From 8900f88ad2a5d6e49892857ce9b17ee62200c8b2 Mon Sep 17 00:00:00 2001 From: per1234 Date: Tue, 19 Apr 2022 21:45:28 -0700 Subject: [PATCH 1/2] Remove unnecessary line continuation escaping from workflows It is often necessary to escape the newline for continuation when breaking shell commands into multiple lines for readability. However, if a line break occurs in a shell command in an unterminated command, the continuation is implicit. The escaping in these shell commands was unnecessary and only made them a bit more cryptic, since the brackets already clearly indicate the structure --- .github/workflows/test-python-poetry-task.yml | 6 +++--- workflow-templates/check-go-task.yml | 6 +++--- .../.github/workflows/check-go-task.yml | 6 +++--- .../.github/workflows/publish-go-tester-task.yml | 6 +++--- .../.github/workflows/test-go-integration-task.yml | 6 +++--- .../.github/workflows/test-go-task.yml | 6 +++--- .../.github/workflows/test-python-poetry-task.yml | 6 +++--- workflow-templates/publish-go-tester-task.yml | 6 +++--- workflow-templates/test-go-integration-task.yml | 6 +++--- workflow-templates/test-go-task.yml | 6 +++--- workflow-templates/test-python-poetry-task.yml | 6 +++--- 11 files changed, 33 insertions(+), 33 deletions(-) diff --git a/.github/workflows/test-python-poetry-task.yml b/.github/workflows/test-python-poetry-task.yml index 015f4304..85bd669e 100644 --- a/.github/workflows/test-python-poetry-task.yml +++ b/.github/workflows/test-python-poetry-task.yml @@ -38,9 +38,9 @@ jobs: run: | RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. - if [[ \ - "${{ github.event_name }}" != "create" || \ - "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX \ + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX ]]; then # Run the other jobs. RESULT="true" diff --git a/workflow-templates/check-go-task.yml b/workflow-templates/check-go-task.yml index 4e509e72..92f3115d 100644 --- a/workflow-templates/check-go-task.yml +++ b/workflow-templates/check-go-task.yml @@ -36,9 +36,9 @@ jobs: run: | RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. - if [[ \ - "${{ github.event_name }}" != "create" || \ - "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX \ + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX ]]; then # Run the other jobs. RESULT="true" diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-go-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-go-task.yml index 4e509e72..92f3115d 100644 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-go-task.yml +++ b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-go-task.yml @@ -36,9 +36,9 @@ jobs: run: | RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. - if [[ \ - "${{ github.event_name }}" != "create" || \ - "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX \ + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX ]]; then # Run the other jobs. RESULT="true" diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/publish-go-tester-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/publish-go-tester-task.yml index 6c21a09f..560bdd1f 100644 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/publish-go-tester-task.yml +++ b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/publish-go-tester-task.yml @@ -39,9 +39,9 @@ jobs: run: | RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. - if [[ \ - "${{ github.event_name }}" != "create" || \ - "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX \ + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX ]]; then # Run the other jobs. RESULT="true" diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/test-go-integration-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/test-go-integration-task.yml index 79ee2505..ed08a1fc 100644 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/test-go-integration-task.yml +++ b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/test-go-integration-task.yml @@ -44,9 +44,9 @@ jobs: run: | RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. - if [[ \ - "${{ github.event_name }}" != "create" || \ - "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX \ + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX ]]; then # Run the other jobs. RESULT="true" diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/test-go-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/test-go-task.yml index bd1a68ea..8bb1f001 100644 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/test-go-task.yml +++ b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/test-go-task.yml @@ -40,9 +40,9 @@ jobs: run: | RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. - if [[ \ - "${{ github.event_name }}" != "create" || \ - "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX \ + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX ]]; then # Run the other jobs. RESULT="true" diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/test-python-poetry-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/test-python-poetry-task.yml index 015f4304..85bd669e 100644 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/test-python-poetry-task.yml +++ b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/test-python-poetry-task.yml @@ -38,9 +38,9 @@ jobs: run: | RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. - if [[ \ - "${{ github.event_name }}" != "create" || \ - "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX \ + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX ]]; then # Run the other jobs. RESULT="true" diff --git a/workflow-templates/publish-go-tester-task.yml b/workflow-templates/publish-go-tester-task.yml index 6c21a09f..560bdd1f 100644 --- a/workflow-templates/publish-go-tester-task.yml +++ b/workflow-templates/publish-go-tester-task.yml @@ -39,9 +39,9 @@ jobs: run: | RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. - if [[ \ - "${{ github.event_name }}" != "create" || \ - "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX \ + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX ]]; then # Run the other jobs. RESULT="true" diff --git a/workflow-templates/test-go-integration-task.yml b/workflow-templates/test-go-integration-task.yml index 79ee2505..ed08a1fc 100644 --- a/workflow-templates/test-go-integration-task.yml +++ b/workflow-templates/test-go-integration-task.yml @@ -44,9 +44,9 @@ jobs: run: | RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. - if [[ \ - "${{ github.event_name }}" != "create" || \ - "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX \ + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX ]]; then # Run the other jobs. RESULT="true" diff --git a/workflow-templates/test-go-task.yml b/workflow-templates/test-go-task.yml index bd1a68ea..8bb1f001 100644 --- a/workflow-templates/test-go-task.yml +++ b/workflow-templates/test-go-task.yml @@ -40,9 +40,9 @@ jobs: run: | RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. - if [[ \ - "${{ github.event_name }}" != "create" || \ - "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX \ + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX ]]; then # Run the other jobs. RESULT="true" diff --git a/workflow-templates/test-python-poetry-task.yml b/workflow-templates/test-python-poetry-task.yml index 015f4304..85bd669e 100644 --- a/workflow-templates/test-python-poetry-task.yml +++ b/workflow-templates/test-python-poetry-task.yml @@ -38,9 +38,9 @@ jobs: run: | RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. - if [[ \ - "${{ github.event_name }}" != "create" || \ - "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX \ + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX ]]; then # Run the other jobs. RESULT="true" From 22504dc85c1bea37613506016e677cd545a9af1b Mon Sep 17 00:00:00 2001 From: per1234 Date: Tue, 19 Apr 2022 21:58:12 -0700 Subject: [PATCH 2/2] Run relevant workflows on release branch creation This is a follow up to the original campaign to provide release branch coverage. The trigger on release branch creation system was added only to the most critical workflows at that time. Since then, the system has proven itself through several releases. A new critical "Check Go Dependencies" workflow was added which was missing the trigger due to being created prior to the campaign, but then staged until after it. While updating that workflow, I took the time to review all the remaining workflows for ones that might provide valuable information for project evaluation prior to release. I identified several additional workflows that, while not critical, still might reveal problems with the project at its state in the release branch. So I also added it to those. --- The trunk-based development strategy is used by some tooling projects (e.g., Arduino CLI). Their release branches may contain a subset of the history of the default branch. The status of the GitHub Actions workflows should be evaluated before making a release. However, this is not so simple as checking the status of the commit at the tip of the release branch. The reason is that, for the sake of efficiency, the workflows are configured to run only when the processes are relevant to the trigger event (e.g., no need to run unit tests for a change to the readme). In the case of the default branch, you can simply set the workflow runs filter to that branch and then check the result of the latest run of each workflow of interest. However, that was not possible to do with the release branch since it might be that the workflow was never run in that branch. The status of the latest run of the workflow in the default branch might not