Enable linting #22
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Test on push and pull request | |
| permissions: | |
| actions: write | |
| contents: read | |
| packages: write | |
| # To report GitHub Actions status checks | |
| statuses: write | |
| id-token: write | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| lint: | |
| name: Lint | |
| uses: ./.github/workflows/lint.yml | |
| files_changed: | |
| name: Determine files changed | |
| needs: lint | |
| runs-on: ubuntu-latest | |
| # Map a step output to a job output, this allows other jobs to be gated on the filter results | |
| outputs: | |
| extra_on_push: ${{ steps.filter_some.outputs.extra_on_push }} | |
| extra_on_pull_request: ${{ steps.filter_some.outputs.extra_on_pull_request }} | |
| stackhpc: ${{ toJson(fromJson(steps.filter_some.outputs.stackhpc) || fromJson(steps.filter_every.outputs.stackhpc)) }} | |
| trivvyscan: ${{ steps.filter_some.outputs.trivvyscan }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Paths matching on any filter rule | |
| # For safety use the commit of dorny/paths-filter@v3 | |
| uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 | |
| id: filter_some | |
| with: | |
| # Filter changed files, 'some' means the file is matched if any one of the filter rules match. | |
| # Processing is different from 'paths' and 'paths_exclude', see note below. | |
| predicate-quantifier: 'some' | |
| list-files: 'json' | |
| filters: | | |
| extra_on_push: | |
| - 'environments/.stackhpc/tofu/cluster_image.auto.tfvars.json' | |
| - 'ansible/roles/doca/**' | |
| - 'ansible/roles/cuda/**' | |
| - 'ansible/roles/slurm_recompile/**' # runs on cuda group | |
| - 'ansible/roles/lustre/**' | |
| - '.github/workflows/extra.yml' | |
| extra_on_pull_request: | |
| - 'environments/.stackhpc/tofu/cluster_image.auto.tfvars.json' | |
| - 'ansible/roles/doca/**' | |
| - 'ansible/roles/cuda/**' | |
| - 'ansible/roles/lustre/**' | |
| - '.github/workflows/extra.yml' | |
| stackhpc: | |
| - 'dev/setup-env.sh' | |
| - '.github/workflows/stackhpc.yml' | |
| trivvyscan: | |
| - 'environments/.stackhpc/tofu/cluster_image.auto.tfvars.json' | |
| - name: Paths matching on every filter rule | |
| # For safety use the commit of dorny/paths-filter@v3 | |
| uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 | |
| id: filter_every | |
| with: | |
| # Filter changed files, 'every' means the file is matched only if matches all filter rules. | |
| # Processing is different from 'paths' and 'paths_exclude', see note below. | |
| predicate-quantifier: 'every' | |
| list-files: 'json' | |
| filters: | | |
| stackhpc: | |
| - '**' | |
| - '!dev/**' | |
| - '!**/*.md' | |
| - '!.gitignore' | |
| - '!.github/workflows/' | |
| - name: Paths matched output | |
| # NOTE: This is a debug step, it prints the paths that matched the filters | |
| # It's useful because dorny/paths-filter doesn't work like the conventional 'paths' and 'paths_exclude' | |
| # We can't do the following: | |
| # paths: | |
| # - '**' | |
| # - '!dev/**' | |
| # - 'dev/setup-env.sh' | |
| # | |
| # Which would include all files whilst removing all "dev/" files except "dev/setup-env.sh". | |
| # Instead the 'some' stackhpc filter ensures we include "dev/setup-env.sh" - if changed, | |
| # the 'every' stackhpc filter ensures we don't include any other "dev/**" files. | |
| run: > | |
| echo '{ "extra_on_push_files": ${{ steps.filter_some.outputs.extra_on_push_files }} }' | jq -r '.'; | |
| echo '{ "extra_on_pull_request_files": ${{ steps.filter_some.outputs.extra_on_pull_request_files }} }' | jq -r '.'; | |
| echo '{ "stackhpc_some_files": ${{ steps.filter_some.outputs.stackhpc_files }} }' | jq -r '.'; | |
| echo '{ "stackhpc_every_files": ${{ steps.filter_every.outputs.stackhpc_files }} }' | jq -r '.'; | |
| echo '{ "trivvyscan_files": ${{ steps.filter_some.outputs.trivvyscan_files }} }' | jq -r '.' | |
| extra: | |
| name: Test extra build | |
| needs: files_changed | |
| if: | | |
| github.event_name != 'pull_request' && needs.files_changed.outputs.extra_on_push == 'true' || | |
| github.event_name == 'pull_request' && needs.files_changed.outputs.extra_on_pull_request == 'true' | |
| #uses: ./.github/workflows/extra.yml | |
| #secrets: inherit | |
| # TEST - remove from here and uncomment the above two lines | |
| steps: | |
| - name: Test extra build... | |
| uses: jakejarvis/wait-action@master | |
| with: | |
| time: '120s' | |
| runs-on: ubuntu-latest | |
| stackhpc: | |
| name: Test deployment and reimage on OpenStack | |
| needs: files_changed | |
| if: | | |
| needs.files_changed.outputs.stackhpc == 'true' | |
| #uses: ./.github/workflows/stackhpc.yml | |
| #secrets: inherit | |
| # TEST - remove from here and uncomment the above two lines | |
| steps: | |
| - name: Test deployment and reimage on OpenStack... | |
| uses: jakejarvis/wait-action@master | |
| with: | |
| time: '120s' | |
| runs-on: ubuntu-latest | |
| trivvyscan: | |
| name: Trivy scan image for vulnerabilities | |
| needs: files_changed | |
| if: | | |
| github.event_name == 'pull_request' && | |
| needs.files_changed.outputs.trivvyscan == 'true' | |
| #uses: ./.github/workflows/trivvyscan.yml | |
| #secrets: inherit | |
| # TEST - remove from here and uncomment the above two lines | |
| steps: | |
| - name: Trivy scan image for vulnerabilities... | |
| uses: jakejarvis/wait-action@master | |
| with: | |
| time: '120s' | |
| runs-on: ubuntu-latest |