Enable linting #28

Workflow file for this run

	---
	name: Test on push and pull request

	permissions:
	actions: write
	contents: read
	packages: write
	# To report GitHub Actions status checks
	statuses: write
	id-token: write

	on:
	push:
	branches:
	- main
	pull_request:

	concurrency:
	group: ${{ github.workflow }}-${{ github.head_ref }}
	cancel-in-progress: true

	jobs:
	lint:
	name: Lint
	uses: ./.github/workflows/lint.yml

	files_changed:
	name: Determine files changed
	needs: lint
	runs-on: ubuntu-latest
	# Map a step output to a job output, this allows other jobs to be gated on the filter results
	outputs:
	extra_on_push: ${{ steps.filter_on_some.outputs.extra_on_push }}
	extra_on_pull_request: ${{ steps.filter_on_some.outputs.extra_on_pull_request }}
	# The 'stackhpc' output will be 'true' if either of the two stackhpc filters below matched
	stackhpc: ${{ toJson(fromJson(steps.filter_on_every.outputs.stackhpc) \|\| fromJson(steps.filter_on_some.outputs.stackhpc)) }}
	trivvyscan: ${{ steps.filter_on_some.outputs.trivvyscan }}
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	# NOTE: We're detecting the changed files within a job so that we can gate execution of other jobs.
	# We use dorny/paths-filter which doesn't work like the conventional 'paths' and 'paths_exclude',
	# we can't do the following:
	# paths:
	# - '**'
	# - '!dev/**'
	# - 'dev/setup-env.sh'
	#
	# Which would include all files whilst removing all "dev/" files except "dev/setup-env.sh".
	# We have to use two filters:
	# * first filter includes all changed files and removes "dev/" files
	# * second filter explicitly adds 'dev/setup-env.sh'
	# We use the logical OR of the filters outputs to gate jobs.

	- name: Paths matching on every filter rule
	# For safety use the commit of dorny/paths-filter@v3
	uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36
	id: filter_on_every
	with:
	# Filter changed files, 'every' means the file is matched only if it matches all filter rules.
	# NOTE: currently seeing: Warning: Unexpected input(s) 'predicate-quantifier', valid inputs are..
	# this can be ignored, filtering works as expected.
	predicate-quantifier: 'every'
	list-files: 'json'
	filters: \|
	stackhpc:
	- '**'
	- '!dev/**'
	- '!*/.md'
	- '!.gitignore'
	- '!.github/workflows/**'

	- name: Paths matching on any filter rule
	# For safety use the commit of dorny/paths-filter@v3
	uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36
	id: filter_on_some
	with:
	# Filter changed files, 'some' means the file is matched if any one of the filter rules match.
	# NOTE: currently seeing: Warning: Unexpected input(s) 'predicate-quantifier', valid inputs are..
	# this can be ignored, filtering works as expected.
	predicate-quantifier: 'some'
	list-files: 'json'
	filters: \|
	extra_on_push:
	- 'environments/.stackhpc/tofu/cluster_image.auto.tfvars.json'
	- 'ansible/roles/doca/**'
	- 'ansible/roles/cuda/**'
	- 'ansible/roles/slurm_recompile/**' # runs on cuda group
	- 'ansible/roles/lustre/**'
	- '.github/workflows/extra.yml'
	extra_on_pull_request:
	- 'environments/.stackhpc/tofu/cluster_image.auto.tfvars.json'
	- 'ansible/roles/doca/**'
	- 'ansible/roles/cuda/**'
	- 'ansible/roles/lustre/**'
	- '.github/workflows/extra.yml'
	stackhpc:
	- 'dev/setup-env.sh'
	- '.github/workflows/stackhpc.yml'
	trivvyscan:
	- 'environments/.stackhpc/tofu/cluster_image.auto.tfvars.json'

	- name: Paths matched output
	# NOTE: This is a debug step, it shows what files were matched by the filters.
	# It's useful because dorny/paths-filter doesn't work like the conventional 'paths' and 'paths_exclude'
	run: >
	echo '{ "extra_on_push_files": ${{ steps.filter_on_some.outputs.extra_on_push_files }} }' \| jq -r '.';
	echo '{ "extra_on_pull_request_files": ${{ steps.filter_on_some.outputs.extra_on_pull_request_files }} }' \| jq -r '.';
	echo '{ "stackhpc_every_files": ${{ steps.filter_on_every.outputs.stackhpc_files }} }' \| jq -r '.';
	echo '{ "stackhpc_some_files": ${{ steps.filter_on_some.outputs.stackhpc_files }} }' \| jq -r '.';
	echo '{ "trivvyscan_files": ${{ steps.filter_on_some.outputs.trivvyscan_files }} }' \| jq -r '.'

	extra:
	name: Test extra build
	needs: files_changed
	if: \|
	github.event_name != 'pull_request' && needs.files_changed.outputs.extra_on_push == 'true' \|\|
	github.event_name == 'pull_request' && needs.files_changed.outputs.extra_on_pull_request == 'true'
	#uses: ./.github/workflows/extra.yml
	#secrets: inherit
	# TEST - remove from here and uncomment the above two lines
	steps:
	- name: Test extra build...
	uses: jakejarvis/wait-action@master
	with:
	time: '120s'
	runs-on: ubuntu-latest

	stackhpc:
	name: Test deployment and reimage on OpenStack
	needs: files_changed
	if: \|
	needs.files_changed.outputs.stackhpc == 'true'
	#uses: ./.github/workflows/stackhpc.yml
	#secrets: inherit
	# TEST - remove from here and uncomment the above two lines
	steps:
	- name: Test deployment and reimage on OpenStack...
	uses: jakejarvis/wait-action@master
	with:
	time: '120s'
	runs-on: ubuntu-latest

	trivvyscan:
	name: Trivy scan image for vulnerabilities
	needs: files_changed
	if: \|
	github.event_name == 'pull_request' &&
	needs.files_changed.outputs.trivvyscan == 'true'
	#uses: ./.github/workflows/trivvyscan.yml
	#secrets: inherit
	# TEST - remove from here and uncomment the above two lines
	steps:
	- name: Trivy scan image for vulnerabilities...
	uses: jakejarvis/wait-action@master
	with:
	time: '120s'
	runs-on: ubuntu-latest

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Enable linting #28

Workflow file

Enable linting #28

Uh oh!

Jobs

Run details

Workflow file for this run