Skip to content

Commit

Permalink
Try running on the HEAD SHA instead of the merge in hopes of simplicity
Browse files Browse the repository at this point in the history
  • Loading branch information
@Cyberboss
Cyberboss committed Aug 17, 2024
1 parent b497b04 commit 70b4071
Show file tree
Hide file tree
Showing 3 changed files with 41 additions and 149 deletions.
85 changes: 25 additions & 60 deletions .github/workflows/ci-pipeline.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,9 @@ on:
pull_request_number:
description: 'Pull Request Number'
required: true
pull_request_merge_sha:
description: 'Pull Request Merge SHA'
required: true

env:
TGS_DOTNET_VERSION: 8
Expand All @@ -47,8 +50,8 @@ concurrency:
cancel-in-progress: true

jobs:
ci-start-gate:
name: CI Start Gate
release-notes-build:
name: Build Release Notes for Other Jobs
runs-on: ubuntu-latest
steps:
- name: Setup dotnet
Expand All @@ -75,7 +78,7 @@ jobs:

- name: Abort if PR Merge SHA has Changed
uses: actions/github-script@v7
if: github.event_name != 'push' && github.event_name != 'schedule' && steps.get-pr-sha.outputs.head_sha != github.sha
if: github.event_name != 'push' && github.event_name != 'schedule' && steps.get-pr-sha.outputs.head_sha != inputs.pull_request_merge_sha
with:
script: |
const delay = ms => new Promise(res => setTimeout(res, ms));
Expand Down Expand Up @@ -103,12 +106,8 @@ jobs:
name: release_notes_bins
path: ./release_notes_bins/

- name: Set CI Check Run (Started)
run: dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --ci-check ${{ github.sha }} ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} Started ${{ github.run_id }}

code-scanning:
name: Code Scanning
needs: ci-start-gate
runs-on: ubuntu-latest
permissions:
security-events: write
Expand Down Expand Up @@ -140,7 +139,7 @@ jobs:

- name: Abort if PR Merge SHA has Changed
uses: actions/github-script@v7
if: github.event_name != 'push' && github.event_name != 'schedule' && steps.get-pr-sha.outputs.head_sha != github.sha
if: github.event_name != 'push' && github.event_name != 'schedule' && steps.get-pr-sha.outputs.head_sha != inputs.pull_request_merge_sha
with:
script: |
const delay = ms => new Promise(res => setTimeout(res, ms));
Expand Down Expand Up @@ -178,7 +177,6 @@ jobs:

dmapi-build:
name: Build DMAPI
needs: ci-start-gate
strategy:
fail-fast: false
matrix:
Expand Down Expand Up @@ -246,7 +244,7 @@ jobs:

- name: Abort if PR Merge SHA has Changed
uses: actions/github-script@v7
if: github.event_name != 'push' && github.event_name != 'schedule' && steps.get-pr-sha.outputs.head_sha != github.sha
if: github.event_name != 'push' && github.event_name != 'schedule' && steps.get-pr-sha.outputs.head_sha != inputs.pull_request_merge_sha
with:
script: |
const delay = ms => new Promise(res => setTimeout(res, ms));
Expand Down Expand Up @@ -284,7 +282,6 @@ jobs:
opendream-build:
name: Build DMAPI (OpenDream)
needs: ci-start-gate
strategy:
fail-fast: false
matrix:
Expand Down Expand Up @@ -323,7 +320,7 @@ jobs:

- name: Abort if PR Merge SHA has Changed
uses: actions/github-script@v7
if: github.event_name != 'push' && github.event_name != 'schedule' && steps.get-pr-sha.outputs.head_sha != github.sha
if: github.event_name != 'push' && github.event_name != 'schedule' && steps.get-pr-sha.outputs.head_sha != inputs.pull_request_merge_sha
with:
script: |
const delay = ms => new Promise(res => setTimeout(res, ms));
Expand Down Expand Up @@ -369,7 +366,6 @@ jobs:
efcore-version-match:
name: Check Nuget Versions Match Tools
needs: ci-start-gate
runs-on: ubuntu-latest
steps:
- name: Checkout (Branch)
Expand All @@ -390,7 +386,7 @@ jobs:

