update aqua-installer #451
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: test | |
on: pull_request | |
permissions: {} | |
env: | |
AQUA_POLICY_CONFIG: ${{ github.workspace }}/aqua/policy.yaml | |
AQUA_LOG_COLOR: always | |
jobs: | |
path-filter: | |
# Get changed files to filter jobs | |
outputs: | |
update-aqua-checksums: ${{steps.changes.outputs.update-aqua-checksums}} | |
renovate-config-validator: ${{steps.changes.outputs.renovate-config-validator}} | |
ghalint: ${{steps.changes.outputs.ghalint}} | |
runs-on: ubuntu-latest | |
permissions: {} | |
steps: | |
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 | |
id: changes | |
with: | |
filters: | | |
update-aqua-checksums: | |
- aqua/aqua.yaml | |
- aqua/imports/*.yaml | |
- aqua/aqua-checksums.json | |
- .github/workflows/test.yaml | |
renovate-config-validator: | |
- renovate.json | |
ghalint: | |
- .github/workflows/*.yaml | |
- aqua/imports/ghalint.yaml | |
enable-automerge: | |
# Enable automerge to merge pull requests from Renovate automatically. | |
runs-on: ubuntu-latest | |
needs: | |
- status-check | |
permissions: | |
contents: write # For enable automerge | |
pull-requests: write # For enable automerge | |
# "! failure() && ! cancelled()" is required. success() returns false if dependent jobs are skipped. | |
# https://github.com/community/community/discussions/45058 | |
# By default success() is used so we have to override success() by "! failure() && ! cancelled()" | |
if: | | |
! failure() && ! cancelled() && github.event.pull_request.user.login == 'renovate[bot]' && contains(github.event.pull_request.body, ' **Automerge**: Enabled.') | |
steps: | |
- name: Generate token | |
id: generate_token | |
uses: tibdex/github-app-token@32691ba7c9e7063bd457bd8f2a5703138591fa58 # v1.9.0 | |
with: | |
app_id: ${{secrets.APP_ID_AQUAPROJ_AQUA}} | |
private_key: ${{secrets.APP_PRIVATE_KEY_AQUAPROJ_AQUA}} | |
- run: gh -R "$GITHUB_REPOSITORY" pr merge --squash --auto --delete-branch "$PR_NUMBER" | |
env: | |
GITHUB_TOKEN: ${{steps.generate_token.outputs.token}} # Use GitHub App to trigger GitHub Actions Workflow by merge commit. | |
PR_NUMBER: ${{github.event.pull_request.number}} | |
status-check: | |
# This job is used for main branch's branch protection rule's status check. | |
# If all dependent jobs succeed or are skipped this job succeeds. | |
runs-on: ubuntu-latest | |
needs: | |
- renovate-config-validator | |
- test | |
- typos | |
- ghalint | |
- update-aqua-checksums | |
permissions: {} | |
if: failure() | |
steps: | |
- run: exit 1 | |
renovate-config-validator: | |
# Validate Renovate Configuration by renovate-config-validator. | |
uses: suzuki-shunsuke/renovate-config-validator-workflow/.github/workflows/validate.yaml@35f1c78014c423fd37eb792c73f11ec0898098f4 # v0.2.2 | |
needs: path-filter | |
if: needs.path-filter.outputs.renovate-config-validator == 'true' | |
permissions: | |
contents: read | |
test: | |
uses: ./.github/workflows/deploy.yaml | |
permissions: | |
contents: write | |
with: | |
is_pr: true | |
update-aqua-checksums: | |
# Update aqua-checksums.json and push a commit | |
runs-on: ubuntu-latest | |
needs: path-filter | |
permissions: {} | |
if: | | |
needs.path-filter.outputs.update-aqua-checksums == 'true' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 | |
- name: Generate token | |
id: generate_token | |
if: "! github.event.pull_request.head.repo.fork" | |
uses: tibdex/github-app-token@32691ba7c9e7063bd457bd8f2a5703138591fa58 # v1.9.0 | |
with: | |
app_id: ${{secrets.APP_ID_AQUAPROJ_AQUA}} | |
private_key: ${{secrets.APP_PRIVATE_KEY_AQUAPROJ_AQUA}} | |
- uses: aquaproj/aqua-installer@36dc5833b04eb63f06e3bb818aa6b7a6e6db99a9 # v2.1.2 | |
# Install ghcp | |
with: | |
aqua_version: v2.10.1 | |
env: | |
AQUA_GITHUB_TOKEN: ${{github.token}} | |
- uses: aquaproj/update-checksum-action@2fb7f676d407d4fb8c2c466c19d09d3ddec4f82f # v0.2.2 | |
with: | |
prune: true | |
skip_push: ${{github.event.pull_request.head.repo.fork}} | |
env: | |
# To trigger GitHub Actions Workflow by pushing a commit, GitHub App token is required. | |
# github.token doesn't trigger GitHub Actions Workflow. | |
# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow | |
# > When you use the repository's GITHUB_TOKEN to perform tasks, events triggered by the GITHUB_TOKEN, with the exception of workflow_dispatch and repository_dispatch, will not create a new workflow run. | |
GITHUB_TOKEN: ${{steps.generate_token.outputs.token}} | |
ghalint: | |
# Validate GitHub Actions Workflows by ghalint. | |
needs: path-filter | |
if: needs.path-filter.outputs.ghalint == 'true' | |
runs-on: ubuntu-latest | |
permissions: {} | |
steps: | |
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 | |
- uses: aquaproj/aqua-installer@36dc5833b04eb63f06e3bb818aa6b7a6e6db99a9 # v2.1.2 | |
with: | |
aqua_version: v2.10.1 | |
env: | |
AQUA_GITHUB_TOKEN: ${{github.token}} | |
- run: ghalint run | |
env: | |
GHALINT_LOG_COLOR: always | |
typos: | |
runs-on: ubuntu-latest | |
permissions: {} | |
steps: | |
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 | |
- uses: aquaproj/aqua-installer@36dc5833b04eb63f06e3bb818aa6b7a6e6db99a9 # v2.1.2 | |
with: | |
aqua_version: v2.10.1 | |
env: | |
AQUA_GITHUB_TOKEN: ${{github.token}} | |
- run: typos |