs-on: ubuntu-latest | |
| outputs: | |
| filtered_projects: ${{ steps.filter-changes.outputs.filtered_projects }} | |
| other_changed_projects: ${{ steps.filter-changes.outputs.other_changed_projects }} | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - name: "Verify Branch Name" | |
| uses: open-edge-platform/orch-ci/verify-branch-name@f341738d975c38b2b91f25d405baeb2d39bf2ddb # 0.1.14 | |
| - name: "Discover Changed Subfolders" | |
| id: discover-changes | |
| uses: open-edge-platform/orch-ci/discover-changed-subfolders@f341738d975c38b2b91f25d405baeb2d39bf2ddb # 0.1.14 | |
| - name: "Filter Out Unwanted Changed Subfolders" | |
| id: filter-changes | |
| env: | |
| changed_projects: ${{ steps.discover-changes.outputs.changed_projects }} | |
| run: | | |
| folders_to_remove='[".github",".reuse","LICENSES",".git","os-profiles",""]' | |
| filtered_projects=$(echo "$changed_projects" | jq -cr --argjson folders_to_remove "$folders_to_remove" 'map(select(. as $item | $folders_to_remove | index($item) | not))') | |
| other_changed_projects=$(echo "$changed_projects" | jq -cr --argjson filtered_projects "$filtered_projects" 'map(select(. as $item | $filtered_projects | index($item) | not))') | |
| echo "filtered_projects=$filtered_projects" >> $GITHUB_OUTPUT | |
| echo "other_changed_projects=$other_changed_projects" >> $GITHUB_OUTPUT | |
| pre-merge-root: | |
| permissions: | |
| contents: read | |
| needs: pre-checks | |
| if: ${{ contains(needs.pre-checks.outputs.other_changed_projects, '.github') || contains(needs.pre-checks.outputs.other_changed_projects, 'LICENSES') || contains(needs.pre-checks.outputs.other_changed_projects, '""')}} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 | |
| with: | |
| node-version: '18' | |
| - run: | | |
| npm install -g \ | |
| "markdownlint-cli@${{ env.MARKDOWNLINT_CLI_VER }}" | |
| - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 | |
| id: setup_python | |
| with: | |
| python-version: '3.13' | |
| - name: Restore cached virtualenv | |
| uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 | |
| with: | |
| key: venv-${{ runner.os }}-${{ steps.setup_python.outputs.python-version }}-${{ hashFiles('requirements.txt') }} | |
| path: venv_infra | |
| - name: Run mdlint | |
| run: make mdlint | |
| - name: Run license check | |
| run: make license | |
| pre-merge-pipeline: | |
| permissions: | |
| contents: read | |
| needs: pre-checks | |
| if: ${{ needs.pre-checks.outputs.filtered_projects != '[]' }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| project_folder: ${{ fromJson(needs.pre-checks.outputs.filtered_projects) }} | |
| uses: open-edge-platform/orch-ci/.github/workflows/pre-merge.yml@main | |
| with: | |
| run_security_scans: true | |
| run_version_check: true | |
| run_dep_version_check: true | |
| run_build: true | |
| run_lint: true | |
| run_test: true | |
| run_validate_clean_folder: true | |
| run_docker_build: true | |
| run_artifact: false | |
| prefix_tag_separator: "/" | |
| project_folder: ${{ matrix.project_folder }} | |
| trivy_image_skip: "postgres:16.4" | |
| trivy_config_path: '${{ matrix.project_folder }}/trivy.yaml' | |
| secrets: | |
| NO_AUTH_ECR_PUSH_USERNAME: ${{ secrets.NO_AUTH_ECR_PUSH_USERNAME }} | |
| NO_AUTH_ECR_PUSH_PASSWD: ${{ secrets.NO_AUTH_ECR_PUSH_PASSWD }} | |
| pre-merge-os-profiles: | |
| permissions: | |
| contents: read | |
| needs: pre-checks | |
| if: ${{ contains(needs.pre-checks.outputs.other_changed_projects, 'os-profiles') }} | |
| uses: open-edge-platform/orch-ci/.github/workflows/pre-merge.yml@main | |
| with: | |
| bootstrap_tools: "yq,nodejs" | |
| run_security_scans: true | |
| run_version_check: true | |
| run_dep_version_check: false | |
| run_build: false | |
| run_lint: true | |
| run_test: true | |
| run_validate_clean_folder: false | |
| run_docker_build: false | |
| run_artifact: false | |
| prefix_tag_separator: "/" | |
| project_folder: "os-profiles" | |
| secrets: | |
| NO_AUTH_ECR_PUSH_USERNAME: ${{ secrets.NO_AUTH_ECR_PUSH_USERNAME }} | |
