Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tooling: GitHub workflow updates #1197

Merged
merged 2 commits into from
Sep 21, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
File renamed without changes.
45 changes: 0 additions & 45 deletions .github/workflows/acctest-oidc.yaml

This file was deleted.

4 changes: 4 additions & 0 deletions .github/workflows/depscheck.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,7 @@ jobs:
- run: bash scripts/gogetcookie.sh
- run: make tools
- run: make depscheck

save-artifacts-on-fail:
if: ${{ needs.depscheck.result }} == 'failure'
uses: ./.github/workflows/save-artifacts.yaml
4 changes: 4 additions & 0 deletions .github/workflows/docs-lint.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,7 @@ jobs:
- run: bash scripts/gogetcookie.sh
- run: make tools
- run: make docs-lint

save-artifacts-on-fail:
if: ${{ needs.docs-lint.result }} == 'failure'
uses: ./.github/workflows/save-artifacts.yaml
4 changes: 4 additions & 0 deletions .github/workflows/golint.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,7 @@ jobs:
with:
version: 'v1.50.1'
args: -v

save-artifacts-on-fail:
if: ${{ needs.golint.result }} == 'failure'
uses: ./.github/workflows/save-artifacts.yaml
23 changes: 23 additions & 0 deletions .github/workflows/increment-milestone.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
---
name: Increment Milestone

on:
push:
tags:
- 'v*.*.*'

permissions:
issues: write
contents: read

jobs:
increment-milestone:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
with:
fetch-depth: 0

- name: "Increment Milestone"
shell: bash
run: bash ./scripts/increment-milestone.sh -u https://api.github.com/repos${{ github.owner }}/${{ github.repository }}/milestones -r ${{github.ref_name}} -t ${{secrets.GITHUB_TOKEN}}
45 changes: 25 additions & 20 deletions .github/workflows/issue-comment-created.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,28 +10,33 @@ permissions:
issues: write

jobs:
issue_comment_triage:
runs-on: ubuntu-latest
steps:
- uses: actions-ecosystem/action-remove-labels@2ce5d41b4b6aa8503e285553f75ed56e0a40bae0 # v1.3.0
with:
github_token: "${{ secrets.GITHUB_TOKEN }}"
labels: stale
- uses: actions-ecosystem/action-remove-labels@2ce5d41b4b6aa8503e285553f75ed56e0a40bae0 # v1.3.0
if: ${{ !github.event.issue.pull_request }}
with:
github_token: "${{ secrets.GITHUB_TOKEN }}"
labels: waiting-response
- uses: actions-ecosystem/action-remove-labels@2ce5d41b4b6aa8503e285553f75ed56e0a40bae0 # v1.3.0
if: (github.event.issue.pull_request && github.actor == github.event.issue.user.login)
with:
github_token: "${{ secrets.GITHUB_TOKEN }}"
labels: waiting-response
remove-stale:
uses: ./.github/workflows/remove-issue-label.yaml
with:
label-name: "stale"

remove-waiting-response-from-issue:
uses: ./.github/workflows/remove-issue-label.yaml
if: ${{ !github.event.issue.pull_request }}
with:
label-name: "waiting-response"

remove-waiting-response-from-pr:
uses: ./.github/workflows/remove-issue-label.yaml
if: (github.event.issue.pull_request && github.actor == github.event.issue.user.login)
with:
label-name: "waiting-response"

pull_request_comment:
runs-on: ubuntu-latest
if: github.event.issue.pull_request && endsWith(github.event.comment.body, '/wr')
steps:
- shell: bash
run: |
curl -X POST -H "Accept: application/vnd.github+json" -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" "https://api.github.com/repos${{ github.owner }}/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels" -d '{"labels":["waiting-response"]}'
- uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
with:
script: |
github.rest.issues.addLabels({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
labels: ["waiting-response"]
})
2 changes: 1 addition & 1 deletion .github/workflows/issue-opened.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,5 +16,5 @@ jobs:
- uses: github/issue-labeler@98b5412841f6c4b0b3d9c29d53c13fad16bd7de2 # v3.2
with:
repo-token: "${{ secrets.GITHUB_TOKEN }}"
configuration-path: .github/labeler-issue-triage.yml
configuration-path: .github/labeler-issue-triage.yaml
enable-versioned-regex: 0
1 change: 1 addition & 0 deletions .github/workflows/link-milestone.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ jobs:
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version-file: .go-version

