Workflow improvements

* Elevate GITHUB_TOKEN permissions * Always build and push on PR (for testing built images) * Automatically detect if there are acceptance tests * Only lint on pull requests, not each commit GITHUB_TOKEN changes are documented with comments, but the TL;DR is: `actions: write`: This allows 'cancel-workflow-action' to cancel existing running actions. If another action has started on a branch / pr it's highly unlikely we care about the outputs from older ones. `statuses: write`: This allows 'super-linter' to write to commit / pr statuses, which gives an at-a-glance idea of tue results, without having to scour the job output.
orange-cloudfoundry · Jun 10, 2022 · d7bb5f5 · d7bb5f5
1 parent a5370cb
commit d7bb5f5
Show file tree

Hide file tree

Showing 26 changed files with 290 additions and 49 deletions.
diff --git a/.github/workflows/build-image-base.yml b/.github/workflows/build-image-base.yml
@@ -1,3 +1,4 @@
+---
 name: Deploy
 on:
   workflow_call:
@@ -13,10 +14,6 @@ on:
       tag_suffix:
         type: string
         description: "Optional suffix for all tags"
-      has_acceptance_tests:
-        default: false
-        type: boolean
-        description: "Specify if acceptance tests are needed for this image"
       push:
         default: true
         type: boolean
@@ -47,6 +44,10 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
     steps:
+      - name: Cancel Previous Runs
+        uses: styfle/[email protected]
+        with:
+          access_token: ${{ secrets.GITHUB_TOKEN }}
       - name: Checkout
         uses: actions/checkout@v3
         with:
@@ -97,7 +98,14 @@ jobs:
         id: buildx
         uses: docker/setup-buildx-action@v2
 
+      - name: Check if there are acceptance tests
+        id: check_for_tests
+        uses: andstor/file-existence-action@v1
+        with:
+          files: "./${{ inputs.image }}/${{ inputs.image }}_spec.rb"
+
       - name: Build for acceptance test
+        if: steps.check_for_tests.outputs.files_exist == 'true'
         uses: docker/[email protected]
         with:
           context: ./${{ inputs.image }}
@@ -108,18 +116,17 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
           platforms: ${{ inputs.platforms }}
-        if: ${{ inputs.has_acceptance_tests }}
 
       - name: Set up ruby
         uses: ruby/setup-ruby@v1
         with:
           bundler-cache: true
-        if: ${{ inputs.has_acceptance_tests }}
+        if: steps.check_for_tests.outputs.files_exist == 'true'
       - name: Acceptance Tests
         env:
           DOCKER_IMAGE: "${{ env.TEST_TAG }}"
         run: bundle exec rspec ./${{ inputs.image }}/${{ inputs.image }}_spec.rb
-        if: ${{ inputs.has_acceptance_tests }}
+        if: steps.check_for_tests.outputs.files_exist == 'true'
 
       - name: Build and push to ghcr
         uses: docker/[email protected]

diff --git a/.github/workflows/image_alpine.yml b/.github/workflows/image_alpine.yml
@@ -1,4 +1,7 @@
+---
 name: "Image: alpine"
+permissions:
+  actions: write # so 'cancel-workflow-action' can function
 
 on:
   workflow_dispatch:
@@ -9,6 +12,13 @@ on:
       - "alpine/**"
       - ".github/workflows/alpine.yml"
       - ".github/workflows/build-image-base.yml"
+  pull_request:
+    branches:
+      - main
+    paths:
+      - "alpine/**"
+      - ".github/workflows/alpine.yml"
+      - ".github/workflows/build-image-base.yml"
 
 jobs:
   workflows:

diff --git a/.github/workflows/image_awscli.yml b/.github/workflows/image_awscli.yml
@@ -1,4 +1,7 @@
+---
 name: "Image: awscli"
+permissions:
+  actions: write # so 'cancel-workflow-action' can function
 
 on:
   workflow_dispatch:
@@ -9,11 +12,17 @@ on:
       - "awscli/**"
       - ".github/workflows/awscli.yml"
       - ".github/workflows/build-image-base.yml"
+  pull_request:
+    branches:
+      - main
+    paths:
+      - "awscli/**"
+      - ".github/workflows/awscli.yml"
+      - ".github/workflows/build-image-base.yml"
 