match the status for the release branch if the release branch does not contain the full history. For this reason, it will be helpful to trigger all relevant workflows on the creation of a release branch. This will ensure that each of those workflows will always have at least one run in the release branch. Subsequent commits pushed to the branch can run based on their usual trigger filters and the status of the latest run of each workflow in the branch will provide an accurate indication of the state of that branch. Branches are created for purposes other than releases, most notably feature branches to stage work for a pull request. Because the collection of workflows in a Tooling project are often very comprehensive, it would not be convenient or efficient to run them on the creation of every feature branch. Unfortunately, GitHub Actions does not support filters on the `create` event of branch creation like it does for the `push` and `pull_request` events. There is support for a `branches` filter of the `push` event, but that filter is an AND to the `paths` filter and this application requires an OR. For this reason, the workflows must be triggered by the creation of any branch. The unwanted job runs are prevented by adding a `run-determination` job with the branch filter handled by Bash commands. The other jobs of the workflow use this `run-determination` job as a dependency, only running when it indicates they should via a job output. Because this minimal `run-determination` job runs very quickly, it is roughly equivalent to the workflow having been skipped entirely for non-release branch creations. This approach has been in use for some time already in the versioned "Deploy Website" workflows. --- .github/workflows/check-license.yml | 26 ++++++++++ .github/workflows/check-markdown-task.yml | 28 +++++++++++ .github/workflows/check-python-task.yml | 28 +++++++++++ .github/workflows/check-shell-task.yml | 30 ++++++++++++ .github/workflows/check-yaml-task.yml | 26 ++++++++++ workflow-templates/check-certificates.yml | 48 +++++++++++++++++-- .../check-go-dependencies-task.yml | 28 +++++++++++ workflow-templates/check-license.yml | 26 ++++++++++ workflow-templates/check-markdown-task.yml | 28 +++++++++++ workflow-templates/check-mkdocs-task.yml | 26 ++++++++++ workflow-templates/check-python-task.yml | 28 +++++++++++ workflow-templates/check-shell-task.yml | 30 ++++++++++++ workflow-templates/check-yaml-task.yml | 26 ++++++++++ .../.github/workflows/check-certificates.yml | 48 +++++++++++++++++-- .../workflows/check-go-dependencies-task.yml | 28 +++++++++++ .../.github/workflows/check-license.yml | 26 ++++++++++ .../.github/workflows/check-markdown-task.yml | 28 +++++++++++ .../.github/workflows/check-mkdocs-task.yml | 26 ++++++++++ .../.github/workflows/check-python-task.yml | 28 +++++++++++ .../.github/workflows/check-shell-task.yml | 30 ++++++++++++ .../.github/workflows/check-yaml-task.yml | 26 ++++++++++ 21 files changed, 608 insertions(+), 10 deletions(-) diff --git a/.github/workflows/check-license.yml b/.github/workflows/check-license.yml index a7cd4172..7c375cb4 100644 --- a/.github/workflows/check-license.yml +++ b/.github/workflows/check-license.yml @@ -9,6 +9,7 @@ env: # See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows on: + create: push: paths: - ".github/workflows/check-license.ya?ml" @@ -30,7 +31,32 @@ on: repository_dispatch: jobs: + run-determination: + runs-on: ubuntu-latest + outputs: + result: ${{ steps.determination.outputs.result }} + steps: + - name: Determine if the rest of the workflow should run + id: determination + run: | + RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" + # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX + ]]; then + # Run the other jobs. + RESULT="true" + else + # There is no need to run the other jobs. + RESULT="false" + fi + + echo "::set-output name=result::$RESULT" + check-license: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest steps: diff --git a/.github/workflows/check-markdown-task.yml b/.github/workflows/check-markdown-task.yml index 4153c666..a2d9beaa 100644 --- a/.github/workflows/check-markdown-task.yml +++ b/.github/workflows/check-markdown-task.yml @@ -3,6 +3,7 @@ name: Check Markdown # See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows on: + create: push: paths: - ".github/workflows/check-markdown-task.ya?ml" @@ -30,7 +31,32 @@ on: repository_dispatch: jobs: + run-determination: + runs-on: ubuntu-latest + outputs: + result: ${{ steps.determination.outputs.result }} + steps: + - name: Determine if the rest of the workflow should run + id: determination + run: | + RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" + # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX + ]]; then + # Run the other