| NO_AUTH_ECR_PUSH_PASSWD: ${{ secrets.NO_AUTH_ECR_PUSH_PASSWD }} | |
| pre-merge-os-profiles-2: | |
| permissions: | |
| contents: read | |
| needs: pre-checks | |
| if: ${{ contains(needs.pre-checks.outputs.other_changed_projects, 'os-profiles') }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| # Checkout the branch that triggered the workflow to avoid detached HEAD | |
| ref: ${{ github.head_ref }} | |
| persist-credentials: false | |
| - uses: open-edge-platform/orch-ci/.github/actions/bootstrap@f341738d975c38b2b91f25d405baeb2d39bf2ddb # 0.1.14 | |
| with: | |
| bootstrap_tools: "yq,aws,oras" | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 | |
| with: | |
| aws-access-key-id: ${{ secrets.NO_AUTH_S3_PUSH_USERNAME }} | |
| aws-secret-access-key: ${{ secrets.NO_AUTH_S3_PUSH_PASSWD }} | |
| aws-region: us-west-2 | |
| - name: "Run validate OS profile" | |
| run: | | |
| cd .github/workflows/scripts && ./validate_os_profiles.sh ${{ secrets.S3_NAME }} | |
| # TODO: generalize this part of the CI for all subcomponents | |
| - name: "Get PR Description" | |
| id: get_pr_description | |
| run: | | |
| PR_DESCRIPTION=$(curl -s \ | |
| -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| "https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}" \ | |
| | jq -r '.body') | |
| PUBLISH=$(echo "$PR_DESCRIPTION" | grep -q '/publish🚢' && echo true || echo false) | |
| echo $PUBLISH | |
| echo "PUBLISH=$PUBLISH" >> $GITHUB_ENV | |
| - name: Configure AWS credentials | |
| if: ${{ env.PUBLISH == 'true' }} | |
| uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 | |
| with: | |
| aws-access-key-id: ${{ secrets.NO_AUTH_ECR_PUSH_USERNAME }} | |
| aws-secret-access-key: ${{ secrets.NO_AUTH_ECR_PUSH_PASSWD }} | |
| aws-region: us-west-2 | |
| - name: Login to Amazon ECR | |
| if: ${{ env.PUBLISH == 'true' }} | |
| uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1 | |
| with: | |
| registries: "080137407410" | |
| - if: ${{ env.PUBLISH == 'true'}} | |
| name: "Publish OS profiles for development purposes" | |
| working-directory: "os-profiles" | |
| run: | | |
| TAGS=$(git rev-parse --abbrev-ref HEAD | sed 's/\//_/g') make artifact-publish | |
| - if: ${{ env.PUBLISH == 'true' }} | |
| name: "Publish comment to PR" | |
| working-directory: "os-profiles" | |
| run: | | |
| ALL_PROFILES=$(find *.yaml) | |
| OCI_REPOSITORY="edge-orch/en/files/os-profile" | |
| REGISTRY="registry-rs.edgeorchestration.intel.com" | |
| TAG=$(git rev-parse --abbrev-ref HEAD | sed 's/\//_/g') | |
| COMMENT="🚀🚀 Published OSProfiles with tag \"${TAG}\"!" | |
| for profile in $ALL_PROFILES; do | |
| COMMENT+="\n- oci://${REGISTRY}/${OCI_REPOSITORY}/${profile}:${TAG}" | |
| done | |
| curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| --data "{\"body\": \"$COMMENT\"}" \ | |
| "https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments" | |
| final-check: | |
| permissions: | |
| contents: read | |
| runs-on: ubuntu-latest | |
| if: ${{ always() }} | |
| needs: [pre-merge-root, pre-merge-pipeline, pre-merge-os-profiles, pre-merge-os-profiles-2] | |
| steps: | |
| - name: Final Status Check | |
| env: | |
| pre_merge_root_pipeline: ${{ needs.pre-merge-root.result }} | |
| pre_merge_pipeline: ${{ needs.pre-merge-pipeline.result }} | |
| pre_merge_os_profiles: ${{ needs.pre-merge-os-profiles.result }} | |
| pre_merge_os_profiles_2: ${{ needs.pre-merge-os-profiles-2.result }} | |
| run: | | |
| results=("pre_merge_root_pipeline" "pre_merge_pipeline" "pre_merge_os_profiles" "pre_merge_os_profiles_2") | |
| status="OK" | |
| for result in "${results[@]}"; do | |
| pipeline_result=$(eval echo \$$result) | |
| echo "${result} result: $pipeline_result" | |
| if [[ "$pipeline_result" != "success" && "$pipeline_result" != "skipped" ]]; then | |
| status="KO" | |
| fi | |
| done | |
| if [[ "$status" == "OK" ]]; then | |
| echo "Pre-merge check passed successfully." | |
| else | |
| echo "All pre-merge checks failed or were skipped. PR can't get merged" | |
| exit 1 | |
| fi |