-
-
Notifications
You must be signed in to change notification settings - Fork 2
179 lines (161 loc) · 6.51 KB
/
ci.yml
File metadata and controls
179 lines (161 loc) · 6.51 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
---
name: CI
permissions: {}
on:
pull_request:
push:
branches:
- master
concurrency:
group: "${{ github.workflow }}-${{ github.ref }}"
cancel-in-progress: true
jobs:
generate-matrix:
permissions:
contents: read
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Build matrix with action paths
id: set-matrix
run: |
while IFS= read -r file; do
action_dir=$(dirname "$file")
# Remove ./actions/ prefix for friendly names
action_name="${action_dir#./actions/}"
jq --arg action "$action_name" '.[] | . + {action: $action}' "$file"
done < <(find . -name 'ci-matrix.json') | jq -s '.' > merged-matrix.json
echo "matrix=$(jq -c . merged-matrix.json)" >> "${GITHUB_OUTPUT}"
test:
name: ${{ format('{0} ({1}, {2})', matrix.action, matrix.runs-on, toJson(matrix.with)) }}
needs: generate-matrix
permissions:
contents: write # needed for setup_release action
runs-on: ${{ matrix.runs-on }}
container: ${{ matrix.container }}
strategy:
fail-fast: false
matrix:
include: ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Setup bash (Alpine)
shell: bash
run: |
if [ -f /etc/alpine-release ]; then
apk add --no-cache bash
fi
- name: Install sed (macOS)
if: runner.os == 'macOS'
shell: bash
run: |
if ! command -v gsed &> /dev/null; then
brew install gnu-sed
fi
HOMEBREW_PREFIX="${HOMEBREW_PREFIX:-/usr/local}" # set prefix if not set
echo "$HOMEBREW_PREFIX/opt/gnu-sed/libexec/gnubin" >> "${GITHUB_PATH}"
- name: Process variables in with parameters
id: process-with
env:
ENV_GH_BOT_NAME: ${{ vars.GH_BOT_NAME }}
ENV_GITHUB_EVENT_PR_NUMBER: ${{ github.event.pull_request.number }}
ENV_GITHUB_EVENT_REPO_HTML_URL: ${{ github.event.repository.html_url }}
ENV_GITHUB_EVENT_REPO_NAME: ${{ github.event.repository.name }}
SECRETS_FACEBOOK_ACCESS_TOKEN: ${{ secrets.FACEBOOK_ACCESS_TOKEN }}
SECRETS_FACEBOOK_PAGE_ID: ${{ secrets.FACEBOOK_PAGE_ID }}
SECRETS_GH_BOT_EMAIL: ${{ secrets.GH_BOT_EMAIL }}
SECRETS_GH_BOT_TOKEN: ${{ secrets.GH_BOT_TOKEN }}
SECRETS_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SECRETS_VIRUSTOTAL_API_KEY: ${{ secrets.VIRUSTOTAL_API_KEY }}
shell: bash
run: |
# Create a JSON with the original "with" parameters
echo '${{ toJson(matrix.with) }}' > with_params.json
# Process GitHub context variables using environment variables
sed -i \
-e "s|\${ github.repository }|${GITHUB_REPOSITORY}|g" \
-e "s|\${ github.ref_name }|${GITHUB_REF_NAME}|g" \
-e "s|\${ github.run_id }|${GITHUB_RUN_ID}|g" \
-e "s|\${ github.workspace }|${GITHUB_WORKSPACE}|g" \
-e "s|\${ runner.os }|${RUNNER_OS}|g" \
-e "s|\${ vars.GH_BOT_NAME }|${ENV_GH_BOT_NAME}|g" \
-e "s|\${ github.event.pull_request.number }|${ENV_GITHUB_EVENT_PR_NUMBER}|g" \
-e "s|\${ github.event.repository.html_url }|${ENV_GITHUB_EVENT_REPO_HTML_URL}|g" \
-e "s|\${ github.event.repository.name }|${ENV_GITHUB_EVENT_REPO_NAME}|g" \
-e "s|\${ secrets.FACEBOOK_ACCESS_TOKEN }|${SECRETS_FACEBOOK_ACCESS_TOKEN}|g" \
-e "s|\${ secrets.FACEBOOK_PAGE_ID }|${SECRETS_FACEBOOK_PAGE_ID}|g" \
-e "s|\${ secrets.GH_BOT_EMAIL }|${SECRETS_GH_BOT_EMAIL}|g" \
-e "s|\${ secrets.GH_BOT_TOKEN }|${SECRETS_GH_BOT_TOKEN}|g" \
-e "s|\${ secrets.GITHUB_TOKEN }|${SECRETS_GITHUB_TOKEN}|g" \
-e "s|\${ secrets.VIRUSTOTAL_API_KEY }|${SECRETS_VIRUSTOTAL_API_KEY}|g" \
"with_params.json"
# Output the processed parameters
echo "with-params=$(jq -c . with_params.json)" >> "${GITHUB_OUTPUT}"
- name: Debug matrix
shell: bash
run: |
echo 'Matrix: ${{ toJson(matrix) }}'
echo 'Action: ${{ matrix.action }}'
echo 'With: ${{ steps.process-with.outputs.with-params }}'
- name: Run pre-CI setup
env:
WITH_PARAMS: ${{ steps.process-with.outputs.with-params }}
shell: bash
run: |
if [ -f ./actions/${{ matrix.action }}/pre-ci.sh ]; then
echo "Running pre-CI setup for ${{ matrix.action }}"
bash ./actions/${{ matrix.action }}/pre-ci.sh
else
echo "No pre-CI setup found for ${{ matrix.action }}"
fi
- name: Test action
uses: jenseng/dynamic-uses@8bc24f0360175e710da532c4d19eafdbed489a06 # v1.1.1
id: action
with:
uses: ./actions/${{ matrix.action }}
with: '${{ steps.process-with.outputs.with-params }}'
- name: Print action outputs
shell: bash
run: |
cat << 'EOF' > outputs.json
${{ steps.action.outputs.outputs }}
EOF
echo "Action outputs:"
# Process all keys in the JSON, attempting to parse each value as JSON
jq 'to_entries | map(
if (.value | type) == "string" then
try (
.value |= (fromjson)
) catch (
# If parsing fails, keep the original value
.
)
else
# If not a string, keep as-is
.
end
) | from_entries' outputs.json || jq . outputs.json
- name: Run post-CI tests
env:
GITHUB_TOKEN: ${{ secrets.GH_BOT_TOKEN }}
WITH_PARAMS: ${{ steps.process-with.outputs.with-params }}
if: always() # make sure we do any cleanup even if the job was canceled or failed
shell: bash
run: |
if [ -f ./actions/${{ matrix.action }}/post-ci.sh ]; then
echo "Running post-CI tests for ${{ matrix.action }}"
bash ./actions/${{ matrix.action }}/post-ci.sh
else
echo "No post-CI tests found for ${{ matrix.action }}"
fi
conclude:
needs: test
permissions: {}
runs-on: ubuntu-latest
steps:
- name: Conclude
run: echo "All tests passed"