- name: Abort if PR Merge SHA has Changed
uses: actions/github-script@v7
if: github.event_name != 'push' && github.event_name != 'schedule' && steps.get-pr-sha.outputs.head_sha != github.sha
if: github.event_name != 'push' && github.event_name != 'schedule' && steps.get-pr-sha.outputs.head_sha != inputs.pull_request_merge_sha
with:
script: |
const delay = ms => new Promise(res => setTimeout(res, ms));
Expand Down Expand Up @@ -450,7 +446,7 @@ jobs:
pages-build:
name: Build gh-pages
needs: ci-start-gate
needs: release-notes-build
runs-on: ubuntu-latest
steps:
- name: Setup dotnet
Expand Down Expand Up @@ -515,7 +511,6 @@ jobs:
docker-build:
name: Build Docker Image
needs: ci-start-gate
runs-on: ubuntu-latest
env:
TGS_TELEMETRY_KEY_FILE: tgs_telemetry_key.txt
Expand All @@ -538,7 +533,7 @@ jobs:

- name: Abort if PR Merge SHA has Changed
uses: actions/github-script@v7
if: github.event_name != 'push' && github.event_name != 'schedule' && steps.get-pr-sha.outputs.head_sha != github.sha
if: github.event_name != 'push' && github.event_name != 'schedule' && steps.get-pr-sha.outputs.head_sha != inputs.pull_request_merge_sha
with:
script: |
const delay = ms => new Promise(res => setTimeout(res, ms));
Expand Down Expand Up @@ -567,7 +562,6 @@ jobs:

linux-unit-tests:
name: Linux Tests
needs: ci-start-gate
strategy:
fail-fast: false
matrix:
Expand Down Expand Up @@ -613,7 +607,7 @@ jobs:

- name: Abort if PR Merge SHA has Changed
uses: actions/github-script@v7
if: github.event_name != 'push' && github.event_name != 'schedule' && steps.get-pr-sha.outputs.head_sha != github.sha
if: github.event_name != 'push' && github.event_name != 'schedule' && steps.get-pr-sha.outputs.head_sha != inputs.pull_request_merge_sha
with:
script: |
const delay = ms => new Promise(res => setTimeout(res, ms));
Expand Down Expand Up @@ -663,7 +657,6 @@ jobs:

windows-unit-tests:
name: Windows Tests
needs: ci-start-gate
strategy:
fail-fast: false
matrix:
Expand Down Expand Up @@ -703,7 +696,7 @@ jobs:

- name: Abort if PR Merge SHA has Changed
uses: actions/github-script@v7
if: github.event_name != 'push' && github.event_name != 'schedule' && steps.get-pr-sha.outputs.head_sha != github.sha
if: github.event_name != 'push' && github.event_name != 'schedule' && steps.get-pr-sha.outputs.head_sha != inputs.pull_request_merge_sha
with:
script: |
const delay = ms => new Promise(res => setTimeout(res, ms));
Expand Down Expand Up @@ -861,7 +854,7 @@ jobs:

- name: Abort if PR Merge SHA has Changed
uses: actions/github-script@v7
if: github.event_name != 'push' && github.event_name != 'schedule' && steps.get-pr-sha.outputs.head_sha != github.sha
if: github.event_name != 'push' && github.event_name != 'schedule' && steps.get-pr-sha.outputs.head_sha != inputs.pull_request_merge_sha
with:
script: |
const delay = ms => new Promise(res => setTimeout(res, ms));
Expand Down Expand Up @@ -1109,7 +1102,7 @@ jobs:

- name: Abort if PR Merge SHA has Changed
uses: actions/github-script@v7
if: github.event_name != 'push' && github.event_name != 'schedule' && steps.get-pr-sha.outputs.head_sha != github.sha
if: github.event_name != 'push' && github.event_name != 'schedule' && steps.get-pr-sha.outputs.head_sha != inputs.pull_request_merge_sha
with:
script: |
const delay = ms => new Promise(res => setTimeout(res, ms));
Expand Down Expand Up @@ -1221,7 +1214,7 @@ jobs:

- name: Abort if PR Merge SHA has Changed
uses: actions/github-script@v7
if: github.event_name != 'push' && github.event_name != 'schedule' && steps.get-pr-sha.outputs.head_sha != github.sha
if: github.event_name != 'push' && github.event_name != 'schedule' && steps.get-pr-sha.outputs.head_sha != inputs.pull_request_merge_sha
with:
script: |
const delay = ms => new Promise(res => setTimeout(res, ms));
Expand Down Expand Up @@ -1269,7 +1262,7 @@ jobs:

- name: Abort if PR Merge SHA has Changed
uses: actions/github-script@v7
if: github.event_name != 'push' && github.event_name != 'schedule' && steps.get-pr-sha.outputs.head_sha != github.sha
if: github.event_name != 'push' && github.event_name != 'schedule' && steps.get-pr-sha.outputs.head_sha != inputs.pull_request_merge_sha
with:
script: |
const delay = ms => new Promise(res => setTimeout(res, ms));
Expand Down Expand Up @@ -1527,7 +1520,6 @@ jobs:

build-deb:
name: Build .deb Package # Can't do i386 due to https://github.com/dotnet/core/issues/4595
needs: ci-start-gate
runs-on: ubuntu-latest
env:
TGS_TELEMETRY_KEY_FILE: /tmp/tgs_telemetry_key.txt
Expand Down Expand Up @@ -1582,7 +1574,7 @@ jobs:

- name: Abort if PR Merge SHA has Changed
uses: actions/github-script@v7
if: github.event_name != 'push' && github.event_name != 'schedule' && steps.get-pr-sha.outputs.head_sha != github.sha
if: github.event_name != 'push' && github.event_name != 'schedule' && steps.get-pr-sha.outputs.head_sha != inputs.pull_request_merge_sha
with:
script: |
const delay = ms => new Promise(res => setTimeout(res, ms));
Expand Down Expand Up @@ -1666,7 +1658,6 @@ jobs:

build-msi:
name: Build Windows Installer .exe
needs: ci-start-gate
runs-on: windows-latest
env:
TGS_TELEMETRY_KEY_FILE: C:/tgs_telemetry_key.txt
Expand Down Expand Up @@ -1705,7 +1696,7 @@ jobs:

- name: Abort if PR Merge SHA has Changed
uses: actions/github-script@v7
if: github.event_name != 'push' && github.event_name != 'schedule' && steps.get-pr-sha.outputs.head_sha != github.sha
if: github.event_name != 'push' && github.event_name != 'schedule' && steps.get-pr-sha.outputs.head_sha != inputs.pull_request_merge_sha
with:
script: |
const delay = ms => new Promise(res => setTimeout(res, ms));
Expand Down Expand Up @@ -1839,7 +1830,7 @@ jobs:

check-winget-pr-template:
name: Check winget-pkgs Pull Request Template is up to date
needs: ci-start-gate
needs: release-notes-build
runs-on: ubuntu-latest
steps:
- name: Setup dotnet
Expand All @@ -1864,38 +1855,12 @@ jobs:
run: dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --winget-template-check ${{ steps.get-sha.outputs.pr_template_sha }}

ci-completion-gate:
name: CI Completion Gate
needs: [ pages-build, docker-build, build-deb, build-msi, validate-openapi-spec, upload-code-coverage, check-winget-pr-template, code-scanning, efcore-version-match, ci-start-gate ]
name: CI Completion Gate # Used as a branch protection ruleset target
needs: [ pages-build, docker-build, build-deb, build-msi, validate-openapi-spec, upload-code-coverage, check-winget-pr-template, code-scanning, efcore-version-match ]
runs-on: ubuntu-latest
if: always() && needs.ci-start-gate.result == 'success'
steps:
- name: Setup dotnet
uses: actions/setup-dotnet@v4
with:
dotnet-version: '${{ env.TGS_DOTNET_VERSION }}.0.x'
dotnet-quality: ${{ env.TGS_DOTNET_QUALITY }}

- name: Retrieve ReleaseNotes Binaries
uses: actions/download-artifact@v4
with:
name: release_notes_bins
path: release_notes_bins

- name: Update CI Check Run (Cancelled)
if: needs.pages-build.result == 'cancelled' || needs.docker-build.result == 'cancelled' || needs.build-deb.result == 'cancelled' || needs.build-msi.result == 'cancelled' || needs.validate-openapi-spec.result == 'cancelled' || needs.upload-code-coverage.result == 'cancelled' || needs.check-winget-pr-template.result == 'cancelled' || needs.code-scanning.result == 'cancelled' || needs.efcore-version-match.result == 'cancelled' || needs.pages-build.result == 'cancelled'
run: dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --ci-check ${{ github.sha }} ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} Cancelled ${{ github.run_id }}

- name: Update CI Check Run (Failure)
if: (!(needs.pages-build.result == 'cancelled' || needs.docker-build.result == 'cancelled' || needs.build-deb.result == 'cancelled' || needs.build-msi.result == 'cancelled' || needs.validate-openapi-spec.result == 'cancelled' || needs.upload-code-coverage.result == 'cancelled' || needs.check-winget-pr-template.result == 'cancelled' || needs.code-scanning.result == 'cancelled' || needs.efcore-version-match.result == 'cancelled' || needs.pages-build.result == 'cancelled') && (needs.pages-build.result == 'failure' || needs.docker-build.result == 'failure' || needs.build-deb.result == 'failure' || needs.build-msi.result == 'failure' || needs.validate-openapi-spec.result == 'failure' || needs.upload-code-coverage.result == 'failure' || needs.check-winget-pr-template.result == 'failure' || needs.code-scanning.result == 'failure' || needs.efcore-version-match.result == 'failure' || needs.pages-build.result == 'failure'))
run: dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --ci-check ${{ github.sha }} ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} Failure ${{ github.run_id }}

