[gomod] Bump github.com/jackc/pgx/v5 from 5.8.0 to 5.9.0 in /tenant-controller #3522
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # SPDX-FileCopyrightText: (C) 2025 Intel Corporation | |
| # SPDX-License-Identifier: Apache-2.0 | |
| name: Pre-Merge CI Pipeline | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| - release-* | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| env: | |
| MARKDOWNLINT_CLI_VER: 0.44.0 | |
| jobs: | |
| pre-checks: | |
| permissions: | |
| contents: read | |
| runs-on: ubuntu-latest | |
| outputs: | |
| filtered_projects: ${{ steps.filter-changes.outputs.filtered_projects }} | |
| other_changed_projects: ${{ steps.filter-changes.outputs.other_changed_projects }} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: "Verify Branch Name" | |
| uses: open-edge-platform/orch-ci/verify-branch-name@bf82f7924caaac6ba2f388b6ec6ac4edd65f48ee # 2026.1.1 | |
| - name: "Discover Changed Subfolders" | |
| id: discover-changes | |
| uses: open-edge-platform/orch-ci/discover-changed-subfolders@bf82f7924caaac6ba2f388b6ec6ac4edd65f48ee # 2026.1.1 | |
| - name: "Filter Out Unwanted Changed Subfolders" | |
| id: filter-changes | |
| env: | |
| changed_projects: ${{ steps.discover-changes.outputs.changed_projects }} | |
| run: | | |
| folders_to_remove='[".github",".reuse","LICENSES",".git","os-profiles",""]' | |
| filtered_projects=$(echo "$changed_projects" | jq -cr --argjson folders_to_remove "$folders_to_remove" 'map(select(. as $item | $folders_to_remove | index($item) | not))') | |
| other_changed_projects=$(echo "$changed_projects" | jq -cr --argjson filtered_projects "$filtered_projects" 'map(select(. as $item | $filtered_projects | index($item) | not))') | |
| echo "filtered_projects=$filtered_projects" >> $GITHUB_OUTPUT | |
| echo "other_changed_projects=$other_changed_projects" >> $GITHUB_OUTPUT | |
| pre-merge-root: | |
| permissions: | |
| contents: read | |
| needs: pre-checks | |
| if: ${{ contains(needs.pre-checks.outputs.other_changed_projects, '.github') || contains(needs.pre-checks.outputs.other_changed_projects, 'LICENSES') || contains(needs.pre-checks.outputs.other_changed_projects, '""')}} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 | |
| with: | |
| node-version: '18' | |
| - run: | | |
| npm install -g \ | |
| "markdownlint-cli@${{ env.MARKDOWNLINT_CLI_VER }}" | |
| - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| id: setup_python | |
| with: | |
| python-version: '3.13' | |
| - name: Restore cached virtualenv | |
| uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 | |
| with: | |
| key: venv-${{ runner.os }}-${{ steps.setup_python.outputs.python-version }}-${{ hashFiles('requirements.txt') }} | |
| path: venv_infra | |
| - name: Run mdlint | |
| run: make mdlint | |
| - name: Run license check | |
| run: make license | |
| pre-merge-pipeline: | |
| permissions: | |
| contents: read | |
| needs: pre-checks | |
| if: ${{ needs.pre-checks.outputs.filtered_projects != '[]' }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| project_folder: ${{ fromJson(needs.pre-checks.outputs.filtered_projects) }} | |
| uses: open-edge-platform/orch-ci/.github/workflows/pre-merge.yml@bf82f7924caaac6ba2f388b6ec6ac4edd65f48ee # 2026.1.1 | |
| with: | |
| orch_ci_repo_ref: b5930c48c1fcdb6b34ffbcd465cff96dabfbde70 | |
| bootstrap_tools: "all,golangci-lint2" | |
| run_security_scans: true | |
| run_version_check: true | |
| run_dep_version_check: true | |
| run_build: true | |
| run_lint: true | |
| run_test: true | |
| run_validate_clean_folder: true | |
| run_docker_build: true | |
| run_artifact: false | |
| prefix_tag_separator: "/" | |
| project_folder: ${{ matrix.project_folder }} | |
| trivy_image_skip: "postgres:16.4,ghcr.io/github/gh-aw-mcpg:latest,ghcr.io/github/gh-aw-firewall/squid:latest,ghcr.io/github/gh-aw-firewall/api-proxy:latest,ghcr.io/github/gh-aw-firewall/agent:latest,ghcr.io/github/github-mcp-server:latest" | |
| trivy_config_path: '${{ matrix.project_folder }}/trivy.yaml' | |
| secrets: | |
| NO_AUTH_ECR_PUSH_USERNAME: ${{ secrets.NO_AUTH_ECR_PUSH_USERNAME }} | |
| NO_AUTH_ECR_PUSH_PASSWD: ${{ secrets.NO_AUTH_ECR_PUSH_PASSWD }} | |
| pre-merge-os-profiles: | |
| permissions: | |
| contents: read | |
| needs: pre-checks | |
| if: ${{ contains(needs.pre-checks.outputs.other_changed_projects, 'os-profiles') }} | |
| uses: open-edge-platform/orch-ci/.github/workflows/pre-merge.yml@bf82f7924caaac6ba2f388b6ec6ac4edd65f48ee # 2026.1.1 | |
| with: | |
| bootstrap_tools: "yq,nodejs" | |
| run_security_scans: true | |
| run_version_check: true | |
| run_dep_version_check: false | |
| run_build: false | |
| run_lint: true | |
| run_test: true | |
| run_validate_clean_folder: false | |
| run_docker_build: false | |
| run_artifact: false | |
| prefix_tag_separator: "/" | |
| project_folder: "os-profiles" | |
| secrets: | |
| NO_AUTH_ECR_PUSH_USERNAME: ${{ secrets.NO_AUTH_ECR_PUSH_USERNAME }} | |
| NO_AUTH_ECR_PUSH_PASSWD: ${{ secrets.NO_AUTH_ECR_PUSH_PASSWD }} | |
| pre-merge-os-profiles-2: | |
| permissions: | |
| contents: read | |
| needs: pre-checks | |
| if: ${{ contains(needs.pre-checks.outputs.other_changed_projects, 'os-profiles') }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| # Checkout the branch that triggered the workflow to avoid detached HEAD | |
| ref: ${{ github.head_ref }} | |
| persist-credentials: false | |
| - uses: open-edge-platform/orch-ci/.github/actions/bootstrap@bf82f7924caaac6ba2f388b6ec6ac4edd65f48ee # 2026.1.1 | |
| with: | |
| bootstrap_tools: "yq,aws,oras" | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 | |
| with: | |
| aws-access-key-id: ${{ secrets.NO_AUTH_S3_PUSH_USERNAME }} | |
| aws-secret-access-key: ${{ secrets.NO_AUTH_S3_PUSH_PASSWD }} | |
| aws-region: us-west-2 | |
| - name: "Curate OS profile" | |
| run: | | |
| sed -i 's/-dev//g' VERSION | |
| for yaml in os-profiles/microvisor-rt.yaml os-profiles/microvisor-nonrt.yaml; do | |
| echo "Processing YAML: $yaml" | |
| manifest_url=$(sed -n 's/^[[:space:]]*osPackageManifestURL:[[:space:]]*\(.*\)$/\1/p' "$yaml") | |
| full_url="https://files-rs.edgeorchestration.intel.com/${manifest_url}" | |
| manifest_file="${manifest_url##*/}" | |
| echo "Downloading manifest from ${full_url}..." | |
| if ! curl -sfL "$full_url" -o "$manifest_file"; then | |
| echo "❌ Failed to download $full_url — skipping $yaml" | |
| continue | |
| fi | |
| k3s_version=$(jq -r '.Repo[] | select(.Name=="k3s") | .Version' "$manifest_file" | cut -d'-' -f1) | |
| if [[ -z "$k3s_version" ]]; then | |
| echo "⚠️ k3s not found in $manifest_file — skipping $yaml" | |
| continue | |
| fi | |
| sed -i \ | |
| -e 's/^ version:.*$/ kubernetesVersion: v'"$k3s_version"'/' \ | |