 jobs:
   workflows:
     uses: ./.github/workflows/build-image-base.yml
     with:
       image: awscli
-      has_acceptance_tests: true
     secrets: inherit
diff --git a/.github/workflows/image_bosh-cli-v2.yml b/.github/workflows/image_bosh-cli-v2.yml
@@ -1,4 +1,7 @@
+---
 name: "Image: bosh-cli-v2"
+permissions:
+  actions: write # so 'cancel-workflow-action' can function
 
 on:
   workflow_dispatch:
@@ -9,11 +12,17 @@ on:
       - "bosh-cli-v2/**"
       - ".github/workflows/bosh-cli-v2.yml"
       - ".github/workflows/build-image-base.yml"
+  pull_request:
+    branches:
+      - main
+    paths:
+      - "bosh-cli/**"
+      - ".github/workflows/bosh-cli.yml"
+      - ".github/workflows/build-image-base.yml"
 
 jobs:
   workflows:
     uses: ./.github/workflows/build-image-base.yml
     with:
       image: bosh-cli-v2
-      has_acceptance_tests: true
     secrets: inherit
diff --git a/.github/workflows/image_certstrap.yml b/.github/workflows/image_certstrap.yml
@@ -1,4 +1,7 @@
+---
 name: "Image: certstrap"
+permissions:
+  actions: write # so 'cancel-workflow-action' can function
 
 on:
   workflow_dispatch:
@@ -9,11 +12,17 @@ on:
       - "certstrap/**"
       - ".github/workflows/certstrap.yml"
       - ".github/workflows/build-image-base.yml"
+  pull_request:
+    branches:
+      - main
+    paths:
+      - "certstrap/**"
+      - ".github/workflows/certstrap.yml"
+      - ".github/workflows/build-image-base.yml"
 
 jobs:
   workflows:
     uses: ./.github/workflows/build-image-base.yml
     with:
       image: certstrap
-      has_acceptance_tests: true
     secrets: inherit
diff --git a/.github/workflows/image_cf-acceptance-tests.yml b/.github/workflows/image_cf-acceptance-tests.yml
@@ -1,4 +1,7 @@
+---
 name: "Image: cf-acceptance-tests"
+permissions:
+  actions: write # so 'cancel-workflow-action' can function
 
 on:
   workflow_dispatch:
@@ -9,11 +12,17 @@ on:
       - "cf-acceptance-tests/**"
       - ".github/workflows/cf-acceptance-tests.yml"
       - ".github/workflows/build-image-base.yml"
+  pull_request:
+    branches:
+      - main
+    paths:
+      - "cf-acceptance-tests/**"
+      - ".github/workflows/cf-acceptance-tests.yml"
+      - ".github/workflows/build-image-base.yml"
 
 jobs:
   workflows:
     uses: ./.github/workflows/build-image-base.yml
     with:
       image: cf-acceptance-tests
-      has_acceptance_tests: true
     secrets: inherit
diff --git a/.github/workflows/image_cf-acceptance-tests_ginkgo2.yml b/.github/workflows/image_cf-acceptance-tests_ginkgo2.yml
@@ -1,4 +1,8 @@
+---
 name: "Image: cf-acceptance-tests (ginkgo v2)"
+permissions:
+  actions: write # so 'cancel-workflow-action' can function
+
 on:
   workflow_dispatch:
   push:
@@ -8,6 +12,13 @@ on:
       - "cf-acceptance-tests/**"
       - ".github/workflows/cf-acceptance-tests_ginkgo2.yml"
       - ".github/workflows/build-image-base.yml"
+  pull_request:
+    branches:
+      - main
+    paths:
+      - "cf-acceptance-tests/**"
+      - ".github/workflows/cf-acceptance-tests_ginkgo2.yml"
+      - ".github/workflows/build-image-base.yml"
 
 jobs:
   workflows:
@@ -16,5 +27,4 @@ jobs:
       image: cf-acceptance-tests
       dockerfile: Dockerfile.ginkgo-v2
       tag_suffix: ginkgo-v2
-      has_acceptance_tests: true
     secrets: inherit
diff --git a/.github/workflows/image_cf-cli.yml b/.github/workflows/image_cf-cli.yml
@@ -1,4 +1,7 @@
+---
 name: "Image: cf-cli"
+permissions:
+  actions: write # so 'cancel-workflow-action' can function
 
 on:
   workflow_dispatch:
@@ -9,11 +12,17 @@ on:
       - "cf-cli/**"
       - ".github/workflows/cf-cli.yml"
       - ".github/workflows/build-image-base.yml"
+  pull_request:
+    branches:
+      - main
+    paths:
+      - "cf-cli/**"
+      - ".github/workflows/cf-cli.yml"
+      - ".github/workflows/build-image-base.yml"
 
