Artifact attestation #1256
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | --- | |
| name: R Package Validation report 📃 | |
| on: | |
| push: | |
| tags: | |
| - "v*" | |
| branches: | |
| - main | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| - reopened | |
| - ready_for_review | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| workflow_call: | |
| inputs: | |
| install-system-dependencies: | |
| description: Check for and install system dependencies | |
| required: false | |
| default: false | |
| type: boolean | |
| enable-staged-dependencies-check: | |
| description: Enable staged dependencies YAML check | |
| required: false | |
| default: false | |
| type: boolean | |
| sd-direction: | |
| description: The direction to use to install staged dependencies. Choose between 'upstream', 'downstream' and 'all' | |
| required: false | |
| type: string | |
| default: upstream | |
| package-subdirectory: | |
| description: Subdirectory in the repository, where the R package is located. | |
| required: false | |
| type: string | |
| default: "." | |
| secrets: | |
| REPO_GITHUB_TOKEN: | |
| description: | | |
| Github token with read access to repositories, required for staged.dependencies installation | |
| required: false | |
| concurrency: | |
| group: validation-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| validation: | |
| name: Create report 📃 | |
| runs-on: ubuntu-latest | |
| if: > | |
| !contains(github.event.commits[0].message, '[skip validation]') | |
| && github.event.pull_request.draft == false | |
| container: | |
| image: ghcr.io/insightsengineering/rstudio:latest | |
| permissions: | |
| contents: write | |
| packages: write | |
| deployments: write | |
| steps: | |
| - name: Setup token 🔑 | |
| id: github-token | |
| run: | | |
| if [ "${{ secrets.REPO_GITHUB_TOKEN }}" == "" ]; then | |
| echo "REPO_GITHUB_TOKEN is empty. Substituting it with GITHUB_TOKEN." | |
| echo "token=${{ secrets.GITHUB_TOKEN }}" >> $GITHUB_OUTPUT | |
| else | |
| echo "Using REPO_GITHUB_TOKEN." | |
| echo "token=${{ secrets.REPO_GITHUB_TOKEN }}" >> $GITHUB_OUTPUT | |
| fi | |
| shell: bash | |
| - name: Get branch names 🌿 | |
| id: branch-name | |
| uses: tj-actions/branch-names@v7 | |
| - name: Checkout repo (PR) 🛎 | |
| uses: actions/[email protected] | |
| if: github.event_name == 'pull_request' | |
| with: | |
| ref: ${{ steps.branch-name.outputs.head_ref_branch }} | |
| repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| - name: Checkout repo 🛎 | |
| uses: actions/[email protected] | |
| if: github.event_name != 'pull_request' | |
| with: | |
| ref: ${{ steps.branch-name.outputs.head_ref_branch }} | |
| - name: Check commit message 💬 | |
| run: | | |
| git config --global --add safe.directory $(pwd) | |
| export head_commit_message="$(git show -s --format=%B | tr '\r\n' ' ' | tr '\n' ' ')" | |
| echo "head_commit_message = $head_commit_message" | |
| if [[ $head_commit_message == *"$SKIP_INSTRUCTION"* ]]; then | |
| echo "Skip instruction detected - cancelling the workflow." | |
| exit 1 | |
| fi | |
| shell: bash | |
| env: | |
| SKIP_INSTRUCTION: "[skip validation]" | |
| - name: Normalize variables 📏 | |
| run: | | |
| package_subdirectory_input="${{ inputs.package-subdirectory }}" | |
| echo "package_subdirectory=${package_subdirectory_input:-.}" >> $GITHUB_ENV | |
| shell: bash | |
| - name: Restore SD cache 💰 | |
| uses: actions/cache@v4 | |
| with: | |
| key: sd-${{ runner.os }}-${{ github.event.repository.name }} | |
| path: ~/.staged.dependencies | |
| - name: Run Staged dependencies 🎦 | |
| uses: insightsengineering/staged-dependencies-action@v2 | |
| env: | |
| GITHUB_PAT: ${{ steps.github-token.outputs.token }} | |
| with: | |
| path: ${{ env.package_subdirectory }} | |
| enable-check: ${{ inputs.enable-staged-dependencies-check }} | |
| run-system-dependencies: ${{ inputs.install-system-dependencies }} | |
| direction: ${{ inputs.sd-direction }} | |
| - name: Build report 🏗 | |
| uses: insightsengineering/thevalidatoR@v2 | |
| env: | |
| GITHUB_PAT: ${{ steps.github-token.outputs.token }} | |
| with: | |
| report_pkg_dir: ${{ env.package_subdirectory }} | |
| - name: Upload report for review ⬆ | |
| if: github.ref != 'refs/heads/main' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: validation_report.pdf | |
| path: validation_report.pdf | |
| upload-release-assets: | |
| name: Upload report to release 🔼 | |
| needs: validation | |
| runs-on: ubuntu-latest | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| steps: | |
| - name: Checkout repo 🛎 | |
| uses: actions/[email protected] | |
| - name: Download artifact ⏬ | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: validation_report.pdf | |
| - name: Check if release exists | |
| id: check-if-release-exists | |
| uses: insightsengineering/release-existence-action@v1 | |
| - name: Upload report to release 🔼 | |
| if: >- | |
| steps.check-if-release-exists.outputs.release-exists == 'true' | |
| uses: svenstaro/upload-release-action@v2 | |
| with: | |
| file: ./validation_report.pdf | |
| asset_name: validation-report.pdf | |
| repo_token: ${{ secrets.GITHUB_TOKEN }} | |
| tag: ${{ github.ref }} | |
| overwrite: true |