mirror of https://github.com/pulumi/pulumi.git
126 lines
3.7 KiB
YAML
126 lines
3.7 KiB
YAML
name: Pull Request
|
|
|
|
permissions:
|
|
# To create a draft release.
|
|
contents: write
|
|
# To comment on PRs.
|
|
pull-requests: write
|
|
# To sign artifacts.
|
|
id-token: write
|
|
|
|
on:
|
|
pull_request:
|
|
paths-ignore:
|
|
- "sdk/.version"
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.head_ref }}
|
|
cancel-in-progress: true
|
|
|
|
# The jobs in this workflow are only run on branches. The `on-community-pr.yml` job provides
|
|
# commands for running workflows from forks.
|
|
|
|
jobs:
|
|
info:
|
|
name: info
|
|
uses: ./.github/workflows/ci-info.yml
|
|
permissions:
|
|
contents: read
|
|
with:
|
|
ref: ${{ github.head_ref }}
|
|
is-snapshot: true
|
|
secrets: inherit
|
|
|
|
# Determines which files have changed so we can avoid running expensive tests
|
|
# if they're not necessary.
|
|
inspect:
|
|
name: Inspect changed files
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: dorny/paths-filter@v3
|
|
id: changes
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
filters: |
|
|
# If files matching any of these patterns change,
|
|
# we will run codegen tests for pull requests.
|
|
test-codegen:
|
|
- 'pkg/codegen/docs/**'
|
|
- 'pkg/codegen/dotnet/**'
|
|
- 'pkg/codegen/go/**'
|
|
- 'pkg/codegen/nodejs/**'
|
|
- 'pkg/codegen/python/**'
|
|
outputs:
|
|
# Add an entry here for every named pattern
|
|
# defined in filters.
|
|
test-codegen: ${{ steps.changes.outputs.test-codegen }}
|
|
|
|
ci:
|
|
name: CI
|
|
needs: [info, inspect]
|
|
uses: ./.github/workflows/ci.yml
|
|
permissions:
|
|
contents: read
|
|
# To sign artifacts.
|
|
id-token: write
|
|
with:
|
|
ref: ${{ github.head_ref }}
|
|
version: ${{ needs.info.outputs.version }}
|
|
lint: true
|
|
# codegen tests are not the fastest, but we want to run them
|
|
# on PR to get correct coverage numbers.
|
|
test-codegen: true
|
|
test-version-sets: >- # No newlines or trailing newline.
|
|
${{
|
|
contains(github.event.pull_request.labels.*.name, 'ci/test')
|
|
&& 'minimum current'
|
|
|| 'current'
|
|
}}
|
|
integration-test-platforms: ubuntu-latest
|
|
acceptance-test-platforms: >- # No newlines or trailing newline.
|
|
${{
|
|
contains(github.event.pull_request.labels.*.name, 'ci/test')
|
|
&& 'macos-latest windows-latest'
|
|
|| 'windows-latest'
|
|
}}
|
|
enable-coverage: true
|
|
secrets: inherit
|
|
|
|
performance-gate:
|
|
name: Performance Gate
|
|
needs: [info, inspect]
|
|
uses: ./.github/workflows/ci-performance-gate.yml
|
|
|
|
prepare-release:
|
|
name: prepare
|
|
if: >- # No newlines or trailing newline.
|
|
${{ contains(github.event.pull_request.labels.*.name, 'ci/test') }}
|
|
needs: [info, ci]
|
|
uses: ./.github/workflows/ci-prepare-release.yml
|
|
permissions:
|
|
contents: read
|
|
with:
|
|
ref: ${{ github.ref }}
|
|
version: ${{ needs.info.outputs.version }}
|
|
test-version-sets: 'minimum current'
|
|
performance-test-platforms: ubuntu-latest
|
|
secrets: inherit
|
|
|
|
ci-ok:
|
|
name: ci-ok
|
|
needs: [ci, performance-gate]
|
|
if: always()
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
# If the PR is a community PR, we don't run the usual checks, but instead
|
|
# require maintainers to run them manually by commenting with
|
|
# /run-acceptance-tests. Since the checks then run outside of the PR,
|
|
# ci-ok is not a useful status in these cases. We thus want to skip this
|
|
# job for community PRs. We detect community contributions by checking if
|
|
# the head repository is different to the base repository.
|
|
- name: CI failed
|
|
if: ${{ github.event.pull_request.head.repo.full_name == github.repository && needs.ci.result != 'success' }}
|
|
run: exit 1
|
|
- name: CI succeeded
|
|
run: exit 0
|