From 0d159662a5474b35527ec3b49e7cdb63122ed99e Mon Sep 17 00:00:00 2001 From: per1234 Date: Mon, 14 Oct 2024 20:29:52 -0700 Subject: [PATCH] Run relevant workflows on release branch creation The trunk-based development strategy is used by this project. The release branches may contain a subset of the history of the default branch. The status of the GitHub Actions workflows should be evaluated before making a release. However, this is not so simple as checking the status of the commit at the tip of the release branch. The reason is that, for the sake of efficiency, the workflows are configured to run only when the processes are relevant to the trigger event (e.g., no need to run unit tests for a change to the readme). In the case of the default branch, you can simply set the workflow runs filter to that branch and then check the result of the latest run of each workflow of interest. However, that was not possible to do with the release branch since it might be that the workflow was never run in that branch. The status of the latest run of the workflow in the default branch might not match the status for the release branch if the release branch does not contain the full history. For this reason, it will be helpful to trigger all relevant workflows on the creation of a release branch. This will ensure that each of those workflows will always have at least one run in the release branch. Subsequent commits pushed to the branch can run based on their usual trigger filters and the status of the latest run of each workflow in the branch will provide an accurate indication of the state of that branch. Branches are created for purposes other than releases, most notably feature branches to stage work for a pull request. Because the collection of workflows in a Tooling project are often very comprehensive, it would not be convenient or efficient to run them on the creation of every feature branch. Unfortunately, GitHub Actions does not support filters on the `create` event of branch creation like it does for the `push` and `pull_request` events. There is support for a `branches` filter of the `push` event, but that filter is an AND to the `paths` filter and this application requires an OR. For this reason, the workflows must be triggered by the creation of any branch. The unwanted job runs are prevented by adding a `run-determination` job with the branch filter handled by Bash commands. The other jobs of the workflow use this `run-determination` job as a dependency, only running when it indicates they should via a job output. Because this minimal `run-determination` job runs very quickly, it is roughly equivalent to the workflow having been skipped entirely for non-release branch creations. This approach has been in use for some time already in the versioned "Deploy Website" workflows. --- .github/workflows/check-certificates.yml | 47 +++++++++++++++++-- .../check-general-formatting-task.yml | 27 +++++++++++ .github/workflows/check-license.yml | 27 +++++++++++ .github/workflows/check-markdown-task.yml | 29 ++++++++++++ .github/workflows/check-mkdocs-task.yml | 27 +++++++++++ .../check-prettier-formatting-task.yml | 27 +++++++++++ .github/workflows/check-python-task.yml | 29 ++++++++++++ .github/workflows/check-shell-task.yml | 31 ++++++++++++ .github/workflows/spell-check-task.yml | 27 +++++++++++ 9 files changed, 267 insertions(+), 4 deletions(-) diff --git a/.github/workflows/check-certificates.yml b/.github/workflows/check-certificates.yml index f5f9bd9a..ea216018 100644 --- a/.github/workflows/check-certificates.yml +++ b/.github/workflows/check-certificates.yml @@ -3,6 +3,7 @@ name: Check Certificates # See: https://docs.github.com/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows on: + create: push: paths: - ".github/workflows/check-certificates.ya?ml" @@ -20,12 +21,50 @@ env: EXPIRATION_WARNING_PERIOD: 30 jobs: + run-determination: + runs-on: ubuntu-latest + outputs: + result: ${{ steps.determination.outputs.result }} + permissions: {} + steps: + - name: Determine if the rest of the workflow should run + id: determination + run: | + RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" + REPO_SLUG="arduino/arduino-lint" + if [[ + ( + # Only run on branch creation when it is a release branch. + # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX + ) && + ( + # Only run when the workflow will have access to the certificate secrets. + # This could be done via a GitHub Actions workflow conditional, but makes more sense to do it here as well. + ( + "${{ github.event_name }}" != "pull_request" && + "${{ github.repository }}" == "$REPO_SLUG" + ) || + ( + "${{ github.event_name }}" == "pull_request" && + "${{ github.event.pull_request.head.repo.full_name }}" == "$REPO_SLUG" + ) + ) + ]]; then + # Run the other jobs. + RESULT="true" + else + # There is no need to run the