pulumi/.github/workflows/on-pr.yml

161 lines
4.8 KiB
YAML

name: Pull Request
permissions:
# To create a draft release.
contents: write
# To comment on PRs.
pull-requests: write
# To sign artifacts.
id-token: write
on:
pull_request:
paths-ignore:
- "sdk/.version"
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# The jobs in this workflow are only run on branches. The `on-community-pr.yml` job provides
# commands for running workflows from forks.
jobs:
changelog-comment:
name: changelog preview
if: ${{ github.event.pull_request.head.repo.full_name == github.repository }}
permissions:
contents: read
pull-requests: write
uses: ./.github/workflows/on-pr-changelog.yml
with:
ref: ${{ github.ref }}
base-ref: origin/${{ github.base_ref }}
pr-number: ${{ github.event.pull_request.number }}
changelog-required: ${{ !contains(github.event.pull_request.labels.*.name, 'impact/no-changelog-required') }}
secrets: inherit
info:
name: info
if: ${{ github.event.pull_request.head.repo.full_name == github.repository }}
uses: ./.github/workflows/ci-info.yml
permissions:
contents: read
with:
ref: ${{ github.ref }}
is-snapshot: true
secrets: inherit
# Determines which files have changed so we can avoid running expensive tests
# if they're not necessary.
inspect:
name: Inspect changed files
runs-on: ubuntu-latest
steps:
- uses: dorny/paths-filter@v3
id: changes
with:
token: ${{ secrets.PULUMI_BOT_TOKEN }}
filters: |
# If files matching any of these patterns change,
# we will run codegen tests for pull requests.
test-codegen:
- 'pkg/codegen/docs/**'
- 'pkg/codegen/dotnet/**'
- 'pkg/codegen/go/**'
- 'pkg/codegen/nodejs/**'
- 'pkg/codegen/python/**'
outputs:
# Add an entry here for every named pattern
# defined in filters.
test-codegen: ${{ steps.changes.outputs.test-codegen }}
ci:
name: CI
if: ${{ github.event.pull_request.head.repo.full_name == github.repository }}
needs: [info, inspect]
uses: ./.github/workflows/ci.yml
permissions:
contents: read
# To sign artifacts.
id-token: write
with:
ref: ${{ github.ref }}
version: ${{ needs.info.outputs.version }}
lint: true
build-all-targets: ${{ contains(github.event.pull_request.labels.*.name, 'ci/test') }}
# codegen tests take quite a while to run.
# Run them only if ci/test is set,
# or if one of the codegen files changed.
test-codegen: >- # No newlines or trailing newline.
${{
contains(github.event.pull_request.labels.*.name, 'ci/test') ||
(needs.inspect.outputs.test-codegen == 'true')
}}
test-version-sets: >- # No newlines or trailing newline.
${{
contains(github.event.pull_request.labels.*.name, 'ci/test')
&& 'minimum current'
|| 'current'
}}
integration-test-platforms: ubuntu-latest
acceptance-test-platforms: >- # No newlines or trailing newline.
${{
contains(github.event.pull_request.labels.*.name, 'ci/test')
&& 'macos-latest windows-latest'
|| ''
}}
# We'll only upload coverage artifacts with the periodic-coverage cron workflow.
enable-coverage: false
secrets: inherit
prepare-release:
name: prepare
if: >- # No newlines or trailing newline.
${{
github.event.pull_request.head.repo.full_name == github.repository
&& contains(github.event.pull_request.labels.*.name, 'ci/test')
}}
needs: [info, ci]
uses: ./.github/workflows/ci-prepare-release.yml
permissions:
contents: write
# To sign artifacts.
id-token: write
with:
ref: ${{ github.ref }}
version: ${{ needs.info.outputs.version }}
release-notes: ${{ needs.info.outputs.release-notes }}
project: ${{ github.repository }}
draft: true
prerelease: true
secrets: inherit
ci-ok:
name: ci-ok
needs: [ci]
if: always()
runs-on: ubuntu-latest
steps:
- name: CI failed
if: ${{ needs.ci.result != 'success' }}
run: exit 1
- name: CI succeeded
run: exit 0
# release:
# name: release
# if: ${{ contains(github.event.pull_request.labels.*.name, 'ci/test') }}
# needs: [info, matrix, prepare-release]
# uses: ./.github/workflows/release.yml
# permissions:
# contents: write
# pull-requests: write
# with:
# ref: ${{ github.ref }}
# version: ${{ needs.info.outputs.version }}
# release-notes: ${{ needs.info.outputs.release-notes }}
# version-set: ${{ needs.matrix.outputs.version-set }}
# queue-merge: false
# secrets: inherit