Skip to content

update aqua-installer #451

update aqua-installer

update aqua-installer #451

Workflow file for this run

---
name: test
on: pull_request
permissions: {}
env:
AQUA_POLICY_CONFIG: ${{ github.workspace }}/aqua/policy.yaml
AQUA_LOG_COLOR: always
jobs:
path-filter:
# Get changed files to filter jobs
outputs:
update-aqua-checksums: ${{steps.changes.outputs.update-aqua-checksums}}
renovate-config-validator: ${{steps.changes.outputs.renovate-config-validator}}
ghalint: ${{steps.changes.outputs.ghalint}}
runs-on: ubuntu-latest
permissions: {}
steps:
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: changes
with:
filters: |
update-aqua-checksums:
- aqua/aqua.yaml
- aqua/imports/*.yaml
- aqua/aqua-checksums.json
- .github/workflows/test.yaml
renovate-config-validator:
- renovate.json
ghalint:
- .github/workflows/*.yaml
- aqua/imports/ghalint.yaml
enable-automerge:
# Enable automerge to merge pull requests from Renovate automatically.
runs-on: ubuntu-latest
needs:
- status-check
permissions:
contents: write # For enable automerge
pull-requests: write # For enable automerge
# "! failure() && ! cancelled()" is required. success() returns false if dependent jobs are skipped.
# https://github.com/community/community/discussions/45058
# By default success() is used so we have to override success() by "! failure() && ! cancelled()"
if: |
! failure() && ! cancelled() && github.event.pull_request.user.login == 'renovate[bot]' && contains(github.event.pull_request.body, ' **Automerge**: Enabled.')
steps:
- name: Generate token
id: generate_token
uses: tibdex/github-app-token@32691ba7c9e7063bd457bd8f2a5703138591fa58 # v1.9.0
with:
app_id: ${{secrets.APP_ID_AQUAPROJ_AQUA}}
private_key: ${{secrets.APP_PRIVATE_KEY_AQUAPROJ_AQUA}}
- run: gh -R "$GITHUB_REPOSITORY" pr merge --squash --auto --delete-branch "$PR_NUMBER"
env:
GITHUB_TOKEN: ${{steps.generate_token.outputs.token}} # Use GitHub App to trigger GitHub Actions Workflow by merge commit.
PR_NUMBER: ${{github.event.pull_request.number}}
status-check:
# This job is used for main branch's branch protection rule's status check.
# If all dependent jobs succeed or are skipped this job succeeds.
runs-on: ubuntu-latest
needs:
- renovate-config-validator
- test
- typos
- ghalint
- update-aqua-checksums
permissions: {}
if: failure()
steps:
- run: exit 1
renovate-config-validator:
# Validate Renovate Configuration by renovate-config-validator.
uses: suzuki-shunsuke/renovate-config-validator-workflow/.github/workflows/validate.yaml@35f1c78014c423fd37eb792c73f11ec0898098f4 # v0.2.2
needs: path-filter
if: needs.path-filter.outputs.renovate-config-validator == 'true'
permissions:
contents: read
test:
uses: ./.github/workflows/deploy.yaml
permissions:
contents: write
with:
is_pr: true
update-aqua-checksums:
# Update aqua-checksums.json and push a commit
runs-on: ubuntu-latest
needs: path-filter
permissions: {}
if: |
needs.path-filter.outputs.update-aqua-checksums == 'true'
steps:
- name: Checkout
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
- name: Generate token
id: generate_token
if: "! github.event.pull_request.head.repo.fork"
uses: tibdex/github-app-token@32691ba7c9e7063bd457bd8f2a5703138591fa58 # v1.9.0
with:
app_id: ${{secrets.APP_ID_AQUAPROJ_AQUA}}
private_key: ${{secrets.APP_PRIVATE_KEY_AQUAPROJ_AQUA}}
- uses: aquaproj/aqua-installer@36dc5833b04eb63f06e3bb818aa6b7a6e6db99a9 # v2.1.2
# Install ghcp
with:
aqua_version: v2.10.1
env:
AQUA_GITHUB_TOKEN: ${{github.token}}
- uses: aquaproj/update-checksum-action@2fb7f676d407d4fb8c2c466c19d09d3ddec4f82f # v0.2.2
with:
prune: true
skip_push: ${{github.event.pull_request.head.repo.fork}}
env:
# To trigger GitHub Actions Workflow by pushing a commit, GitHub App token is required.
# github.token doesn't trigger GitHub Actions Workflow.
# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow
# > When you use the repository's GITHUB_TOKEN to perform tasks, events triggered by the GITHUB_TOKEN, with the exception of workflow_dispatch and repository_dispatch, will not create a new workflow run.
GITHUB_TOKEN: ${{steps.generate_token.outputs.token}}
ghalint:
# Validate GitHub Actions Workflows by ghalint.
needs: path-filter
if: needs.path-filter.outputs.ghalint == 'true'
runs-on: ubuntu-latest
permissions: {}
steps:
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
- uses: aquaproj/aqua-installer@36dc5833b04eb63f06e3bb818aa6b7a6e6db99a9 # v2.1.2
with:
aqua_version: v2.10.1
env:
AQUA_GITHUB_TOKEN: ${{github.token}}
- run: ghalint run
env:
GHALINT_LOG_COLOR: always
typos:
runs-on: ubuntu-latest
permissions: {}
steps:
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
- uses: aquaproj/aqua-installer@36dc5833b04eb63f06e3bb818aa6b7a6e6db99a9 # v2.1.2
with:
aqua_version: v2.10.1
env:
AQUA_GITHUB_TOKEN: ${{github.token}}
- run: typos