-
Notifications
You must be signed in to change notification settings - Fork 0
265 lines (225 loc) · 7.74 KB
/
validate.yml
File metadata and controls
265 lines (225 loc) · 7.74 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
name: Validate
on:
workflow_call:
inputs:
ref:
description: "Git ref to validate. Defaults to the caller's ref."
required: false
type: string
build-package:
description: "Build and smoke-test package artifacts. Release builds do this separately."
required: false
type: boolean
default: true
permissions:
contents: read
pull-requests: read
defaults:
run:
shell: bash
jobs:
changes:
name: Detect changed paths
runs-on: ubuntu-24.04
outputs:
github_actions: ${{ steps.changed_paths.outputs.github_actions }}
markdown: ${{ steps.changed_paths.outputs.markdown }}
python: ${{ steps.changed_paths.outputs.python }}
package: ${{ steps.changed_paths.outputs.package }}
steps:
- name: Detect changed paths
id: changed_paths
env:
GH_TOKEN: ${{ github.token }}
PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number }}
run: |
github_actions_changed=false
markdown_changed=false
python_changed=false
package_changed=false
if [[ "${{ github.event_name }}" != "pull_request" ]]; then
github_actions_changed=true
markdown_changed=true
python_changed=true
package_changed=true
else
changed_files="$(mktemp)"
gh api --paginate \
"repos/${GITHUB_REPOSITORY}/pulls/${PULL_REQUEST_NUMBER}/files" \
--jq '.[].filename' > "${changed_files}"
while IFS= read -r changed_file; do
case "${changed_file}" in
.github/workflows/*)
github_actions_changed=true
;;
esac
case "${changed_file}" in
*.md|.markdownlint-cli2.yaml)
markdown_changed=true
;;
esac
case "${changed_file}" in
.python-version|pyproject.toml|uv.lock|dev/*|src/*|tests/*)
python_changed=true
;;
esac
case "${changed_file}" in
.python-version|LICENSE|README.md|maps-example.yaml|pyproject.toml|uv.lock|src/*)
package_changed=true
;;
esac
done < "${changed_files}"
fi
{
echo "github_actions=${github_actions_changed}"
echo "markdown=${markdown_changed}"
echo "python=${python_changed}"
echo "package=${package_changed}"
} >> "${GITHUB_OUTPUT}"
github_actions:
name: Lint GitHub Actions
needs: changes
if: needs.changes.outputs.github_actions == 'true'
runs-on: ubuntu-24.04
env:
ACTIONLINT_VERSION: "1.7.12"
steps:
- name: Check out code
uses: actions/checkout@v6
with:
persist-credentials: false
ref: ${{ inputs.ref || github.ref }}
- name: Install actionlint
run: |
mkdir -p "${HOME}/.local/bin"
asset="actionlint_${ACTIONLINT_VERSION}_linux_amd64.tar.gz"
checksums="actionlint_${ACTIONLINT_VERSION}_checksums.txt"
base_url="https://github.com/rhysd/actionlint/releases/download/v${ACTIONLINT_VERSION}"
curl -fsSLO "${base_url}/${asset}"
curl -fsSLO "${base_url}/${checksums}"
grep " ${asset}$" "${checksums}" | sha256sum --check
tar -xzf "${asset}" -C "${HOME}/.local/bin" actionlint
chmod 0755 "${HOME}/.local/bin/actionlint"
- name: Lint GitHub Actions
run: |
"${HOME}/.local/bin/actionlint"
markdown:
name: Lint Markdown
needs: changes
if: needs.changes.outputs.markdown == 'true'
runs-on: ubuntu-24.04
env:
MARKDOWNLINT_CLI2_VERSION: "0.22.1"
steps:
- name: Check out code
uses: actions/checkout@v6
with:
persist-credentials: false
ref: ${{ inputs.ref || github.ref }}
- name: Cache npm
uses: actions/cache@v5
with:
path: ~/.npm
key: npm-${{ runner.os }}-markdownlint-cli2-${{ env.MARKDOWNLINT_CLI2_VERSION }}
- name: Lint Markdown
run: npx --yes "markdownlint-cli2@${MARKDOWNLINT_CLI2_VERSION}"
python:
name: Validate Python
needs: changes
if: needs.changes.outputs.python == 'true'
runs-on: ubuntu-24.04
env:
PYTHON_VERSION: "3.11"
UV_VERSION: "0.11.7"
steps:
- name: Check out code
uses: actions/checkout@v6
with:
persist-credentials: false
ref: ${{ inputs.ref || github.ref }}
- name: Set up Python
uses: actions/setup-python@v6
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Cache uv
uses: actions/cache@v5
with:
path: ~/.cache/uv
key: uv-${{ runner.os }}-py${{ env.PYTHON_VERSION }}-${{ hashFiles('uv.lock') }}
restore-keys: |
uv-${{ runner.os }}-py${{ env.PYTHON_VERSION }}-
- name: Install uv
run: python -m pip install "uv==${UV_VERSION}"
- name: Validate lockfile
run: uv lock --check
- name: Lint Python
run: uv run --frozen ruff check .
- name: Check Python formatting
run: uv run --frozen ruff format --check .
- name: Type check
run: uv run --frozen pyright
- name: Run tests
run: uv run --frozen python -m unittest discover -s tests
- name: Smoke test source checkout CLI
run: uv run --frozen src-auth-perms-sync --help >/tmp/src-auth-perms-sync-help.txt
package_build:
name: Build and smoke-test package
needs: changes
if: inputs.build-package && needs.changes.outputs.package == 'true'
runs-on: ubuntu-24.04
env:
PACKAGE_NAME: src-auth-perms-sync
PYTHON_VERSION: "3.11"
UV_VERSION: "0.11.7"
steps:
- name: Check out code
uses: actions/checkout@v6
with:
persist-credentials: false
ref: ${{ inputs.ref || github.ref }}
- name: Set up Python
uses: actions/setup-python@v6
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Cache uv
uses: actions/cache@v5
with:
path: ~/.cache/uv
key: uv-${{ runner.os }}-py${{ env.PYTHON_VERSION }}-${{ hashFiles('uv.lock') }}
restore-keys: |
uv-${{ runner.os }}-py${{ env.PYTHON_VERSION }}-
- name: Install uv
run: python -m pip install "uv==${UV_VERSION}"
- name: Build wheel
run: uv build --wheel --out-dir dist --no-create-gitignore
- name: Smoke test installed wheel
run: |
python -m venv build/ci-venv
. build/ci-venv/bin/activate
python -m pip install dist/src_auth_perms_sync-*.whl
src-auth-perms-sync --help >/tmp/src-auth-perms-sync-installed-help.txt
python -m src_auth_perms_sync --help >/tmp/src-auth-perms-sync-module-help.txt
package:
name: Validate package
needs: [changes, github_actions, markdown, python, package_build]
if: always()
runs-on: ubuntu-24.04
steps:
- name: Confirm validation results
run: |
for validation_result in \
"${{ needs.changes.result }}" \
"${{ needs.github_actions.result }}" \
"${{ needs.markdown.result }}" \
"${{ needs.python.result }}" \
"${{ needs.package_build.result }}"
do
case "${validation_result}" in
success|skipped)
;;
*)
echo "::error title=Validation failed::At least one validation job ended with '${validation_result}'."
exit 1
;;
esac
done