Update amt overlay sandbox tag sha256:8e6609451262e9a2b7da42af266baad… #712
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: continuous-integration | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - "main" | |
| jobs: | |
| lint-test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install poetry | |
| run: pipx install poetry | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| cache: "poetry" | |
| - name: Install dependencies | |
| run: poetry install | |
| - name: run ruff | |
| run: poetry run ruff check --output-format=github | |
| - name: Run format | |
| run: poetry run ruff format --check | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install poetry | |
| run: pipx install poetry | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| cache: "poetry" | |
| - name: Install dependencies | |
| run: poetry install | |
| - name: Run pytest | |
| run: poetry run pytest | |
| lint-config: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run Trivy vulnerability scanner (secrets) | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| trivy-config: trivy.yaml | |
| scan-type: fs | |
| scan-ref: "." | |
| - name: SonarCloud Scan | |
| if: always() | |
| uses: SonarSource/sonarcloud-github-action@master | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| diff: | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'pull_request' | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: generate PR branch manifest | |
| run: script/generate-manifests.sh -d ./pr-manifests | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: main | |
| path: main-repo | |
| - name: generate Main branch manifest | |
| run: | | |
| cd main-repo | |
| script/generate-manifests.sh -d ../main-manifests | |
| cd .. | |
| - name: list manifests | |
| run: | | |
| find ./pr-manifests -type f | |
| find ./main-manifests -type f | |
| - name: diff manifests | |
| run: diff -burN ./main-manifests ./pr-manifests > diff.txt || true | |
| - name: get file size | |
| run: | | |
| file_size=$(stat -c%s diff.txt) | |
| echo "file_size=$file_size" >> $GITHUB_OUTPUT | |
| id: diff | |
| - name: format diff | |
| if: ${{ steps.diff.outputs.file_size != '0' }} | |
| run: | | |
| echo -e 'MANIFESTDIFF\n```\n' > formatted_diff.txt | |
| cat diff.txt >> formatted_diff.txt | |
| echo -e '\n```' >> "formatted_diff.txt" | |
| - name: Find Comment | |
| if: ${{ steps.diff.outputs.file_size != '0' }} | |
| uses: peter-evans/find-comment@v3 | |
| id: fc | |
| with: | |
| issue-number: ${{ github.event.pull_request.number }} | |
| comment-author: "github-actions[bot]" | |
| body-includes: MANIFESTDIFF | |
| # comment on pr with diff | |
| - name: Comment on PR with diff | |
| if: ${{ steps.diff.outputs.file_size != '0' }} | |
| uses: peter-evans/create-or-update-comment@v4 | |
| with: | |
| issue-number: ${{ github.event.pull_request.number }} | |
| body-path: formatted_diff.txt | |
| edit-mode: replace | |
| comment-id: ${{ steps.fc.outputs.comment-id }} | |
| notifyMattermost: | |
| runs-on: ubuntu-latest | |
| needs: [lint-config, lint-test, test] | |
| if: ${{ always() }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 10 | |
| # store variable for later use | |
| - name: Get changed files | |
| run: | | |
| PRODUCT=$(git diff --name-only HEAD^ HEAD | grep -E '^(apps|tools)/' | head -1 | cut -d'/' -f2) | |
| echo "PRODUCT: $PRODUCT" | |
| echo "product=$PRODUCT" >> $GITHUB_OUTPUT | |
| id: changed_files | |
| - uses: mattermost/action-mattermost-notify@master | |
| if: github.event_name != 'pull_request' && contains(needs.*.result, 'failure') | |
| with: | |
| MATTERMOST_WEBHOOK_URL: ${{ secrets.MM_WEBHOOK_URL }} | |
| MATTERMOST_CHANNEL: deployment | |
| TEXT: | | |
| :fire: ${{ github.repository }} failed deployment for ${{ steps.changed_files.outputs.product }} [Pipeline](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) | |
| MATTERMOST_USERNAME: ${{ github.triggering_actor }} | |
| - uses: mattermost/action-mattermost-notify@master | |
| if: github.event_name != 'pull_request' && ! contains(needs.*.result, 'failure') | |
| with: | |
| MATTERMOST_WEBHOOK_URL: ${{ secrets.MM_WEBHOOK_URL }} | |
| MATTERMOST_CHANNEL: deployment | |
| TEXT: | | |
| :sparkles: ${{ github.repository }} successfull deployment for ${{ steps.changed_files.outputs.product }}. [Pipeline](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) | |
| MATTERMOST_USERNAME: ${{ github.triggering_actor }} |