From 38ecc28288268b35b86a830b8b523275994c209a Mon Sep 17 00:00:00 2001 From: Jonathan Giannuzzi Date: Tue, 15 Aug 2023 15:23:45 +0100 Subject: [PATCH] Check how we create the required check by using a separate workflow (#241) --- .github/workflows/check-required.yml | 62 ++++++++++++++++++++++++++++ .github/workflows/ci.yml | 13 ++---- 2 files changed, 65 insertions(+), 10 deletions(-) create mode 100644 .github/workflows/check-required.yml diff --git a/.github/workflows/check-required.yml b/.github/workflows/check-required.yml new file mode 100644 index 000000000..83c62453b --- /dev/null +++ b/.github/workflows/check-required.yml @@ -0,0 +1,62 @@ +name: Check required jobs + +# This workflow is triggered when a workflow run for the CI is completed. +# It checks if the "All required checks done" job was actually successful +# (and not just skipped) and creates a check run if that is the case. The +# check run can be used to protect the main branch from being merged if the +# CI is not passing. + +on: + workflow_run: + types: [completed] + workflows: [CI] + +permissions: + actions: read + checks: write + +jobs: + required-jobs: + name: Check required jobs + runs-on: ubuntu-latest + steps: + - uses: actions/github-script@v6 + with: + script: | + // list jobs for worklow run attempt + const { data: { jobs } } = await github.rest.actions.listJobsForWorkflowRunAttempt({ + owner: context.payload.repository.owner.login, + repo: context.payload.repository.name, + run_id: context.payload.workflow_run.id, + attempt_number: context.payload.workflow_run.run_attempt, + }); + // check if required job was successful + var success = false; + core.info(`Checking jobs for workflow run ${context.payload.workflow_run.html_url}`); + jobs.forEach(job => { + var mark = '-' + if (job.name === 'All required checks done') { + if (job.conclusion === 'success') { + success = true; + mark = '✅'; + } else { + mark = '❌'; + } + } + core.info(`${mark} ${job.name}: ${job.conclusion}`); + }); + // create check run if job was successful + if (success) { + await github.rest.checks.create({ + owner: context.payload.repository.owner.login, + repo: context.payload.repository.name, + name: 'All required checks succeeded', + head_sha: context.payload.workflow_run.head_sha, + status: 'completed', + conclusion: 'success', + output: { + title: 'All required checks succeeded', + summary: `See [workflow run](${context.payload.workflow_run.html_url}) for details.`, + }, + }); + } diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 96c76e0c6..1577c4fe8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -245,9 +245,10 @@ jobs: path: fasttrackml-oci.tar # Virtual job that can be configured as a required check before a PR can be merged. + # As GitHub considers a check as successful if it is skipped, we need to check its status in + # another workflow (check-required.yml) and create a check there. all-required-checks-done: name: All required checks done - if: ${{ always() }} needs: - lint - golang-unit-tests @@ -257,15 +258,7 @@ jobs: - build-image runs-on: ubuntu-latest steps: - - uses: actions/github-script@v6 - with: - script: | - const results = ${{ toJSON(needs.*.result) }}; - if (results.every(res => res === 'success')) { - core.info('All required checks succeeded'); - } else { - core.setFailed('Some required checks failed'); - } + - run: echo "All required checks done" # Publish any push to a branch or tag to ghcr.io as a convenience # Actual release to Docker Hub happens in a different workflow