| -e 's/^ kubernetes-version:.*$/ kubernetesVersion: v'"$k3s_version"'/' "$yaml" | |
| done | |
| cat VERSION; cat os-profiles/microvisor-rt.yaml; cat os-profiles/microvisor-nonrt.yaml | |
| - name: "Run validate OS profile" | |
| run: | | |
| cd .github/workflows/scripts && ./validate_os_profiles.sh ${{ secrets.S3_NAME }} | |
| # TODO: generalize this part of the CI for all subcomponents | |
| - name: "Get PR Description" | |
| id: get_pr_description | |
| run: | | |
| PR_DESCRIPTION=$(curl -s \ | |
| -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| "https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}" \ | |
| | jq -r '.body') | |
| PUBLISH=$(echo "$PR_DESCRIPTION" | grep -q '/publish🚢' && echo true || echo false) | |
| echo $PUBLISH | |
| echo "PUBLISH=$PUBLISH" >> $GITHUB_ENV | |
| - name: Configure AWS credentials | |
| if: ${{ env.PUBLISH == 'true' }} | |
| uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 | |
| with: | |
| aws-access-key-id: ${{ secrets.NO_AUTH_ECR_PUSH_USERNAME }} | |
| aws-secret-access-key: ${{ secrets.NO_AUTH_ECR_PUSH_PASSWD }} | |
| aws-region: us-west-2 | |
| - name: Login to Amazon ECR | |
| if: ${{ env.PUBLISH == 'true' }} | |
| uses: aws-actions/amazon-ecr-login@f2e9fc6c2b355c1890b65e6f6f0e2ac3e6e22f78 # v2.1.2 | |
| with: | |
| registries: "080137407410" | |
| - if: ${{ env.PUBLISH == 'true'}} | |
| name: "Publish OS profiles for development purposes" | |
| working-directory: "os-profiles" | |
| run: | | |
| TAGS=$(git rev-parse --abbrev-ref HEAD | sed 's/\//_/g') make artifact-publish | |
| - if: ${{ env.PUBLISH == 'true' }} | |
| name: "Publish comment to PR" | |
| working-directory: "os-profiles" | |
| run: | | |
| ALL_PROFILES=$(find *.yaml) | |
| OCI_REPOSITORY="edge-orch/en/files/os-profile" | |
| REGISTRY="registry-rs.edgeorchestration.intel.com" | |
| TAG=$(git rev-parse --abbrev-ref HEAD | sed 's/\//_/g') | |
| COMMENT="🚀🚀 Published OSProfiles with tag \"${TAG}\"!" | |
| for profile in $ALL_PROFILES; do | |
| COMMENT+="\n- oci://${REGISTRY}/${OCI_REPOSITORY}/${profile}:${TAG}" | |
| done | |
| curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| --data "{\"body\": \"$COMMENT\"}" \ | |
| "https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments" | |
| final-check: | |
| permissions: | |
| contents: read | |
| runs-on: ubuntu-latest | |
| if: ${{ always() }} | |
| needs: [pre-merge-root, pre-merge-pipeline, pre-merge-os-profiles, pre-merge-os-profiles-2] | |
| steps: | |
| - name: Final Status Check | |
| env: | |
| pre_merge_root_pipeline: ${{ needs.pre-merge-root.result }} | |
| pre_merge_pipeline: ${{ needs.pre-merge-pipeline.result }} | |
| pre_merge_os_profiles: ${{ needs.pre-merge-os-profiles.result }} | |
| pre_merge_os_profiles_2: ${{ needs.pre-merge-os-profiles-2.result }} | |
| run: | | |
| results=("pre_merge_root_pipeline" "pre_merge_pipeline" "pre_merge_os_profiles" "pre_merge_os_profiles_2") | |
| status="OK" | |
| for result in "${results[@]}"; do | |
| pipeline_result=$(eval echo \$$result) | |
| echo "${result} result: $pipeline_result" | |
| if [[ "$pipeline_result" != "success" && "$pipeline_result" != "skipped" ]]; then | |
| status="KO" | |
| fi | |
| done | |
| if [[ "$status" == "OK" ]]; then | |
| echo "Pre-merge check passed successfully." | |
| else | |
| echo "All pre-merge checks failed or were skipped. PR can't get merged" | |
| exit 1 | |
| fi |