jobs. + RESULT="true" + else + # There is no need to run the other jobs. + RESULT="false" + fi + + echo "::set-output name=result::$RESULT" + lint: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest steps: @@ -50,6 +76,8 @@ jobs: run: task markdown:lint links: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest steps: diff --git a/.github/workflows/check-python-task.yml b/.github/workflows/check-python-task.yml index 38553f00..21f92e58 100644 --- a/.github/workflows/check-python-task.yml +++ b/.github/workflows/check-python-task.yml @@ -7,6 +7,7 @@ env: # See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows on: + create: push: paths: - ".github/workflows/check-python-task.ya?ml" @@ -31,7 +32,32 @@ on: repository_dispatch: jobs: + run-determination: + runs-on: ubuntu-latest + outputs: + result: ${{ steps.determination.outputs.result }} + steps: + - name: Determine if the rest of the workflow should run + id: determination + run: | + RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" + # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX + ]]; then + # Run the other jobs. + RESULT="true" + else + # There is no need to run the other jobs. + RESULT="false" + fi + + echo "::set-output name=result::$RESULT" + lint: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest steps: @@ -59,6 +85,8 @@ jobs: run: task python:lint formatting: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest steps: diff --git a/.github/workflows/check-shell-task.yml b/.github/workflows/check-shell-task.yml index 90d985ff..f6cd3bdc 100644 --- a/.github/workflows/check-shell-task.yml +++ b/.github/workflows/check-shell-task.yml @@ -3,6 +3,7 @@ name: Check Shell Scripts # See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows on: + create: push: paths: - ".github/workflows/check-shell-task.ya?ml" @@ -24,8 +25,33 @@ on: repository_dispatch: jobs: + run-determination: + runs-on: ubuntu-latest + outputs: + result: ${{ steps.determination.outputs.result }} + steps: + - name: Determine if the rest of the workflow should run + id: determination + run: | + RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" + # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX + ]]; then + # Run the other jobs. + RESULT="true" + else + # There is no need to run the other jobs. + RESULT="false" + fi + + echo "::set-output name=result::$RESULT" + lint: name: ${{ matrix.configuration.name }} + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest env: @@ -88,6 +114,8 @@ jobs: run: task --silent shell:check SHELLCHECK_FORMAT=${{ matrix.configuration.format }} formatting: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest steps: @@ -131,6 +159,8 @@ jobs: run: git diff --color --exit-code executable: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest steps: diff --git a/.github/workflows/check-yaml-task.yml b/.github/workflows/check-yaml-task.yml index f8742bbc..91ccdaa5 100644 --- a/.github/workflows/check-yaml-task.yml +++ b/.github/workflows/check-yaml-task.yml @@ -7,6 +7,7 @@ env: # See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows on: + create: push: paths: - ".yamllint*" @@ -43,8 +44,33 @@ on: repository_dispatch: jobs: + run-determination: + runs-on: ubuntu-latest + outputs: + result: ${{ steps.determination.outputs.result }} + steps: + - name: Determine if the rest of the workflow should run + id: determination + run: | + RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" + # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX + ]]; then + # Run the other jobs. + RESULT="true" + else + # There is no need to run the other jobs. + RESULT="false" + fi + + echo "::set-output name=result::$RESULT" + check: name: ${{ matrix.configuration.name }} + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest strategy: diff --git a/workflow-templates/check-certificates.yml b/workflow-templates/check-certificates.yml index 03c8e580..1e84466f 100644 --- a/workflow-templates/check-certificates.yml +++ b/workflow-templates/check-certificates.yml @@ -3,6 +3,7 @@ name: Check Certificates # See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows on: + create: push: paths: - ".github/workflows/check-certificates.ya?ml" @@ -20,13 +21,50 @@ env: EXPIRATION_WARNING_PERIOD: 30 jobs: + run-determination: + runs-on: ubuntu-latest + outputs: + result: ${{ steps.determination.outputs.result }} + steps: + - name: Determine if the rest of the workflow should run + id: determination + run: | + RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" + # TODO: Update repository name. + REPO_SLUG="REPO_OWNER/REPO_NAME" + if [[ + ( + # Only run on branch creation when it is a release branch. + # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX + ) && + ( + # Only run when the workflow will have access to the certificate