mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-03 20:01:01 -05:00
7ab23c28b8
This reverts commit ec1d5e9fb5
.
While the change enabled shasum calculation on mac, it broke it
on some Linux distros.
142 lines
4.7 KiB
YAML
142 lines
4.7 KiB
YAML
name: tidy-check-generate
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
push:
|
|
branches:
|
|
- main
|
|
- "release/**"
|
|
pull_request:
|
|
|
|
jobs:
|
|
tidycheck:
|
|
name: tidy, check and generate
|
|
runs-on: ubuntu-22.04
|
|
permissions:
|
|
id-token: write
|
|
contents: read
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
|
|
with:
|
|
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
|
# No token available for forks, so we can't push changes
|
|
token: ${{ !github.event.pull_request.head.repo.fork && secrets.CI_COMMIT_PUSH_PR || '' }}
|
|
|
|
- name: Install Dependencies
|
|
run: |
|
|
echo "::group::Install Dependencies"
|
|
sudo apt-get update && sudo apt-get -y install libcryptsetup-dev libvirt-dev
|
|
echo "::endgroup::"
|
|
|
|
- name: Setup Bazel
|
|
uses: ./.github/actions/setup_bazel
|
|
with:
|
|
useCache: "true"
|
|
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
|
|
|
|
- name: Setup Go environment
|
|
uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
|
|
with:
|
|
go-version: "1.20.3"
|
|
|
|
- name: Assume AWS role to upload Bazel dependencies to S3
|
|
if: startsWith(github.head_ref, 'renovate/')
|
|
uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0
|
|
with:
|
|
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationMirrorWrite
|
|
aws-region: eu-central-1
|
|
|
|
- name: Upload Bazel dependencies to the mirror
|
|
if: startsWith(github.head_ref, 'renovate/')
|
|
shell: bash
|
|
run: |
|
|
bazelisk run //bazel/ci:deps_mirror_upgrade
|
|
bazelisk run //bazel/ci:deps_mirror_upload
|
|
|
|
- name: Run Bazel tidy
|
|
shell: bash
|
|
run: bazelisk run //:tidy
|
|
|
|
- name: Check if untidy
|
|
id: untidy
|
|
shell: bash
|
|
run: |
|
|
diff=$(git diff)
|
|
if [[ -z "$diff" ]]; then
|
|
echo "Everything is tidy."
|
|
echo "untidy=false" | tee -a "$GITHUB_OUTPUT"
|
|
exit 0
|
|
fi
|
|
echo "Detected changes after tidy"
|
|
echo "untidy=true" | tee -a "$GITHUB_OUTPUT"
|
|
diffsum=$(echo "$diff" | sha256sum | cut -d' ' -f1)
|
|
echo "diffsum=${diffsum}" | tee -a "$GITHUB_OUTPUT"
|
|
|
|
- name: Run Bazel generate
|
|
shell: bash
|
|
run: bazelisk run //:generate
|
|
|
|
- name: Check if ungenerated
|
|
id: ungenerated
|
|
shell: bash
|
|
run: |
|
|
diff=$(git diff)
|
|
diffsum=$(echo "$diff" | sha256sum| cut -d' ' -f1)
|
|
if [[ "${{ steps.untidy.outputs.diffsum }}" == "${diffsum}" ]]; then
|
|
echo "Everything is tidy."
|
|
echo "ungenerated=false" | tee -a "$GITHUB_OUTPUT"
|
|
exit 0
|
|
fi
|
|
echo "Detected changes after tidy"
|
|
echo "ungenerated=true" | tee -a "$GITHUB_OUTPUT"
|
|
|
|
- name: Check if tidy or generate made modifications
|
|
id: modified
|
|
shell: bash
|
|
run: |
|
|
diff=$(git diff)
|
|
if [[ -z "$diff" ]]; then
|
|
echo "Everything is tidy and generated."
|
|
exit 0
|
|
fi
|
|
|
|
cat << EOF >> "${GITHUB_STEP_SUMMARY}"
|
|
\`\`\`diff
|
|
${diff}
|
|
\`\`\`
|
|
EOF
|
|
|
|
if [[ "${{ steps.untidy.outputs.untidy }}" == "true" ]] &&
|
|
[[ "${{ steps.ungenerated.outputs.ungenerated }}" == "true" ]]; then
|
|
suggestCmd="'bazel run //:generate' &&' bazel run //:tidy'"
|
|
elif [[ "${{ steps.untidy.outputs.untidy }}" == "true" ]]; then
|
|
suggestCmd="'bazel run //:tidy'"
|
|
elif [[ "${{ steps.ungenerated.outputs.ungenerated }}" == "true" ]]; then
|
|
suggestCmd="'bazel run //:generate'"
|
|
fi
|
|
|
|
echo "::error::The repo is not tidy. Please run ${suggestCmd} and commit the changes."
|
|
exit 1
|
|
|
|
- name: Run Bazel check
|
|
shell: bash
|
|
run: bazelisk run //:check
|
|
|
|
# The following steps are only executed if the previous tidy check failed
|
|
# and the action runs on an renovate branch. In this case, we tidy all
|
|
# modules again and commit the changes, so the user doesn't need to do it.
|
|
|
|
- name: Push changes
|
|
if: |
|
|
failure() &&
|
|
(steps.modified.conclusion == 'failure') &&
|
|
startsWith(github.head_ref, 'renovate/') &&
|
|
!github.event.pull_request.head.repo.fork
|
|
shell: bash
|
|
run: |
|
|
git config --global user.name "edgelessci"
|
|
git config --global user.email "edgelessci@users.noreply.github.com"
|
|
git commit -am "deps: tidy all modules"
|
|
git push
|