Support GH Enterprise #184
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI Tests | |
on: [pull_request] | |
env: | |
TEST_TAG: ci_test | |
jobs: | |
reset_test_branches: | |
runs-on: ubuntu-latest | |
name: Reset test branches | |
steps: | |
- name: Checkout action repo | |
uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.CI_RESET_TEST_BRANCHES }} | |
fetch-depth: 0 | |
- name: Set up Python 3.9 | |
uses: actions/setup-python@v4 | |
with: | |
python-version: 3.9 | |
- name: Reset branches | |
run: | | |
python -m pip install -U pip | |
pip install requests | |
python -c "import requests; requests.delete('https://api.github.com/repos/CasperWA/push-protected/branches/protected/protection/enforce_admins', headers={'Authorization': 'token ${{ secrets.CI_RESET_TEST_BRANCHES }}', 'Accept': 'application/vnd.github.v3+json'})" | |
git fetch origin | |
git push -d origin ${TEST_TAG} || : | |
git branch not_protected origin/not_protected | |
git branch protected origin/protected | |
git checkout not_protected | |
git reset --hard ${GITHUB_SHA} | |
git push -f | |
git checkout protected | |
git reset --hard ${GITHUB_SHA} | |
git push -f | |
python -c "import requests; requests.post('https://api.github.com/repos/CasperWA/push-protected/branches/protected/protection/enforce_admins', headers={'Authorization': 'token ${{ secrets.CI_RESET_TEST_BRANCHES }}', 'Accept': 'application/vnd.github.v3+json'})" | |
not_protected: | |
needs: reset_test_branches | |
runs-on: ubuntu-latest | |
name: Testing - non-protected | |
steps: | |
- name: Use local action (checkout) | |
uses: actions/checkout@v4 | |
- name: Perform changes | |
run: ./ci.sh ${TEST_TAG} | |
working-directory: .github/utils | |
- name: Pushing to a non-protected branch | |
uses: ./ | |
with: | |
token: '${{ secrets.GITHUB_TOKEN }}' | |
branch: not_protected | |
unprotect_reviews: false | |
- name: Check tags (local) | |
run: | | |
git fetch origin -ftp | |
git ls-remote --tags origin | grep "${TEST_TAG}" && exit 1 || echo "Tag ${TEST_TAG} doesn't exist on remote as expected." | |
git tag -l | grep "${TEST_TAG}" | |
- name: Pushing to a non-protected branch (including tags) | |
uses: ./ | |
with: | |
token: '${{ secrets.GITHUB_TOKEN }}' | |
ref: refs/heads/not_protected | |
unprotect_reviews: false | |
tags: true | |
- name: Check tags (local+remote) | |
run: | | |
git fetch origin -ftpP | |
git ls-remote --tags origin | grep "${TEST_TAG}" | |
git tag -l | grep "${TEST_TAG}" | |
protected: | |
needs: [reset_test_branches, not_protected] | |
runs-on: ubuntu-latest | |
name: Testing - protected | |
steps: | |
- name: Use local action (checkout) | |
uses: actions/checkout@v4 | |
- name: Perform changes | |
run: ./ci.sh | |
working-directory: .github/utils | |
- name: Pushing to a protected branch | |
uses: ./ | |
with: | |
token: '${{ secrets.CI_PUSH_TO_PROTECTED_BRANCH }}' | |
branch: protected | |
unprotect_reviews: true | |
debug: true | |
- name: Pushing to a protected branch without any changes | |
uses: ./ | |
with: | |
token: '${{ secrets.CI_PUSH_TO_PROTECTED_BRANCH }}' | |
ref: refs/heads/protected | |
unprotect_reviews: true | |
debug: true | |
force-pushing: | |
needs: [protected] | |
runs-on: ubuntu-latest | |
name: Testing - protected (--force) | |
steps: | |
- name: Use local action (checkout) | |
uses: actions/checkout@v4 | |
- name: Perform non-fast-forwardable changes | |
run: | | |
git config --global user.email "[email protected]" | |
git config --global user.name "Casper Welzel Andersen" | |
git fetch origin | |
git reset --hard ${GITHUB_SHA} | |
touch test.txt | |
git add test.txt | |
git commit -m "Diverged from remote branch" | |
- name: Push not using `--force` (should fail) | |
id: push_no_force | |
