Bump github/codeql-action from 2.1.6 to 3.27.4 #513
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # build the ci image with cache , which can improve workflow execution time | |
| # it is trigger by pr and cache-cleaner workflow | |
| # build image like: ghcr.io/weizhoublue/github-action-test/controllerimage-ci:{commitId} | |
| name: Auto Build Image CI | |
| env: | |
| ONLINE_REGISTER: ghcr.io | |
| BUILD_PLATFORM: linux/amd64,linux/arm64 | |
| ONLINE_REGISTER_USER: ${{ github.actor }} | |
| ONLINE_REGISTER_PASSWORD: ${{ secrets.GITHUB_TOKEN }} | |
| # Any change in triggers needs to be reflected in the concurrency group. | |
| on: | |
| # called by PR and not push image | |
| pull_request_target: | |
| types: | |
| - opened | |
| - synchronize | |
| - reopened | |
| # called by PR and not push image | |
| push: | |
| branches: | |
| - main | |
| - release-* | |
| # auto triggered by another workflow | |
| workflow_run: | |
| workflows: | |
| - "Auto Clean CI Cache" | |
| branches: | |
| - main | |
| - release-* | |
| types: | |
| - completed | |
| # called by daily build and push image | |
| workflow_call: | |
| inputs: | |
| ref: | |
| required: true | |
| type: string | |
| push: | |
| required: true | |
| type: string | |
| outputs: | |
| imageTag: | |
| description: "tag of image ci" | |
| value: ${{ jobs.build_and_push_prs.outputs.imageTag }} | |
| # if not , pull_request_target and push will trigger 2 at the same time | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.after }} | |
| cancel-in-progress: true | |
| jobs: | |
| # filter changes base filt path , so can do less thing | |
| filter_changes: | |
| name: Deduce required tests from code changes | |
| runs-on: ubuntu-latest | |
| outputs: | |
| build: ${{ steps.result.outputs.result }} | |
| steps: | |
| - name: Checkout code | |
| if: ${{ github.event_name == 'pull_request_target' || github.event_name == 'push' }} | |
| uses: actions/checkout@v2 | |
| with: | |
| persist-credentials: false | |
| # https://github.com/dorny/paths-filter | |
| - name: Check code changes | |
| if: ${{ github.event_name == 'pull_request_target' || github.event_name == 'push' }} | |
| uses: dorny/[email protected] | |
| id: go-changes | |
| with: | |
| base: ${{ github.event.pull_request.base.sha }} | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| filters: | | |
| src: | |
| - api/** | |
| - cmd/** | |
| - contrib/** | |
| - images/** | |
| - pkg/** | |
| - test/** | |
| - tools/** | |
| - vendor/** | |
| - 'go.sum' | |
| - 'go.mod' | |
| - name: Result | |
| id: result | |
| run: | | |
| if ${{ github.event_name != 'pull_request_target' && github.event_name != 'push' }} ; then | |
| echo ::set-output name=result::true | |
| else | |
| echo ::set-output name=result::${{ steps.go-changes.outputs.src }} | |
| fi | |
| build_and_push_prs: | |
| runs-on: ubuntu-latest | |
| # run if filters.src was changed | |
| needs: filter_changes | |
| if: ${{ needs.filter_changes.outputs.build == 'true' }} | |
| outputs: | |
| imageTag: ${{ steps.tag.outputs.tag }} | |
| strategy: | |
| matrix: | |
| include: | |
| # for each image | |
| - name: controllerimage | |
| dockerfile: ./images/controllerimage/Dockerfile | |
| # root path of this project | |
| context: ./ | |
| steps: | |
| - name: Set up Docker Buildx | |
| uses: docker/[email protected] | |
| - name: Login to online register | |
| uses: docker/[email protected] | |
| with: | |
| username: ${{ env.ONLINE_REGISTER_USER }} | |
| password: ${{ env.ONLINE_REGISTER_PASSWORD }} | |
| registry: ${{ env.ONLINE_REGISTER }} | |
| # commit sha is used for image tag | |
| - name: Getting image tag | |
| id: tag | |
| run: | | |
| if ${{ inputs.ref != '' }}; then | |
| echo "trigger by workflow_call" | |
| echo ::set-output name=tag::${{ inputs.ref }} | |
| echo ::set-output name=push::${{ inputs.push }} | |
| elif ${{ github.event_name == 'push' }} ; then | |
| echo "trigger by push" | |
| echo ::set-output name=tag::${{ github.sha }} | |
| echo ::set-output name=push::false | |
| elif ${{ github.event_name == 'pull_request_target' }} ; then | |
| echo "trigger by pull_request_target" | |
| echo ::set-output name=tag::${{ github.event.pull_request.head.sha }} | |
| echo ::set-output name=push::false | |
| elif ${{ github.event_name == 'workflow_run' }} ; then | |
| echo "trigger by workflow_run" | |
| echo ::set-output name=tag::main | |