 jobs:
   workflows:
     uses: ./.github/workflows/build-image-base.yml
     with:
       image: cf-cli
-      has_acceptance_tests: true
     secrets: inherit
diff --git a/.github/workflows/image_cf-uaac.yml b/.github/workflows/image_cf-uaac.yml
@@ -1,4 +1,7 @@
+---
 name: "Image: cf-uaac"
+permissions:
+  actions: write # so 'cancel-workflow-action' can function
 
 on:
   workflow_dispatch:
@@ -9,11 +12,17 @@ on:
       - "cf-uaac/**"
       - ".github/workflows/cf-uaac.yml"
       - ".github/workflows/build-image-base.yml"
+  pull_request:
+    branches:
+      - main
+    paths:
+      - "cf-uaac/**"
+      - ".github/workflows/cf-uaac.yml"
+      - ".github/workflows/build-image-base.yml"
 
 jobs:
   workflows:
     uses: ./.github/workflows/build-image-base.yml
     with:
       image: cf-uaac
-      has_acceptance_tests: true
     secrets: inherit
diff --git a/.github/workflows/image_concourse-pool-resource.yml b/.github/workflows/image_concourse-pool-resource.yml
@@ -1,4 +1,7 @@
+---
 name: "Image: concourse-pool-resource"
+permissions:
+  actions: write # so 'cancel-workflow-action' can function
 
 on:
   workflow_dispatch:
@@ -9,6 +12,13 @@ on:
       - "concourse-pool-resource/**"
       - ".github/workflows/concourse-pool-resource.yml"
       - ".github/workflows/build-image-base.yml"
+  pull_request:
+    branches:
+      - main
+    paths:
+      - "concourse-pool-resource/**"
+      - ".github/workflows/concourse-pool-resource.yml"
+      - ".github/workflows/build-image-base.yml"
 
 jobs:
   workflows:

diff --git a/.github/workflows/image_curl-ssl.yml b/.github/workflows/image_curl-ssl.yml
@@ -1,4 +1,7 @@
+---
 name: "Image: curl-ssl"
+permissions:
+  actions: write # so 'cancel-workflow-action' can function
 
 on:
   workflow_dispatch:
@@ -9,11 +12,17 @@ on:
       - "curl-ssl/**"
       - ".github/workflows/curl-ssl.yml"
       - ".github/workflows/build-image-base.yml"
+  pull_request:
+    branches:
+      - main
+    paths:
+      - "curl-ssl/**"
+      - ".github/workflows/curl-ssl.yml"
+      - ".github/workflows/build-image-base.yml"
 
 jobs:
   workflows:
     uses: ./.github/workflows/build-image-base.yml
     with:
       image: curl-ssl
-      has_acceptance_tests: true
     secrets: inherit
diff --git a/.github/workflows/image_git-ssh.yml b/.github/workflows/image_git-ssh.yml
@@ -1,4 +1,7 @@
+---
 name: "Image: git-ssh"
+permissions:
+  actions: write # so 'cancel-workflow-action' can function
 
 on:
   workflow_dispatch:
@@ -9,11 +12,17 @@ on:
       - "git-ssh/**"
       - ".github/workflows/git-ssh.yml"
       - ".github/workflows/build-image-base.yml"
+  pull_request:
+    branches:
+      - main
+    paths:
+      - "git-ssh/**"
+      - ".github/workflows/git-ssh.yml"
+      - ".github/workflows/build-image-base.yml"
 
 jobs:
   workflows:
     uses: ./.github/workflows/build-image-base.yml
     with:
       image: git-ssh
-      has_acceptance_tests: true
     secrets: inherit
diff --git a/.github/workflows/image_golang.yml b/.github/workflows/image_golang.yml
@@ -1,4 +1,7 @@
+---
 name: "Image: golang"
+permissions:
+  actions: write # so 'cancel-workflow-action' can function
 
 on:
   workflow_dispatch:
@@ -9,6 +12,13 @@ on:
       - "golang/**"
       - ".github/workflows/golang.yml"
       - ".github/workflows/build-image-base.yml"
+  pull_request:
+    branches:
+      - main
+    paths:
+      - "golang/**"
+      - ".github/workflows/golang.yml"
+      - ".github/workflows/build-image-base.yml"
 
 jobs:
   workflows: