🌱 add checks for configured repositories #53
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR tests | |
| on: | |
| pull_request: | |
| branches: [ "main" ] | |
| paths-ignore: | |
| - '**.md' | |
| jobs: | |
| get-repos: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| repos: ${{ steps.read_config.outputs.repos }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Get repositories | |
| id: read_config | |
| run: | | |
| REPOS=$(yq e -o=json '.repos | .[] | "\(.org)/\(.repo)"' pkg/config/config.yaml | jq -c -s '.') | |
| echo "repos=${REPOS}" >> "$GITHUB_OUTPUT" | |
| filter: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: read | |
| outputs: | |
| config: ${{ steps.filter.outputs.config }} | |
| milestone: ${{ steps.filter.outputs.milestone }} | |
| labels: ${{ steps.filter.outputs.labels }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dorny/paths-filter@v3 | |
| id: filter | |
| with: | |
| filters: | | |
| config: | |
| - "pkg/config/config.yaml" | |
| milestone: | |
| - "cmd/milestones/**" | |
| labels: | |
| - "cmd/labels/**" | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v3 | |
| - run: go install github.com/rhysd/actionlint/cmd/actionlint@latest | |
| - run: | | |
| GOPATH="$(go env GOPATH)" | |
| export PATH="${PATH}:${GOPATH}/bin" | |
| actionlint | |
| tests: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v3 | |
| - run: go test ./... | |
| check-milestones: | |
| needs: filter | |
| if: ${{ needs.filter.outputs.config == 'true' || needs.filter.outputs.milestone == 'true' }} | |
| runs-on: ubuntu-latest | |
| permissions: read-all | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v3 | |
| # - name: Get Token | |
| # id: get_workflow_token | |
| # uses: peter-murray/workflow-application-token-action@v3 | |
| # with: | |
| # application_id: ${{ vars.KONVEYOR_BOT_ID }} | |
| # application_private_key: ${{ secrets.KONVEYOR_BOT_KEY }} | |
| # - env: | |
| # GITHUB_TOKEN: ${{ steps.get_workflow_token.outputs.token }} | |
| # run: go run cmd/milestones/main.go -config pkg/config/config.yaml | |
| - run: go run cmd/milestones/main.go -config pkg/config/config.yaml -log-level 8 | |
| check-labels: | |
| needs: filter | |
| if: ${{ needs.filter.outputs.config == 'true' || needs.filter.outputs.milestone == 'true' }} | |
| runs-on: ubuntu-latest | |
| permissions: read-all | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v3 | |
| # - name: Get Token | |
| # id: get_workflow_token | |
| # uses: peter-murray/workflow-application-token-action@v3 | |
| # with: | |
| # application_id: ${{ vars.KONVEYOR_BOT_ID }} | |
| # application_private_key: ${{ secrets.KONVEYOR_BOT_KEY }} | |
| # - env: | |
| # GITHUB_TOKEN: ${{ steps.get_workflow_token.outputs.token }} | |
| # run: go run cmd/labels/main.go -config pkg/config/config.yaml | |
| - run: go run cmd/labels/main.go -config pkg/config/config.yaml | |
| check-secrets: | |
| needs: get-repos | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| repo: ${{ fromJson(needs.get-repos.outputs.repos) }} | |
| key: | |
| - KONVEYOR_BOT_KEY | |
| steps: | |
| - name: Get Token | |
| id: get_workflow_token | |
| uses: peter-murray/workflow-application-token-action@v3 | |
| with: | |
| application_id: ${{ vars.KONVEYOR_BOT_ID }} | |
| application_private_key: ${{ secrets.KONVEYOR_BOT_KEY }} | |
| - name: Check for secret | |
| env: | |
| GH_TOKEN: ${{ steps.get_workflow_token.outputs.token }} | |
| run: | | |
| gh api -H "Accept: application/vnd.github+json" /repos/${{ matrix.repo }}/actions/organization-secrets | jq -e '.secrets[] | select(.name=="${{ matrix.key }}")' | |
| check-variables: | |
| needs: get-repos | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| repo: ${{ fromJson(needs.get-repos.outputs.repos) }} | |
| key: | |
| - KONVEYOR_BOT_ID | |
| steps: | |
| - name: Get Token | |
| id: get_workflow_token | |
| uses: peter-murray/workflow-application-token-action@v3 | |
| with: | |
| application_id: ${{ vars.KONVEYOR_BOT_ID }} | |
| application_private_key: ${{ secrets.KONVEYOR_BOT_KEY }} | |
| - name: Check for variable | |
| env: | |
| GH_TOKEN: ${{ steps.get_workflow_token.outputs.token }} | |
| run: | | |
| gh api -H "Accept: application/vnd.github+json" /repos/${{ matrix.repo }}/actions/organization-variables | jq -e '.secrets[] | select(.name=="${{ matrix.key }}")' | |
| check-write-access: | |
| needs: get-repos | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| repo: ${{ fromJson(needs.get-repos.outputs.repos) }} | |
| steps: | |
| - name: Get Token | |
| id: get_workflow_token | |
| uses: peter-murray/workflow-application-token-action@v3 | |
| with: | |
| application_id: ${{ vars.KONVEYOR_BOT_ID }} | |
| application_private_key: ${{ secrets.KONVEYOR_BOT_KEY }} | |
| - name: Check for write access | |
| env: | |
| GH_TOKEN: ${{ steps.get_workflow_token.outputs.token }} | |
| run: | | |
| gh api -H "Accept: application/vnd.github+json" /orgs/konveyor/teams/ci-release-engineering/repos | jq -e '.[] | select( (.full_name == "${{ matrix.repo }}") and (.role_name == "write") )' |