From 943bca30a6594fc9ae7b6dfadbc1525cc935dac0 Mon Sep 17 00:00:00 2001 From: Kevin Duret Date: Mon, 19 Aug 2024 14:28:00 +0200 Subject: [PATCH] chore(ci): enable shellcheck and integrate check-status workflow (#1579) --- .github/workflows/actionlint.yml | 35 +++++---- .github/workflows/check-status.yml | 103 ++++++++++++++++++++++++++ gorgone/packaging/centreon-audit.yaml | 1 - 3 files changed, 124 insertions(+), 15 deletions(-) create mode 100644 .github/workflows/check-status.yml diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml index e9b57c04346..1966692a01a 100644 --- a/.github/workflows/actionlint.yml +++ b/.github/workflows/actionlint.yml @@ -5,6 +5,7 @@ concurrency: cancel-in-progress: true on: + workflow_dispatch: pull_request: branches: - develop @@ -15,38 +16,45 @@ on: - release-* paths: - ".github/**" + - "**/packaging/*.ya?ml" jobs: - actionlint: - runs-on: ubuntu-22.04 + action-lint: + runs-on: ubuntu-24.04 steps: - name: Checkout sources uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Download actionlint id: get_actionlint - run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) + run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/v1.7.1/scripts/download-actionlint.bash) shell: bash - name: Check workflow files + env: + SHELLCHECK_OPTS: "--severity=error" run: | ${{ steps.get_actionlint.outputs.executable }} \ - -ignore 'label "(common|collect|collect-arm64)" is unknown' \ - -ignore 'label "veracode" is unknown' \ - -ignore '"github.head_ref" is potentially untrusted' \ - -shellcheck= \ - -pyflakes= \ - -color + -ignore 'label "ubuntu-24.04" is unknown' \ + -ignore 'label "(common|collect|collect-arm64)" is unknown' \ + -ignore 'label "veracode" is unknown' \ + -ignore '"github.head_ref" is potentially untrusted' \ + -pyflakes= \ + -color shell: bash + yaml-lint: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Checkout sources uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 + with: + python-version: '3.12' + - name: Install Yaml - run: | - pip install yamllint==1.32.0 + run: pip install yamllint==1.35.1 - name: Add Yaml Lint Rules run: | @@ -73,5 +81,4 @@ jobs: EOF - name: Lint YAML files - run: | - yamllint -c ./yamllint_rules.yml ./.github/actions/ ./.github/workflows/ + run: yamllint -c ./yamllint_rules.yml ./.github/actions/ ./.github/workflows/ ./**/packaging/ diff --git a/.github/workflows/check-status.yml b/.github/workflows/check-status.yml new file mode 100644 index 00000000000..36799865754 --- /dev/null +++ b/.github/workflows/check-status.yml @@ -0,0 +1,103 @@ +name: check-status + +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +on: + pull_request: + branches: + - develop + - dev-[2-9][0-9].[0-9][0-9].x + - master + - "[2-9][0-9].[0-9][0-9].x" + - hotfix-* + - release-* + +jobs: + check-status: + runs-on: ubuntu-24.04 + steps: + - name: Check workflow statuses and display token usage + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + echo "current rest api rate usage:" + curl -s -H "Accept: application/vnd.github+json" -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/rate_limit | jq .rate + echo "" + echo "" + echo "current graphql rate usage:" + curl -s -H "Accept: application/vnd.github+json" -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/rate_limit | jq .resources.graphql + echo "" + echo "" + + - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + PR_NUMBER: ${{ github.event.number }} + with: + script: | + await exec.exec("sleep 20s"); + + for (let i = 0; i < 60; i++) { + const failure = []; + const cancelled = []; + const pending = []; + + const result = await github.rest.checks.listSuitesForRef({ + owner: context.repo.owner, + repo: context.repo.repo, + ref: "${{ github.event.pull_request.head.sha }}" + }); + result.data.check_suites.forEach(({ app: { slug }, conclusion, id}) => { + if (slug === 'github-actions') { + if (conclusion === 'failure' || conclusion === 'cancelled') { + failure.push(id); + } else if (conclusion === null) { + pending.push(id); + } + console.log(`check suite ${id} => ${conclusion === null ? 'pending' : conclusion}`); + } + }); + + if (pending.length === 0) { + core.setFailed("Cannot get pull request check status"); + return; + } + + if (failure.length > 0) { + let failureMessage = ''; + const failedCheckRuns = []; + for await (const suite_id of failure) { + const resultCheckRuns = await github.rest.checks.listForSuite({ + owner: context.repo.owner, + repo: context.repo.repo, + check_suite_id: suite_id + }); + + resultCheckRuns.data.check_runs.forEach(({ conclusion, name, html_url }) => { + if (conclusion === 'failure' || conclusion === 'cancelled') { + failedCheckRuns.push(`${name} (${conclusion})`); + } + }); + } + + core.summary.addRaw(`${failedCheckRuns.length} job(s) failed:`, true) + core.summary.addList(failedCheckRuns); + core.summary.write() + + core.setFailed(`${failure.length} workflow(s) failed`); + return; + } + + if (pending.length === 1) { + core.info("All workflows are ok"); + return; + } + + core.info(`${pending.length} workflows in progress`); + + await exec.exec("sleep 30s"); + } + + core.setFailed("Timeout: some jobs are still in progress"); diff --git a/gorgone/packaging/centreon-audit.yaml b/gorgone/packaging/centreon-audit.yaml index 852f0f85fda..ae0f8c96c62 100644 --- a/gorgone/packaging/centreon-audit.yaml +++ b/gorgone/packaging/centreon-audit.yaml @@ -3,4 +3,3 @@ gorgone: - name: audit package: "gorgone::modules::centreon::audit::hooks" enable: true -