-
Notifications
You must be signed in to change notification settings - Fork 378
173 lines (169 loc) · 6.71 KB
/
test-runner.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
name: "gha: macOS & Windows"
# Build on pull requests and pushes to `main`. The PR builds will be
# non-blocking for now, but that is configured elsewhere.
on:
# Start these builds on pushes (think "after the merge") too. Normally there
# are no `ci-gha**` branches in our repository. The contributors to the repo
# can create such branches when testing or troubleshooting builds. In such
# branches we can disable builds (to speed up the testing) or add new ones,
# without impacting the rest of the team.
push:
branches: [ 'v[2-9]**', 'ci-gha**' ]
# Start the build in the context of the target branch. This is considered
# "safe", as the workflow files are already committed. These types of builds
# have access to the secrets in the build, which we need to use the remote
# caches (Bazel and sccache).
pull_request_target:
types:
- opened
- synchronize
- reopened
schedule:
- cron: '0 5 * * 1,2,3,4,5'
workflow_dispatch:
# Cancel in-progress runs of the workflow if somebody adds a new commit to the
# PR or branch. That reduces billing, but it creates more noise about cancelled
# jobs
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.head.label || github.head_ref || github.ref }}
cancel-in-progress: true
jobs:
pre-flight:
# For external contributors, run the build in the `external` environment.
# This requires manual approval from a contributor. It also saves the
# `ref` of the pull request, so downstream jobs know what to checkout.
environment: >-
${{
(github.event_name != 'pull_request_target' && 'internal') ||
(github.event.pull_request.head.repo.full_name == github.repository && 'internal') ||
(contains(fromJSON(vars.TRUSTED_FORKS), github.actor) && 'internal') ||
'external'
}}
name: Require Approval for External PRs
runs-on: ubuntu-latest
outputs:
checkout-sha: ${{ steps.save-pull-request.outputs.sha }}
steps:
- name: Save Pull Request
id: save-pull-request
run: >
echo "sha=${{ github.event.pull_request.head.sha || github.ref }}" >> $GITHUB_OUTPUT
# Run other jobs once the `pre-flight` job passes. When the `pre-flight`
# job requires approval, these blocks all the other jobs. The jobs are defined
# in separate files to keep the size of this file under control. Note how
# the additional jobs inherit any secrets needed to use the remote caches and
# receive what version to checkout as an input.
external-account-integration:
name: External Account Integration
needs: [pre-flight]
uses: ./.github/workflows/external-account-integration.yml
with:
checkout-ref: ${{ needs.pre-flight.outputs.checkout-sha }}
secrets: inherit
macos-bazel:
# Build the full matrix only on push events to the default branch, or
# when PR gets the has a `gha:full-build` label, or when it had the
# label already and it gets a new commit.
if: |-
${{
github.event_name == 'schedule' ||
github.event_name == 'push' ||
github.event_name == 'workflow_dispatch' ||
contains(github.event.pull_request.labels.*.name, 'gha:full-build')
}}
name: macOS-Bazel
needs: [pre-flight]
uses: ./.github/workflows/macos-bazel.yml
with:
checkout-ref: ${{ needs.pre-flight.outputs.checkout-sha }}
secrets: inherit
windows-bazel:
# Build the full matrix only on push events to the default branch, or
# when PR gets the has a `gha:full-build` label, or when it had the
# label already and it gets a new commit.
if: |-
${{
github.event_name == 'schedule' ||
github.event_name == 'push' ||
github.event_name == 'workflow_dispatch' ||
contains(github.event.pull_request.labels.*.name, 'gha:full-build')
}}
name: Windows-Bazel
needs: [pre-flight]
uses: ./.github/workflows/windows-bazel.yml
with:
checkout-ref: ${{ needs.pre-flight.outputs.checkout-sha }}
secrets: inherit
macos-cmake:
name: macOS-CMake
needs: [pre-flight]
uses: ./.github/workflows/macos-cmake.yml
with:
checkout-ref: ${{ needs.pre-flight.outputs.checkout-sha }}
# Build the full matrix only on push events to the default branch, or
# when PR gets the has a `gha:full-build` label, or when it had the
# label already and it gets a new commit.
full-matrix: |-
${{
github.event_name == 'schedule' ||
github.event_name == 'push' ||
github.event_name == 'workflow_dispatch' ||
contains(github.event.pull_request.labels.*.name, 'gha:full-build')
}}
secrets: inherit
windows-cmake:
name: Windows-CMake
needs: [pre-flight]
uses: ./.github/workflows/windows-cmake.yml
with:
checkout-ref: ${{ needs.pre-flight.outputs.checkout-sha }}
# Build the full matrix only on push events to the default branch, or
# when PR gets the has a `gha:full-build` label, or when it had the
# label already and it gets a new commit.
full-matrix: |-
${{
github.event_name == 'schedule' ||
github.event_name == 'push' ||
github.event_name == 'workflow_dispatch' ||
contains(github.event.pull_request.labels.*.name, 'gha:full-build')
}}
secrets: inherit
notify:
name: Notify-Google-Chat
# Wait until all the other jobs have completed.
needs:
- external-account-integration
- macos-bazel
- macos-cmake
- windows-bazel
- windows-cmake
# Run even if the other jobs failed or were skipped.
if: always()
runs-on: ubuntu-latest
steps:
- name: Notify Google Chat
shell: bash
run: |
event_name="${{ github.event_name }}"
case "${event_name}" in
schedule)
;;
push)
;;
workflow_dispatch)
;;
*)
exit 0
;;
esac
failure="${{ contains(needs.*.result, 'failure') }}"
cancelled="${{ contains(needs.*.result, 'cancelled') }}"
status=""
# Report whether any of the jobs failed or were cancelled.
if [[ "${cancelled}" == "true" ]]; then status="cancelled"; fi
if [[ "${failure}" == "true" ]]; then status="failure"; fi
# Exit early if there is nothing interesting to report.
if [[ -z "${status}" ]]; then exit 0; fi
printf '{"text": "GHA Build %s %s/%s/actions/runs/%s"}' \
"${status}" "${{ github.server_url }}" "${{ github.repository }}" "${{ github.run_id }}" |
curl -fsX POST -o /dev/null -d@- -H "Content-Type: application/json; charset=UTF-8" '${{ secrets.CLOUD_CPP_BUILD_ALERTS_WEBHOOK }}'