- run: |
go install github.com/stephybun/link-milestone@latest
link-milestone
Expand Down
88 changes: 88 additions & 0 deletions .github/workflows/provider-test.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
---
name: Provider Tests
on:
pull_request:
types: ["opened", "synchronize"]
paths:
- '.github/workflows/provider-test.yaml'
- 'internal/**.go'
- 'vendor/github.com/hashicorp/go-azure-sdk/sdk/auth/**'
- 'vendor/github.com/hashicorp/go-azure-sdk/sdk/environments/**'

permissions:
contents: read
id-token: write
pull-requests: read

jobs:
secrets-check:
runs-on: ubuntu-latest
outputs:
available: "${{ steps.check-secrets.outputs.available }}"
steps:
# we check for the ACTIONS_ID_TOKEN_REQUEST_URL variable as a proxy for other secrets
# it will be unset when running for a PR from a fork, in which case we don't run these tests
- id: check-secrets
run: |
if [[ "${ACTIONS_ID_TOKEN_REQUEST_URL}" == "" ]]; then
echo "available=false" | tee ${GITHUB_OUTPUT}
else
echo "available=true" | tee ${GITHUB_OUTPUT}
fi

provider-tests:
runs-on: [custom, linux, large]
needs: [secrets-check]
if: needs.secrets-check.outputs.available == 'true'
steps:
- name: Checkout
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0

- name: Install Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version-file: ./.go-version

- name: Azure CLI login
run: az login --output none --username="${{ secrets.AZCLI_USERNAME }}" --password="${{ secrets.AZCLI_PASSWORD }}"

- name: Set OIDC Token
run: |
echo "ARM_OIDC_TOKEN=$(curl -H "Accept: application/json; api-version=2.0" -H "Authorization: Bearer ${ACTIONS_ID_TOKEN_REQUEST_TOKEN}" -H "Content-Type: application/json" -G --data-urlencode "audience=api://AzureADTokenExchange" "${ACTIONS_ID_TOKEN_REQUEST_URL}" | jq -r '.value')" >>${GITHUB_ENV}

- name: Set OIDC Token File Path
run: echo "${ARM_OIDC_TOKEN}" >"${RUNNER_TEMP}/oidc-token.jwt" && echo "ARM_OIDC_TOKEN_FILE_PATH=${RUNNER_TEMP}/oidc-token.jwt" >>${GITHUB_ENV}

- name: Set Client ID Path
run: echo "${{ secrets.ARM_CLIENT_ID }}" >"${RUNNER_TEMP}/client-id" && echo "ARM_CLIENT_ID_PATH=${RUNNER_TEMP}/client-id" >>${GITHUB_ENV}

- name: Set Client Secret Path
run: echo "${{ secrets.ARM_CLIENT_SECRET }}" >"${RUNNER_TEMP}/client-secret" && echo "ARM_CLIENT_SECRET_PATH=${RUNNER_TEMP}/client-secret" >>${GITHUB_ENV}

- name: Set Client Certificate Path
run: echo "${{ secrets.ARM_CLIENT_CERTIFICATE }}" | base64 -d >"${RUNNER_TEMP}/client-certificate.pfx" && echo "ARM_CLIENT_CERTIFICATE_PATH=${RUNNER_TEMP}/client-certificate.pfx" >>${GITHUB_ENV}

- name: Run provider tests
run: make testacc TEST=./internal/provider TESTARGS="-run '^TestAcc'"
env:
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_CLIENT_CERTIFICATE: ${{ secrets.ARM_CLIENT_CERTIFICATE }}
ARM_CLIENT_CERTIFICATE_PASSWORD: ${{ secrets.ARM_CLIENT_CERTIFICATE_PASSWORD }}
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}

- name: Clean Up OIDC Token File Path
run: rm -f "${RUNNER_TEMP}/oidc-token.jwt"
if: always()

- name: Clean Up Client ID Path
run: rm -f "${RUNNER_TEMP}/client-id"
if: always()

- name: Clean Up Client Secret Path
run: rm -f "${RUNNER_TEMP}/client-secret"
if: always()

save-artifacts-on-fail:
if: ${{ needs.secrets-check.result }} == 'failure' || ${{ needs.provider-tests.result }} == 'failure'
uses: ./.github/workflows/save-artifacts.yaml
15 changes: 15 additions & 0 deletions .github/workflows/pull-request-new-commit.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
---
name: Pull Request New Commit

permissions:
pull-requests: write

on:
pull_request_target:
types: [synchronize]

jobs:
remove-waiting-response:
uses: ./.github/workflows/remove-issue-label.yaml
with:
label-name: "waiting-response"
55 changes: 55 additions & 0 deletions .github/workflows/pull-request-reviewed-workflow.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
---
name: "Pull Request Reviewed Workflow"

