mirror of https://github.com/pulumi/pulumi.git
152 lines
4.9 KiB
YAML
152 lines
4.9 KiB
YAML
name: Pull Request
|
|
|
|
permissions:
|
|
# To create a draft release.
|
|
contents: write
|
|
# To comment on PRs.
|
|
pull-requests: write
|
|
# To sign artifacts.
|
|
id-token: write
|
|
|
|
on:
|
|
pull_request:
|
|
paths-ignore:
|
|
- "sdk/.version"
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
# The jobs in this workflow are only run on branches. The `on-community-pr.yml` job provides
|
|
# commands for running workflows from forks.
|
|
|
|
jobs:
|
|
changelog-comment:
|
|
name: changelog preview
|
|
if: ${{ github.event.pull_request.head.repo.full_name == github.repository }}
|
|
permissions:
|
|
contents: read
|
|
pull-requests: write
|
|
uses: ./.github/workflows/on-pr-changelog.yml
|
|
with:
|
|
ref: ${{ github.ref }}
|
|
base-ref: origin/${{ github.base_ref }}
|
|
pr-number: ${{ github.event.pull_request.number }}
|
|
changelog-required: ${{ !contains(github.event.pull_request.labels.*.name, 'impact/no-changelog-required') }}
|
|
secrets: inherit
|
|
|
|
info:
|
|
name: info
|
|
if: ${{ github.event.pull_request.head.repo.full_name == github.repository }}
|
|
uses: ./.github/workflows/ci-info.yml
|
|
permissions:
|
|
contents: read
|
|
with:
|
|
ref: ${{ github.ref }}
|
|
is-snapshot: true
|
|
secrets: inherit
|
|
|
|
# Determines which files have changed so we can avoid running expensive tests
|
|
# if they're not necessary.
|
|
inspect:
|
|
name: Inspect changed files
|
|
if: ${{ github.event.pull_request.head.repo.full_name == github.repository }}
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: dorny/paths-filter@v3
|
|
id: changes
|
|
with:
|
|
token: ${{ secrets.PULUMI_BOT_TOKEN }}
|
|
filters: |
|
|
# If files matching any of these patterns change,
|
|
# we will run codegen tests for pull requests.
|
|
test-codegen:
|
|
- 'pkg/codegen/docs/**'
|
|
- 'pkg/codegen/dotnet/**'
|
|
- 'pkg/codegen/go/**'
|
|
- 'pkg/codegen/nodejs/**'
|
|
- 'pkg/codegen/python/**'
|
|
outputs:
|
|
# Add an entry here for every named pattern
|
|
# defined in filters.
|
|
test-codegen: ${{ steps.changes.outputs.test-codegen }}
|
|
|
|
ci:
|
|
name: CI
|
|
if: ${{ github.event.pull_request.head.repo.full_name == github.repository }}
|
|
needs: [info, inspect]
|
|
uses: ./.github/workflows/ci.yml
|
|
permissions:
|
|
contents: read
|
|
# To sign artifacts.
|
|
id-token: write
|
|
with:
|
|
ref: ${{ github.ref }}
|
|
version: ${{ needs.info.outputs.version }}
|
|
lint: true
|
|
build-all-targets: ${{ contains(github.event.pull_request.labels.*.name, 'ci/test') }}
|
|
# codegen tests take quite a while to run.
|
|
# Run them only if ci/test is set,
|
|
# or if one of the codegen files changed.
|
|
test-codegen: >- # No newlines or trailing newline.
|
|
${{
|
|
contains(github.event.pull_request.labels.*.name, 'ci/test') ||
|
|
(needs.inspect.outputs.test-codegen == 'true')
|
|
}}
|
|
test-version-sets: >- # No newlines or trailing newline.
|
|
${{
|
|
contains(github.event.pull_request.labels.*.name, 'ci/test')
|
|
&& 'minimum current'
|
|
|| 'current'
|
|
}}
|
|
integration-test-platforms: ubuntu-latest
|
|
acceptance-test-platforms: >- # No newlines or trailing newline.
|
|
${{
|
|
contains(github.event.pull_request.labels.*.name, 'ci/test')
|
|
&& 'macos-latest windows-latest'
|
|
|| ''
|
|
}}
|
|
# We'll only upload coverage artifacts with the periodic-coverage cron workflow.
|
|
enable-coverage: false
|
|
secrets: inherit
|
|
|
|
prepare-release:
|
|
name: prepare
|
|
if: >- # No newlines or trailing newline.
|
|
${{
|
|
github.event.pull_request.head.repo.full_name == github.repository
|
|
&& contains(github.event.pull_request.labels.*.name, 'ci/test')
|
|
}}
|
|
needs: [info, ci]
|
|
uses: ./.github/workflows/ci-prepare-release.yml
|
|
permissions:
|
|
contents: write
|
|
# To sign artifacts.
|
|
id-token: write
|
|
with:
|
|
ref: ${{ github.ref }}
|
|
version: ${{ needs.info.outputs.version }}
|
|
release-notes: ${{ needs.info.outputs.release-notes }}
|
|
project: ${{ github.repository }}
|
|
draft: true
|
|
prerelease: true
|
|
secrets: inherit
|
|
|
|
ci-ok:
|
|
name: ci-ok
|
|
needs: [ci]
|
|
if: always()
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
# If the PR is a community PR, we don't run the usual checks, but instead
|
|
# require maintainers to run them manually by commenting with
|
|
# /run-acceptance-tests. Since the checks then run outside of the PR,
|
|
# ci-ok is not a useful status in these cases. We thus want to skip this
|
|
# job for community PRs. We detect community contributions by checking if
|
|
# the head repository is different to the base repository.
|
|
- name: CI failed
|
|
if: ${{ github.event.pull_request.head.repo.full_name == github.repository && needs.ci.result != 'success' }}
|
|
run: exit 1
|
|
- name: CI succeeded
|
|
run: exit 0
|