-
Notifications
You must be signed in to change notification settings - Fork 366
134 lines (130 loc) · 5.28 KB
/
test-runner.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
name: "gha: macOS & Windows"
# Build on pull requests and pushes to `main`. The PR builds will be
# non-blocking for now, but that is configured elsewhere.
on:
# Start these builds on pushes (think "after the merge") too. Normally there
# are no `ci-gha**` branches in our repository. The contributors to the repo
# can create such branches when testing or troubleshooting builds. In such
# branches we can disable builds (to speed up the testing) or add new ones,
# without impacting the rest of the team.
push:
branches: [ 'v[2-9]**', 'ci-gha**' ]
# Start the build in the context of the target branch. This is considered
# "safe", as the workflow files are already committed. These types of builds
# have access to the secrets in the build, which we need to use the remote
# caches (Bazel and sccache).
pull_request_target:
types:
- opened
- synchronize
- reopened
schedule:
- cron: '0 5 * * 1,2,3,4,5'
workflow_dispatch:
# Cancel in-progress runs of the workflow if somebody adds a new commit to the
# PR or branch. That reduces billing, but it creates more noise about cancelled
# jobs
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.head.label || github.head_ref || github.ref }}
cancel-in-progress: true
jobs:
pre-flight:
# For external contributors, run the build in the `external` environment.
# This requires manual approval from a contributor. It also saves the
# `ref` of the pull request, so downstream jobs know what to checkout.
environment: >-
${{
(github.event_name != 'pull_request_target' && 'internal') ||
(github.event.pull_request.head.repo.full_name == github.repository && 'internal') ||
(contains(fromJSON(vars.TRUSTED_FORKS), github.actor) && 'internal') ||
'external'
}}
name: Require Approval for External PRs
runs-on: ubuntu-latest
outputs:
checkout-sha: ${{ steps.save-pull-request.outputs.sha }}
steps:
- name: Save Pull Request
id: save-pull-request
run: >
echo "sha=${{ github.event.pull_request.head.sha || github.ref }}" >> $GITHUB_OUTPUT
# Run other jobs once the `pre-flight` job passes. When the `pre-flight`
# job requires approval, these blocks all the other jobs. The jobs are defined
# in separate files to keep the size of this file under control. Note how
# the additional jobs inherit any secrets needed to use the remote caches and
# receive what version to checkout as an input.
external-account-integration:
name: External Account Integration
needs: [pre-flight]
uses: ./.github/workflows/external-account-integration.yml
with:
checkout-ref: ${{ needs.pre-flight.outputs.checkout-sha }}
secrets: inherit
macos-bazel:
# Build the full matrix only on push events to the default branch, or
# when PR gets the has a `gha:full-build` label, or when it had the
# label already and it gets a new commit.
if: |-
${{
github.event_name == 'schedule' ||
github.event_name == 'push' ||
github.event_name == 'workflow_dispatch' ||
contains(github.event.pull_request.labels.*.name, 'gha:full-build')
}}
name: macOS-Bazel
needs: [pre-flight]
uses: ./.github/workflows/macos-bazel.yml
with:
checkout-ref: ${{ needs.pre-flight.outputs.checkout-sha }}
secrets: inherit
windows-bazel:
# Build the full matrix only on push events to the default branch, or
# when PR gets the has a `gha:full-build` label, or when it had the
# label already and it gets a new commit.
if: |-
${{
github.event_name == 'schedule' ||
github.event_name == 'push' ||
github.event_name == 'workflow_dispatch' ||
contains(github.event.pull_request.labels.*.name, 'gha:full-build')
}}
name: Windows-Bazel
needs: [pre-flight]
uses: ./.github/workflows/windows-bazel.yml
with:
checkout-ref: ${{ needs.pre-flight.outputs.checkout-sha }}
secrets: inherit
macos-cmake:
name: macOS-CMake
needs: [pre-flight]
uses: ./.github/workflows/macos-cmake.yml
with:
checkout-ref: ${{ needs.pre-flight.outputs.checkout-sha }}
# Build the full matrix only on push events to the default branch, or
# when PR gets the has a `gha:full-build` label, or when it had the
# label already and it gets a new commit.
full-matrix: |-
${{
github.event_name == 'schedule' ||
github.event_name == 'push' ||
github.event_name == 'workflow_dispatch' ||
contains(github.event.pull_request.labels.*.name, 'gha:full-build')
}}
secrets: inherit
windows-cmake:
name: Windows-CMake
needs: [pre-flight]
uses: ./.github/workflows/windows-cmake.yml
with:
checkout-ref: ${{ needs.pre-flight.outputs.checkout-sha }}
# Build the full matrix only on push events to the default branch, or
# when PR gets the has a `gha:full-build` label, or when it had the
# label already and it gets a new commit.
full-matrix: |-
${{
github.event_name == 'schedule' ||
github.event_name == 'push' ||
github.event_name == 'workflow_dispatch' ||
contains(github.event.pull_request.labels.*.name, 'gha:full-build')
}}
secrets: inherit