Bump github/codeql-action from 3.27.0 to 3.28.1 #470
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: RIT Action Continuous Integration Test | |
on: | |
pull_request: | |
push: | |
branches: | |
- main | |
workflow_dispatch: | |
inputs: | |
rskj-branch: | |
description: 'Branch for RSKj' | |
required: false | |
default: 'master' | |
powpeg-branch: | |
description: 'Branch for PowPeg Node' | |
required: false | |
default: 'master' | |
permissions: | |
contents: read | |
env: | |
TEST_TAG: ${{ github.event.repository.name }}/rit:test | |
LATEST_TAG: ghcr.io/rsksmart/${{ github.event.repository.name }}/rit | |
jobs: | |
build-push-rit-action-container-action: | |
name: Test RIT Action docker container-action | |
runs-on: ubuntu-latest | |
timeout-minutes: 60 | |
steps: | |
- name: Checkout | |
id: checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 | |
with: | |
images: | | |
${{ env.LATEST_TAG }} | |
${{ env.TEST_TAG }} | |
- name: Setup Docker BuildX | |
id: setup-buildx | |
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 | |
with: | |
install: true | |
driver-opts: network=host | |
platforms: linux/amd64 | |
- name: Build and export locally Docker | |
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 | |
with: | |
context: container-action/ | |
load: true | |
tags: ${{ env.TEST_TAG }} | |
- name: Set Branch Variables | |
id: set-branch-variables | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
github_event_inputs_powpeg_branch: ${{ github.event.inputs.powpeg-branch }} | |
github_event_inputs_rskj_branch: ${{ github.event.inputs.rskj-branch }} | |
github_event_name: ${{ github.event_name }} | |
github_event_pull_request_number: ${{ github.event.pull_request.number }} | |
github_head_ref: ${{ github.head_ref }} | |
github_ref_name: ${{ github.ref_name }} | |
run: | | |
PR_DESCRIPTION=pr-description.txt | |
ALLOWED_BRANCH_CHARACTERS='[-+./0-9A-Z_a-z]' | |
default_rskj_branch=master | |
default_powpeg_branch=master | |
default_rit_branch=main | |
get_branch_from_description() | |
{ | |
_prefix=$1 | |
# On lines matching "`$_prefix:...`", replace the lines with the | |
# thing in ... and print the result. | |
_search_re='\@`'$_prefix:$ALLOWED_BRANCH_CHARACTERS'\{1,\}`@' | |
_replace_re='s@.*`'$_prefix:'\('$ALLOWED_BRANCH_CHARACTERS'\{1,\}\)`.*@\1@p' | |
_branch=$(sed -n "$_search_re $_replace_re" "$PR_DESCRIPTION") | |
echo "$_branch" | |
} | |
is_valid_branch_name() | |
{ | |
echo "$1" | grep -qx "$ALLOWED_BRANCH_CHARACTERS\\{1,\\}" | |
} | |
if [ "$github_event_name" = workflow_dispatch ]; then | |
RSKJ_BRANCH=${github_event_inputs_rskj_branch:-$default_rit_branch} | |
POWPEG_BRANCH=${github_event_inputs_powpeg_branch:-$default_powpeg_branch} | |
RIT_BRANCH=$github_ref_name | |
elif [ "$github_event_name" = pull_request ]; then | |
gh pr view "$github_event_pull_request_number" --json body -q .body >"$PR_DESCRIPTION" | |
RSKJ_BRANCH=$(get_branch_from_description rskj) | |
: ${RSKJ_BRANCH:=$default_rskj_branch} | |
POWPEG_BRANCH=$(get_branch_from_description fed) | |
: ${POWPEG_BRANCH:=$default_powpeg_branch} | |
RIT_BRANCH=$(get_branch_from_description rit) | |
: ${RIT_BRANCH:=${github_head_ref:-$default_rskj_branch}} | |
else | |
RSKJ_BRANCH=$default_rskj_branch | |
POWPEG_BRANCH=$default_powpeg_branch | |
RIT_BRANCH=$default_rit_branch | |
fi | |
if ! is_valid_branch_name "$RSKJ_BRANCH"; then | |
echo "rskj: invalid branch name: $RSKJ_BRANCH" >&2 | |
exit 1 | |
fi | |
if ! is_valid_branch_name "$POWPEG_BRANCH"; then | |
echo "fed: invalid branch name: $POWPEG_BRANCH" >&2 | |
exit 1 | |
fi | |
if ! is_valid_branch_name "$RIT_BRANCH"; then | |
echo "rit: invalid branch name: $RIT_BRANCH" >&2 | |
exit 1 | |
fi | |
echo "RSKJ_BRANCH=$RSKJ_BRANCH" >> $GITHUB_ENV | |
echo "RIT_BRANCH=$RIT_BRANCH" >> $GITHUB_ENV | |
echo "POWPEG_BRANCH=$POWPEG_BRANCH" >> $GITHUB_ENV | |
- name: Test the RIT Container Action | |
id: test-container | |
env: | |
INPUT_RSKJ_BRANCH: ${{ env.RSKJ_BRANCH }} | |
INPUT_POWPEG_NODE_BRANCH: ${{ env.POWPEG_BRANCH }} | |
INPUT_RIT_BRANCH: ${{ env.RIT_BRANCH }} | |
INPUT_RIT_LOG_LEVEL: info | |
run: | | |
docker run \ | |
--env GITHUB_OUTPUT="/github-output" \ | |
--env INPUT_RSKJ_BRANCH="${{ env.INPUT_RSKJ_BRANCH }}" \ | |
--env INPUT_POWPEG_NODE_BRANCH="${{ env.INPUT_POWPEG_NODE_BRANCH }}" \ | |
--env INPUT_RIT_BRANCH="${{ env.INPUT_RIT_BRANCH }}" \ | |
--env INPUT_RIT_LOG_LEVEL="${{ env.INPUT_RIT_LOG_LEVEL }}" \ | |
-v "$GITHUB_OUTPUT:/github-output" \ | |
--rm ${{ env.TEST_TAG }} | |
- name: GitHub container registry login | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build the RIT Action Container Image | |
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 | |
with: | |
context: container-action/ | |
tags: ${{ env.LATEST_TAG }} | |
labels: ${{ steps.meta.outputs.labels }} | |
load: true | |
push: true | |
test-rit-action: | |
needs: build-push-rit-action-container-action | |
name: GitHub Actions Test | |
runs-on: ubuntu-latest | |
timeout-minutes: 60 | |
steps: | |
- name: Checkout | |
id: checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Test RIT Action | |
id: test-rit-action | |
uses: ./ | |
with: | |
rskj-branch: ${{ env.RSKJ_BRANCH }} | |
powpeg-node-branch: ${{ env.POWPEG_BRANCH }} | |
rit-branch: ${{ env.RIT_BRANCH }} | |
- name: Print RIT Status and Message | |
id: output | |
run: | | |
echo "RIT Status = ${{ steps.test-rit-action.outputs.status }}" | |
echo "RIT Message = ${{ steps.test-rit-action.outputs.message }}" | |
publish-rit-action-tag: | |
needs: test-rit-action | |
name: Publish RIT Action tag | |
runs-on: ubuntu-latest | |
timeout-minutes: 60 | |
if: github.ref == 'refs/heads/main' | |
permissions: | |
contents: write | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Publish new version | |
run: | | |
git config --global user.email "[email protected]" | |
git config --global user.name "RIT Release Automation" | |
git tag -fa v1 -m "Updating rootstock-integration-tests container action v1" | |
git push origin v1 --force |