forked from dependabot/dependabot-core
-
Notifications
You must be signed in to change notification settings - Fork 0
111 lines (111 loc) · 3.89 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
name: CI
on:
push:
branches:
- "main"
pull_request:
paths-ignore:
- 'CHANGELOG.md'
- 'common/lib/dependabot/version.rb'
branches:
- "main"
schedule:
- cron: "0 0 * * *"
permissions:
contents: read
packages: write
jobs:
ci:
name: CI
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
suite:
- { path: bundler, name: bundler1 }
- { path: bundler, name: bundler2 }
- { path: cargo, name: cargo }
- { path: common, name: common }
- { path: composer, name: composer }
- { path: docker, name: docker }
- { path: elm, name: elm }
- { path: git_submodules, name: git_submodules }
- { path: github_actions, name: github_actions }
- { path: go_modules, name: go_modules }
- { path: gradle, name: gradle }
- { path: hex, name: hex }
- { path: maven, name: maven }
- { path: npm_and_yarn, name: npm_and_yarn }
- { path: nuget, name: nuget }
- { path: omnibus, name: omnibus }
- { path: python, name: python }
- { path: python, name: python_slow }
- { path: pub, name: pub }
- { path: terraform, name: terraform }
env:
BASE_IMAGE: ubuntu:18.04
CORE_IMAGE: dependabot/dependabot-core
CORE_BRANCH_IMAGE: ghcr.io/dependabot/dependabot-core-branch
CORE_CI_IMAGE: ghcr.io/dependabot/dependabot-core-ci
CODE_DIR: /home/dependabot/dependabot-core
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Prepare BRANCH_REF environment variable
run: echo "BRANCH_REF=$(echo '${{ github.ref }}' | sed -E 's/[^A-Za-z0-9]+/-/g')" >> $GITHUB_ENV
- name: Log in to GHCR
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Build dependabot-core image for branch
env:
DOCKER_BUILDKIT: 1
run: |
docker build \
-t "$CORE_IMAGE:latest" \
-t "$CORE_BRANCH_IMAGE:$BRANCH_REF" \
--build-arg BUILDKIT_INLINE_CACHE=1 \
--cache-from "$BASE_IMAGE" \
--cache-from "$CORE_IMAGE:latest" \
--cache-from "$CORE_BRANCH_IMAGE:$BRANCH_REF" \
.
- name: Push dependabot-core-branch image to GHCR
env:
ACCESS_CANARY: ${{ secrets.ACCESS_CANARY }}
if: env.ACCESS_CANARY != ''
run: |
docker push "$CORE_BRANCH_IMAGE:$BRANCH_REF"
- name: Build dependabot-core-ci image
env:
DOCKER_BUILDKIT: 1
run: |
docker build \
-t "$CORE_CI_IMAGE:latest" \
-t "$CORE_CI_IMAGE:branch--$BRANCH_REF" \
-f Dockerfile.ci \
--build-arg BUILDKIT_INLINE_CACHE=1 \
--cache-from "$CORE_CI_IMAGE:latest" \
--cache-from "$CORE_CI_IMAGE:branch--$BRANCH_REF" \
.
- name: Push dependabot-core-ci image to GHCR
env:
ACCESS_CANARY: ${{ secrets.ACCESS_CANARY }}
if: env.ACCESS_CANARY != ''
run: |
docker push "$CORE_CI_IMAGE:latest"
docker push "$CORE_CI_IMAGE:branch--$BRANCH_REF"
- name: Run ${{ matrix.suite.name }} tests
run: |
docker run \
--env "CI=true" \
--env "RAISE_ON_WARNINGS=true" \
--env "DEPENDABOT_TEST_ACCESS_TOKEN=${{ secrets.GITHUB_TOKEN }}" \
--env "SUITE_NAME=${{ matrix.suite.name }}" \
--rm "$CORE_CI_IMAGE:branch--$BRANCH_REF" bash -c \
"cd /home/dependabot/dependabot-core/${{ matrix.suite.path }} && ./script/ci-test"
lint:
name: lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- run: sudo apt-get update -y && sudo apt-get install --no-install-recommends shellcheck
- run: ./bin/lint