-
Notifications
You must be signed in to change notification settings - Fork 0
105 lines (97 loc) · 2.88 KB
/
workflow.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
concurrency:
cancel-in-progress: true
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
defaults:
run:
shell: bash
jobs:
# Check that the project is able to configure the current user
# This is the main use case, except for the fact that the current user is root due to GitHub Actions defaults
# This might not be representative, so here we just check that configuring the current user works
check_current_user:
runs-on: ubuntu-22.04
container: ubuntu:22.04
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Bootstrap
run: ./bootstrap.sh
- name: Config
run: make
- name: Check idempotence
run: make VERIFY_UNCHANGED=true
# All format checks only available after complete machine setup
# So, we need to do them in one of the check jobs
- name: Check format
run: |
make format
if [[ -n "$(git diff)" ]]; then
echo "Code is not formatted."
git diff
exit 1
fi
# As mentioned, previous check for the root user might not be representative
# Thus, all the main checks are done by root for the "random_user"
check:
env:
REMOTE_USER: random_user
runs-on: ubuntu-22.04
container: ${{ matrix.config.image }}
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Set permissions
run: chmod -R a=u .
- name: Bootstrap
run: ./bootstrap.sh
- name: Config
run: make
- name: Check idempotence
run: make VERIFY_UNCHANGED=true
strategy:
matrix:
image: ["ubuntu:22.04", "ubuntu:23.04", "ubuntu:23.10", "ubuntu:24.04"]
# Check that the project is able to configure remote host
check_remote:
env:
IMAGE: ubuntu:22.04
REMOTE_USER: random_user
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Check remote config
run: make check_host
- name: Check remote idempotence
run: make check_host VERIFY_UNCHANGED=true
lint:
runs-on: ubuntu-22.04
steps:
# Checkout must be onto the original commit, not a single PR
# Otherwise lint will not see full history and diagnose secrets leakage
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
- name: Lint
run: make lint
scripts:
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Generate roles graph
run: make graph
- name: Check update works
run: make update
- name: Show diff
run: git diff
name: dotfiles workflow
on:
pull_request:
branches:
- main
push:
branches:
- main