constellation/.github/workflows/test-tidy.yml
Malte Poll 827c4f548d
bazel: deps mirror (#1522)
bazel-deps-mirror is an internal tools used to upload external dependencies
that are referenced in the Bazel WORKSPACE to the Edgeless Systems' mirror.

It also normalizes deps rules.

* hack: add tool to mirror Bazel dependencies
* hack: bazel-deps-mirror tests
* bazel: add deps mirror commands
* ci: upload Bazel dependencies on renovate PRs
* update go mod
* run deps_mirror_upload


Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-30 09:41:56 +02:00

140 lines
4.6 KiB
YAML

name: tidy-check-generate
on:
workflow_dispatch:
push:
branches:
- main
- "release/**"
pull_request:
jobs:
tidycheck:
name: tidy, check and generate
runs-on: ubuntu-22.04
permissions:
id-token: write
contents: read
steps:
- name: Checkout
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
# No token available for forks, so we can't push changes
token: ${{ !github.event.pull_request.head.repo.fork && secrets.CI_COMMIT_PUSH_PR || '' }}
- name: Install Dependencies
run: |
echo "::group::Install Dependencies"
sudo apt-get update && sudo apt-get -y install libcryptsetup-dev libvirt-dev
echo "::endgroup::"
- name: Setup Bazel
uses: ./.github/actions/setup_bazel
with:
useCache: "true"
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
- name: Setup Go environment
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with:
go-version: "1.20.2"
- name: Assume AWS role to upload Bazel dependencies to S3
if: startsWith(github.head_ref, 'renovate/')
uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationMirrorWrite
aws-region: eu-central-1
- name: Upload Bazel dependencies to the mirror
if: startsWith(github.head_ref, 'renovate/')
shell: bash
run: bazelisk run //bazel/ci:deps_mirror_upload
- name: Run Bazel tidy
shell: bash
run: bazelisk run //:tidy
- name: Check if untidy
id: untidy
shell: bash
run: |
diff=$(git diff)
if [[ -z "$diff" ]]; then
echo "Everything is tidy."
echo "untidy=false" | tee -a "$GITHUB_OUTPUT"
exit 0
fi
echo "Detected changes after tidy"
echo "untidy=true" | tee -a "$GITHUB_OUTPUT"
diffsum=$(echo "$diff" | sha256sum | cut -d' ' -f1)
echo "diffsum=${diffsum}" | tee -a "$GITHUB_OUTPUT"
- name: Run Bazel generate
shell: bash
run: bazelisk run //:generate
- name: Check if ungenerated
id: ungenerated
shell: bash
run: |
diff=$(git diff)
diffsum=$(echo "$diff" | sha256sum| cut -d' ' -f1)
if [[ "${{ steps.untidy.outputs.diffsum }}" == "${diffsum}" ]]; then
echo "Everything is tidy."
echo "ungenerated=false" >> "$GITHUB_OUTPUT"
exit 0
fi
echo "Detected changes after tidy"
echo "ungenerated=true" >> "$GITHUB_OUTPUT"
- name: Check if tidy or generate made modifications
id: modified
shell: bash
run: |
diff=$(git diff)
if [[ -z "$diff" ]]; then
echo "Everything is tidy and generated."
exit 0
fi
cat << EOF >> "${GITHUB_STEP_SUMMARY}"
\`\`\`diff
${diff}
\`\`\`
EOF
if [[ "${{ steps.untidy.outputs.untidy }}" == "true" ]] &&
[[ "${{ steps.ungenerated.outputs.ungenerated }}" == "true" ]]; then
suggestCmd="'bazel run //:generate' &&' bazel run //:tidy'"
elif [[ "${{ steps.untidy.outputs.untidy }}" == "true" ]]; then
suggestCmd="'bazel run //:tidy'"
elif [[ "${{ steps.ungenerated.outputs.ungenerated }}" == "true" ]]; then
suggestCmd="'bazel run //:generate'"
fi
echo "::error::The repo is not tidy. Please run ${suggestCmd} and commit the changes."
exit 1
- name: Run Bazel check
shell: bash
run: bazelisk run //:check
# The following steps are only executed if the previous tidy check failed
# and the action runs on an renovate branch. In this case, we tidy all
# modules again and commit the changes, so the user doesn't need to do it.
- name: Push changes
if: |
failure() &&
(steps.modified.conclusion == 'failure') &&
startsWith(github.head_ref, 'renovate/') &&
!github.event.pull_request.head.repo.fork
shell: bash
run: |
git config --global user.name "edgelessci"
git config --global user.email "edgelessci@users.noreply.github.com"
git commit -am "deps: tidy all modules"
git push