From 57e69595a5687bb9fa079271fa3aaadb5111d655 Mon Sep 17 00:00:00 2001 From: zamaz <71521611+zachariahmiller@users.noreply.github.com> Date: Wed, 30 Oct 2024 18:16:55 -0400 Subject: [PATCH 01/13] mock up --- .github/workflows/callable-pull-request.yaml | 139 +++++++++++++++++++ .github/workflows/ci-docs-shim.yaml | 74 +++++----- .github/workflows/pull-request.yaml | 18 +++ .github/workflows/release.yaml | 86 ++++++------ .github/workflows/test.yaml | 116 ++++++++-------- 5 files changed, 295 insertions(+), 138 deletions(-) create mode 100644 .github/workflows/callable-pull-request.yaml create mode 100644 .github/workflows/pull-request.yaml diff --git a/.github/workflows/callable-pull-request.yaml b/.github/workflows/callable-pull-request.yaml new file mode 100644 index 00000000..983db026 --- /dev/null +++ b/.github/workflows/callable-pull-request.yaml @@ -0,0 +1,139 @@ +# Copyright 2024 Defense Unicorns +# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial + +name: Callable-Pull-Request + +on: + workflow_call: + inputs: + runsOn: + required: true + type: string + upgrade-flavors: + required: true + type: string + flavor: + required: true + type: string + type: + required: true + type: string + reports-path: + type: string + description: The path to test outputs to upload + reports-name: + type: string + description: The name prefix for upload test reports + default: playwright-report + udsCliVersion: + description: The uds-cli version to install + # renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver + default: 0.17.0 + type: string + +# Permissions for the GITHUB_TOKEN used by the workflow. +permissions: + contents: read # Allows reading the content of the repository. + packages: read # Allows reading the content of the repository's packages. + id-token: write + +jobs: + paths-filter: + runs-on: ubuntu-latest + outputs: + docs: ${{ steps.filter.outputs.changes.docs }} + main: ${{ steps.filter.outputs.changes.main }} + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: dorny/paths-filter@v3 + id: filter + with: + filters: | + docs: + - '**.md' + - '**.jpg' + - '**.png' + - '**.gif' + - '**.svg' + - 'adr/**' + - 'docs/**' + - '.gitignore' + - 'renovate.json' + - '.release-please-config.json' + - 'release-please-config.json' + - 'CODEOWNERS' + - 'LICENSE' + - 'CONTRIBUTING.md' + - 'SECURITY.md' + - 'config/renovate.json5' + main: + - '!**.md' + - '!**.jpg' + - '!**.png' + - '!**.gif' + - '!**.svg' + - '!adr/**' + - '!docs/**' + - '!.gitignore' + - '!renovate.json' + - '!.release-please-config.json' + - '!release-please-config.json' + - '!CODEOWNERS' + - '!LICENSE' + - '!CONTRIBUTING.md' + - '!SECURITY.md' + - '!config/renovate.json5' + + check-flavor: + needs: paths-filter + if: needs.paths-filter.outputs.main == 'true' + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + + - name: test-flavor + uses: ./.github/actions/test-flavor + id: test-flavor + outputs: + upgrade-flavors: ${{ steps.test-flavor.outputs.upgrade-flavors }} + + test: + needs: check-flavor + strategy: + fail-fast: true + matrix: + type: [install, upgrade] + flavor: [upstream, unicorn, registry1] + uses: ./.github/workflows/callable-test.yaml + with: + upgrade-flavors: ${{ needs.check-flavor.outputs.upgrade-flavors }} + flavor: ${{ matrix.flavor }} + type: ${{ matrix.type }} + secrets: inherit # Inherits all secrets from the parent workflow. + + + run: + needs: paths-filter + runs-on: ubuntu-latest + timeout-minutes: 20 + if: needs.paths-filter.outputs.main == 'true' + strategy: + fail-fast: true + matrix: + type: [install, upgrade] + flavor: [upstream, unicorn, registry1] + steps: + - name: Shim for ${{ inputs.type }} ${{ inputs.flavor }} + run: | + echo "Documentation-only change detected; marking ${{ inputs.type }} ${{ inputs.flavor }} as successful." + + + lint: + uses: ./.github/workflows/callable-lint.yaml + secrets: inherit + + + commitlint: + uses: ./.github/workflows/callable-commitlint.yaml + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/ci-docs-shim.yaml b/.github/workflows/ci-docs-shim.yaml index 75b07ba9..06a268f4 100644 --- a/.github/workflows/ci-docs-shim.yaml +++ b/.github/workflows/ci-docs-shim.yaml @@ -1,41 +1,41 @@ -# Copyright 2024 Defense Unicorns -# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial +# # Copyright 2024 Defense Unicorns +# # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial -name: CI Doc Shim +# name: CI Doc Shim -on: - pull_request: - paths: - - "**.md" - - "**.jpg" - - "**.png" - - "**.gif" - - "**.svg" - - adr/** - - docs/** - - .gitignore - - renovate.json - - .release-please-config.json - - release-please-config.json - - oscal-component.yaml - - CODEOWNERS - - LICENSE - - CONTRIBUTING.md - - SECURITY.md - - config/renovate.json5 +# on: +# pull_request: +# paths: +# - "**.md" +# - "**.jpg" +# - "**.png" +# - "**.gif" +# - "**.svg" +# - adr/** +# - docs/** +# - .gitignore +# - renovate.json +# - .release-please-config.json +# - release-please-config.json +# - oscal-component.yaml +# - CODEOWNERS +# - LICENSE +# - CONTRIBUTING.md +# - SECURITY.md +# - config/renovate.json5 -# Permissions for the GITHUB_TOKEN used by the workflow. -permissions: - contents: read # Allows reading the content of the repository. +# # Permissions for the GITHUB_TOKEN used by the workflow. +# permissions: +# contents: read # Allows reading the content of the repository. -jobs: - validate: - strategy: - matrix: - type: [install, upgrade] - flavor: [upstream, registry1, unicorn] - uses: ./.github/workflows/callable-ci-docs-shim.yaml - with: - flavor: ${{ matrix.flavor }} - type: ${{ matrix.type }} - secrets: inherit # Inherits all secrets from the parent workflow. +# jobs: +# validate: +# strategy: +# matrix: +# type: [install, upgrade] +# flavor: [upstream, registry1, unicorn] +# uses: ./.github/workflows/callable-ci-docs-shim.yaml +# with: +# flavor: ${{ matrix.flavor }} +# type: ${{ matrix.type }} +# secrets: inherit # Inherits all secrets from the parent workflow. diff --git a/.github/workflows/pull-request.yaml b/.github/workflows/pull-request.yaml new file mode 100644 index 00000000..c456d25c --- /dev/null +++ b/.github/workflows/pull-request.yaml @@ -0,0 +1,18 @@ +# Copyright 2024 Defense Unicorns +# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial + +name: Pull Request Workflow + +on: + pull_request: + branches: [main] + types: [ milestoned, opened, edited, synchronize] + +# Permissions for the GITHUB_TOKEN used by the workflow. +permissions: + contents: read # Allows reading the content of the repository. + pull-requests: read # Allows reading pull requests + +jobs: + validate: + uses: ./.github/workflows/callable-pull-request.yaml \ No newline at end of file diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index b6ad6bfa..a07c38e0 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,48 +1,48 @@ -# Copyright 2024 Defense Unicorns -# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial +# # Copyright 2024 Defense Unicorns +# # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial -name: Release +# name: Release -on: - push: - branches: - - main +# on: +# push: +# branches: +# - main -# Permissions for the GITHUB_TOKEN used by the