other jobs. + RESULT="false" + fi + + echo "result=$RESULT" >> $GITHUB_OUTPUT + check-certificates: name: ${{ matrix.certificate.identifier }} - # Only run when the workflow will have access to the certificate secrets. - if: > - (github.event_name != 'pull_request' && github.repository == 'arduino/arduino-lint') || - (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == 'arduino/arduino-lint') + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest permissions: {} strategy: diff --git a/.github/workflows/check-general-formatting-task.yml b/.github/workflows/check-general-formatting-task.yml index d3370df3..fa31c68e 100644 --- a/.github/workflows/check-general-formatting-task.yml +++ b/.github/workflows/check-general-formatting-task.yml @@ -3,6 +3,7 @@ name: Check General Formatting # See: https://docs.github.com/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows on: + create: push: pull_request: schedule: @@ -12,7 +13,33 @@ on: repository_dispatch: jobs: + run-determination: + runs-on: ubuntu-latest + permissions: {} + outputs: + result: ${{ steps.determination.outputs.result }} + steps: + - name: Determine if the rest of the workflow should run + id: determination + run: | + RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" + # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX + ]]; then + # Run the other jobs. + RESULT="true" + else + # There is no need to run the other jobs. + RESULT="false" + fi + + echo "result=$RESULT" >> $GITHUB_OUTPUT + check: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest permissions: contents: read diff --git a/.github/workflows/check-license.yml b/.github/workflows/check-license.yml index 94ec9b59..ea206825 100644 --- a/.github/workflows/check-license.yml +++ b/.github/workflows/check-license.yml @@ -8,6 +8,7 @@ env: # See: https://docs.github.com/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows on: + create: push: paths: - ".github/workflows/check-license.ya?ml" @@ -29,7 +30,33 @@ on: repository_dispatch: jobs: + run-determination: + runs-on: ubuntu-latest + permissions: {} + outputs: + result: ${{ steps.determination.outputs.result }} + steps: + - name: Determine if the rest of the workflow should run + id: determination + run: | + RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" + # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX + ]]; then + # Run the other jobs. + RESULT="true" + else + # There is no need to run the other jobs. + RESULT="false" + fi + + echo "result=$RESULT" >> $GITHUB_OUTPUT + check-license: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest permissions: contents: read diff --git a/.github/workflows/check-markdown-task.yml b/.github/workflows/check-markdown-task.yml index 5d6a7863..a42fc1aa 100644 --- a/.github/workflows/check-markdown-task.yml +++ b/.github/workflows/check-markdown-task.yml @@ -7,6 +7,7 @@ env: # See: https://docs.github.com/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows on: + create: push: paths: - ".github/workflows/check-markdown-task.ya?ml" @@ -34,7 +35,33 @@ on: repository_dispatch: jobs: + run-determination: + runs-on: ubuntu-latest + permissions: {} + outputs: + result: ${{ steps.determination.outputs.result }} + steps: + - name: Determine if the rest of the workflow should run + id: determination + run: | + RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" + # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX + ]]; then + # Run the other jobs. + RESULT="true" + else + # There is no need to run the other jobs. + RESULT="false" + fi + + echo "result=$RESULT" >> $GITHUB_OUTPUT + lint: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest permissions: contents: read @@ -56,6 +83,8 @@ jobs: run: task markdown:lint links: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest permissions: contents: read diff --git a/.github/workflows/check-mkdocs-task.yml b/.github/workflows/check-mkdocs-task.yml index bb141c58..6be610bd 100644 --- a/.github/workflows/check-mkdocs-task.yml +++ b/.github/workflows/check-mkdocs-task.yml @@ -9,6 +9,7 @@ env: # See: https://docs.github.com/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows on: + create: push: paths: - ".github/workflows/check-mkdocs-task.ya?ml" @@ -35,7 +36,33 @@ on: repository_dispatch: jobs: + run-determination: + runs-on: ubuntu-latest + permissions: {} + outputs: + result: ${{ steps.determination.outputs.result }} + steps: + - name: Determine if the rest of the workflow should run + id: determination + run: | + RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" + # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX + ]]; then + # Run the other jobs. + RESULT="true" + else + # There is no need to run the other jobs. + RESULT="false" + fi + + echo "result=$RESULT" >> $GITHUB_OUTPUT + check: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest permissions: contents: