pulumi/.github/workflows/on-pr.yml

129 lines
4.1 KiB
YAML

name: Pull Request
permissions:
# To create a draft release.
contents: write
# To comment on PRs.
pull-requests: write
# To sign artifacts.
id-token: write
on:
pull_request:
paths-ignore:
- "sdk/.version"
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# The jobs in this workflow are only run on branches. The `on-community-pr.yml` job provides
# commands for running workflows from forks.
jobs:
info:
name: info
if: ${{ github.event.pull_request.head.repo.full_name == github.repository }}
uses: ./.github/workflows/ci-info.yml
permissions:
contents: read
with:
ref: ${{ github.ref }}
is-snapshot: true
secrets: inherit
# Determines which files have changed so we can avoid running expensive tests
# if they're not necessary.
inspect:
name: Inspect changed files
if: ${{ github.event.pull_request.head.repo.full_name == github.repository }}
runs-on: ubuntu-latest
steps:
- uses: dorny/paths-filter@v3
id: changes
with:
token: ${{ secrets.GITHUB_TOKEN }}
filters: |
# If files matching any of these patterns change,
# we will run codegen tests for pull requests.
test-codegen:
- 'pkg/codegen/docs/**'
- 'pkg/codegen/dotnet/**'
- 'pkg/codegen/go/**'
- 'pkg/codegen/nodejs/**'
- 'pkg/codegen/python/**'
outputs:
# Add an entry here for every named pattern
# defined in filters.
test-codegen: ${{ steps.changes.outputs.test-codegen }}
ci:
name: CI
if: ${{ github.event.pull_request.head.repo.full_name == github.repository }}
needs: [info, inspect]
uses: ./.github/workflows/ci.yml
permissions:
contents: read
# To sign artifacts.
id-token: write
with:
ref: ${{ github.ref }}
version: ${{ needs.info.outputs.version }}
lint: true
# codegen tests take quite a while to run.
# Run them only if ci/test is set,
# or if one of the codegen files changed.
test-codegen: >- # No newlines or trailing newline.
${{
contains(github.event.pull_request.labels.*.name, 'ci/test') ||
(needs.inspect.outputs.test-codegen == 'true')
}}
test-version-sets: >- # No newlines or trailing newline.
${{
contains(github.event.pull_request.labels.*.name, 'ci/test')
&& 'minimum current'
|| 'current'
}}
integration-test-platforms: ubuntu-latest
acceptance-test-platforms: >- # No newlines or trailing newline.
${{
contains(github.event.pull_request.labels.*.name, 'ci/test')
&& 'macos-latest windows-latest'
|| 'windows-latest'
}}
# We'll only upload coverage artifacts with the periodic-coverage cron workflow.
enable-coverage: false
secrets: inherit
performance-gate:
name: Performance Gate
if: ${{ github.event.pull_request.head.repo.full_name == github.repository }}
needs: [info, inspect]
uses: ./.github/workflows/ci-performance-gate.yml
permissions:
contents: read
with:
ref: ${{ github.ref }}
version: ${{ needs.info.outputs.version }}
test-version-sets: 'minimum current'
performance-test-platforms: ubuntu-latest
secrets: inherit
ci-ok:
name: ci-ok
needs: [ci, performance-gate]
if: always()
runs-on: ubuntu-latest
steps:
# If the PR is a community PR, we don't run the usual checks, but instead
# require maintainers to run them manually by commenting with
# /run-acceptance-tests. Since the checks then run outside of the PR,
# ci-ok is not a useful status in these cases. We thus want to skip this
# job for community PRs. We detect community contributions by checking if
# the head repository is different to the base repository.
- name: CI failed
if: ${{ github.event.pull_request.head.repo.full_name == github.repository && needs.ci.result != 'success' }}
run: exit 1
- name: CI succeeded
run: exit 0