workflow. -permissions: - contents: read # Allows reading the content of the repository. - packages: read # Allows reading the content of the repository's packages. - id-token: write +# # Permissions for the GITHUB_TOKEN used by the workflow. +# permissions: +# contents: read # Allows reading the content of the repository. +# packages: read # Allows reading the content of the repository's packages. +# id-token: write -jobs: - tag-new-version: - permissions: write-all - runs-on: ubuntu-latest - outputs: - release_created: ${{ steps.release-flag.outputs.release_created }} - steps: - - name: Create Release Tag - id: tag - uses: googleapis/release-please-action@7987652d64b4581673a76e33ad5e98e3dd56832f # v4.1.3 - - id: release-flag - run: echo "release_created=${{ steps.tag.outputs.release_created || false }}" >> "$GITHUB_OUTPUT" +# jobs: +# tag-new-version: +# permissions: write-all +# runs-on: ubuntu-latest +# outputs: +# release_created: ${{ steps.release-flag.outputs.release_created }} +# steps: +# - name: Create Release Tag +# id: tag +# uses: googleapis/release-please-action@7987652d64b4581673a76e33ad5e98e3dd56832f # v4.1.3 +# - id: release-flag +# run: echo "release_created=${{ steps.tag.outputs.release_created || false }}" >> "$GITHUB_OUTPUT" - publish: - permissions: - contents: read # Allows reading the content of the repository. - packages: write # Allows reading the content of the repository's packages. - id-token: write - needs: tag-new-version - if: ${{ needs.tag-new-version.outputs.release_created == 'true' }} - strategy: - matrix: - flavor: [upstream, registry1, unicorn] - architecture: [amd64, arm64] - exclude: - - flavor: registry1 - architecture: arm64 - uses: ./.github/workflows/callable-publish.yaml - with: - flavor: ${{ matrix.flavor }} - runsOn: ${{ matrix.architecture == 'arm64' && 'uds-swf-ubuntu-arm64-4-core' || 'ubuntu-latest' }} - secrets: inherit # Inherits all secrets from the parent workflow. +# publish: +# permissions: +# contents: read # Allows reading the content of the repository. +# packages: write # Allows reading the content of the repository's packages. +# id-token: write +# needs: tag-new-version +# if: ${{ needs.tag-new-version.outputs.release_created == 'true' }} +# strategy: +# matrix: +# flavor: [upstream, registry1, unicorn] +# architecture: [amd64, arm64] +# exclude: +# - flavor: registry1 +# architecture: arm64 +# uses: ./.github/workflows/callable-publish.yaml +# with: +# flavor: ${{ matrix.flavor }} +# runsOn: ${{ matrix.architecture == 'arm64' && 'uds-swf-ubuntu-arm64-4-core' || 'ubuntu-latest' }} +# secrets: inherit # Inherits all secrets from the parent workflow. diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index b3697f44..b855e173 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -1,65 +1,65 @@ -# Copyright 2024 Defense Unicorns -# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial +# # Copyright 2024 Defense Unicorns +# # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial -name: Test +# name: Test -on: - # This workflow is triggered on pull requests to the main branch. - pull_request: - # milestoned is added here as a workaround for release-please not triggering PR workflows (PRs should be added to a milestone to trigger the workflow). - types: [milestoned, opened, reopened, synchronize] - paths-ignore: - - "**.md" - - "**.jpg" - - "**.png" - - "**.gif" - - "**.svg" - - adr/** - - docs/** - - .gitignore - - renovate.json - - .release-please-config.json - - release-please-config.json - - CODEOWNERS - - LICENSE - - CONTRIBUTING.md - - SECURITY.md - - config/renovate.json5 +# on: +# # This workflow is triggered on pull requests to the main branch. +# pull_request: +# # milestoned is added here as a workaround for release-please not triggering PR workflows (PRs should be added to a milestone to trigger the workflow). +# types: [milestoned, opened, reopened, synchronize] +# paths-ignore: +# - "**.md" +# - "**.jpg" +# - "**.png" +# - "**.gif" +# - "**.svg" +# - adr/** +# - docs/** +# - .gitignore +# - renovate.json +# - .release-please-config.json +# - release-please-config.json +# - CODEOWNERS +# - LICENSE +# - CONTRIBUTING.md +# - SECURITY.md +# - config/renovate.json5 -# Permissions for the GITHUB_TOKEN used by the workflow. -permissions: - contents: read # Allows reading the content of the repository. - packages: read # Allows reading the content of the repository's packages. - id-token: write +# # Permissions for the GITHUB_TOKEN used by the workflow. +# permissions: +# contents: read # Allows reading the content of the repository. +# packages: read # Allows reading the content of the repository's packages. +# id-token: write -# Abort prior jobs in the same workflow / PR -concurrency: - group: test-${{ github.ref }} - cancel-in-progress: true +# # Abort prior jobs in the same workflow / PR +# concurrency: +# group: test-${{ github.ref }} +# cancel-in-progress: true -jobs: - check-flavor: - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 +# jobs: +# check-flavor: +# runs-on: ubuntu-latest +# steps: +# - name: Checkout repository +# uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: test-flavor - uses: ./.github/actions/test-flavor - id: test-flavor - outputs: - upgrade-flavors: ${{ steps.test-flavor.outputs.upgrade-flavors }} +# - name: test-flavor +# uses: ./.github/actions/test-flavor +# id: test-flavor +# outputs: +# upgrade-flavors: ${{ steps.test-flavor.outputs.upgrade-flavors }} - validate: - needs: check-flavor - strategy: - fail-fast: true - matrix: - type: [install, upgrade] - flavor: [upstream, unicorn, registry1] - uses: ./.github/workflows/callable-test.yaml - with: - upgrade-flavors: ${{ needs.check-flavor.outputs.upgrade-flavors }} - flavor: ${{ matrix.flavor }} - type: ${{ matrix.type }} - secrets: inherit # Inherits all secrets from the parent workflow. +# validate: +# needs: check-flavor +# strategy: +# fail-fast: true +# matrix: +# type: [install, upgrade] +# flavor: [upstream, unicorn, registry1] +# uses: ./.github/workflows/callable-test.yaml +# with: +# upgrade-flavors: ${{ needs.check-flavor.outputs.upgrade-flavors }} +# flavor: ${{ matrix.flavor }} +# type: ${{ matrix.type }} +# secrets: inherit # Inherits all secrets from the parent workflow. From 8b62b21e52b5dde375e85b967e64b0955214237e Mon Sep 17 00:00:00 2001 From: zamaz <71521611+zachariahmiller@users.noreply.github.com> Date: Wed, 30 Oct 2024 18:25:53 -0400 Subject: [PATCH 02/13] toJson inputs --- .github/workflows/callable-pull-request.yaml | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/.github/workflows/callable-pull-request.yaml b/.github/workflows/callable-pull-request.yaml index 983db026..15127324 100644 --- a/.github/workflows/callable-pull-request.yaml +++ b/.github/workflows/callable-pull-request.yaml @@ -7,17 +7,19 @@ on: workflow_call: inputs: runsOn: - required: true type: string + default: ubuntu-latest upgrade-flavors: required: true type: string - flavor: + flavors: required: true type: string - type: + default: "['upstream', 'unicorn', 'registry1']" + types: required: true type: string + default: "['install', 'upgrade']" reports-path: type: string description: The path to test outputs to upload @@ -103,8 +105,8 @@ jobs: strategy: fail-fast: true matrix: - type: [install, upgrade] - flavor: [upstream, unicorn, registry1] + types: [install, upgrade] + flavors: ${{ fromJson(inputs.flavors) }} uses: ./.github/workflows/callable-test.yaml with: upgrade-flavors: ${{ needs.check-flavor.outputs.upgrade-flavors }} @@ -121,10 +123,10 @@ jobs: strategy: fail-fast: true matrix: - type: [install, upgrade] - flavor: [upstream, unicorn, registry1] + type: ${{ fromJson(inputs.types) }} + flavor: ${{ fromJson(inputs.flavors) }} steps: - - name: Shim for ${{ inputs.type }} ${{ inputs.flavor }} + - name: Shim for ${{ matrix.type }} ${{ matrix.flavor }} run: | echo "Documentation-only change detected; marking ${{ inputs.type }} ${{ inputs.flavor }} as successful." From 9d4fdb9e8f44bdbd168baf167e89da44eff3f58c Mon Sep 17 00:00:00 2001 From: zamaz <71521611+zachariahmiller@users.noreply.github.com> Date: Wed, 30 Oct 2024 18:26:18 -0400 Subject: [PATCH 03/13] clean up old --- .github/workflows/ci-docs-shim.yaml | 41 ------------------ .github/workflows/release.yaml | 48 --------------------- .github/workflows/test.yaml | 65 ----------------------------- 3 files changed, 154 deletions(-) delete mode 100644 .github/workflows/ci-docs-shim.yaml delete mode 100644 .github/workflows/release.yaml delete mode 100644 .github/workflows/test.yaml diff --git a/.github/workflows/ci-docs-shim.yaml b/.github/workflows/ci-docs-shim.yaml deleted file mode 100644 index 06a268f4..00000000 --- a/.github/workflows/ci-docs-shim.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# # Copyright 2024 Defense Unicorns -# # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial - -# name: CI Doc Shim - -# on: -# pull_request: -# paths: -# - "**.md" -# - "**.jpg" -# - "**.png" -# - "**.gif" -# - "**.svg" -# - adr/** -# - docs/** -# - .gitignore -# - renovate.json -# - .release-please-config.json -# - release-please-config.json -# - oscal-component.yaml -# - CODEOWNERS -# - LICENSE -# - CONTRIBUTING.md -# - SECURITY.md -# - config/renovate.json5 - -# # Permissions for the GITHUB_TOKEN used by the workflow. -# permissions: -# contents: read # Allows reading the content of the repository. - -# jobs: -# validate: -# strategy: -# matrix: -# type: [install, upgrade] -# flavor: [upstream, registry1, unicorn] -# uses: ./.github/workflows/callable-ci-docs-shim.yaml -# with: -# flavor: ${{ matrix.flavor }} -# type: ${{ matrix.type }} -# secrets: inherit # Inherits all secrets from the parent workflow. diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml deleted file mode 100644 index a07c38e0..00000000 --- a/.github/workflows/release.yaml +++ /dev/null @@ -1,48 +0,0 @@ -# # Copyright 2024 Defense Unicorns -# # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial - -# name: Release - -# on: -# push: -# branches: -# - main - -# # Permissions for the GITHUB_TOKEN used by the workflow. -# permissions: -# contents: read # Allows reading the content of the repository. -# packages: read # Allows reading the content of the repository's packages. -# id-token: write - -# jobs: -# tag-new-version: -# permissions: write-all -# runs-on: ubuntu-latest -# outputs: -# release_created: ${{ steps.release-flag.outputs.release_created }} -# steps: -# - name: Create Release Tag -# id: tag -# uses: googleapis/release-please-action@7987652d64b4581673a76e33ad5e98e3dd56832f # v4.1.3 -# - id: release-flag -# run: echo "release_created=${{ steps.tag.outputs.release_created || false }}" >> "$GITHUB_OUTPUT" - -# publish: -# permissions: -# contents: read # Allows reading the content of the repository. -# packages: write # Allows reading the content of the repository's packages. -# id-token: write -# needs: tag-new-version -# if: ${{ needs.tag-new-version.outputs.release_created == 'true' }} -# strategy: -# matrix: -# flavor: [upstream, registry1, unicorn] -# architecture: [amd64, arm64] -# exclude: -# - flavor: registry1 -# architecture: arm64 -# uses: ./.github/workflows/callable-publish.yaml -# with: -# flavor: ${{ matrix.flavor }} -# runsOn: ${{ matrix.architecture == 'arm64' && 'uds-swf-ubuntu-arm64-4-core' || 'ubuntu-latest' }} -# secrets: inherit # Inherits all secrets from the parent workflow. diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml deleted file mode 100644 index b855e173..00000000 --- a/.github/workflows/test.yaml +++ /dev/null @@ -1,65 +0,0 @@ -# # Copyright 2024 Defense Unicorns -# # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial - -# name: Test - -# on: -# # This workflow is triggered on pull requests to the main branch. -# pull_request: -# # milestoned is added here as a workaround for release-please not triggering PR workflows (PRs should be added to a milestone to trigger the workflow). -# types: [milestoned, opened, reopened, synchronize] -# paths-ignore: -# - "**.md" -# - "**.jpg" -# - "**.png" -# - "**.gif" -# - "**.svg" -# - adr/** -# - docs/** -# - .gitignore -# - renovate.json -# - .release-please-config.json -# - release-please-config.json -# - CODEOWNERS -# - LICENSE -# - CONTRIBUTING.md -# - SECURITY.md -# - config/renovate.json5 - -# # Permissions for the GITHUB_TOKEN used by the workflow. -# permissions: -# contents: read # Allows reading the content of the repository. -# packages: read # Allows reading the content of the repository's packages. -# id-token: write - -# # Abort prior jobs in the same workflow / PR -# concurrency: -# group: test-${{ github.ref }} -# cancel-in-progress: true - -# jobs: -# check-flavor: -# runs-on: ubuntu-latest -# steps: -# - name: Checkout repository -# uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - -# - name: test-flavor -# uses: ./.github/actions/test-flavor -# id: test-flavor -# outputs: -# upgrade-flavors: ${{ steps.test-flavor.outputs.upgrade-flavors }} - -# validate: -# needs: check-flavor -# strategy: -# fail-fast: true -# matrix: -# type: [install, upgrade] -# flavor: [upstream, unicorn, registry1] -# uses: ./.github/workflows/callable-test.yaml -# with: -# upgrade-flavors: ${{ needs.check-flavor.outputs.upgrade-flavors }} -# flavor: ${{ matrix.flavor }} -# type: ${{ matrix.type }} -# secrets: inherit # Inherits all secrets from the parent workflow. From 15a4adbb187589d84bfd9b9b909c00b7e00906e3 Mon Sep 17 00:00:00 2001 From: zamaz <71521611+zachariahmiller@users.noreply.github.com> Date: Wed, 30 Oct 2024 18:27:28 -0400 Subject: [PATCH 04/13] remove extra input --- .github/workflows/callable-pull-request.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/callable-pull-request.yaml b/.github/workflows/callable-pull-request.yaml index 15127324..882f33a9 100644 --- a/.github/workflows/callable-pull-request.yaml +++ b/.github/workflows/callable-pull-request.yaml @@ -9,9 +9,6 @@ on: runsOn: type: string default: ubuntu-latest - upgrade-flavors: - required: true - type: string flavors: required: true type: string From 9d277403cb9047b581b6a833142f7b89e4eff7c3 Mon Sep 17 00:00:00 2001 From: zamaz <71521611+zachariahmiller@users.noreply.github.com> Date: Wed, 30 Oct 2024 18:28:42 -0400 Subject: [PATCH 05/13] remove required on inputs --- .github/workflows/callable-pull-request.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/callable-pull-request.yaml b/.github/workflows/callable-pull-request.yaml index 882f33a9..21618aab 100644 --- a/.github/workflows/callable-pull-request.yaml +++ b/.github/workflows/callable-pull-request.yaml @@ -10,11 +10,9 @@ on: type: string default: ubuntu-latest flavors: - required: true type: string default: "['upstream', 'unicorn', 'registry1']" types: - required: true type: string default: "['install', 'upgrade']" reports-path: From 63a79ea21ef82a5da22a6b17d4febda58615dc79 Mon Sep 17 00:00:00 2001 From: zamaz <71521611+zachariahmiller@users.noreply.github.com> Date: Wed, 30 Oct 2024 18:29:50 -0400 Subject: [PATCH 06/13] add permissions --- .github/workflows/pull-request.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pull-request.yaml b/.github/workflows/pull-request.yaml index c456d25c..c808bed0 100644 --- a/.github/workflows/pull-request.yaml +++ b/.github/workflows/pull-request.yaml @@ -15,4 +15,8 @@ permissions: jobs: validate: - uses: ./.github/workflows/callable-pull-request.yaml \ No newline at end of file + permissions: + contents: read # Allows reading the content of the repository. + packages: read # Allows reading the content of the repository's packages. + id-token: write + uses: ./.github/workflows/callable-pull-request.yaml From ec47042361b8ca755212cdf115ca121741857b66 Mon Sep 17 00:00:00 2001 From: zamaz <71521611+zachariahmiller@users.noreply.github.com> Date: Wed, 30 Oct 2024 18:32:02 -0400 Subject: [PATCH 07/13] update permissions --- .github/workflows/callable-pull-request.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/callable-pull-request.yaml b/.github/workflows/callable-pull-request.yaml index 21618aab..0b3b7efc 100644 --- a/.github/workflows/callable-pull-request.yaml +++ b/.github/workflows/callable-pull-request.yaml @@ -127,10 +127,14 @@ jobs: lint: + permissions: + pull-requests: read uses: ./.github/workflows/callable-lint.yaml secrets: inherit commitlint: + permissions: + pull-requests: read uses: ./.github/workflows/callable-commitlint.yaml secrets: inherit \ No newline at end of file From 118da987cf3ecf4e14f0f7a698446434d226f1cb Mon Sep 17 00:00:00 2001 From: zamaz <71521611+zachariahmiller@users.noreply.github.com> Date: Wed, 30 Oct 2024 18:33:08 -0400 Subject: [PATCH 08/13] permissions --- .github/workflows/pull-request.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/pull-request.yaml b/.github/workflows/pull-request.yaml index c808bed0..cfd64bc4 100644 --- a/.github/workflows/pull-request.yaml +++ b/.github/workflows/pull-request.yaml @@ -19,4 +19,5 @@ jobs: contents: read # Allows reading the content of the repository. packages: read # Allows reading the content of the repository's packages. id-token: write + pull-requests: read # Allows reading pull requests uses: ./.github/workflows/callable-pull-request.yaml From c540026e8df2dad21ed18a3ca30d7bf64a291c7f Mon Sep 17 00:00:00 2001 From: zamaz <71521611+zachariahmiller@users.noreply.github.com> Date: Wed, 30 Oct 2024 18:34:23 -0400 Subject: [PATCH 09/13] permissions --- .github/workflows/callable-pull-request.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/callable-pull-request.yaml b/.github/workflows/callable-pull-request.yaml index 0b3b7efc..218c5cfa 100644 --- a/.github/workflows/callable-pull-request.yaml +++ b/.github/workflows/callable-pull-request.yaml @@ -129,6 +129,7 @@ jobs: lint: permissions: pull-requests: read + contents: read uses: ./.github/workflows/callable-lint.yaml secrets: inherit From e17c4aaa8c8fa3ab0131ad54e1b5d83764bce82d Mon Sep 17 00:00:00 2001 From: zamaz <71521611+zachariahmiller@users.noreply.github.com> Date: Wed, 30 Oct 2024 18:34:51 -0400 Subject: [PATCH 10/13] permissions --- .github/workflows/callable-pull-request.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/callable-pull-request.yaml b/.github/workflows/callable-pull-request.yaml index 218c5cfa..a97606e4 100644 --- a/.github/workflows/callable-pull-request.yaml +++ b/.github/workflows/callable-pull-request.yaml @@ -137,5 +137,6 @@ jobs: commitlint: permissions: pull-requests: read + contents: read uses: ./.github/workflows/callable-commitlint.yaml secrets: inherit \ No newline at end of file From 0d6a86809b151d901e8ec60c1cb3bbcc0fdf6088 Mon Sep 17 00:00:00 2001 From: zamaz <71521611+zachariahmiller@users.noreply.github.com> Date: Wed, 30 Oct 2024 18:38:50 -0400 Subject: [PATCH 11/13] update conditions --- .github/workflows/callable-pull-request.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/callable-pull-request.yaml b/.github/workflows/callable-pull-request.yaml index a97606e4..728a4e91 100644 --- a/.github/workflows/callable-pull-request.yaml +++ b/.github/workflows/callable-pull-request.yaml @@ -96,7 +96,9 @@ jobs: upgrade-flavors: ${{ steps.test-flavor.outputs.upgrade-flavors }} test: - needs: check-flavor + needs: + - check-flavor + - paths-filter strategy: fail-fast: true matrix: @@ -110,7 +112,7 @@ jobs: secrets: inherit # Inherits all secrets from the parent workflow. - run: + doc-shim: needs: paths-filter runs-on: ubuntu-latest timeout-minutes: 20 @@ -123,8 +125,7 @@ jobs: steps: - name: Shim for ${{ matrix.type }} ${{ matrix.flavor }} run: | - echo "Documentation-only change detected; marking ${{ inputs.type }} ${{ inputs.flavor }} as successful." - + echo "Documentation-only change detected; marking ${{ matrix.type }} ${{ matrix.flavor }} as successful." lint: permissions: From b0de577c99f979acb6840211e605b79302e5fd26 Mon Sep 17 00:00:00 2001 From: zamaz <71521611+zachariahmiller@users.noreply.github.com> Date: Wed, 30 Oct 2024 18:40:35 -0400 Subject: [PATCH 12/13] updates --- .github/workflows/callable-pull-request.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/callable-pull-request.yaml b/.github/workflows/callable-pull-request.yaml index 728a4e91..d6f796b4 100644 --- a/.github/workflows/callable-pull-request.yaml +++ b/.github/workflows/callable-pull-request.yaml @@ -99,10 +99,11 @@ jobs: needs: - check-flavor - paths-filter + if: needs.paths-filter.outputs.main == 'true' strategy: fail-fast: true matrix: - types: [install, upgrade] + types: ${{ fromJson(inputs.types) }} flavors: ${{ fromJson(inputs.flavors) }} uses: ./.github/workflows/callable-test.yaml with: @@ -116,7 +117,7 @@ jobs: needs: paths-filter runs-on: ubuntu-latest timeout-minutes: 20 - if: needs.paths-filter.outputs.main == 'true' + if: needs.paths-filter.outputs.docs == 'true' strategy: fail-fast: true matrix: From 84cd8deeccbc977fa3508aede1f4e041485b50f9 Mon Sep 17 00:00:00 2001 From: zamaz <71521611+zachariahmiller@users.noreply.github.com> Date: Wed, 30 Oct 2024 18:43:49 -0400 Subject: [PATCH 13/13] test shim paths --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ff937ebf..bd1b4592 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ The repo itself contains: - [VSCode configuration](config/.vscode) to setup syntax highlighting for different tooling in your IDE. - [An example](.) UDS Package for Nginx that demonstrates the general structure and acts as a test for the common tasks. -## Task Usage +## Task Usage Common `tasks` can be included in downstream repositories and executed with `uds run`. You can learn more about the common tasks in this repo on the [tasks README](./tasks/README.md).