-
Notifications
You must be signed in to change notification settings - Fork 0
159 lines (133 loc) · 4.67 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
name: Main - explore CI primitives
on:
push:
env:
KOSLI_ORG: kosli
KOSLI_API_TOKEN: dummy3465324sgr65324wrets
KOSLI_FLOW: server
KOSLI_TRAIL: ${{ github.sha }}
KOSLI_CLI_VERSION: 2.10.18
KOSLI_DRY_RUN: true # ${{ vars.KOSLI_DRY_RUN }} # false
SERVICE_NAME: dashboard
jobs:
# You cannot do ${{ github.sha }}:0:7 so creating a job to get the short-sha
short-sha:
runs-on: ubuntu-latest
outputs:
value: ${{ steps.variable.outputs.value }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Set outputs
id: variable
run:
echo "value=${GITHUB_SHA:0:7}" >> ${GITHUB_OUTPUT}
job-1:
runs-on: ubuntu-latest
needs: [short-sha]
env:
IMAGE_TAG: ${{ needs.short-sha.outputs.value }}
IMAGE_NAME: cyberdojo/${{ github.event.repository.name }}:${{ needs.short-sha.outputs.value }}
outputs:
tag: ${{ steps.variables.outputs.tag }}
name: ${{ steps.variables.outputs.name }}
fingerprint: ${{ steps.variables.outputs.fingerprint }}
steps:
- name: check branch condition before checkout
run: |
echo ":${{ github.ref }}:"
- uses: actions/checkout@v4
with:
fetch-depth: 1
- name: check branch condition after checkout
run: |
echo ":${{ github.ref }}:"
- name: Do wibble
id: wibble
run: |
echo "IMAGE_TAG=:${IMAGE_TAG}:"
echo "IMAGE_NAME=:${IMAGE_NAME}:"
exit 0
- name: Setup Kosli cli
if: ${{ github.ref }} == 'refs/heads/main' && (success() || failure())
uses: kosli-dev/setup-cli-action@v2
with:
version:
${{ env.KOSLI_CLI_VERSION }}
- name: When on master, attest result to Kosli
if: ${{ github.ref }} == 'refs/heads/main' && (success() || failure())
run: |
echo "KOSLI_DRY_RUN=:${KOSLI_DRY_RUN}:"
KOSLI_COMPLIANT=$([ "${{ steps.wibble.outcome }}" == 'success' ] && echo true || echo false)
echo "KOSLI_COMPLIANT=:${KOSLI_COMPLIANT}:"
kosli attest generic --name=wibble
- name: Make Artifact fingerprint available to following jobs
id: variables
run: |
FINGERPRINT=ce707b630a5602097df22253e80a6305b46340b354f27776f45fc2a2688522b4
echo "fingerprint=${FINGERPRINT}" >> ${GITHUB_OUTPUT}
SHORT_SHA=${{ needs.short-sha.outputs.value }}
echo "tag=${SHORT_SHA}" >> ${GITHUB_OUTPUT}
echo "name=cyberdojo/dashboard:${SHORT_SHA}" >> ${GITHUB_OUTPUT}
job-2:
if: ${{ github.ref == 'refs/heads/main' }}
runs-on: ubuntu-latest
needs: [ job-1 ]
env:
IMAGE_NAME: ${{ needs.job-1.outputs.name }}
IMAGE_TAG: ${{ needs.job-1.outputs.tag }}
KOSLI_FINGERPRINT: ${{ needs.job-1.outputs.fingerprint }}
steps:
- name: step-1 from job-2
run: |
echo Hello from job-2, step-1
echo "IMAGE_NAME=:${IMAGE_NAME}:"
echo "IMAGE_TAG=:${IMAGE_TAG}:"
echo "KOSLI_FINGERPRINT=:${KOSLI_FINGERPRINT}:"
echo "TEST_UNIT_COVERAGE_IS_COMPLIANT=wibble" >> ${GITHUB_ENV}
- name: step-2 from job-2
run: |
echo Hello from job-2, step-2
echo "env-var=:${{ env.TEST_UNIT_COVERAGE_IS_COMPLIANT }}:"
job-3:
runs-on: ubuntu-latest
needs: [ job-2 ]
steps:
- name: step-1 from job-3
run: |
echo Hello from job-3, step-1
# plain exit-42 on job-1,step-1 and success()||failure() on job-1,step-2 means
# job-1,step-2 runs? YES
# job-2 runs? NO
# plain exit-42 on job-1,step-1 and NO success()||failure() on job-1,step-2 means
# job-1,step-2 runs? NO
# job-2 runs? NO
# With this...
# - name: step-1 from job-1
# run: |
# echo Hello from job-1, step-1
# sdf
# echo Hello from job-1, step-1, after an error
# exit 42
# then
# the second echo is NOT run, and the exit code of the job is 127 (not 42)
# With this...
# job-2:
# runs-on: ubuntu-latest
# needs: [ job-1 ]
# if: ${{ success() || failure() }}
# then
# job1 failed, job2 waits for job1 to finish, and does then run.
# Putting continue-on-error: true
# at the step level, means that if the step fails
# the other steps still run, and the job succeeds
# Eg, there is no "Rerun failed jobs" option in the CI.
# Putting continue-on-error: true
# at the job-2 level, seems to have no effect.
# job1 fails, but job2 is not run (it is skipped)
# Putting continue-on-error: true
# at the job-1 level, means that job1 steps 2,3 are not run.
# and job-1 fails, and job-2 is run.
# env-var added to >> ${GITHUB_ENV}
# is available in the next step (in the same job)