From cd32718d2073328543b45b3203fa201ab88aaf06 Mon Sep 17 00:00:00 2001 From: Max Norton Date: Thu, 18 Sep 2025 13:09:24 +0100 Subject: [PATCH 1/4] Change main CI workflow, use workflow_run to trigger "stackhpc", "extra", and "trivyscan" workflows. Expecting this to allow quicker re-runs of failed workflows where we currently have to wait until the CI has finished before we can re-run a failure. --- .github/workflows/extra.yml | 5 ++++- .github/workflows/main.yml | 18 ++++++++++++------ .github/workflows/stackhpc.yml | 5 ++++- .github/workflows/trivyscan.yml | 5 ++++- 4 files changed, 24 insertions(+), 9 deletions(-) diff --git a/.github/workflows/extra.yml b/.github/workflows/extra.yml index 1941064a2..aa033c07f 100644 --- a/.github/workflows/extra.yml +++ b/.github/workflows/extra.yml @@ -6,8 +6,11 @@ name: Test extra build on: - workflow_call: workflow_dispatch: + workflow_run: + workflows: ["extra"] + types: + - completed permissions: contents: read diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 5e2ccc71a..8a00ca56e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -127,8 +127,10 @@ jobs: needs: files_changed if: | needs.files_changed.outputs.stackhpc == 'true' - uses: ./.github/workflows/stackhpc.yml - secrets: inherit + runs-on: ubuntu-latest + steps: + # No-op job to trigger workflow 'stackhpc.yml' via workflow_run + - uses: mattdesl/no-op@32ec85ff176f761f607087006bda993440da5fe4 extra: name: Test extra build @@ -136,8 +138,10 @@ jobs: if: | github.event_name != 'pull_request' && needs.files_changed.outputs.extra_on_push == 'true' || github.event_name == 'pull_request' && needs.files_changed.outputs.extra_on_pull_request == 'true' - uses: ./.github/workflows/extra.yml - secrets: inherit + runs-on: ubuntu-latest + steps: + # No-op job to trigger workflow 'extra.yml' via workflow_run + - uses: mattdesl/no-op@32ec85ff176f761f607087006bda993440da5fe4 trivyscan: name: Trivy scan image for vulnerabilities @@ -145,5 +149,7 @@ jobs: if: | github.event_name == 'pull_request' && needs.files_changed.outputs.trivyscan == 'true' - uses: ./.github/workflows/trivyscan.yml - secrets: inherit + runs-on: ubuntu-latest + steps: + # No-op job to trigger workflow 'trivyscan.yml' via workflow_run + - uses: mattdesl/no-op@32ec85ff176f761f607087006bda993440da5fe4 diff --git a/.github/workflows/stackhpc.yml b/.github/workflows/stackhpc.yml index cb4e865b2..43a1c53ca 100644 --- a/.github/workflows/stackhpc.yml +++ b/.github/workflows/stackhpc.yml @@ -6,8 +6,11 @@ name: Test deployment and reimage on OpenStack on: - workflow_call: workflow_dispatch: + workflow_run: + workflows: ["stackhpc"] + types: + - completed permissions: contents: read diff --git a/.github/workflows/trivyscan.yml b/.github/workflows/trivyscan.yml index 8cfc8e44a..417a34498 100644 --- a/.github/workflows/trivyscan.yml +++ b/.github/workflows/trivyscan.yml @@ -6,8 +6,11 @@ name: Trivy scan image for vulnerabilities on: - workflow_call: workflow_dispatch: + workflow_run: + workflows: ["trivyscan"] + types: + - completed permissions: contents: read From 9169a5bbb4fd96549c458081c59722e20c7f499f Mon Sep 17 00:00:00 2001 From: Max Norton Date: Thu, 18 Sep 2025 13:23:55 +0100 Subject: [PATCH 2/4] Trigger trivyscan test --- .../.stackhpc/tofu/cluster_image.auto.tfvars.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/environments/.stackhpc/tofu/cluster_image.auto.tfvars.json b/environments/.stackhpc/tofu/cluster_image.auto.tfvars.json index 2000b5e6d..4e38a15fe 100644 --- a/environments/.stackhpc/tofu/cluster_image.auto.tfvars.json +++ b/environments/.stackhpc/tofu/cluster_image.auto.tfvars.json @@ -1,6 +1,6 @@ { - "cluster_image": { - "RL8": "openhpc-RL8-250918-0840-930223fb", - "RL9": "openhpc-RL9-250918-0840-930223fb" - } + "cluster_image": { + "RL8": "openhpc-RL8-250918-0840-930223fb", + "RL9": "openhpc-RL9-250918-0840-930223fb" + } } From eb9a80444ef7fa0a58533029ea3cd786469c2f2a Mon Sep 17 00:00:00 2001 From: Max Norton Date: Thu, 18 Sep 2025 13:37:42 +0100 Subject: [PATCH 3/4] Fix JSON prettifier linting --- .../.stackhpc/tofu/cluster_image.auto.tfvars.