secrets. + # This could be done via a GitHub Actions workflow conditional, but makes more sense to do it here as well. + ( + "${{ github.event_name }}" != "pull_request" && + "${{ github.repository }}" == "$REPO_SLUG" + ) || + ( + "${{ github.event_name }}" == "pull_request" && + "${{ github.event.pull_request.head.repo.full_name }}" == "$REPO_SLUG" + ) + ) + ]]; then + # Run the other jobs. + RESULT="true" + else + # There is no need to run the other jobs. + RESULT="false" + fi + + echo "::set-output name=result::$RESULT" + check-certificates: name: ${{ matrix.certificate.identifier }} - # Only run when the workflow will have access to the certificate secrets. - # TODO: Update repository name. - if: > - (github.event_name != 'pull_request' && github.repository == 'REPO_OWNER/REPO_NAME') || - (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == 'REPO_OWNER/REPO_NAME') + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest strategy: fail-fast: false diff --git a/workflow-templates/check-go-dependencies-task.yml b/workflow-templates/check-go-dependencies-task.yml index e52e174a..2ed721a5 100644 --- a/workflow-templates/check-go-dependencies-task.yml +++ b/workflow-templates/check-go-dependencies-task.yml @@ -7,6 +7,7 @@ env: # See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows on: + create: push: paths: - ".github/workflows/check-go-dependencies-task.ya?ml" @@ -31,7 +32,32 @@ on: repository_dispatch: jobs: + run-determination: + runs-on: ubuntu-latest + outputs: + result: ${{ steps.determination.outputs.result }} + steps: + - name: Determine if the rest of the workflow should run + id: determination + run: | + RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" + # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX + ]]; then + # Run the other jobs. + RESULT="true" + else + # There is no need to run the other jobs. + RESULT="false" + fi + + echo "::set-output name=result::$RESULT" + check-cache: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest steps: @@ -80,6 +106,8 @@ jobs: path: .licenses/ check-deps: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest steps: diff --git a/workflow-templates/check-license.yml b/workflow-templates/check-license.yml index 04536aef..f796f544 100644 --- a/workflow-templates/check-license.yml +++ b/workflow-templates/check-license.yml @@ -10,6 +10,7 @@ env: # See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows on: + create: push: paths: - ".github/workflows/check-license.ya?ml" @@ -31,7 +32,32 @@ on: repository_dispatch: jobs: + run-determination: + runs-on: ubuntu-latest + outputs: + result: ${{ steps.determination.outputs.result }} + steps: + - name: Determine if the rest of the workflow should run + id: determination + run: | + RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" + # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX + ]]; then + # Run the other jobs. + RESULT="true" + else + # There is no need to run the other jobs. + RESULT="false" + fi + + echo "::set-output name=result::$RESULT" + check-license: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest steps: diff --git a/workflow-templates/check-markdown-task.yml b/workflow-templates/check-markdown-task.yml index 4153c666..a2d9beaa 100644 --- a/workflow-templates/check-markdown-task.yml +++ b/workflow-templates/check-markdown-task.yml @@ -3,6 +3,7 @@ name: Check Markdown # See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows on: + create: push: paths: - ".github/workflows/check-markdown-task.ya?ml" @@ -30,7 +31,32 @@ on: repository_dispatch: jobs: + run-determination: + runs-on: ubuntu-latest + outputs: + result: ${{ steps.determination.outputs.result }} + steps: + - name: Determine if the rest of the workflow should run + id: determination + run: | + RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" + # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX + ]]; then + # Run the other jobs. + RESULT="true" + else + # There is no need to run the other jobs. + RESULT="false" + fi + + echo "::set-output name=result::$RESULT" + lint: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest steps: @@ -50,6 +76,8 @@ jobs: run: task markdown:lint links: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest steps: diff --git a/workflow-templates/check-mkdocs-task.yml b/workflow-templates/check-mkdocs-task.yml index b8ade4ac..5dc6b92c 100644 --- a/workflow-templates/check-mkdocs-task.yml +++ b/workflow-templates/check-mkdocs-task.yml @@ -7,6 +7,7 @@ env: # See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows on: + create: push: paths: - ".github/workflows/check-mkdocs-task.ya?ml" @@ -27,7 +28,32 @@ on: repository_dispatch: jobs: + run-determination: + runs-on: ubuntu-latest + outputs: + result: ${{ steps.determination.outputs.result }} + steps: + - name: Determine if the rest of the workflow should run + id: determination + run: | + RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" + # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX + ]]; then + # Run the other jobs. + RESULT="true" + else + # There is no need to run the other jobs. + RESULT="false" + fi + + echo "::set-output name=result::$RESULT" + check: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest steps: diff --git a/workflow-templates/check-python-task.yml b/workflow-templates/check-python-task.yml index 38553f00..21f92e58 100644 --- a/workflow-templates/check-python-task.yml +++ b/workflow-templates/check-python-task.yml @@ -7,6 +7,7 @@ env: # See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows on: + create: push: paths: - ".github/workflows/check-python-task.ya?ml" @@ -31,7 +32,32 @@ on: repository_dispatch: jobs: + run-determination: + runs-on: ubuntu-latest + outputs: + result: ${{ steps.determination.outputs.result }} + steps: + - name: Determine if the rest of the workflow should run + id: determination + run: | + RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" + # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX + ]]; then + # Run the other jobs. + RESULT="true" + else + # There is no need to run the other jobs. + RESULT="false" + fi + + echo "::set-output name=result::$RESULT" + lint: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest steps: @@ -59,6 +85,8 @@ jobs: run: task python:lint formatting: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest steps: diff --git a/workflow-templates/check-shell-task.yml b/workflow-templates/check-shell-task.yml index 90d985ff..f6cd3bdc 100644 --- a/workflow-templates/check-shell-task.yml +++ b/workflow-templates/check-shell-task.yml @@ -3,6 +3,7 @@ name: Check Shell Scripts # See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows on: + create: push: paths: - ".github/workflows/check-shell-task.ya?ml" @@ -24,8 +25,33 @@ on: repository_dispatch: jobs: + run-determination: + runs-on: ubuntu-latest + outputs: + result: ${{ steps.determination.outputs.result }} + steps: + - name: Determine if the rest of the workflow should run + id: determination + run: | + RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" + # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX + ]]; then + # Run the other jobs. + RESULT="true" + else + # There is no need to run the other jobs. + RESULT="false" + fi + + echo "::set-output name=result::$RESULT" + lint: name: ${{ matrix.configuration.name }} + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest env: @@ -88,6 +114,8 @@ jobs: run: task --silent shell:check SHELLCHECK_FORMAT=${{ matrix.configuration.format }} formatting: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest steps: @@ -131,6 +159,8 @@ jobs: run: git diff --color --exit-code executable: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest steps: diff --git a/workflow-templates/check-yaml-task.yml b/workflow-templates/check-yaml-task.yml index f8742bbc..91ccdaa5 100644 --- a/workflow-templates/check-yaml-task.yml +++ b/workflow-templates/check-yaml-task.yml @@ -7,6 +7,7 @@ env: # See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows on: + create: push: paths: - ".yamllint*" @@ -43,8 +44,33 @@ on: repository_dispatch: jobs: + run-determination: + runs-on: ubuntu-latest + outputs: + result: ${{ steps.determination.outputs.result }} + steps: + - name: Determine if the rest of the workflow should run + id: determination + run: | + RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" + # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX + ]]; then + # Run the other jobs. + RESULT="true" + else + # There is no need to run the other jobs. + RESULT="false" + fi + + echo "::set-output name=result::$RESULT" + check: name: ${{ matrix.configuration.name }} + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest strategy: diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-certificates.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-certificates.yml index 03c8e580..1e84466f 100644 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-certificates.yml +++ b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-certificates.yml @@ -3,6 +3,7 @@ name: Check Certificates # See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows on: + create: push: paths: - ".github/workflows/check-certificates.ya?ml" @@ -20,13 +21,50 @@ env: EXPIRATION_WARNING_PERIOD: 30 jobs: + run-determination: + runs-on: ubuntu-latest + outputs: + result: ${{ steps.determination.outputs.result }} + steps: + - name: Determine if the rest of the workflow should run + id: determination + run: | + RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" + # TODO: Update repository