Gerrit Verify #154
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Gerrit Verify | |
| # yamllint disable-line rule:truthy | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| GERRIT_BRANCH: | |
| description: "Branch that change is against" | |
| required: true | |
| type: string | |
| GERRIT_CHANGE_ID: | |
| description: "The ID for the change" | |
| required: true | |
| type: string | |
| GERRIT_CHANGE_NUMBER: | |
| description: "The Gerrit number" | |
| required: true | |
| type: string | |
| GERRIT_CHANGE_URL: | |
| description: "URL to the change" | |
| required: true | |
| type: string | |
| GERRIT_EVENT_TYPE: | |
| description: "Type of Gerrit event" | |
| required: true | |
| type: string | |
| GERRIT_PATCHSET_NUMBER: | |
| description: "The patch number for the change" | |
| required: true | |
| type: string | |
| GERRIT_PATCHSET_REVISION: | |
| description: "The revision sha" | |
| required: true | |
| type: string | |
| GERRIT_PROJECT: | |
| description: "Project in Gerrit" | |
| required: true | |
| type: string | |
| GERRIT_REFSPEC: | |
| description: "Gerrit refspec of change" | |
| required: true | |
| type: string | |
| concurrency: | |
| # yamllint disable-line rule:line-length | |
| group: ${{ github.workflow }}-${{ github.event.inputs.GERRIT_BRANCH}}-${{ github.event.inputs.GERRIT_CHANGE_ID || github.run_id }} | |
| cancel-in-progress: true | |
| permissions: {} | |
| jobs: | |
| clear-vote: | |
| runs-on: ubuntu-latest | |
| permissions: {} | |
| steps: | |
| - name: Clear votes | |
| # yamllint disable-line rule:line-length | |
| uses: lfit/gerrit-review-action@9627b9a144f2a2cad70707ddfae87c87dce60729 # v0.8 | |
| with: | |
| host: ${{ vars.LFIT_GERRIT_SERVER }} | |
| username: ${{ vars.LFIT_GERRIT_SSH_USER }} | |
| key: ${{ secrets.LFIT_GERRIT_SSH_PRIVKEY_NP }} | |
| known_hosts: ${{ vars.LFIT_GERRIT_KNOWN_HOSTS }} | |
| gerrit-change-number: ${{ inputs.GERRIT_CHANGE_NUMBER }} | |
| gerrit-patchset-number: ${{ inputs.GERRIT_PATCHSET_NUMBER }} | |
| vote-type: clear | |
| lint: | |
| needs: clear-vote | |
| # yamllint disable-line rule:line-length | |
| uses: lfit/releng-reusable-workflows/.github/workflows/compose-repo-linting.yaml@main | |
| permissions: {} | |
| with: | |
| GERRIT_BRANCH: ${{ inputs.GERRIT_BRANCH }} | |
| GERRIT_CHANGE_ID: ${{ inputs.GERRIT_CHANGE_ID }} | |
| GERRIT_CHANGE_NUMBER: ${{ inputs.GERRIT_CHANGE_NUMBER }} | |
| GERRIT_CHANGE_URL: ${{ inputs.GERRIT_CHANGE_URL }} | |
| GERRIT_EVENT_TYPE: ${{ inputs.GERRIT_EVENT_TYPE }} | |
| GERRIT_PATCHSET_NUMBER: ${{ inputs.GERRIT_PATCHSET_NUMBER }} | |
| GERRIT_PATCHSET_REVISION: ${{ inputs.GERRIT_PATCHSET_REVISION }} | |
| GERRIT_PROJECT: ${{ inputs.GERRIT_PROJECT }} | |
| GERRIT_REFSPEC: ${{ inputs.GERRIT_REFSPEC }} | |
| python-build: | |
| name: 'Python Build' | |
| needs: clear-vote | |
| runs-on: 'ubuntu-latest' | |
| outputs: | |
| matrix_json: "${{ steps.python-build.outputs.matrix_json }}" | |
| artefact_name: "${{ steps.python-build.outputs.artefact_name }}" | |
| artefact_path: "${{ steps.python-build.outputs.artefact_path }}" | |
| permissions: | |
| contents: write | |
| timeout-minutes: 12 | |
| env: | |
| GH_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | |
| steps: | |
| # Harden the runner used by this workflow | |
| # yamllint disable-line rule:line-length | |
| - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 | |
| with: | |
| egress-policy: 'audit' | |
| # yamllint disable-line rule:line-length | |
| - uses: lfit/checkout-gerrit-change-action@54d751e8bd167bc91f7d665dabe33fae87aaaa63 # v0.9 | |
| with: | |
| gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }} | |
| gerrit-project: ${{ inputs.GERRIT_PROJECT }} | |
| gerrit-url: ${{ vars.GERRIT_URL }} | |
| delay: "0s" | |
| fetch-depth: 0 | |
| - name: 'Build Python project' | |
| id: python-build | |
| # yamllint disable-line rule:line-length | |
| uses: lfreleng-actions/python-build-action@a9d0ef8a2324ac76e798ad6dc306f08b83b5b213 # v0.1.11 | |
| python-tests: | |
| name: 'Python Tests' | |
| runs-on: 'ubuntu-latest' | |
| needs: | |
| - clear-vote | |
| - python-build | |
| # Matrix job | |
| strategy: | |
| fail-fast: false | |
| matrix: "${{ fromJson(needs.python-build.outputs.matrix_json) }}" | |
| permissions: | |
| contents: read | |
| timeout-minutes: 12 | |
| steps: | |
| # Harden the runner used by this workflow | |
| # yamllint disable-line rule:line-length | |
| - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 | |
| with: | |
| egress-policy: audit | |
| # yamllint disable-line rule:line-length | |
| - uses: lfit/checkout-gerrit-change-action@54d751e8bd167bc91f7d665dabe33fae87aaaa63 # v0.9 | |
| with: | |
| gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }} | |
| gerrit-project: ${{ inputs.GERRIT_PROJECT }} | |
| gerrit-url: ${{ vars.GERRIT_URL }} | |
| delay: "0s" | |
| fetch-depth: 0 | |
| - name: "Python tests [pytest] ${{ matrix.python-version }}" | |
| # yamllint disable-line rule:line-length | |
| uses: lfreleng-actions/python-test-action@16adb21ca4866bebc75e7b35203ce5b376b01430 # v0.1.7 | |
| with: | |
| python_version: ${{ matrix.python-version }} | |
| python-audit: | |
| name: 'Python Audit' | |
| needs: | |
| - clear-vote | |
| - python-build | |
| runs-on: ubuntu-latest | |
| # Matrix job | |
| strategy: | |
| fail-fast: false | |
| matrix: "${{ fromJson(needs.python-build.outputs.matrix_json) }}" | |
| permissions: | |
| contents: read | |
| timeout-minutes: 10 | |
| steps: | |
| # Harden the runner used by this workflow | |
| - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 | |
| with: | |
| egress-policy: 'audit' | |
| - uses: lfit/checkout-gerrit-change-action@54d751e8bd167bc91f7d665dabe33fae87aaaa63 # v0.9 | |
| - name: "Audit dependencies ${{ matrix.python-version }}" | |
| # yamllint disable-line rule:line-length | |
| uses: lfreleng-actions/python-audit-action@0637cc9f40984b46bec578631fbac2a354eebabd # v0.1.5 | |
| with: | |
| python_version: "${{ matrix.python-version }}" | |
| never_fail: true | |
| docs: | |
| needs: clear-vote | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout change | |
| # yamllint disable-line rule:line-length | |
| uses: lfit/checkout-gerrit-change-action@54d751e8bd167bc91f7d665dabe33fae87aaaa63 # v0.9 | |
| with: | |
| gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }} | |
| gerrit-project: ${{ inputs.GERRIT_PROJECT }} | |
| gerrit-url: ${{ vars.GERRIT_URL }} | |
| delay: "0s" | |
| fetch-depth: 0 | |
| - name: Configure Python | |
| uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 | |
| with: | |
| python-version: "3.8" | |
| - name: Run docs tests | |
| run: >- | |
| pipx run tox -e docs | |
| docs-linkcheck: | |
| needs: clear-vote | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout change | |
| # yamllint disable-line rule:line-length | |
| uses: lfit/checkout-gerrit-change-action@54d751e8bd167bc91f7d665dabe33fae87aaaa63 # v0.9 | |
| with: | |
| gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }} | |
| gerrit-project: ${{ inputs.GERRIT_PROJECT }} | |
| gerrit-url: ${{ vars.GERRIT_URL }} | |
| delay: "0s" | |
| fetch-depth: 0 | |
| - name: Configure Python | |
| uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 | |
| with: | |
| python-version: "3.8" | |
| - name: Run docs-linkcheck tests | |
| run: >- | |
| pipx run tox -e docs-linkcheck | |
| license: | |
| needs: clear-vote | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout change | |
| # yamllint disable-line rule:line-length | |
| uses: lfit/checkout-gerrit-change-action@54d751e8bd167bc91f7d665dabe33fae87aaaa63 # v0.9 | |
| with: | |
| gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }} | |
| gerrit-project: ${{ inputs.GERRIT_PROJECT }} | |
| gerrit-url: ${{ vars.GERRIT_URL }} | |
| delay: "0s" | |
| - name: Configure Python | |
| uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 | |
| with: | |
| python-version: "3.8" | |
| - name: Run license tests | |
| run: >- | |
| pipx run tox -e license | |
| vote: | |
| if: ${{ always() }} | |
| needs: [clear-vote, python-build, python-tests, python-audit, docs, docs-linkcheck, license, lint] | |
| runs-on: ubuntu-latest | |
| permissions: {} | |
| steps: | |
| - name: Get workflow conclusion | |
| # yamllint disable-line rule:line-length | |
| uses: im-open/workflow-conclusion@e4f7c4980600fbe0818173e30931d3550801b992 # v2.2.3 | |
| - name: Set vote | |
| uses: lfit/gerrit-review-action@9627b9a144f2a2cad70707ddfae87c87dce60729 # v0.8 | |
| with: | |
| host: ${{ vars.LFIT_GERRIT_SERVER }} | |
| username: ${{ vars.LFIT_GERRIT_SSH_USER }} | |
| key: ${{ secrets.LFIT_GERRIT_SSH_PRIVKEY_NP }} | |
| known_hosts: ${{ vars.LFIT_GERRIT_KNOWN_HOSTS }} | |
| gerrit-change-number: ${{ inputs.GERRIT_CHANGE_NUMBER }} | |
| gerrit-patchset-number: ${{ inputs.GERRIT_PATCHSET_NUMBER }} | |
| vote-type: ${{ env.WORKFLOW_CONCLUSION }} |