generated from im-open/javascript-action-template
-
Notifications
You must be signed in to change notification settings - Fork 1
242 lines (201 loc) · 10.6 KB
/
build-and-review-pr.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
name: Build and Review PR
run-name: 'Build and Review PR #${{ github.event.pull_request.number }}'
on:
# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
#
# This workflow uses the pull_request trigger which prevents write permissions on the
# GH_TOKEN and secrets access from public forks. This should remain as a pull_request
# trigger to minimize the access public forks have in the repository. The reduced
# permissions are adequate but do mean that re-compiles and readme changes will have to be
# made manually by the PR author. These auto-updates could be done by this workflow
# for branches but in order to re-trigger a PR build (which is needed for status checks),
# we would make the commits with a different user and their PAT. To minimize exposure
# and complication we will request those changes be manually made by the PR author.
pull_request:
types: [opened, synchronize, reopened]
# paths:
# Do not include specific paths here. We always want this build to run and produce a
# status check which are branch protection rules can use. If this is skipped because of
# path filtering, a status check will not be created and we won't be able to merge the PR
# without disabling that requirement. If we have a status check that is always produced,
# we can also use that to require all branches be up to date before they are merged.
jobs:
build-and-review-pr:
# This reusable workflow will check to see if an action's source code has changed based on
# whether the PR includes files that match the files-with-code arg or are in one of the
# dirs-with-code directories. If there are source code changes, this reusable workflow
# will then run the action's build (if one was provided) and update the README.md with the
# the latest version of the action. If those two steps result in any changes that need to
# be committed, the workflow will fail because the PR needs some updates. Instructions for
# updating the PR will be available in the build log, the workflow summary and as a PR
# comment if the PR came from a branch (not a fork).
# This workflow assumes:
# - The main README.md is at the root of the repo
# - The README contains a contribution guidelines and usage examples section
uses: im-open/.github/.github/workflows/reusable-build-and-review-pr.yml@v1
with:
action-name: ${{ github.repository }}
default-branch: main
readme-name: 'README.md'
# The id of the contribution guidelines section of the README.md
readme-contribution-id: '#contributing'
# The id of the usage examples section of the README.md
readme-examples-id: '#usage-examples'
# The files that contain source code for the action. Only files that affect the action's execution
# should be included like action.yml or package.json. Do not include files like README.md or .gitignore.
# Files do not need to be explicitly provided here if they fall under one of the dirs in dirs-with-code.
# ** This value must match the same files-with-code argument specified in increment-version-on-merge.yml.
files-with-code: 'action.yml,package.json,package-lock.json'
# The directories that contain source code for the action. Only dirs with files that affect the action's
# execution should be included like src or dist. Do not include dirs like .github or node_modules.
# ** This value must match the same dirs-with-code argument specified in increment-version-on-merge.yml.
dirs-with-code: 'src,dist'
# The npm script to run to build the action. This is typically 'npm run build' if the
# action needs to be compiled. For composite-run-steps actions this is typically empty.
build-command: 'npm run build'
create-cache:
runs-on: ubuntu-latest
env:
NUGET_CACHE_KEY: ''
outputs:
NUGET_CACHE_KEY: ${{ env.NUGET_CACHE_KEY }}
steps:
- name: Checkout Repository
uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
- name: Set Cache Keys
run: echo "NUGET_CACHE_KEY=nuget-${{ hashFiles('**/*.csproj') }}" >> $GITHUB_ENV
- name: Check for a nuget cache
id: has-cache
uses: actions/cache@v4
with:
path: '~/.nuget/packages'
key: ${{ env.NUGET_CACHE_KEY }}
lookup-only: true
enableCrossOsArchive: true
# The remaining steps will only be executed if the cache was NOT found, otherwise they will be skipped.
# This action creates a post-job step that will upload the ./.nuget/packages dir to the cache if the job completes successfully
- name: Setup caching for nuget packages if cache does not exist
if: steps.has-cache.outputs.cache-hit != 'true'
uses: actions/cache@v4
with:
key: ${{ env.NUGET_CACHE_KEY }}
path: ~/.nuget/packages
enableCrossOsArchive: true
- name: Setup .NET Core if cache does not exist
if: steps.has-cache.outputs.cache-hit != 'true'
uses: actions/setup-dotnet@v3
with:
dotnet-version: 7.x
env:
DOTNET_INSTALL_DIR: './.dotnet'
- name: dotnet restore if cache does not exist
if: steps.has-cache.outputs.cache-hit != 'true'
working-directory: ./test/minimal-dotnet-proj
run: dotnet restore
test:
runs-on: ubuntu-latest
needs: [create-cache]
env:
NUGET_CACHE_KEY: ${{ needs.create-cache.outputs.NUGET_CACHE_KEY }}
BAD_CACHE_KEY: 'abc123'
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
#--------------------------------------
# NO CACHE HIT - WITH FAILURE
#--------------------------------------
- name: '-------------------------------------------------------------------------------------------------------'
run: echo ""
- name: When restoring a cache with a bad key and required=true
uses: ./
if: always()
id: required
continue-on-error: true # This is needed because we expect the step to fail. We need it to "pass" in order for the test job to succeed.