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/environments/.stackhpc/tofu/cluster_image.auto.tfvars.json b/environments/.stackhpc/tofu/cluster_image.auto.tfvars.json index 4e38a15fe..2000b5e6d 100644 --- a/environments/.stackhpc/tofu/cluster_image.auto.tfvars.json +++ b/environments/.stackhpc/tofu/cluster_image.auto.tfvars.json @@ -1,6 +1,6 @@ { - "cluster_image": { - "RL8": "openhpc-RL8-250918-0840-930223fb", - "RL9": "openhpc-RL9-250918-0840-930223fb" - } + "cluster_image": { + "RL8": "openhpc-RL8-250918-0840-930223fb", + "RL9": "openhpc-RL9-250918-0840-930223fb" + } } From e2dfc7e24390bde1a6e2bf96268e3320c56d7e70 Mon Sep 17 00:00:00 2001 From: Max Norton Date: Thu, 18 Sep 2025 13:53:07 +0100 Subject: [PATCH 4/4] Incorporate intermediate "trigger named" workflows as workflow_run can only trigger on the workflow name --- .github/workflows/extra-trigger.yml | 20 ++++++++++++++++++ .github/workflows/extra.yml | 15 +++++++++++--- .github/workflows/main.yml | 27 ++++++++++++++++--------- .github/workflows/stackhpc-trigger.yml | 20 ++++++++++++++++++ .github/workflows/stackhpc.yml | 15 +++++++++++--- .github/workflows/test.yml | 26 ++++++++++++++++++++++++ .github/workflows/trivyscan-trigger.yml | 20 ++++++++++++++++++ .github/workflows/trivyscan.yml | 15 +++++++++++--- 8 files changed, 140 insertions(+), 18 deletions(-) create mode 100644 .github/workflows/extra-trigger.yml create mode 100644 .github/workflows/stackhpc-trigger.yml create mode 100644 .github/workflows/test.yml create mode 100644 .github/workflows/trivyscan-trigger.yml diff --git a/.github/workflows/extra-trigger.yml b/.github/workflows/extra-trigger.yml new file mode 100644 index 000000000..a57a2ed1e --- /dev/null +++ b/.github/workflows/extra-trigger.yml @@ -0,0 +1,20 @@ +--- +name: Trigger - Test extra build + +on: + workflow_call: + +permissions: + contents: read + packages: read + # To report GitHub Actions status checks + statuses: write + +jobs: + extra: + runs-on: ubuntu-latest + steps: + # No-op job to trigger workflow 'extra.yml' via workflow_run + - uses: jakejarvis/wait-action@master + with: + time: '1s' diff --git a/.github/workflows/extra.yml b/.github/workflows/extra.yml index aa033c07f..5317c0d25 100644 --- a/.github/workflows/extra.yml +++ b/.github/workflows/extra.yml @@ -7,10 +7,13 @@ name: Test extra build on: workflow_dispatch: + #workflow_run: + # workflows: ["Trigger - Test extra build"] + # types: [completed,requested] workflow_run: - workflows: ["extra"] - types: - - completed + workflows: ["Test on push and pull request"] + #types: [completed,requested] + types: [completed] permissions: contents: read @@ -19,6 +22,12 @@ permissions: statuses: write jobs: + test: + runs-on: ubuntu-latest + steps: + - run: echo "event name is:" ${{ github.event_name }} + - run: echo "event type is:" ${{ github.event.action }} + doca: name: extra-build runs-on: ubuntu-22.04 diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 8a00ca56e..5bc1dba8c 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -127,10 +127,13 @@ jobs: needs: files_changed if: | needs.files_changed.outputs.stackhpc == 'true' - runs-on: ubuntu-latest + #uses: ./.github/workflows/stackhpc-trigger.yml + # TEST - remove from here and uncomment the above steps: - # No-op job to trigger workflow 'stackhpc.yml' via workflow_run - - uses: mattdesl/no-op@32ec85ff176f761f607087006bda993440da5fe4 + - uses: jakejarvis/wait-action@master + with: + time: '1s' + runs-on: ubuntu-latest extra: name: Test extra build @@ -138,10 +141,13 @@ jobs: if: | github.event_name != 'pull_request' && needs.files_changed.outputs.extra_on_push == 'true' || github.event_name == 'pull_request' && needs.files_changed.outputs.extra_on_pull_request == 'true' - runs-on: ubuntu-latest + #uses: ./.github/workflows/extra-trigger.yml + # TEST - remove from here and uncomment the above steps: - # No-op job to trigger workflow 'extra.yml' via workflow_run - - uses: mattdesl/no-op@32ec85ff176f761f607087006bda993440da5fe4 + - uses: jakejarvis/wait-action@master + with: + time: '1s' + runs-on: ubuntu-latest trivyscan: name: Trivy scan image for vulnerabilities @@ -149,7 +155,10 @@ jobs: if: | github.event_name == 'pull_request' && needs.files_changed.outputs.trivyscan == 'true' - runs-on: ubuntu-latest + #uses: ./.github/workflows/trivyscan-trigger.yml + # TEST - remove from here and uncomment the above steps: - # No-op job to trigger workflow 'trivyscan.yml' via workflow_run - - uses: mattdesl/no-op@32ec85ff176f761f607087006bda993440da5fe4 + - uses: jakejarvis/wait-action@master + with: + time: '1s' + runs-on: ubuntu-latest diff --git a/.github/workflows/stackhpc-trigger.yml b/.github/workflows/stackhpc-trigger.yml new file mode 100644 index 000000000..5eb2c0bb1 --- /dev/null +++ b/.github/workflows/stackhpc-trigger.yml @@ -0,0 +1,20 @@ +--- +name: Trigger - Test deployment and reimage on OpenStack + +on: + workflow_call: + +permissions: + contents: read + packages: read + # To report GitHub Actions status checks + statuses: write + +jobs: + stackhpc: + runs-on: ubuntu-latest + steps: + # No-op job to trigger workflow 'stackhpc.yml' via workflow_run + - uses: jakejarvis/wait-action@master + with: + time: '1s' diff --git a/.github/workflows/stackhpc.yml b/.github/workflows/stackhpc.yml index 43a1c53ca..cb4e2fc68 100644 --- a/.github/workflows/stackhpc.yml +++ b/.github/workflows/stackhpc.yml @@ -7,10 +7,13 @@ name: Test deployment and reimage on OpenStack on: workflow_dispatch: + #workflow_run: + # workflows: ["Trigger - Test deployment and reimage on OpenStack"] + # types: [completed,requested] workflow_run: - workflows: ["stackhpc"] - types: - - completed + workflows: ["Test on push and pull request"] + #types: [completed,requested] + types: [completed] permissions: contents: read @@ -19,6 +22,12 @@ permissions: statuses: write jobs: + test: + runs-on: ubuntu-latest + steps: + - run: echo "event name is:" ${{ github.event_name }} + - run: echo "event type is:" ${{ github.event.action }} + openstack: name: openstack-ci runs-on: ubuntu-22.04 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 000000000..620fb7a97 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,26 @@ +--- +name: Test + +# This is a test workflow to see if we can introduce a new workflow (outside of the default branch) +# and have it trigger from the main CI. +# If it triggers, what will github.event_name be set to? +# Ideally we want to know whether we've triggered downstream from a push or a pull request. + +on: + workflow_call: + workflow_run: + workflows: ["Test on push and pull request"] + types: [completed,requested] + +permissions: + contents: read + packages: read + # To report GitHub Actions status checks + statuses: write + +jobs: + test: + runs-on: ubuntu-latest + steps: + - run: echo "event name is:" ${{ github.event_name }} + - run: echo "event type is:" ${{ github.event.action }} diff --git a/.github/workflows/trivyscan-trigger.yml b/.github/workflows/trivyscan-trigger.yml new file mode 100644 index 000000000..cdb57b31f --- /dev/null +++ b/.github/workflows/trivyscan-trigger.yml @@ -0,0 +1,20 @@ +--- +name: Trigger - Trivy scan image for vulnerabilities + +on: + workflow_call: + +permissions: + contents: read + packages: read + # To report GitHub Actions status checks + statuses: write + +jobs: + trivyscan: + runs-on: ubuntu-latest + steps: + # No-op job to trigger workflow 'trivyscan.yml' via workflow_run + - uses: jakejarvis/wait-action@master + with: + time: '1s' diff --git a/.github/workflows/trivyscan.yml b/.github/workflows/trivyscan.yml index 417a34498..50a94ea29 100644 --- a/.github/workflows/trivyscan.yml +++ b/.github/workflows/trivyscan.yml @@ -7,10 +7,13 @@ name: Trivy scan image for vulnerabilities on: workflow_dispatch: + #workflow_run: + # workflows: ["Trigger - Trivy scan image for vulnerabilities"] + # types: [completed,requested] workflow_run: - workflows: ["trivyscan"] - types: - - completed + workflows: ["Test on push and pull request"] + #types: [completed,requested] + types: [completed] permissions: contents: read @@ -19,6 +22,12 @@ permissions: statuses: write jobs: + test: + runs-on: ubuntu-latest + steps: + - run: echo "event name is:" ${{ github.event_name }} + - run: echo "event type is:" ${{ github.event.action }} + scan: runs-on: ubuntu-latest strategy: