orch-ui/.github/workflows/pr-checks.yml at 7a9441d2dc8a44f424bc883aa77f5bff02428443 · open-edge-platform/orch-ui · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
# SPDX-FileCopyrightText: (C) 2025 Intel Corporation
# SPDX-License-Identifier: Apache-2.0

---
name: PR Checks

on:
  pull_request:
    types: [opened, reopened, synchronize]
  workflow_dispatch:

permissions: {}

jobs:
  detect-changed-folders:
    permissions:
      contents: read
    runs-on: 'ubuntu-latest'
    outputs:
      changed_files_root: ${{ steps.root-file-changes.outputs.changed_files }}
      changed_projects_root: ${{ steps.discover-changes.outputs.changed_projects }}
      changed_apps: ${{ steps.discover-changes-apps.outputs.changed_projects }}
    steps:
      - name: Git safe directory
        run: git config --global --add safe.directory $GITHUB_WORKSPACE

      - name: Discover changed files at root level
        uses: open-edge-platform/orch-ci/discover-changed-files@0.1.52
        id: root-file-changes

      - name: Discover changed folders at root level
        uses: open-edge-platform/orch-ci/discover-changed-subfolders@0.1.52
        id: discover-changes

      - name: Discover changed apps
        uses: open-edge-platform/orch-ci/discover-changed-subfolders@0.1.52
        id: discover-changes-apps
        with:
          project_folder: "apps"

  license-check:
    permissions:
      contents: read
    runs-on: 'ubuntu-latest'
    steps:
      - name: Checkout code
        uses: actions/checkout@v5

      - name: License check
        run: make license

  matching-versions:
    permissions:
      contents: read
    name: Check that VERSION files and Chart versions match
    runs-on: 'ubuntu-latest'
    steps:
      - name: Checkout code
        uses: actions/checkout@v5

      - name: Apply all versions
        run: make apply-all-versions

      - name: Validate clean folder
        run: |
          bash -c "diff -u <(echo -n) <(git diff .)"

  setup-conditions:
    permissions:
      contents: read
    needs: detect-changed-folders
    runs-on: 'ubuntu-latest'
    outputs:
      common_condition: ${{ contains(needs.detect-changed-folders.outputs.changed_projects_root, 'library') || contains(needs.detect-changed-folders.outputs.changed_projects_root, '.github') || contains(needs.detect-changed-folders.outputs.changed_files_root, 'common.mk') || contains(needs.detect-changed-folders.outputs.changed_files_root, 'package-lock.json') || '' == 'false' }}
    steps:
      - name: Log details
        run: |
          echo "Did library change? ${{ contains(needs.detect-changed-folders.outputs.changed_projects_root, 'library') }}"
          echo "Did .github change? ${{ contains(needs.detect-changed-folders.outputs.changed_projects_root, '.github') }}"
          echo "Did common.mk change? ${{ contains(needs.detect-changed-folders.outputs.changed_files_root, 'common.mk') }}"
          echo "Did package-lock.json change? ${{ contains(needs.detect-changed-folders.outputs.changed_files_root, 'package-lock.json') }}"
          echo "Common condition: ${{ contains(needs.detect-changed-folders.outputs.changed_projects_root, 'library') || contains(needs.detect-changed-folders.outputs.changed_projects_root, '.github') || contains(needs.detect-changed-folders.outputs.changed_files_root, 'common.mk') || contains(needs.detect-changed-folders.outputs.changed_files_root, 'package-lock.json') || '' == 'false' }}"

  library-pipeline:
    permissions:
      contents: read
    needs: setup-conditions
    if: needs.setup-conditions.outputs.common_condition == 'true'
    uses: ./.github/workflows/library.yml
    secrets: inherit

  e2e-tests-pipeline:
    permissions:
      contents: read
    uses: ./.github/workflows/e2e-tests.yml
    secrets: inherit

  pre-merge-pipeline:
    permissions:
      contents: read
    needs: [detect-changed-folders, setup-conditions]
    if: ${{ needs.setup-conditions.outputs.common_condition == 'true' || (needs.setup-conditions.outputs.common_condition == 'false' && fromJson(needs.detect-changed-folders.outputs.changed_apps)[0] != null) }}
    strategy:
      fail-fast: false
      matrix:
        project_folder: ${{ (needs.setup-conditions.outputs.common_condition == 'true' && fromJson('["admin", "app-orch", "cluster-orch", "infra", "root"]')) || fromJson(needs.detect-changed-folders.outputs.changed_apps) }}
    uses: open-edge-platform/orch-ci/.github/workflows/pre-merge.yml@0.1.52
    with:
      bootstrap_tools: "base,helm,yq,jq"
      run_security_scans: true
      run_version_check: true
      run_dep_version_check: false
      run_build: false
      run_lint: true
      run_test: true
      run_validate_clean_folder: true
      run_docker_build: true
      run_docker_push: true
      run_artifact: false
      run_helm_build: true
      run_helm_push: true
      run_reuse_check: true
      prefix_tag_separator: "/"
      project_folder: apps/${{ matrix.project_folder }}
      orch_ci_repo_ref: main
      version_suffix: "-pr-${{ github.event.number }}"
    secrets: inherit

  final-check:
    permissions:
      contents: read
    runs-on: ubuntu-latest
    if: ${{ always() }}
    needs: [detect-changed-folders, setup-conditions, library-pipeline, e2e-tests-pipeline, pre-merge-pipeline]
    steps:
      - name: Final Status Check
        run: |
          pre_merge_pipeline_result="${{ needs.pre-merge-pipeline.result }}"
          e2e_tests_pipeline_result="${{ needs.e2e-tests-pipeline.result }}"
          library_pipeline_result="${{ needs.library-pipeline.result }}"
          detect_changed_folders="${{ needs.detect-changed-folders.outputs.changed_apps }}"
          common_condition="${{ needs.setup-conditions.outputs.common_condition }}"

          echo "Pre-merge pipeline result: $pre_merge_pipeline_result"
          echo "E2E test pipeline result: $e2e_tests_pipeline_result"
          echo "Library pipeline result: $library_pipeline_result"
          echo "Detect-changed-folders: $detect_changed_folders"
          echo "Common Condition: $common_condition"

          # E2E tests pipeline should always succeed regardless of other changes
          if [ "$e2e_tests_pipeline_result" != "success" ]; then
            echo "E2E tests pipeline failed. PR can't be merged."
            exit 1
          fi

          # Check library pipeline only if it was required to run (otherwise it will be "skipped")
          if [ "${{ needs.setup-conditions.outputs.common_condition }}" == "true" ] && [ "$library_pipeline_result" != "success" ]; then
            echo "Library pipeline check failed. PR can't be merged."
            exit 1
          fi

          # Check pre-merge pipeline only if it was required to run
          has_changes="${{ needs.detect-changed-folders.outputs.changed_apps[0] != null || needs.setup-conditions.outputs.common_condition == 'true' }}"
          echo "Has changes: $has_changes"
          echo "Pre merge pipeline result: $pre_merge_pipeline_result"
          if [ "$has_changes" == "true" ] && [ "$pre_merge_pipeline_result" != "success" ]; then
            echo "Pre-merge pipeline failed. PR can't be merged."
            exit 1
          fi

          echo "All required checks have passed. PR can be merged."