Skip to content

Commit

Permalink
Update workflows
Browse files Browse the repository at this point in the history
  • Loading branch information
@walkowif
walkowif committed Mar 7, 2024
1 parent 92c0a20 commit dcf5419
Show file tree
Hide file tree
Showing 15 changed files with 583 additions and 65 deletions.
38 changes: 36 additions & 2 deletions .github/workflows/audit.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,11 +33,45 @@ jobs:
image: ghcr.io/insightsengineering/rstudio:latest
name: oysteR scan 🦪
if: >
!contains(github.event.commits[0].message, '[skip audit]')
&& github.event.pull_request.draft == false
github.event.pull_request.draft == false
steps:
- name: Get branch names 🌿
id: branch-name
uses: tj-actions/branch-names@v7

- name: Checkout repo (PR) 🛎
uses: actions/checkout@v4
if: github.event_name == 'pull_request'
with:
ref: ${{ steps.branch-name.outputs.head_ref_branch }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
fetch-depth: 1

- name: Checkout repo 🛎
uses: actions/checkout@v4
if: github.event_name != 'pull_request'
with:
ref: ${{ steps.branch-name.outputs.head_ref_branch }}
fetch-depth: 1

- name: Check commit message 💬
run: |
git config --global --add safe.directory $(pwd)
export head_commit_message="$(git show -s --format=%B | tr '\r\n' ' ' | tr '\n' ' ')"
echo "head_commit_message = $head_commit_message"
if [[ $head_commit_message == *"$SKIP_INSTRUCTION"* ]]; then
echo "Skip instruction detected - cancelling the workflow."
curl -s -LJ -o gh.tar.gz https://github.com/cli/cli/releases/download/v${GH_CLI_VERSION}/gh_${GH_CLI_VERSION}_linux_amd64.tar.gz
tar -xzf gh.tar.gz --strip-components 2
./gh version
./gh run cancel ${{ github.run_id }}
./gh run watch ${{ github.run_id }}
fi
shell: bash
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_CLI_VERSION: 2.44.1
SKIP_INSTRUCTION: "[skip audit]"

- name: Normalize inputs 🛠️
id: normalizer
Expand Down
22 changes: 20 additions & 2 deletions .github/workflows/bioccheck.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,8 +69,7 @@ jobs:
name: ${{ matrix.config.image }}, version ${{ matrix.config.tag }}
runs-on: ubuntu-latest
if: >
!contains(github.event.commits[0].message, '[skip bioccheck]')
&& contains(inputs.enable-bioccheck, 'true')
contains(inputs.enable-bioccheck, 'true')
&& github.event.pull_request.draft == false
container:
image: ${{ matrix.config.image }}:${{ matrix.config.tag }}
Expand Down Expand Up @@ -107,6 +106,25 @@ jobs:
ref: ${{ steps.branch-name.outputs.head_ref_branch }}
path: ${{ github.event.repository.name }}

- name: Check commit message 💬
run: |
git config --global --add safe.directory $(pwd)
export head_commit_message="$(git show -s --format=%B | tr '\r\n' ' ' | tr '\n' ' ')"
echo "head_commit_message = $head_commit_message"
if [[ $head_commit_message == *"$SKIP_INSTRUCTION"* ]]; then
echo "Skip instruction detected - cancelling the workflow."
curl -s -LJ -o gh.tar.gz https://github.com/cli/cli/releases/download/v${GH_CLI_VERSION}/gh_${GH_CLI_VERSION}_linux_amd64.tar.gz
tar -xzf gh.tar.gz --strip-components 2
./gh version
./gh run cancel ${{ github.run_id }}
./gh run watch ${{ github.run_id }}
fi
shell: bash
env:
GH_TOKEN: ${{ steps.github-token.outputs.token }}
GH_CLI_VERSION: 2.44.1
SKIP_INSTRUCTION: "[skip bioccheck]"

- name: Restore SD cache 💰
uses: actions/cache@v4
with:
Expand Down
68 changes: 46 additions & 22 deletions .github/workflows/build-check-install.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -184,8 +184,7 @@ jobs:
name: ${{ matrix.config.image }}, version ${{ matrix.config.tag }}
runs-on: ubuntu-latest
if: >
!contains(github.event.commits[0].message, '[skip r-cmd]')
&& github.event.pull_request.draft == false
github.event.pull_request.draft == false
container:
image: ${{ matrix.config.image }}:${{ matrix.config.tag }}
outputs:
Expand All @@ -212,6 +211,51 @@ jobs:
id: branch-name
uses: tj-actions/branch-names@v7

- name: Checkout repo (PR) 🛎
uses: actions/checkout@v4
if: github.event_name == 'pull_request'
with:
ref: ${{ steps.branch-name.outputs.head_ref_branch }}
path: ${{ github.event.repository.name }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
# When fetch-depth is set to 1 (default), and if additional commits are added
# to the branch between this step and the 'Set TESTING_DEPTH' step, git might fail
# referencing ${{ github.event.after }} commit
# because it's not the latest commit fetched by this step.
fetch-depth: 0

