[gha] Bump open-edge-platform/orch-ci/.github/workflows/post-merge-scorecard.yml from 5d5d08245bb57937b3bee043e5fb5e7590098051 to aff1e9efbc37ed254c0eea575f51d379f47dc9a0 #1565
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # SPDX-FileCopyrightText: (C) 2026 Intel Corporation | |
| # SPDX-License-Identifier: Apache-2.0 | |
| name: Pre-Merge CI Pipeline | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| - release-* | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| MARKDOWNLINT_CLI_VER: 0.44.0 | |
| permissions: | |
| contents: read | |
| jobs: | |
| pre-checks: | |
| permissions: | |
| contents: read | |
| runs-on: ubuntu-latest | |
| outputs: | |
| filtered_projects: ${{ steps.filter-changes.outputs.filtered_projects }} | |
| other_changed_projects: ${{ steps.filter-changes.outputs.other_changed_projects }} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: "Verify Branch Name" | |
| uses: open-edge-platform/orch-ci/verify-branch-name@bf82f7924caaac6ba2f388b6ec6ac4edd65f48ee # 2026.1.1 | |
| - name: "Discover Changed Subfolders" | |
| id: discover-changes | |
| uses: open-edge-platform/orch-ci/discover-changed-subfolders@bf82f7924caaac6ba2f388b6ec6ac4edd65f48ee # 2026.1.1 | |
| - name: "Filter Out Unwanted Changed Subfolders" | |
| id: filter-changes | |
| env: | |
| changed_projects: ${{ steps.discover-changes.outputs.changed_projects }} | |
| run: | | |
| folders_to_remove='[".github",".reuse","LICENSES",""]' | |
| filtered_projects=$(echo "$changed_projects" | jq -cr --argjson folders_to_remove "$folders_to_remove" 'map(select(. as $item | $folders_to_remove | index($item) | not))') | |
| other_changed_projects=$(echo "$changed_projects" | jq -cr --argjson filtered_projects "$filtered_projects" 'map(select(. as $item | $filtered_projects | index($item) | not))') | |
| echo "filtered_projects=$filtered_projects" >> $GITHUB_OUTPUT | |
| echo "other_changed_projects=$other_changed_projects" >> $GITHUB_OUTPUT | |
| pre-merge-root: | |
| permissions: | |
| contents: read | |
| needs: pre-checks | |
| if: ${{ contains(needs.pre-checks.outputs.other_changed_projects, '.github') || contains(needs.pre-checks.outputs.other_changed_projects, '.reuse') || contains(needs.pre-checks.outputs.other_changed_projects, 'LICENSES') || contains(needs.pre-checks.outputs.other_changed_projects, '""')}} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 | |
| with: | |
| node-version: '18' | |
| - run: | | |
| npm install -g \ | |
| "markdownlint-cli@${{ env.MARKDOWNLINT_CLI_VER }}" | |
| - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| id: setup_python | |
| with: | |
| python-version: '3.13' | |
| - name: Restore cached virtualenv | |
| uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 | |
| with: | |
| key: venv-${{ runner.os }}-${{ steps.setup_python.outputs.python-version }}-${{ hashFiles('requirements.txt') }} | |
| path: venv_infra | |
| - name: Run mdlint | |
| run: make mdlint | |
| - name: Run license check | |
| run: make license | |
| pre-merge-pipeline: | |
| permissions: | |
| contents: read | |
| needs: pre-checks | |
| if: ${{ needs.pre-checks.outputs.filtered_projects != '[]' }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| project_folder: ${{ fromJson(needs.pre-checks.outputs.filtered_projects) }} | |
| uses: open-edge-platform/orch-ci/.github/workflows/pre-merge.yml@bf82f7924caaac6ba2f388b6ec6ac4edd65f48ee # 2026.1.1 | |
| with: | |
| bootstrap_tools: "all,golangci-lint2" | |
| run_security_scans: true | |
| run_version_check: true | |
| run_dep_version_check: true | |
| run_build: true | |
| run_lint: true | |
| run_test: true | |
| run_validate_clean_folder: true | |
| run_docker_build: true | |
| run_artifact: false | |
| prefix_tag_separator: "/" | |
| project_folder: ${{ matrix.project_folder }} | |
| trivy_image_skip: "postgres:16.4" | |
| trivy_config_path: '${{ matrix.project_folder }}/trivy.yaml' | |
| secrets: | |
| NO_AUTH_ECR_PUSH_USERNAME: ${{ secrets.NO_AUTH_ECR_PUSH_USERNAME }} | |
| NO_AUTH_ECR_PUSH_PASSWD: ${{ secrets.NO_AUTH_ECR_PUSH_PASSWD }} | |
| final-check: | |
| permissions: | |
| contents: read | |
| runs-on: ubuntu-latest | |
| if: ${{ always() }} | |
| needs: [pre-merge-root, pre-merge-pipeline] | |
| steps: | |
| - name: Final Status Check | |
| env: | |
| pre_merge_root_pipeline: ${{ needs.pre-merge-root.result }} | |
| pre_merge_pipeline: ${{ needs.pre-merge-pipeline.result }} | |
| run: | | |
| results=("pre_merge_root_pipeline" "pre_merge_pipeline") | |
| status="OK" | |
| for result in "${results[@]}"; do | |
| pipeline_result=$(eval echo \$$result) | |
| echo "${result} result: $pipeline_result" | |
| if [[ "$pipeline_result" != "success" && "$pipeline_result" != "skipped" ]]; then | |
| status="KO" | |
| fi | |
| done | |
| if [[ "$status" == "OK" ]]; then | |
| echo "Pre-merge check passed successfully." | |
| else | |
| echo "All pre-merge checks failed or were skipped. PR can't get merged" | |
| exit 1 | |
| fi |