CI run for PR #10479 #439
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Pre-merge checks | ||
| on: | ||
| pull_request: | ||
| paths: | ||
| - .github/workflows/_check-codestyle-python.yml | ||
| - .github/workflows/_check-codestyle-rust.yml | ||
| - .github/workflows/build-build-tools-image.yml | ||
| - .github/workflows/pre-merge-checks.yml | ||
| merge_group: | ||
| branches: | ||
| - main | ||
| defaults: | ||
| run: | ||
| shell: bash -euxo pipefail {0} | ||
| # No permission for GITHUB_TOKEN by default; the **minimal required** set of permissions should be granted in each job. | ||
| permissions: {} | ||
| jobs: | ||
| get-changed-files: | ||
| runs-on: ubuntu-22.04 | ||
| outputs: | ||
| python-changed: ${{ steps.python-src.outputs.any_changed }} | ||
| rust-changed: ${{ steps.rust-src.outputs.any_changed }} | ||
| steps: | ||
| - name: Harden Runner | ||
| uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 | ||
| with: | ||
| egress-policy: audit | ||
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| - uses: tj-actions/changed-files@4edd678ac3f81e2dc578756871e4d00c19191daf # v45.0.4 | ||
| id: python-src | ||
| with: | ||
| files: | | ||
| .github/workflows/_check-codestyle-python.yml | ||
| .github/workflows/build-build-tools-image.yml | ||
| .github/workflows/pre-merge-checks.yml | ||
| **/**.py | ||
| poetry.lock | ||
| pyproject.toml | ||
| - uses: tj-actions/changed-files@4edd678ac3f81e2dc578756871e4d00c19191daf # v45.0.4 | ||
| id: rust-src | ||
| with: | ||
| files: | | ||
| .github/workflows/_check-codestyle-rust.yml | ||
| .github/workflows/build-build-tools-image.yml | ||
| .github/workflows/pre-merge-checks.yml | ||
| **/**.rs | ||
| **/Cargo.toml | ||
| Cargo.toml | ||
| Cargo.lock | ||
| - name: PRINT ALL CHANGED FILES FOR DEBUG PURPOSES | ||
| env: | ||
| PYTHON_CHANGED_FILES: ${{ steps.python-src.outputs.all_changed_files }} | ||
| RUST_CHANGED_FILES: ${{ steps.rust-src.outputs.all_changed_files }} | ||
| run: | | ||
| echo "${PYTHON_CHANGED_FILES}" | ||
| echo "${RUST_CHANGED_FILES}" | ||
| build-build-tools-image: | ||
| if: needs.get-changed-files.outputs.python-changed == 'true' | ||
| needs: [ get-changed-files ] | ||
| uses: ./.github/workflows/build-build-tools-image.yml | ||
| with: | ||
| # Build only one combination to save time | ||
| archs: '["x64"]' | ||
| debians: '["bookworm"]' | ||
| secrets: inherit | ||
| check-codestyle-python: | ||
|
Check failure on line 76 in .github/workflows/pre-merge-checks.yml
|
||
| if: needs.get-changed-files.outputs.python-changed == 'true' | ||
| needs: [ get-changed-files, build-build-tools-image ] | ||
| uses: ./.github/workflows/_check-codestyle-python.yml | ||
| with: | ||
| # `-bookworm-x64` suffix should match the combination in `build-build-tools-image` | ||
| build-tools-image: ${{ needs.build-build-tools-image.outputs.image }}-bookworm-x64 | ||
| secrets: inherit | ||
| check-codestyle-rust: | ||
| if: needs.get-changed-files.outputs.rust-changed == 'true' | ||
| needs: [ get-changed-files, build-build-tools-image ] | ||
| uses: ./.github/workflows/_check-codestyle-rust.yml | ||
| with: | ||
| # `-bookworm-x64` suffix should match the combination in `build-build-tools-image` | ||
| build-tools-image: ${{ needs.build-build-tools-image.outputs.image }}-bookworm-x64 | ||
| archs: '["x64"]' | ||
| secrets: inherit | ||
| # To get items from the merge queue merged into main we need to satisfy "Status checks that are required". | ||
| # Currently we require 2 jobs (checks with exact name): | ||
| # - conclusion | ||
| # - neon-cloud-e2e | ||
| conclusion: | ||
| if: always() | ||
| permissions: | ||
| statuses: write # for `github.repos.createCommitStatus(...)` | ||
| contents: write | ||
| needs: | ||
| - get-changed-files | ||
| - check-codestyle-python | ||
| - check-codestyle-rust | ||
| runs-on: ubuntu-22.04 | ||
| steps: | ||
| - name: Harden Runner | ||
| uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 | ||
| with: | ||
| egress-policy: audit | ||
| - name: Create fake `neon-cloud-e2e` check | ||
| uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | ||
| with: | ||
| # Retry script for 5XX server errors: https://github.com/actions/github-script#retries | ||
| retries: 5 | ||
| script: | | ||
| const { repo, owner } = context.repo; | ||
| const targetUrl = `${context.serverUrl}/${owner}/${repo}/actions/runs/${context.runId}`; | ||
| await github.rest.repos.createCommitStatus({ | ||
| owner: owner, | ||
| repo: repo, | ||
| sha: context.sha, | ||
| context: `neon-cloud-e2e`, | ||
| state: `success`, | ||
| target_url: targetUrl, | ||
| description: `fake check for merge queue`, | ||
| }); | ||
| - name: Fail the job if any of the dependencies do not succeed or skipped | ||
| run: exit 1 | ||
| if: | | ||
| (contains(needs.check-codestyle-python.result, 'skipped') && needs.get-changed-files.outputs.python-changed == 'true') | ||
| || contains(needs.*.result, 'failure') | ||
| || contains(needs.*.result, 'cancelled') | ||
