Add support for named collections of workflows

mbg · mbg · commit f9024111db26 · 2025-08-12T12:24:43.000+01:00
diff --git a/.github/workflows/__go.yml b/.github/workflows/__go.yml
diff --git a/pr-checks/checks/go-custom-queries.yml b/pr-checks/checks/go-custom-queries.yml
@@ -1,5 +1,6 @@
 name: "Go: Custom queries"
 description: "Checks that Go works in conjunction with a config file specifying custom queries"
+collection: go
 operatingSystems:
   - ubuntu
 versions:
diff --git a/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml b/pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml
@@ -1,5 +1,6 @@
 name: "Go: diagnostic when Go is changed after init step"
 description: "Checks that we emit a diagnostic if Go is changed after the init step"
+collection: go
 # only Linux is affected
 operatingSystems: ["ubuntu"]
 # pinned to a version which does not support statically linked binaries for indirect tracing
diff --git a/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml b/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml
@@ -1,5 +1,6 @@
 name: "Go: diagnostic when `file` is not installed"
 description: "Checks that we emit a diagnostic if the `file` program is not installed"
+collection: go
 # only Linux is affected
 operatingSystems: ["ubuntu"]
 # pinned to a version which does not support statically linked binaries for indirect tracing
diff --git a/pr-checks/checks/go-indirect-tracing-workaround.yml b/pr-checks/checks/go-indirect-tracing-workaround.yml
@@ -1,5 +1,6 @@
 name: "Go: workaround for indirect tracing"
 description: "Checks that our workaround for indirect tracing for Go 1.21+ on Linux works"
+collection: go
 # only Linux is affected
 operatingSystems: ["ubuntu"]
 # pinned to a version which does not support statically linked binaries for indirect tracing
diff --git a/pr-checks/checks/go-tracing-autobuilder.yml b/pr-checks/checks/go-tracing-autobuilder.yml
@@ -1,5 +1,6 @@
 name: "Go: tracing with autobuilder step"
 description: "Checks that Go tracing works when using an autobuilder step"
+collection: go
 operatingSystems: ["ubuntu", "macos"]
 env:
   DOTNET_GENERATE_ASPNET_CERTIFICATE: "false"
diff --git a/pr-checks/checks/go-tracing-custom-build-steps.yml b/pr-checks/checks/go-tracing-custom-build-steps.yml
@@ -1,5 +1,6 @@
 name: "Go: tracing with custom build steps"
 description: "Checks that Go tracing traces the build when using custom build steps"
+collection: go
 operatingSystems: ["ubuntu", "macos"]
 installGo: "true"
 steps:
diff --git a/pr-checks/checks/go-tracing-legacy-workflow.yml b/pr-checks/checks/go-tracing-legacy-workflow.yml
@@ -1,5 +1,6 @@
 name: "Go: tracing with legacy workflow"
 description: "Checks that we run the autobuilder in legacy workflows with neither an autobuild step nor manual build steps"
+collection: go
 operatingSystems: ["ubuntu", "macos"]
 env:
   DOTNET_GENERATE_ASPNET_CERTIFICATE: "false"
diff --git a/pr-checks/sync.py b/pr-checks/sync.py
@@ -60,6 +60,7 @@ def writeHeader(checkStream):
 this_dir = pathlib.Path(__file__).resolve().parent
 
 allJobs = {}
+collections = {}
 for file in (this_dir / 'checks').glob('*.yml'):
     with open(file, 'r') as checkStream:
         checkSpecification = yaml.load(checkStream)
@@ -160,6 +161,14 @@ def writeHeader(checkStream):
         checkJob['env']['CODEQL_ACTION_TEST_MODE'] = True
     checkName = file.stem
 
+    # If this check belongs to a named collection, record it.
+    if 'collection' in checkSpecification:
+        collection_name = checkSpecification['collection']
+        collections.setdefault(collection_name, []).append({
+            'specification': checkSpecification,
+            'checkName': checkName
+        })
+
     raw_file = this_dir.parent / ".github" / "workflows" / f"__{checkName}.yml.raw"
     with open(raw_file, 'w') as output_stream:
         writeHeader(output_stream)
@@ -190,3 +199,45 @@ def writeHeader(checkStream):
             content = input_stream.read()
             output_stream.write("\n".join(list(map(lambda x:x.rstrip(), content.splitlines()))+['']))
     os.remove(raw_file)
+
+# write workflow files for collections
+for collection_name in collections:
+    jobs = {}
+
+    for check in collections[collection_name]:
+        checkName = check['checkName']
+        checkSpecification = check['specification']
+        jobs[checkName] = {
+            'name': checkSpecification['name'],
+            'permissions': {
+                'contents': 'read',
+                'security-events': 'read'
+            },
+            'uses': "./.github/workflows/" + f"__{checkName}.yml",
+        }
+
+    raw_file = this_dir.parent / ".github" / "workflows" / f"__{collection_name}.yml.raw"
+    with open(raw_file, 'w') as output_stream:
+        writeHeader(output_stream)
+        yaml.dump({
+            'name': f"Manual Check - {collection_name}",
+            'env': {
+                'GITHUB_TOKEN': '${{ secrets.GITHUB_TOKEN }}',
+                'GO111MODULE': 'auto'
+            },
+            'on': {
+                'push': {
+                    'paths': [
+                        f'.github/workflows/__{collection_name}.yml'
+                    ]
+                },
+                'workflow_dispatch': {},
+            },
+            'jobs': jobs
+        }, output_stream)
+
+    with open(raw_file, 'r') as input_stream:
+        with open(this_dir.parent / ".github" / "workflows" / f"__{collection_name}.yml", 'w') as output_stream:
+            content = input_stream.read()
+            output_stream.write("\n".join(list(map(lambda x:x.rstrip(), content.splitlines()))+['']))
+    os.remove(raw_file)