| echo ::set-output name=push::false | |
| else | |
| echo "trigger by ${{ github.event_name }}" | |
| echo ::set-output name=tag::${{ github.sha }} | |
| echo ::set-output name=push::false | |
| fi | |
| # checkout the changed code | |
| - name: Checkout Source Code | |
| uses: actions/checkout@v2 | |
| with: | |
| persist-credentials: false | |
| ref: ${{ steps.tag.outputs.tag }} | |
| - name: Getting Build Arg | |
| id: arg | |
| continue-on-error: false | |
| run: | | |
| GIT_COMMIT_VERSION=$( git show -s --format='format:%H') | |
| GIT_COMMIT_TIME=$( git show -s --format='format:%aI') | |
| echo ::set-output name=commitver::${GIT_COMMIT_VERSION} | |
| echo ::set-output name=committime::${GIT_COMMIT_TIME} | |
| # ============= get cache =========== | |
| # Load Golang cache build from GitHub | |
| # Cache dependencies and build outputs in GitHub Actions | |
| # the github will keep the cache for 7 days at most | |
| # we could see cache-hit result for this step | |
| - name: Load ${{ matrix.name }} Golang cache build from GitHub | |
| uses: actions/[email protected] | |
| id: cache | |
| with: | |
| # if find the cache mapping to "key" , will restore to "path" | |
| # when the key doesn't match an existing cache. A list of restore-keys is useful when you are restoring a cache from another branch | |
| path: /tmp/.cache/${{ matrix.name }} | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}-${{ matrix.name }}-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}-${{ matrix.name }}- | |
| ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}- | |
| ${{ runner.os }}-go- | |
| - name: Create ${{ matrix.name }} cache directory | |
| if: ${{ steps.cache.outputs.cache-hit != 'true' }} | |
| shell: bash | |
| run: | | |
| mkdir -p /tmp/.cache/${{ matrix.name }} | |
| # Import GitHub's cache build to docker cache | |
| - name: Copy ${{ matrix.name }} Golang cache to docker cache | |
| uses: docker/[email protected] | |
| with: | |
| context: /tmp/.cache/${{ matrix.name }} | |
| # github-token: ${{ secrets.WELAN_PAT }} | |
| file: ./images/cache/Dockerfile | |
| push: false | |
| platforms: linux/amd64 | |
| target: import-cache | |
| # ========== main branch pushes , build 2 images | |
| # build normal image | |
| - name: CI Build ${{ matrix.name }} | |
| if: ${{ github.event_name != 'pull_request_target' }} | |
| uses: docker/[email protected] | |
| continue-on-error: false | |
| id: docker_build_ci_master | |
| with: | |
| context: . | |
| file: ${{ matrix.dockerfile }} | |
| # Only push when the event name was a GitHub push, this is to avoid | |
| # re-pushing the image tags when we only want to re-create the Golang | |
| # docker cache after the workflow "Image CI Cache Cleaner" was terminated. | |
| push: ${{ steps.tag.outputs.push }} | |
| platforms: linux/amd64,linux/arm64 | |
| # github-token: ${{ secrets.WELAN_PAT }} | |
| tags: | | |
| ${{ env.ONLINE_REGISTER }}/${{ github.repository }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }} | |
| build-args: | | |
| GIT_COMMIT_VERSION=${{ steps.arg.outputs.commitver }} | |
| GIT_COMMIT_TIME=${{ steps.arg.outputs.committime }} | |
| VERSION=${{ steps.tag.outputs.tag }} | |
| # build debug image who turn on race and deadlock detection | |
| - name: CI race detection Build ${{ matrix.name }} | |
| if: ${{ github.event_name != 'pull_request_target' }} | |
| uses: docker/[email protected] | |
| continue-on-error: false | |
| id: docker_build_ci_master_detect_race_condition | |
| with: | |
| context: . | |
| file: ${{ matrix.dockerfile }} | |
| # Only push when the event name was a GitHub push, this is to avoid | |
| # re-pushing the image tags when we only want to re-create the Golang | |
| # docker cache after the workflow "Image CI Cache Cleaner" was terminated. | |
| push: ${{ steps.tag.outputs.push }} | |
| platforms: linux/amd64 | |
| # github-token: ${{ secrets.WELAN_PAT }} | |
| tags: | | |
| ${{ env.ONLINE_REGISTER }}/${{ github.repository }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-race | |
| build-args: | | |
| RACE=1 | |
| GIT_COMMIT_VERSION=${{ steps.arg.outputs.commitver }} | |
| GIT_COMMIT_TIME=${{ steps.arg.outputs.committime }} | |
| VERSION=${{ steps.tag.outputs.tag }} | |
| - name: CI Image Releases digests | |
| if: ${{ github.event_name != 'pull_request_target' }} | |
| shell: bash | |
| run: | | |
| mkdir -p image-digest/ | |