with:
key: '${{ env.BAD_CACHE_KEY }}'
required: true
path: ~/.nuget/packages
- name: Then the outcome should be failure
if: always()
run: ./test/assert-values-match.sh --name "step outcome" --expected "failure" --actual "${{ steps.required.outcome }}"
- name: And the cache-hit output should be empty
if: always()
run: ./test/assert-values-match.sh --name "cache-hit" --expected "" --actual "${{ steps.required.outputs.cache-hit }}"
- name: And the primary key output should match the key input
if: always()
run: ./test/assert-values-match.sh --name "cache-hit" --expected "${{ env.BAD_CACHE_KEY }}" --actual "${{ steps.required.outputs.primary-key }}"
#--------------------------------------
# NO CACHE HIT - NO FAILURE
#--------------------------------------
- name: '-------------------------------------------------------------------------------------------------------'
run: echo ""
- name: When restoring a cache with a bad key and required=false
uses: ./
if: always()
id: not-required
with:
key: '${{ env.BAD_CACHE_KEY }}'
required: false
path: ~/.nuget/packages
- name: Then the outcome should be success
if: always()
run: ./test/assert-values-match.sh --name "step outcome" --expected "success" --actual "${{ steps.not-required.outcome }}"
- name: And the cache-hit output should be false
if: always()
run: ./test/assert-values-match.sh --name "cache-hit" --expected "false" --actual "${{ steps.not-required.outputs.cache-hit }}"
- name: And the primary key output should match the key input
if: always()
run: ./test/assert-values-match.sh --name "cache-hit" --expected "${{ env.BAD_CACHE_KEY }}" --actual "${{ steps.not-required.outputs.primary-key }}"
#--------------------------------------
# USING RESTORE KEYS
#--------------------------------------
- name: '-------------------------------------------------------------------------------------------------------'
run: echo ""
- name: When restoring a cache with a bad key and a list of restore keys
uses: ./
if: always()
id: restore-keys
with:
key: '${{ env.BAD_CACHE_KEY }}'
required: false
path: ~/.nuget/packages
restore-keys: |
'bad-key-a'
'bad-key-b'
'bad-key-c'
- name: Then the outcome should be success
if: always()
run: ./test/assert-values-match.sh --name "step outcome" --expected "success" --actual "${{ steps.restore-keys.outcome }}"
- name: And the cache-hit output should be false
if: always()
run: ./test/assert-values-match.sh --name "cache-hit" --expected "false" --actual "${{ steps.restore-keys.outputs.cache-hit }}"
- name: And the primary key output should match the key input
if: always()
run: ./test/assert-values-match.sh --name "cache-hit" --expected "${{ env.BAD_CACHE_KEY }}" --actual "${{ steps.restore-keys.outputs.primary-key }}"
#--------------------------------------
# EXACT MATCH
#--------------------------------------
- name: '-------------------------------------------------------------------------------------------------------'
run: echo ""
- name: When restoring a cache with the cache key
uses: ./
if: always()
id: success
with:
key: '${{ env.NUGET_CACHE_KEY }}'
required: true
path: ~/.nuget/packages
- name: Then the outcome should be success
if: always()
run: ./test/assert-values-match.sh --name "step outcome" --expected "success" --actual "${{ steps.success.outcome }}"
- name: And the cache-hit output should be true
if: always()
run: ./test/assert-values-match.sh --name "cache-hit" --expected "true" --actual "${{ steps.success.outputs.cache-hit }}"
- name: And the primary key output should match the key input
if: always()
run: ./test/assert-values-match.sh --name "cache-hit" --expected "${{ env.NUGET_CACHE_KEY }}" --actual "${{ steps.success.outputs.primary-key }}"
- name: '-------------------------------------------------------------------------------------------------------'
run: echo ""