Skip to content

Update codeql workflow file #125

Update codeql workflow file

Update codeql workflow file #125

Workflow file for this run

name: "pulp-cli CI"
on:
pull_request:
concurrency:
group: "main-${{ github.ref_name }}-${{ github.workflow }}"
cancel-in-progress: true
jobs:
build:
uses: "./.github/workflows/build.yml"
lint:
needs:
- "build"
uses: "./.github/workflows/lint.yml"
test:
needs:
- "lint"
uses: "./.github/workflows/test.yml"
codeql:
needs:
- "lint"
uses: "./.github/workflows/codeql.yml"
check-commits:
runs-on: "ubuntu-latest"
steps:
- uses: "actions/checkout@v4"
with:
fetch-depth: 0
- name: "Set up Python"
uses: "actions/setup-python@v5"
with:
python-version: "3.11"
- name: "Install python dependencies"
run: |
pip install toml pygithub
- name: "Check commit message"
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
GITHUB_CONTEXT: "${{ github.event.pull_request.commits_url }}"
run: |
for SHA in $(curl -H "Authorization: token $GITHUB_TOKEN" "$GITHUB_CONTEXT" | jq -r '.[].sha')
do
python .ci/scripts/validate_commit_message.py "$SHA"
VALUE=$?
if [ "$VALUE" -gt 0 ]; then
exit "$VALUE"
fi
done
shell: "bash"
ready-to-ship:
# This is a dummy dependent task to have a single entry for the branch protection rules.
runs-on: "ubuntu-latest"
needs:
- "check-commits"
- "lint"
- "test"
- "codeql"
if: "always()"
steps:
- name: "Collect needed jobs results"
run: |
echo '${{toJson(needs)}}' | jq -r 'to_entries[]|select(.value.result!="success")|.key + ": " + .value.result'
echo '${{toJson(needs)}}' | jq -e 'to_entries|map(select(.value.result!="success"))|length == 0'
echo "CI says: Looks good!"