From 921f8aba55b76b746b0a947e0e22384dc1c3c0d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Brunner?= Date: Wed, 5 Jun 2024 17:36:36 +0200 Subject: [PATCH] CI updates This is done by the automated script named upgrade-c2cciutils-to-1.7 --- .github/workflows/codeql.yaml | 28 -------- .github/workflows/main.yaml | 37 +++++++--- .github/workflows/pr-checks.yaml | 29 -------- .../workflows/pull-request-automation.yaml | 67 +++---------------- 4 files changed, 35 insertions(+), 126 deletions(-) delete mode 100644 .github/workflows/codeql.yaml delete mode 100644 .github/workflows/pr-checks.yaml diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml deleted file mode 100644 index 9694846ece..0000000000 --- a/.github/workflows/codeql.yaml +++ /dev/null @@ -1,28 +0,0 @@ -name: Code scanning - -on: - push: - -env: - HAS_SECRETS: ${{ secrets.HAS_SECRETS }} - -jobs: - CodeQL-Build: - runs-on: ubuntu-22.04 - name: Code scanning - timeout-minutes: 25 - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - with: - fetch-depth: 1 - if: env.HAS_SECRETS == 'HAS_SECRETS' - - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - if: env.HAS_SECRETS == 'HAS_SECRETS' - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 - if: env.HAS_SECRETS == 'HAS_SECRETS' diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 8c21a50c1a..74b3090127 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -14,16 +14,17 @@ env: jobs: not-failed-backport: - runs-on: ubuntu-22.04 name: Test that's not a failed backport + runs-on: ubuntu-22.04 timeout-minutes: 5 + steps: - run: 'false' if: github.event.head_commit.message == '[skip ci] Add instructions to finish the backport.' main: - runs-on: ubuntu-22.04 name: Continuous integration + runs-on: ubuntu-22.04 timeout-minutes: 150 if: "!startsWith(github.event.head_commit.message, '[skip ci] ')" @@ -58,8 +59,8 @@ jobs: - run: echo "${HOME}/.local/bin" >> ${GITHUB_PATH} - run: python3 -m pip install --user --requirement=ci/requirements.txt - run: c2cciutils-download-applications --applications-file=ci/applications.yaml --versions-file=ci/applications-versions.yaml - - run: scripts/get-version --auto-increment --github - id: version + - id: version + run: scripts/get-version --auto-increment --github - uses: actions/cache@v3 with: @@ -69,7 +70,13 @@ jobs: - run: pre-commit run --all-files env: SKIP: poetry-lock - - run: git diff + - run: git diff --exit-code --patch > /tmp/pre-commit.patch || true + if: failure() + - uses: actions/upload-artifact@v4 + with: + name: Apply pre-commit fix.patch + path: /tmp/pre-commit.patch + retention-days: 1 if: failure() - name: Checks run: c2cciutils-checks @@ -122,12 +129,12 @@ jobs: if: always() - uses: actions/upload-artifact@v3 - if: always() with: name: Documentation path: artifacts/documentations/ if-no-files-found: ignore retention-days: 5 + if: always() # Use minimal version from the documentation - uses: actions/setup-python@v4 @@ -140,14 +147,14 @@ jobs: - run: pip install --user PyYAML==3.13 docker-compose==1.26.0 'docker<7.0.0' urllib3==1.26.15 'requests<2.32.0' # Test App - - run: ci/test-app - timeout-minutes: 30 + - timeout-minutes: 30 + run: ci/test-app - name: Docker logs + continue-on-error: true run: | cd ${HOME}/workspace/testgeomapfishapp/ c2cciutils-docker-logs if: failure() - continue-on-error: true - run: git stash - run: git pull --ff-only origin ${{ env.MAIN_BRANCH }} @@ -169,7 +176,9 @@ jobs: - uses: actions/setup-python@v4 with: python-version: '3.10' - - run: pip install --user PyYAML==5.3.1 docker-compose==1.29.2 'docker<7.0.0' wheel==0.40.0 urllib3==1.26.15 'requests<2.32.0' + - run: + pip install --user PyYAML==5.3.1 docker-compose==1.29.2 'docker<7.0.0' wheel==0.40.0 urllib3==1.26.15 + 'requests<2.32.0' - name: Init Git run: @@ -206,6 +215,14 @@ jobs: if: > env.HAS_SECRETS == 'HAS_SECRETS' && steps.version.outputs.versions != '' + - run: git diff --exit-code --patch > /tmp/dpkg-versions.patch || true + if: failure() + - uses: actions/upload-artifact@v4 + with: + name: Update dpkg versions list.patch + path: /tmp/dpkg-versions.patch + retention-days: 1 + if: failure() - name: Publish version branch to pypi run: | c2cciutils-publish --group=pypi --type=version_tag --version=${{ steps.version.outputs.full }} diff --git a/.github/workflows/pr-checks.yaml b/.github/workflows/pr-checks.yaml deleted file mode 100644 index 14489eb587..0000000000 --- a/.github/workflows/pr-checks.yaml +++ /dev/null @@ -1,29 +0,0 @@ -name: Pull request check - -on: - pull_request: - types: - - opened - - reopened - - edited - - synchronize - -jobs: - build: - name: Pull request check - runs-on: ubuntu-22.04 - timeout-minutes: 5 - if: github.event.pull_request.user.login != 'renovate[bot]' - - steps: - - run: pip install --upgrade attrs - - uses: actions/checkout@v3 - - - run: echo "${HOME}/.local/bin" >> ${GITHUB_PATH} - - run: python3 -m pip install --user --pre c2cciutils[pr_checks] - - - name: Check pull request - run: c2cciutils-pull-request-checks - env: - GITHUB_EVENT: ${{ toJson(github) }} - GITHUB_TOKEN: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }} diff --git a/.github/workflows/pull-request-automation.yaml b/.github/workflows/pull-request-automation.yaml index 14746f2894..0fab602720 100644 --- a/.github/workflows/pull-request-automation.yaml +++ b/.github/workflows/pull-request-automation.yaml @@ -26,7 +26,7 @@ jobs: with: script: |- console.log(context); - - name: Auto reviews Renovate updates + - name: Auto reviews GHCI updates uses: actions/github-script@v7 with: script: |- @@ -37,10 +37,13 @@ jobs: event: 'APPROVE', }) if: |- - github.event.pull_request.user.login == 'renovate[bot]' + startsWith(github.head_ref, 'ghci/audit/') + && (github.event.pull_request.user.login == 'ghci-test[bot]' + || github.event.pull_request.user.login == 'ghci-int[bot]' + || github.event.pull_request.user.login == 'ghci[bot]') && (github.event.action == 'opened' || github.event.action == 'reopened') - - name: Auto review and merge snyk auto fix + - name: Auto reviews Renovate updates uses: actions/github-script@v7 with: script: |- @@ -49,62 +52,8 @@ jobs: repo: context.repo.repo, pull_number: context.payload.pull_request.number, event: 'APPROVE', - }); - github.graphql(` - mutation { - enablePullRequestAutoMerge(input: { - pullRequestId: "${context.payload.pull_request.node_id}", - mergeMethod: SQUASH, - }) { - pullRequest { - autoMergeRequest { - enabledAt - } - } - } - } - `) - if: |- - github.event.pull_request.user.login == 'c2c-bot-gis-ci-2' - && startsWith(github.head_ref, 'snyk-fix/') - && (github.event.action == 'opened' - || github.event.action == 'reopened') - - name: Restart audit workflow - uses: actions/github-script@v7 - with: - script: |- - let runs = await github.rest.actions.listWorkflowRuns({ - owner: context.repo.owner, - repo: context.repo.repo, - workflow_id: 'audit.yaml', - per_page: 1, - }); - runs = runs.data.workflow_runs; - if (runs.length == 1 && runs[0].status != 'success') { - console.log(`Rerun workflow ${runs[0].id} ${runs[0].status}`); - github.rest.actions.reRunWorkflowFailedJobs({ - owner: context.repo.owner, - repo: context.repo.repo, - run_id: runs[0].id, - }); - } - if: |- - github.event.pull_request.user.login == 'c2c-bot-gis-ci-2' - && (startsWith(github.head_ref, 'snyk-fix/') - || startsWith(github.head_ref, 'dpkg-update/')) - && github.event.action == 'closed' - && github.event.pull_request.merged == true - - name: Auto close pre-commit.ci autoupdate - uses: actions/github-script@v7 - with: - script: |- - github.rest.pulls.update({ - owner: context.repo.owner, - repo: context.repo.repo, - pull_number: context.payload.pull_request.number, - state: 'closed', - }); + }) if: |- - github.event.pull_request.user.login == 'pre-commit-ci' + github.event.pull_request.user.login == 'renovate[bot]' && (github.event.action == 'opened' || github.event.action == 'reopened')