continue-on-error: true | |
uses: ./ | |
with: | |
token: '${{ secrets.CI_PUSH_TO_PROTECTED_BRANCH }}' | |
branch: protected | |
unprotect_reviews: true | |
- name: This runs ONLY if the previous step doesn't fail | |
if: steps.push_no_force.outcome != 'failure' || steps.push_no_force.conclusion != 'success' | |
run: | | |
echo "Outcome: ${{ steps.push_no_force.outcome }} (not 'failure'), Conclusion: ${{ steps.push_no_force.conclusion }} (not 'success')" | |
exit 1 | |
- name: Push using `--force` (should succeed) | |
uses: ./ | |
with: | |
token: '${{ secrets.CI_PUSH_TO_PROTECTED_BRANCH }}' | |
branch: protected | |
unprotect_reviews: true | |
force: yes | |
branch_and_ref: | |
needs: [force-pushing] | |
runs-on: ubuntu-latest | |
name: Testing - Setting `branch` and `ref` fails | |
steps: | |
- name: Use local action (checkout) | |
uses: actions/checkout@v4 | |
- name: Push setting both `branch` and `ref` (should fail) | |
id: push_branch_ref | |
continue-on-error: true | |
uses: ./ | |
with: | |
token: '${{ secrets.GITHUB_TOKEN }}' | |
branch: not_protected | |
ref: refs/heads/not_protected | |
unprotect_reviews: false | |
- name: This runs ONLY if the previous step doesn't fail | |
if: steps.push_branch_ref.outcome != 'failure' || steps.push_branch_ref.conclusion != 'success' | |
run: | | |
echo "Outcome: ${{ steps.push_branch_ref.outcome }} (not 'failure'), Conclusion: ${{ steps.push_branch_ref.conclusion }} (not 'success')" | |
exit 1 | |
non_existant_branch: | |
needs: [branch_and_ref] | |
runs-on: ubuntu-latest | |
name: Testing - Fail for non-existant branch | |
steps: | |
- name: Use local action (checkout) | |
uses: actions/checkout@v4 | |
- name: Push to non-existant branch (should fail) | |
id: push_non_existant | |
continue-on-error: true | |
uses: ./ | |
with: | |
token: '${{ secrets.GITHUB_TOKEN }}' | |
branch: non-existant-branch | |
unprotect_reviews: false | |
- name: This runs ONLY if the previous step doesn't fail | |
if: steps.push_non_existant.outcome != 'failure' || steps.push_non_existant.conclusion != 'success' | |
run: | | |
echo "Outcome: ${{ steps.push_non_existant.outcome }} (not 'failure'), Conclusion: ${{ steps.push_non_existant.conclusion }} (not 'success')" | |
exit 1 | |
path: | |
needs: [non_existant_branch] | |
runs-on: ubuntu-latest | |
name: Testing - Using `path` | |
steps: | |
- name: Use local action (checkout) | |
uses: actions/checkout@v4 | |
with: | |
path: sub_folder | |
- name: Pushing to a protected branch without any changes | |
uses: ./sub_folder/ | |
with: | |
token: '${{ secrets.CI_PUSH_TO_PROTECTED_BRANCH }}' | |
ref: refs/heads/protected | |
unprotect_reviews: true | |
path: sub_folder | |
force: yes | |
debug: true | |
pre-commit: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Set up Python 3.8 | |
uses: actions/setup-python@v4 | |
with: | |
python-version: 3.8 | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install -U setuptools wheel | |
while IFS="" read -r line || [ -n "${line}" ]; do | |
if [[ "${line}" =~ ^pre-commit.*$ ]]; then | |
pre_commit="${line}" | |
fi | |
done < requirements_dev.txt | |
pip install ${pre_commit} | |
- name: Test with pre-commit | |
run: SKIP=pylint pre-commit run --all-files --show-diff-on-failure | |
pylint-safety: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 2 | |
- name: Set up Python 3.8 | |
uses: actions/setup-python@v4 | |
with: | |
python-version: 3.8 | |
- name: Install dependencies | |
run: | | |
python -m pip install -U pip | |
pip install -U setuptools wheel | |
pip install -U -r requirements.txt -r requirements_dev.txt | |
pip install safety | |
- name: Run pylint | |
run: pylint --rcfile=pyproject.toml *.py push_action | |
- name: Run safety | |
run: pip freeze | safety check --stdin |