🤖 ci: enforce merge queue required CI checks #52
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| merge_group: | |
| types: [checks_requested] | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| jobs: | |
| changes: | |
| name: Detect changed paths | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| outputs: | |
| go: ${{ steps.merge_group_defaults.outputs.go || steps.filter.outputs.go }} | |
| workflows: ${{ steps.merge_group_defaults.outputs.workflows || steps.filter.outputs.workflows }} | |
| publish: ${{ steps.merge_group_defaults.outputs.publish || steps.filter.outputs.publish }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| with: | |
| persist-credentials: false | |
| - name: Set merge-group defaults | |
| if: github.event_name == 'merge_group' | |
| id: merge_group_defaults | |
| run: | | |
| { | |
| echo "go=true" | |
| echo "workflows=true" | |
| echo "publish=false" | |
| } >> "$GITHUB_OUTPUT" | |
| - name: Detect changed paths | |
| if: github.event_name != 'merge_group' | |
| id: filter | |
| uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 | |
| with: | |
| filters: | | |
| go: | |
| - '**/*.go' | |
| - 'go.mod' | |
| - 'go.sum' | |
| - 'vendor/**' | |
| - 'Makefile' | |
| - '.golangci.yml' | |
| - '.golangci.yaml' | |
| workflows: | |
| - '.github/workflows/**' | |
| publish: | |
| - '**/*.go' | |
| - 'go.mod' | |
| - 'go.sum' | |
| - 'vendor/**' | |
| - 'Dockerfile*' | |
| - 'Dockerfile.goreleaser' | |
| lint: | |
| needs: changes | |
| if: github.event_name == 'merge_group' || needs.changes.outputs.go == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| with: | |
| persist-credentials: false | |
| - name: Set up Go | |
| uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: Verify vendor is up to date | |
| run: | | |
| go mod tidy | |
| go mod vendor | |
| git diff --exit-code -- go.mod go.sum vendor/ | |
| - name: Run golangci-lint | |
| uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9 | |
| with: | |
| version: v2.8 | |
| args: --timeout=5m ./... | |
| - name: Run golangci-lint formatter checks | |
| run: go run github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.8.0 fmt --diff | |
| - name: Run govulncheck | |
| uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee # v1 | |
| with: | |
| go-version-file: go.mod | |
| go-package: ./... | |
| test: | |
| needs: changes | |
| if: github.event_name == 'merge_group' || needs.changes.outputs.go == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| with: | |
| persist-credentials: false | |
| - name: Setup Go | |
| uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: Verify vendor is up to date | |
| run: | | |
| go mod tidy | |
| go mod vendor | |
| git diff --exit-code -- go.mod go.sum vendor/ | |
| - name: Run tests | |
| env: | |
| GOFLAGS: -mod=vendor | |
| run: go test ./... | |
| - name: Build | |
| env: | |
| GOFLAGS: -mod=vendor | |
| run: go build ./... | |
| lint-actions: | |
| name: Lint GitHub Actions | |
| needs: changes | |
| if: github.event_name == 'merge_group' || needs.changes.outputs.workflows == 'true' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| with: | |
| persist-credentials: false | |
| - name: Setup Go | |
| uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: Run actionlint | |
| run: go run github.com/rhysd/actionlint/cmd/actionlint@v1.7.10 | |
| - name: Run zizmor | |
| uses: zizmorcore/zizmor-action@0dce2577a4760a2749d8cfb7a84b7d5585ebcb7d # v0.5.0 | |
| with: | |
| advanced-security: false | |
| inputs: .github/workflows | |
| codex-comments: | |
| name: Codex Comments | |
| if: github.event_name == 'pull_request' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Check unresolved Codex comments | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: ./scripts/check_codex_comments.sh ${{ github.event.pull_request.number }} | |
| publish-main: | |
| name: Publish GHCR :main | |
| needs: [changes, test, lint, lint-actions] | |
| if: | | |
| always() && | |
| github.event_name == 'push' && | |
| github.ref == 'refs/heads/main' && | |
| needs.changes.outputs.publish == 'true' && | |
| (needs.test.result == 'success' || needs.test.result == 'skipped') && | |
| (needs.lint.result == 'success' || needs.lint.result == 'skipped') && | |
| (needs.lint-actions.result == 'success' || needs.lint-actions.result == 'skipped') | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| with: | |
| persist-credentials: false | |
| - name: Setup Go | |
| uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0 | |
| with: | |
| go-version-file: go.mod | |
| cache: false | |
| - name: Build linux/amd64 binary for image | |
| env: | |
| GOFLAGS: -mod=vendor | |
| CGO_ENABLED: "0" | |
| GOOS: linux | |
| GOARCH: amd64 | |
| run: go build -o coder-k8s ./ | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push :main | |
| uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0 | |
| with: | |
| context: . | |
| file: Dockerfile.goreleaser | |
| push: true | |
| tags: ghcr.io/coder/coder-k8s:main |