- name: Checkout repo 🛎
uses: actions/checkout@v4
if: github.event_name != 'pull_request'
with:
ref: ${{ steps.branch-name.outputs.head_ref_branch }}
path: ${{ github.event.repository.name }}

# - name: Check commit message 💬
# run: |
# git config --global --add safe.directory $(pwd)
# export head_commit_message="$(git show -s --format=%B | tr '\r\n' ' ' | tr '\n' ' ')"
# echo "head_commit_message = $head_commit_message"
# if [[ $head_commit_message == *"$SKIP_INSTRUCTION"* ]]; then
# echo "Skip instruction detected - cancelling the workflow."
# curl -s -LJ -o gh.tar.gz https://github.com/cli/cli/releases/download/v${GH_CLI_VERSION}/gh_${GH_CLI_VERSION}_linux_amd64.tar.gz
# tar -xzf gh.tar.gz --strip-components 2
# ./gh version
# ./gh run cancel ${{ github.run_id }}
# ./gh run watch ${{ github.run_id }}
# fi
# shell: bash
# env:
# GH_TOKEN: ${{ steps.github-token.outputs.token }}
# GH_CLI_VERSION: 2.44.1
# SKIP_INSTRUCTION: "[skip r-cmd]"

- name: Check commit message 💬
uses: ./check-commit-message
with:
gh-token: ${{ steps.github-token.outputs.token }}
skip-instruction: "[skip r-cmd]"

- name: Checkout gh-pages 🛎
if: >-
inputs.publish-unit-test-report-gh-pages == true
Expand Down Expand Up @@ -295,26 +339,6 @@ jobs:
run: npm i -g xunit-viewer
shell: bash

- name: Checkout repo (PR) 🛎
uses: actions/checkout@v4
if: github.event_name == 'pull_request'
with:
ref: ${{ steps.branch-name.outputs.head_ref_branch }}
path: ${{ github.event.repository.name }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
# When fetch-depth is set to 1 (default), and if additional commits are added
# to the branch between this step and the 'Set TESTING_DEPTH' step, git might fail
# referencing ${{ github.event.after }} commit
# because it's not the latest commit fetched by this step.
fetch-depth: 0

- name: Checkout repo 🛎
uses: actions/checkout@v4
if: github.event_name != 'pull_request'
with:
ref: ${{ steps.branch-name.outputs.head_ref_branch }}
path: ${{ github.event.repository.name }}

- name: Restore SD cache 💰
if: inputs.install-deps-from-package-repositories == ''
uses: actions/cache@v4
Expand Down
38 changes: 38 additions & 0 deletions .github/workflows/check-commit-message/action.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
name: 'Check commit message'
inputs:
gh-cli-version:
description: 'GitHub CLI version'
required: true
default: '2.44.1'
skip-instruction:
description: 'Skip instruction'
required: true
default: ''
github-token:
description: 'GitHub token'
required: true
default: ''
runs:
using: "composite"
steps:
- name: Check commit message 💬
run: |
git config --global --add safe.directory $(pwd)
export head_commit_message="$(git show -s --format=%B | tr '\r\n' ' ' | tr '\n' ' ')"
echo "head_commit_message = $head_commit_message"
if [[ $head_commit_message == *"$SKIP_INSTRUCTION"* ]]; then
echo "Skip instruction detected - cancelling the workflow."
curl -s -LJ -o gh.tar.gz https://github.com/cli/cli/releases/download/v${GH_CLI_VERSION}/gh_${GH_CLI_VERSION}_linux_amd64.tar.gz
tar -xzf gh.tar.gz --strip-components 2
./gh version
./gh run cancel ${{ github.run_id }}
./gh run watch ${{ github.run_id }}
else
echo "Skip instruction not detected - continuing the workflow."
fi
shell: bash
env:
GH_TOKEN: ${{ inputs.github-token }}
GH_CLI_VERSION: ${{ inputs.gh-cli-version }}
SKIP_INSTRUCTION: ${{ inputs.skip-instruction }}

74 changes: 70 additions & 4 deletions .github/workflows/gitleaks.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,11 +36,44 @@ jobs:
name: gitleaks 💧
runs-on: ubuntu-latest
if: >
!contains(github.event.commits[0].message, '[skip gitleaks]')
&& github.event.pull_request.draft == false
github.event.pull_request.draft == false
steps:
- name: Get branch names 🌿
id: branch-name
uses: tj-actions/branch-names@v7

- name: Checkout repo (PR) 🛎
uses: actions/checkout@v4
if: github.event_name == 'pull_request'
with:
ref: ${{ steps.branch-name.outputs.head_ref_branch }}
repository: ${{ github.event.pull_request.head.repo.full_name }}

