-
Notifications
You must be signed in to change notification settings - Fork 18
48 lines (48 loc) · 1.72 KB
/
check-advisories.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
name: Check advisories
on:
- pull_request
jobs:
advisories_changed:
continue-on-error: true
runs-on: ubuntu-22.04
outputs:
should_skip: ${{ steps.skip_check.outputs.should_skip }}
changed_files: ${{ steps.process-changed-files.outputs.out }}
steps:
- id: skip_check
uses: fkirc/[email protected]
with:
concurrent_skipping: "never"
skip_after_successful_duplicate: "true"
paths: '["advisories/**", "EXAMPLE_ADVISORY.md"]'
do_not_skip: '["push", "workflow_dispatch", "schedule"]'
- id: process-changed-files
name: Extract matched files list
env:
PATHS_RESULT: ${{ steps.skip_check.outputs.paths_result }}
run: |
echo -n 'out=' >> "$GITHUB_OUTPUT"
# See https://github.com/fkirc/skip-duplicate-actions#paths_result
printenv PATHS_RESULT \
| jq --compact-output .global.matched_files >> "$GITHUB_OUTPUT"
code_hash:
name: Compute code directory hash
runs-on: ubuntu-22.04
outputs:
code_hash: ${{ steps.code-hash.outputs.code-hash }}
steps:
- name: git checkout
uses: actions/checkout@v3
- id: code-hash
run: |
code_hash=$(git rev-parse HEAD:code)
echo "code-hash=$code_hash" >> "$GITHUB_OUTPUT"
check_advisories:
name: Invoke check-advisories workflow
needs: [advisories_changed, code_hash]
if: ${{ needs.advisories_changed.outputs.should_skip != 'true' }}
uses: ./.github/workflows/call-check-advisories.yml
with:
fetch-key: hsec-tools-${{ needs.code_hash.outputs.code_hash }}
is-artifact: false
changed-advisories: ${{ needs.advisories_changed.outputs.changed_files }}