| echo "${{ env.ONLINE_REGISTER }}/${{ github.repository }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_ci_master.outputs.digest }}" > image-digest/${{ matrix.name }}.txt | |
| echo "${{ env.ONLINE_REGISTER }}/${{ github.repository }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-race@${{ steps.docker_build_ci_master_detect_race_condition.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt | |
| # =========== trigger by PR updates , build 2 images | |
| - name: CI Build ${{ matrix.name }} | |
| if: ${{ github.event_name == 'pull_request_target' }} | |
| uses: docker/[email protected] | |
| continue-on-error: false | |
| id: docker_build_ci_pr | |
| with: | |
| context: . | |
| file: ${{ matrix.dockerfile }} | |
| push: ${{ steps.tag.outputs.push }} | |
| platforms: linux/amd64,linux/arm64 | |
| # github-token: ${{ secrets.WELAN_PAT }} | |
| tags: | | |
| ${{ env.ONLINE_REGISTER }}/${{ github.repository }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }} | |
| build-args: | | |
| GIT_COMMIT_VERSION=${{ steps.arg.outputs.commitver }} | |
| GIT_COMMIT_TIME=${{ steps.arg.outputs.committime }} | |
| VERSION=${{ steps.tag.outputs.tag }} | |
| - name: CI race detection Build ${{ matrix.name }} | |
| if: ${{ github.event_name == 'pull_request_target' }} | |
| uses: docker/[email protected] | |
| continue-on-error: false | |
| id: docker_build_ci_pr_detect_race_condition | |
| with: | |
| context: . | |
| file: ${{ matrix.dockerfile }} | |
| push: ${{ steps.tag.outputs.push }} | |
| platforms: linux/amd64 | |
| # github-token: ${{ secrets.WELAN_PAT }} | |
| tags: | | |
| ${{ env.ONLINE_REGISTER }}/${{ github.repository }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-race | |
| build-args: | | |
| RACE=1 | |
| GIT_COMMIT_VERSION=${{ steps.arg.outputs.commitver }} | |
| GIT_COMMIT_TIME=${{ steps.arg.outputs.committime }} | |
| VERSION=${{ steps.tag.outputs.tag }} | |
| - name: CI Image Releases digests | |
| if: ${{ github.event_name == 'pull_request_target' }} | |
| shell: bash | |
| run: | | |
| mkdir -p image-digest/ | |
| echo "${{ env.ONLINE_REGISTER }}/${{ github.repository }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_ci_pr.outputs.digest }}" > image-digest/${{ matrix.name }}.txt | |
| echo "${{ env.ONLINE_REGISTER }}/${{ github.repository }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-race@${{ steps.docker_build_ci_pr_detect_race_condition.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt | |
| # ============ Upload artifact digests | |
| - name: Upload artifact digests | |
| uses: actions/[email protected] | |
| with: | |
| name: image-digest ${{ matrix.name }} | |
| path: image-digest | |
| retention-days: 1 | |
| # ============= restore cache =========== | |
| # Store docker's golang's cache build locally only on the main branch | |
| - name: Store ${{ matrix.name }} Golang cache build locally | |
| if: ${{ github.event_name != 'pull_request_target' && steps.cache.outputs.cache-hit != 'true' }} | |
| uses: docker/[email protected] | |
| with: | |
| context: . | |
| file: ./images/cache/Dockerfile | |
| push: false | |
| outputs: type=local,dest=/tmp/docker-cache-${{ matrix.name }} | |
| platforms: linux/amd64 | |
| target: export-cache | |
| # Store docker's golang's cache build locally only on the main branch | |
| - name: Store ${{ matrix.name }} Golang cache in GitHub cache path | |
| if: ${{ github.event_name != 'pull_request_target' && steps.cache.outputs.cache-hit != 'true' }} | |
| shell: bash | |
| run: | | |
| mkdir -p /tmp/.cache/${{ matrix.name }}/ | |
| if [ -f /tmp/docker-cache-${{ matrix.name }}/tmp/go-build-cache.tar.gz ]; then | |
| cp /tmp/docker-cache-${{ matrix.name }}/tmp/go-build-cache.tar.gz /tmp/.cache/${{ matrix.name }}/ | |
| fi | |
| if [ -f /tmp/docker-cache-${{ matrix.name }}/tmp/go-pkg-cache.tar.gz ]; then | |
| cp /tmp/docker-cache-${{ matrix.name }}/tmp/go-pkg-cache.tar.gz /tmp/.cache/${{ matrix.name }}/ | |
| fi | |
| image-digests: | |
| name: Display Digests | |
| runs-on: ubuntu-latest | |
| needs: build_and_push_prs | |
| steps: | |
| - name: Downloading Image Digests | |
| shell: bash | |
| run: | | |
| mkdir -p image-digest/ | |
| - name: Download digests of all images built | |
| uses: actions/[email protected] | |
| with: | |
| path: image-digest/ | |
| - name: Image Digests Output | |
| shell: bash | |
| run: | | |
| cd image-digest/ | |
| find -type f | sort | xargs -d '\n' cat |