- name: Checkout repo 🛎
uses: actions/checkout@v4
if: github.event_name != 'pull_request'
with:
ref: ${{ steps.branch-name.outputs.head_ref_branch }}

- name: Check commit message 💬
run: |
git config --global --add safe.directory $(pwd)
export head_commit_message="$(git show -s --format=%B | tr '\r\n' ' ' | tr '\n' ' ')"
echo "head_commit_message = $head_commit_message"
if [[ $head_commit_message == *"$SKIP_INSTRUCTION"* ]]; then
echo "Skip instruction detected - cancelling the workflow."
curl -s -LJ -o gh.tar.gz https://github.com/cli/cli/releases/download/v${GH_CLI_VERSION}/gh_${GH_CLI_VERSION}_linux_amd64.tar.gz
tar -xzf gh.tar.gz --strip-components 2
./gh version
./gh run cancel ${{ github.run_id }}
./gh run watch ${{ github.run_id }}
fi
shell: bash
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_CLI_VERSION: 2.44.1
SKIP_INSTRUCTION: "[skip gitleaks]"

- name: Download and install gitleaks 💧
run: |
Expand All @@ -65,15 +98,48 @@ jobs:
name: PII Check 💳
runs-on: ubuntu-latest
if: >
!contains(github.event.commits[0].message, '[skip pii-check]')
&& github.event.pull_request.draft == false
github.event.pull_request.draft == false
&& inputs.check-for-pii == true
steps:
- name: Get branch names 🌿
id: branch-name
uses: tj-actions/branch-names@v7

- name: Checkout repo (PR) 🛎
uses: actions/checkout@v4
if: github.event_name == 'pull_request'
with:
ref: ${{ steps.branch-name.outputs.head_ref_branch }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
fetch-depth: 0

- name: Checkout repo 🛎
uses: actions/checkout@v4
if: github.event_name != 'pull_request'
with:
ref: ${{ steps.branch-name.outputs.head_ref_branch }}
fetch-depth: 0

- name: Check commit message 💬
run: |
git config --global --add safe.directory $(pwd)
export head_commit_message="$(git show -s --format=%B | tr '\r\n' ' ' | tr '\n' ' ')"
echo "head_commit_message = $head_commit_message"
if [[ $head_commit_message == *"$SKIP_INSTRUCTION"* ]]; then
echo "Skip instruction detected - cancelling the workflow."
curl -s -LJ -o gh.tar.gz https://github.com/cli/cli/releases/download/v${GH_CLI_VERSION}/gh_${GH_CLI_VERSION}_linux_amd64.tar.gz
tar -xzf gh.tar.gz --strip-components 2
./gh version
./gh run cancel ${{ github.run_id }}
./gh run watch ${{ github.run_id }}
fi
shell: bash
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_CLI_VERSION: 2.44.1
SKIP_INSTRUCTION: "[skip pii-check]"

- name: Run Presidio to check for PII ☔
uses: insightsengineering/presidio-action@v1
with:
Expand Down
37 changes: 35 additions & 2 deletions .github/workflows/licenses.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,44 @@ jobs:
runs-on: ubuntu-latest
name: Check 🚩
if: >
!contains(github.event.commits[0].message, '[skip licenses]')
&& github.event.pull_request.draft == false
github.event.pull_request.draft == false
steps:
- name: Get branch names 🌿
id: branch-name
uses: tj-actions/branch-names@v7

- name: Checkout repo (PR) 🛎
uses: actions/checkout@v4
if: github.event_name == 'pull_request'
with:
ref: ${{ steps.branch-name.outputs.head_ref_branch }}
repository: ${{ github.event.pull_request.head.repo.full_name }}

- name: Checkout repo 🛎
uses: actions/checkout@v4
if: github.event_name != 'pull_request'
with:
ref: ${{ steps.branch-name.outputs.head_ref_branch }}

- name: Check commit message 💬
run: |
git config --global --add safe.directory $(pwd)
export head_commit_message="$(git show -s --format=%B | tr '\r\n' ' ' | tr '\n' ' ')"
echo "head_commit_message = $head_commit_message"
if [[ $head_commit_message == *"$SKIP_INSTRUCTION"* ]]; then
echo "Skip instruction detected - cancelling the workflow."
curl -s -LJ -o gh.tar.gz https://github.com/cli/cli/releases/download/v${GH_CLI_VERSION}/gh_${GH_CLI_VERSION}_linux_amd64.tar.gz
tar -xzf gh.tar.gz --strip-components 2
./gh version
./gh run cancel ${{ github.run_id }}
./gh run watch ${{ github.run_id }}
fi
shell: bash
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_CLI_VERSION: 2.44.1
SKIP_INSTRUCTION: "[skip licenses]"

- name: Generate license report 📜
uses: insightsengineering/r-license-report@v1
Expand Down
Loading

0 comments on commit dcf5419

Please sign in to comment.