-
Notifications
You must be signed in to change notification settings - Fork 53
136 lines (119 loc) · 4.51 KB
/
test-tidy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
name: tidy-check-generate
on:
workflow_dispatch:
push:
branches:
- main
- "release/**"
pull_request:
jobs:
tidycheck:
name: tidy, check and generate
runs-on: [self-hosted, bazel-cached]
permissions:
id-token: write
contents: read
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
# ref is unset here intentionally to ensure we test against a merge of PR and main branch
# No token available for forks, so we can't push changes
token: ${{ !github.event.pull_request.head.repo.fork && secrets.CI_COMMIT_PUSH_PR || '' }}
- name: Install Dependencies
run: |
echo "::group::Install Dependencies"
sudo apt-get update && sudo apt-get -y install libcryptsetup-dev libvirt-dev
echo "::endgroup::"
- name: Setup Bazel
uses: ./.github/actions/setup_bazel_nix
with:
useCache: "true"
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
- name: Assume AWS role to upload Bazel dependencies to S3
if: startsWith(github.head_ref, 'renovate/')
uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationMirrorWrite
aws-region: eu-central-1
- name: Upload Bazel dependencies to the mirror
if: startsWith(github.head_ref, 'renovate/')
shell: bash
run: |
bazel run //bazel/ci:deps_mirror_upgrade
bazel run //bazel/ci:deps_mirror_upload
- name: Run Bazel tidy
shell: bash
run: bazel run //:tidy
- name: Check if untidy
id: untidy
shell: bash
run: |
diff=$(git diff)
if [[ -z "$diff" ]]; then
echo "Everything is tidy."
echo "untidy=false" | tee -a "$GITHUB_OUTPUT"
exit 0
fi
echo "Detected changes after tidy"
echo "untidy=true" | tee -a "$GITHUB_OUTPUT"
diffsum=$(echo "$diff" | sha256sum | cut -d' ' -f1)
echo "diffsum=${diffsum}" | tee -a "$GITHUB_OUTPUT"
- name: Run Bazel generate
shell: bash
run: bazel run //:generate
- name: Check if ungenerated
id: ungenerated
shell: bash
run: |
diff=$(git diff)
diffsum=$(echo "$diff" | sha256sum| cut -d' ' -f1)
if [[ "${{ steps.untidy.outputs.diffsum }}" == "${diffsum}" ]]; then
echo "Everything is tidy."
echo "ungenerated=false" | tee -a "$GITHUB_OUTPUT"
exit 0
fi
echo "Detected changes after tidy"
echo "ungenerated=true" | tee -a "$GITHUB_OUTPUT"
- name: Check if tidy or generate made modifications
id: modified
shell: bash
run: |
diff=$(git diff)
if [[ -z "$diff" ]]; then
echo "Everything is tidy and generated."
exit 0
fi
cat << EOF >> "${GITHUB_STEP_SUMMARY}"
\`\`\`diff
${diff}
\`\`\`
EOF
if [[ "${{ steps.untidy.outputs.untidy }}" == "true" ]] &&
[[ "${{ steps.ungenerated.outputs.ungenerated }}" == "true" ]]; then
suggestCmd="'bazel run //:generate' &&' bazel run //:tidy'"
elif [[ "${{ steps.untidy.outputs.untidy }}" == "true" ]]; then
suggestCmd="'bazel run //:tidy'"
elif [[ "${{ steps.ungenerated.outputs.ungenerated }}" == "true" ]]; then
suggestCmd="'bazel run //:generate'"
fi
echo "::error::The repo is not tidy. Please run ${suggestCmd} and commit the changes."
exit 1
- name: Run Bazel check
shell: bash
run: bazel run //:check
# The following steps are only executed if the previous tidy check failed
# and the action runs on an renovate branch. In this case, we tidy all
# modules again and commit the changes, so the user doesn't need to do it.
- name: Push changes
if: |
failure() &&
(steps.modified.conclusion == 'failure') &&
startsWith(github.head_ref, 'renovate/') &&
!github.event.pull_request.head.repo.fork
shell: bash
run: |
git config --global user.name "edgelessci"
git config --global user.email "[email protected]"
git commit -am "deps: tidy all modules"
git push