name. + REPO_SLUG="REPO_OWNER/REPO_NAME" + if [[ + ( + # Only run on branch creation when it is a release branch. + # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX + ) && + ( + # Only run when the workflow will have access to the certificate secrets. + # This could be done via a GitHub Actions workflow conditional, but makes more sense to do it here as well. + ( + "${{ github.event_name }}" != "pull_request" && + "${{ github.repository }}" == "$REPO_SLUG" + ) || + ( + "${{ github.event_name }}" == "pull_request" && + "${{ github.event.pull_request.head.repo.full_name }}" == "$REPO_SLUG" + ) + ) + ]]; then + # Run the other jobs. + RESULT="true" + else + # There is no need to run the other jobs. + RESULT="false" + fi + + echo "::set-output name=result::$RESULT" + check-certificates: name: ${{ matrix.certificate.identifier }} - # Only run when the workflow will have access to the certificate secrets. - # TODO: Update repository name. - if: > - (github.event_name != 'pull_request' && github.repository == 'REPO_OWNER/REPO_NAME') || - (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == 'REPO_OWNER/REPO_NAME') + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest strategy: fail-fast: false diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-go-dependencies-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-go-dependencies-task.yml index e52e174a..2ed721a5 100644 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-go-dependencies-task.yml +++ b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-go-dependencies-task.yml @@ -7,6 +7,7 @@ env: # See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows on: + create: push: paths: - ".github/workflows/check-go-dependencies-task.ya?ml" @@ -31,7 +32,32 @@ on: repository_dispatch: jobs: + run-determination: + runs-on: ubuntu-latest + outputs: + result: ${{ steps.determination.outputs.result }} + steps: + - name: Determine if the rest of the workflow should run + id: determination + run: | + RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" + # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX + ]]; then + # Run the other jobs. + RESULT="true" + else + # There is no need to run the other jobs. + RESULT="false" + fi + + echo "::set-output name=result::$RESULT" + check-cache: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest steps: @@ -80,6 +106,8 @@ jobs: path: .licenses/ check-deps: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest steps: diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-license.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-license.yml index 04536aef..f796f544 100644 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-license.yml +++ b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-license.yml @@ -10,6 +10,7 @@ env: # See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows on: + create: push: paths: - ".github/workflows/check-license.ya?ml" @@ -31,7 +32,32 @@ on: repository_dispatch: jobs: + run-determination: + runs-on: ubuntu-latest + outputs: + result: ${{ steps.determination.outputs.result }} + steps: + - name: Determine if the rest of the workflow should run + id: determination + run: | + RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" + # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX + ]]; then + # Run the other jobs. + RESULT="true" + else + # There is no need to run the other jobs. + RESULT="false" + fi + + echo "::set-output name=result::$RESULT" + check-license: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest steps: diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-markdown-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-markdown-task.yml index 4153c666..a2d9beaa 100644 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-markdown-task.yml +++ b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-markdown-task.yml @@ -3,6 +3,7 @@ name: Check Markdown # See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows on: + create: push: paths: - ".github/workflows/check-markdown-task.ya?ml" @@ -30,7 +31,32 @@ on: repository_dispatch: jobs: + run-determination: + runs-on: ubuntu-latest + outputs: + result: ${{ steps.determination.outputs.result }} + steps: + - name: Determine if the rest of the workflow should run + id: determination + run: | + RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" + # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX + ]]; then + # Run the other jobs. + RESULT="true" + else + # There is no need to run the other jobs. + RESULT="false" + fi + + echo "::set-output name=result::$RESULT" + lint: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest steps: @@ -50,6 +76,8 @@ jobs: run: task markdown:lint links: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest steps: diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-mkdocs-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-mkdocs-task.yml index b8ade4ac..5dc6b92c 100644 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-mkdocs-task.yml +++ b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-mkdocs-task.yml @@ -7,6 +7,7 @@ env: # See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows on: + create: push: paths: - ".github/workflows/check-mkdocs-task.ya?ml" @@ -27,7 +28,32 @@ on: repository_dispatch: jobs: + run-determination: + runs-on: ubuntu-latest + outputs: + result: ${{ steps.determination.outputs.result }} + steps: + - name: Determine if the rest of the workflow should run + id: determination + run: | + RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" + # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX + ]]; then + # Run the other jobs. + RESULT="true" + else + # There is no need to run the other jobs. + RESULT="false" + fi + + echo "::set-output name=result::$RESULT" + check: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest steps: diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-python-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-python-task.yml index 38553f00..21f92e58 100644 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-python-task.yml +++ b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-python-task.yml @@ -7,6 +7,7 @@ env: # See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows on: + create: push: paths: - ".github/workflows/check-python-task.ya?ml" @@ -31,7 +32,32 @@ on: repository_dispatch: jobs: + run-determination: + runs-on: ubuntu-latest + outputs: + result: ${{ steps.determination.outputs.result }} + steps: + - name: Determine if the rest of the workflow should run + id: determination + run: | + RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" + # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX + ]]; then + # Run the other jobs. + RESULT="true" + else + # There is no need to run the other jobs. + RESULT="false" + fi + + echo "::set-output name=result::$RESULT" + lint: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest steps: @@ -59,6 +85,8 @@ jobs: run: task python:lint formatting: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest steps: diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-shell-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-shell-task.yml index 90d985ff..f6cd3bdc 100644 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-shell-task.yml +++ b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-shell-task.yml @@ -3,6 +3,7 @@ name: Check Shell Scripts # See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows on: + create: push: paths: - ".github/workflows/check-shell-task.ya?ml" @@ -24,8 +25,33 @@ on: repository_dispatch: jobs: + run-determination: + runs-on: ubuntu-latest + outputs: + result: ${{ steps.determination.outputs.result }} + steps: + - name: Determine if the rest of the workflow should run + id: determination + run: | + RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" + # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX + ]]; then + # Run the other jobs. + RESULT="true" + else + # There is no need to run the other jobs. + RESULT="false" + fi + + echo "::set-output name=result::$RESULT" + lint: name: ${{ matrix.configuration.name }} + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest env: @@ -88,6 +114,8 @@ jobs: run: task --silent shell:check SHELLCHECK_FORMAT=${{ matrix.configuration.format }} formatting: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest steps: @@ -131,6 +159,8 @@ jobs: run: git diff --color --exit-code executable: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest steps: diff --git a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-yaml-task.yml b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-yaml-task.yml index f8742bbc..91ccdaa5 100644 --- a/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-yaml-task.yml +++ b/workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-yaml-task.yml @@ -7,6 +7,7 @@ env: # See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows on: + create: push: paths: - ".yamllint*" @@ -43,8 +44,33 @@ on: repository_dispatch: jobs: + run-determination: + runs-on: ubuntu-latest + outputs: + result: ${{ steps.determination.outputs.result }} + steps: + - name: Determine if the rest of the workflow should run + id: determination + run: | + RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" + # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX + ]]; then + # Run the other jobs. + RESULT="true" + else + # There is no need to run the other jobs. + RESULT="false" + fi + + echo "::set-output name=result::$RESULT" + check: name: ${{ matrix.configuration.name }} + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest strategy: