[gha] Bump open-edge-platform/orch-ci/.github/workflows/pre-merge.yml from cd3e9a8d77db98ea1b3001fd879bdf5a56baa5e7 to df0faa34e13559f5b2847dc8633c65f32b07d9e5 #1343
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # SPDX-FileCopyrightText: (C) 2025 Intel Corporation | |
| # SPDX-License-Identifier: Apache-2.0 | |
| name: Pre-Merge CI Pipeline | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| - release-* | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| MARKDOWNLINT_CLI_VER: 0.44.0 | |
| permissions: {} | |
| jobs: | |
| pre-checks: | |
| permissions: | |
| contents: read | |
| runs-on: ubuntu-latest | |
| outputs: | |
| filtered_projects: ${{ steps.filter-changes.outputs.filtered_projects }} | |
| other_changed_projects: ${{ steps.filter-changes.outputs.other_changed_projects }} | |
| docker_projects: ${{ steps.filter-changes.outputs.docker_projects }} | |
| no_docker_projects: ${{ steps.filter-changes.outputs.no_docker_projects }} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: "Verify Branch Name" | |
| uses: open-edge-platform/orch-ci/verify-branch-name@bf82f7924caaac6ba2f388b6ec6ac4edd65f48ee # 2026.1.1 | |
| - name: "Discover Changed Subfolders" | |
| id: discover-changes | |
| uses: open-edge-platform/orch-ci/discover-changed-subfolders@bf82f7924caaac6ba2f388b6ec6ac4edd65f48ee # 2026.1.1 | |
| - name: "Filter Out Unwanted Changed Subfolders" | |
| id: filter-changes | |
| env: | |
| changed_projects: ${{ steps.discover-changes.outputs.changed_projects }} | |
| run: | | |
| folders_to_remove='[".github",".reuse","LICENSES",".git", "tests", "samples", "docs"]' | |
| no_docker_candidates='["baremetal", "helm"]' | |
| filtered_projects=$(echo "$changed_projects" | jq -cr --argjson folders_to_remove "$folders_to_remove" 'map(select(. as $item | $folders_to_remove | index($item) | not))') | |
| other_changed_projects=$(echo "$changed_projects" | jq -cr --argjson filtered_projects "$filtered_projects" 'map(select(. as $item | $filtered_projects | index($item) | not))') | |
| docker_projects=$(echo "$filtered_projects" | jq -cr --argjson no_docker_candidates "$no_docker_candidates" 'map(select(. as $item | $no_docker_candidates | index($item) | not))') | |
| no_docker_projects=$(echo "$filtered_projects" | jq -cr --argjson no_docker_candidates "$no_docker_candidates" 'map(select(. as $item | $no_docker_candidates | index($item)))') | |
| echo "filtered_projects=$filtered_projects" >> $GITHUB_OUTPUT | |
| echo "other_changed_projects=$other_changed_projects" >> $GITHUB_OUTPUT | |
| echo "docker_projects=$docker_projects" >> $GITHUB_OUTPUT | |
| echo "no_docker_projects=$no_docker_projects" >> $GITHUB_OUTPUT | |
| pre-merge-root: | |
| permissions: | |
| contents: read | |
| needs: pre-checks | |
| if: ${{ contains(needs.pre-checks.outputs.other_changed_projects, '.github') || contains(needs.pre-checks.outputs.other_changed_projects, 'LICENSES') || contains(needs.pre-checks.outputs.other_changed_projects, '""')}} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 | |
| with: | |
| node-version: '18' | |
| - run: | | |
| npm install -g \ | |
| "markdownlint-cli@${{ env.MARKDOWNLINT_CLI_VER }}" | |
| - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| id: setup_python | |
| with: | |
| python-version: '3.13' | |
| - name: Restore cached virtualenv | |
| uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 | |
| with: | |
| key: venv-${{ runner.os }}-${{ steps.setup_python.outputs.python-version }}-${{ hashFiles('requirements.txt') }} | |
| path: venv_infra | |
| - name: Run mdlint | |
| run: make mdlint | |
| - name: Run license check | |
| run: make license | |
| pre-merge-pipeline: | |
| permissions: | |
| contents: read | |
| needs: pre-checks | |
| if: ${{ needs.pre-checks.outputs.docker_projects != '[]' }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| project_folder: ${{ fromJson(needs.pre-checks.outputs.docker_projects) }} | |
| uses: open-edge-platform/orch-ci/.github/workflows/pre-merge.yml@df0faa34e13559f5b2847dc8633c65f32b07d9e5 # 2026.1.1 | |
| with: | |
| run_security_scans: true | |
| run_version_check: false | |
| run_build: true | |
| run_lint: true | |
| run_test: true | |
| run_docker_build: true | |
| run_docker_push: true | |
| run_helm_build: true | |
| run_helm_push: true | |
| run_artifact: false | |
| project_folder: ${{ matrix.project_folder }} | |
| version_suffix: "-pr-${{ github.event.number }}" | |
| secrets: # zizmor: ignore[secrets-inherit] | |
| inherit | |
| pre-merge-pipeline-no-docker: | |
| permissions: | |
| contents: read | |
| needs: pre-checks | |
| if: ${{ needs.pre-checks.outputs.no_docker_projects != '[]' }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| project_folder: ${{ fromJson(needs.pre-checks.outputs.no_docker_projects) }} | |
| uses: open-edge-platform/orch-ci/.github/workflows/pre-merge.yml@df0faa34e13559f5b2847dc8633c65f32b07d9e5 # 2026.1.1 | |
| with: | |
| run_security_scans: true | |
| run_version_check: false | |
| run_build: true | |
| run_lint: true | |
| run_test: true | |
| run_docker_build: false | |
| run_docker_push: false | |
| run_helm_build: true | |
| run_helm_push: true | |
| run_artifact: false | |
| project_folder: ${{ matrix.project_folder }} | |
| version_suffix: "-pr-${{ github.event.number }}" | |
| secrets: # zizmor: ignore[secrets-inherit] | |
| inherit | |
| final-check: | |
| runs-on: ubuntu-latest | |
| if: ${{ always() }} | |
| needs: [pre-merge-root, pre-merge-pipeline, pre-merge-pipeline-no-docker] | |
| steps: | |
| - name: Final Status Check | |
| env: | |
| pre_merge_pipeline: ${{ needs.pre-merge-pipeline.result }} | |
| pre_merge_pipeline_no_docker: ${{ needs.pre-merge-pipeline-no-docker.result }} | |
| pre_merge_root_pipeline: ${{ needs.pre-merge-root.result }} | |
| run: | | |
| results=("pre_merge_root_pipeline" "pre_merge_pipeline" "pre_merge_pipeline_no_docker") | |
| status="OK" | |
| for result in "${results[@]}"; do | |
| pipeline_result=$(eval echo \$$result) | |
| echo "${result} result: $pipeline_result" | |
| if [[ "$pipeline_result" != "success" && "$pipeline_result" != "skipped" ]]; then | |
| status="KO" | |
| fi | |
| done | |
| if [[ "$status" == "OK" ]]; then | |
| echo "Pre-merge check passed successfully." | |
| else | |
| echo "All pre-merge checks failed or were skipped. PR can't get merged" | |
| exit 1 | |
| fi |