chains/.github/workflows/ci.yaml at main · tektoncd/chains · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
name: ci

'on':
  pull_request: {}
  merge_group: {}

concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.merge_group.head_ref || github.ref }}
  cancel-in-progress: true

defaults:
  run:
    shell: bash

permissions:
  contents: read

jobs:
  changes:
    name: categorize changes
    runs-on: ubuntu-latest
    outputs:
      non-docs: ${{ steps.detect.outputs.non-docs }}
      yaml: ${{ steps.detect.outputs.yaml }}
    steps:
    - name: Get base depth
      id: base-depth
      run: echo "base-depth=$(expr ${{ github.event.pull_request.commits }} + 1)" >> $GITHUB_OUTPUT
    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
      with:
        ref: ${{ github.event.pull_request.head.sha }}
        fetch-depth: ${{ steps.base-depth.outputs.base-depth }}
        persist-credentials: false
    - name: detect
      id: detect
      run: |
        git fetch origin ${GITHUB_BASE_REF}
        CHANGED_FILES=$(git diff --name-only ${{ github.event.pull_request.base.sha }}...${{ github.event.pull_request.head.sha }} | tr ' ' '\n')

        echo -e "Changed files:\n${CHANGED_FILES}"

        # If no files are changed at all, then `grep -v` will match even though no change outputs
        # should be true. Skipping output on an empty set of changes eliminates the false positive
        if [[ -n "${CHANGED_FILES}" ]]; then
          NON_DOCS=$(echo "${CHANGED_FILES}" | grep -Eqv '\.md$' && echo 'true' || echo 'false')
          YAML=$(echo "${CHANGED_FILES}" | grep -Eq '\.ya?ml$' && echo 'true' || echo 'false')
          echo "non-docs=${NON_DOCS}" | tee -a $GITHUB_OUTPUT
          echo "yaml=${YAML}" | tee -a $GITHUB_OUTPUT
        fi

  build:
    name: build
    runs-on: ubuntu-latest
    needs: [changes]
    if: ${{ needs.changes.outputs.non-docs == 'true' }}
    steps:
    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
      with:
        persist-credentials: false
    - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c  # v6.4.0
      with:
        go-version-file: "go.mod"
    - name: build
      run: |
        go build -v ./...
  linting:
    name: lint
    runs-on: ubuntu-latest
    permissions:
      contents: read
      checks: write  # Used by golangci-lint to annotate code in the PR
    needs: [changes]
    steps:
    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
      with:
        fetch-depth: 0
        persist-credentials: false
    - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c  # v6.4.0
      with:
        go-version-file: "go.mod"
    - name: gofmt
      if: ${{ needs.changes.outputs.non-docs == 'true' }}
      run: |
        gofmt_out=$(gofmt -d $(find * -name '*.go' ! -path 'vendor/*' ! -path 'third_party/*'))
        if [[ -n "$gofmt_out" ]]; then
            failed=1
        fi
        echo "$gofmt_out"
    - name: golangci-lint
      uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20  # v9.2.0
      if: ${{ needs.changes.outputs.non-docs == 'true' }}
      with:
        version: v2.7.2
        args: --new-from-merge-base=origin/${{ github.base_ref }} --timeout=10m
    - name: yamllint
      if: ${{ needs.changes.outputs.yaml == 'true' }}
      run: |
        apt-get update && apt-get install -y yamllint
        make yamllint
    - name: check-license
      if: ${{ needs.changes.outputs.non-docs == 'true' }}
      run: |
        go install github.com/google/go-licenses@v1.0.0
        go-licenses check ./...
  tests:
    needs: [build]
    name: test
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
      with:
        persist-credentials: false
    - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c  # v6.4.0
      with:
        go-version-file: "go.mod"
    - name: unit-test
      run: |
        make test-unit-verbose-and-race
  e2e-tests:
    needs: [build]
    uses: ./.github/workflows/kind-e2e.yaml

  ci-summary:
    name: CI summary
    needs: [build, linting, tests, e2e-tests]
    runs-on: ubuntu-latest
    if: always()
    steps:
    - name: Check CI results
      run: |
        results=(
          "build=${NEEDS_BUILD_RESULT}"
          "linting=${NEEDS_LINTING_RESULT}"
          "tests=${NEEDS_TESTS_RESULT}"
          "e2e-tests=${NEEDS_E2E_TESTS_RESULT}"
        )
        failed=0
        for r in "${results[@]}"; do
          name="${r%%=*}"
          result="${r#*=}"
          echo "${name}: ${result}"
          if [ "$result" != "success" ] && [ "$result" != "skipped" ]; then
            failed=1
          fi
        done
        if [ "$failed" -eq 1 ]; then
          echo ""
          echo "Some CI jobs failed or were cancelled"
          exit 1
        fi
        echo ""
        echo "All CI checks passed"
      env:
        NEEDS_BUILD_RESULT: ${{ needs.build.result }}
        NEEDS_LINTING_RESULT: ${{ needs.linting.result }}
        NEEDS_TESTS_RESULT: ${{ needs.tests.result }}
        NEEDS_E2E_TESTS_RESULT: ${{ needs.e2e-tests.result }}