- name: Update CI Check Run (Success)
if: needs.pages-build.result == 'success' && needs.docker-build.result == 'success' && needs.build-deb.result == 'success' && needs.build-msi.result == 'success' && needs.validate-openapi-spec.result == 'success' && needs.upload-code-coverage.result == 'success' && needs.check-winget-pr-template.result == 'success' && needs.code-scanning.result == 'success' && needs.efcore-version-match.result == 'success' && needs.pages-build.result == 'success'
run: dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --ci-check ${{ github.sha }} ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} Success ${{ github.run_id }}

- name: Fail Job if Prerequisites Failed
if: (!(needs.pages-build.result == 'cancelled' || needs.docker-build.result == 'cancelled' || needs.build-deb.result == 'cancelled' || needs.build-msi.result == 'cancelled' || needs.validate-openapi-spec.result == 'cancelled' || needs.upload-code-coverage.result == 'cancelled' || needs.check-winget-pr-template.result == 'cancelled' || needs.code-scanning.result == 'cancelled' || needs.efcore-version-match.result == 'cancelled' || needs.pages-build.result == 'cancelled') && (needs.pages-build.result == 'failure' || needs.docker-build.result == 'failure' || needs.build-deb.result == 'failure' || needs.build-msi.result == 'failure' || needs.validate-openapi-spec.result == 'failure' || needs.upload-code-coverage.result == 'failure' || needs.check-winget-pr-template.result == 'failure' || needs.code-scanning.result == 'failure' || needs.efcore-version-match.result == 'failure' || needs.pages-build.result == 'failure'))
run: exit 1
- name: Mandatory Empty Step
run: exit 0

deployment-gate:
name: Deployment Start Gate
Expand Down
26 changes: 16 additions & 10 deletions .github/workflows/ci-security.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,22 +74,30 @@ jobs:
- name: Checkout
uses: actions/checkout@v4
with:
ref: refs/pull/${{ github.event.pull_request.number }}/merge
ref: refs/pull/${{ github.event.pull_request.number }}/head

- name: Restore
run: dotnet restore

- name: Build ReleaseNotes
run: dotnet publish -c Release -p:TGS_HOST_NO_WEBPANEL=true -o release_notes_bins tools/Tgstation.Server.ReleaseNotes/Tgstation.Server.ReleaseNotes.csproj

- name: Checkout
uses: actions/checkout@v4
with:
ref: refs/pull/${{ github.event.pull_request.number }}/merge
path: merge_workspace

- name: Read Current SHA # Can't rely on github.sha as it's for the base branch
id: get-pr-sha
run: echo "head_sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
run: |
cd merge_workspace
echo "merge_sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
- name: Generate Temporary Branch to Reference Merge
- name: Generate Temporary Branch to Reference Head
run: |
git checkout -b ${{ github.event.pull_request.number }}-merge
git push -f -u origin ${{ github.event.pull_request.number }}-merge
git checkout -b ${{ github.event.pull_request.number }}-head
git push -f -u origin ${{ github.event.pull_request.number }}-head
- name: Send Workflow Dispatch
uses: lasith-kg/dispatch-workflow@5623bf13f09bbbbdb549ec692b070307f39b66ac #v2.0.0 + setup_node@v4
Expand All @@ -98,17 +106,15 @@ jobs:
dispatch-method: workflow_dispatch
owner: ${{ github.repository_owner }}
repo: ${{ github.event.pull_request.base.repo.name }}
ref: ${{ github.event.pull_request.number }}-merge
ref: ${{ github.event.pull_request.number }}-head
workflow: ci-pipeline.yml
token: ${{ github.token }}
workflow-inputs: |
{
"pull_request_number": "${{ github.event.pull_request.number }}"
"pull_request_merge_sha": "${{ steps.get-pr-sha.outputs.merge_sha }}"
}
- name: Set CI Check Run (Pending)
run: dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --ci-check ${{ steps.get-pr-sha.outputs.head_sha }} ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} Pending ${{ steps.dispatch.outputs.run-id }}

- name: Delete Temporary Branch
if: always()
run: git push -d origin ${{ github.event.pull_request.number }}-merge
run: git push -d origin ${{ github.event.pull_request.number }}-head
Loading

0 comments on commit 70b4071

Please sign in to comment.