on:
workflow_run:
workflows:
- "Pull Request Reviewed"
types:
- completed

permissions:
pull-requests: write

jobs:
add-or-remove-waiting-response:
runs-on: ubuntu-latest
outputs:
ghrepo: ${{ steps.env_vars.outputs.ghrepo }}
ghowner: ${{ steps.env_vars.outputs.ghowner }}
prnumber: ${{ steps.env_vars.outputs.prnumber }}
action: ${{ steps.env_vars.outputs.action }}
artifact_outcome: ${{ steps.env_vars.outputs.artifact_outcome }}
steps:
- name: Get Artifact
id: get_artifact
continue-on-error: true
uses: dawidd6/action-download-artifact@246dbf436b23d7c49e21a7ab8204ca9ecd1fe615 # v2.27.0
with:
github_token: ${{secrets.GITHUB_TOKEN}}
workflow: pull-request-reviewed.yaml

- name: env_vars
id: env_vars
if: steps.get_artifact.outcome == 'success'
run: |
echo "ghrepo=$(cat artifact/ghrepo.txt)" >>${GITHUB_OUTPUT}
echo "ghowner=$(cat artifact/ghowner.txt)" >>${GITHUB_OUTPUT}
echo "prnumber=$(cat artifact/prnumber.txt)" >>${GITHUB_OUTPUT}
echo "action=$(cat artifact/action.txt)" >>${GITHUB_OUTPUT}
echo "artifact_outcome=success" >>${GITHUB_OUTPUT}

add-waiting-reponse:
needs: add-or-remove-waiting-response
runs-on: ubuntu-latest
if: needs.add-or-remove-waiting-response.outputs.artifact_outcome == 'success' && needs.add-or-remove-waiting-response.outputs.action == 'add-waiting-response'
steps:
- run: |
curl -X POST -H "Accept: application/vnd.github+json" -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" "https://api.github.com/repos${{ needs.add-or-remove-waiting-response.outputs.ghowner }}/${{ needs.add-or-remove-waiting-response.outputs.ghrepo }}/issues/${{ needs.add-or-remove-waiting-response.outputs.prnumber }}/labels" -d '{"labels":["waiting-response"]}'

remove-waiting-reponse:
needs: add-or-remove-waiting-response
if: needs.add-or-remove-waiting-response.outputs.artifact_outcome == 'success' && needs.add-or-remove-waiting-response.outputs.action == 'remove-waiting-response'
uses: ./.github/workflows/remove-issue-label.yaml
with:
label-name: "waiting-response"
38 changes: 38 additions & 0 deletions .github/workflows/pull-request-reviewed.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
---
name: "Pull Request Reviewed"

on:
pull_request_review:
types: [submitted]

permissions:
pull-requests: read

jobs:
add-or-remove-waiting-response:
runs-on: ubuntu-latest
steps:
- name: "Set Artifacts for add-waiting-response"
if: github.event.review.state != 'approved' && github.actor != github.event.pull_request.user.login
shell: bash
run: |
mkdir -p wr_actions
echo ${{ github.owner }} > wr_actions/ghowner.txt
echo ${{ github.repository }} > wr_actions/ghrepo.txt
echo ${{ github.event.pull_request.number }} > wr_actions/prnumber.txt
echo "add-waiting-response" > wr_actions/action.txt

- name: "Set Artifacts for remove-waiting-response"
if: github.actor == github.event.pull_request.user.login
shell: bash
run: |
mkdir -p wr_actions
echo ${{ github.owner }} > wr_actions/ghowner.txt
echo ${{ github.repository }} > wr_actions/ghrepo.txt
echo ${{ github.event.pull_request.number }} > wr_actions/prnumber.txt
echo "remove-waiting-response" > wr_actions/action.txt

- uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: artifact
path: wr_actions
3 changes: 2 additions & 1 deletion .github/workflows/pull-request.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,9 @@ jobs:
steps:
- uses: actions/labeler@ac9175f8a1f3625fd0d4fb234536d26811351594 # v4.3.0
with:
configuration-path: .github/labeler-pull-request-triage.yml
configuration-path: .github/labeler-pull-request-triage.yaml
repo-token: "${{ secrets.GITHUB_TOKEN }}"

- uses: CodelyTV/pr-size-labeler@54ef36785e9f4cb5ecf1949cfc9b00dbb621d761 # v1.8.1
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Expand Down
Loading