read diff --git a/.github/workflows/check-prettier-formatting-task.yml b/.github/workflows/check-prettier-formatting-task.yml index f6925e74..933ef9b5 100644 --- a/.github/workflows/check-prettier-formatting-task.yml +++ b/.github/workflows/check-prettier-formatting-task.yml @@ -3,6 +3,7 @@ name: Check Prettier Formatting # See: https://docs.github.com/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows on: + create: push: paths: - ".github/workflows/check-prettier-formatting-task.ya?ml" @@ -199,7 +200,33 @@ on: repository_dispatch: jobs: + run-determination: + runs-on: ubuntu-latest + permissions: {} + outputs: + result: ${{ steps.determination.outputs.result }} + steps: + - name: Determine if the rest of the workflow should run + id: determination + run: | + RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" + # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX + ]]; then + # Run the other jobs. + RESULT="true" + else + # There is no need to run the other jobs. + RESULT="false" + fi + + echo "result=$RESULT" >> $GITHUB_OUTPUT + check: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest permissions: contents: read diff --git a/.github/workflows/check-python-task.yml b/.github/workflows/check-python-task.yml index d2bfd3d1..47ae0de4 100644 --- a/.github/workflows/check-python-task.yml +++ b/.github/workflows/check-python-task.yml @@ -7,6 +7,7 @@ env: # See: https://docs.github.com/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows on: + create: push: paths: - ".github/workflows/check-python-task.ya?ml" @@ -31,7 +32,33 @@ on: repository_dispatch: jobs: + run-determination: + runs-on: ubuntu-latest + permissions: {} + outputs: + result: ${{ steps.determination.outputs.result }} + steps: + - name: Determine if the rest of the workflow should run + id: determination + run: | + RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" + # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX + ]]; then + # Run the other jobs. + RESULT="true" + else + # There is no need to run the other jobs. + RESULT="false" + fi + + echo "result=$RESULT" >> $GITHUB_OUTPUT + lint: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest permissions: contents: read @@ -61,6 +88,8 @@ jobs: run: task python:lint formatting: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest permissions: contents: read diff --git a/.github/workflows/check-shell-task.yml b/.github/workflows/check-shell-task.yml index 1ad6cf88..8df29ca9 100644 --- a/.github/workflows/check-shell-task.yml +++ b/.github/workflows/check-shell-task.yml @@ -3,6 +3,7 @@ name: Check Shell Scripts # See: https://docs.github.com/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows on: + create: push: paths: - ".github/workflows/check-shell-task.ya?ml" @@ -24,8 +25,34 @@ on: repository_dispatch: jobs: + run-determination: + runs-on: ubuntu-latest + permissions: {} + outputs: + result: ${{ steps.determination.outputs.result }} + steps: + - name: Determine if the rest of the workflow should run + id: determination + run: | + RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" + # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX + ]]; then + # Run the other jobs. + RESULT="true" + else + # There is no need to run the other jobs. + RESULT="false" + fi + + echo "result=$RESULT" >> $GITHUB_OUTPUT + lint: name: ${{ matrix.configuration.name }} + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest permissions: contents: read @@ -90,6 +117,8 @@ jobs: run: task --silent shell:check SHELLCHECK_FORMAT=${{ matrix.configuration.format }} formatting: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest permissions: contents: read @@ -135,6 +164,8 @@ jobs: run: git diff --color --exit-code executable: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest permissions: contents: read diff --git a/.github/workflows/spell-check-task.yml b/.github/workflows/spell-check-task.yml index 81103b33..e00c3088 100644 --- a/.github/workflows/spell-check-task.yml +++ b/.github/workflows/spell-check-task.yml @@ -7,6 +7,7 @@ env: # See: https://docs.github.com/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows on: + create: push: pull_request: schedule: @@ -16,7 +17,33 @@ on: repository_dispatch: jobs: + run-determination: + runs-on: ubuntu-latest + permissions: {} + outputs: + result: ${{ steps.determination.outputs.result }} + steps: + - name: Determine if the rest of the workflow should run + id: determination + run: | + RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" + # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX + ]]; then + # Run the other jobs. + RESULT="true" + else + # There is no need to run the other jobs. + RESULT="false" + fi + + echo "result=$RESULT" >> $GITHUB_OUTPUT + spellcheck: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' runs-on: ubuntu-latest permissions: contents: read