Skip to content

πŸ’š Validate OCI Images #474

πŸ’š Validate OCI Images

πŸ’š Validate OCI Images #474

# Copyright 2024
#
# Everyone is permitted to copy, distribute, modify, merge, sell, publish,
# sublicense or whatever the fuck they want with this software but at their
# OWN RISK.
# The author has absolutely no fucking clue what the code in this project
# does. It might just fucking work or not, there is no third option.
#
# IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
# DEALINGS IN THE SOFTWARE.
---
name: πŸ’š Validate OCI Images
on:
merge_group: {}
pull_request: {}
env:
ASDF_DIR: /home/runner/.asdf
permissions: {}
jobs:
find_updated_apps:
name: πŸ“„ List updated applications
runs-on: ubuntu-22.04
outputs:
updated_apps: ${{ steps.list_apps.outputs.updated }}
steps:
- name: ⬇️ Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
# Install all required tools or restore them if the cache already exists
- name: 🚧 Restore cached tools
uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
id: restore-asdf
with:
path: ${{ env.ASDF_DIR }}
key: asdf-vm-${{ hashFiles('.tool-versions') }}
- name: πŸ“¦οΈ Install required tools
uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3.0.2
with:
skip_install: ${{ steps.restore-asdf.outputs.cache-hit == 'true' }}
# List all applications between two commits
- name: πŸ“„ List updated applications
id: list_apps
run: |
(
echo -n 'updated='
task gh:helper:apps:updated:json FROM_SHA="${FROM}" TO_SHA="${TO}"
) >> "${GITHUB_OUTPUT}"
env:
FROM: ${{ github.event.pull_request.head.sha }}~${{ github.event.pull_request.commits }}
TO: ${{ github.event.pull_request.head.sha }}
validate_images:
name: βœ… Validate `${{ matrix.updated.project }}/${{ matrix.updated.application }}`
needs: find_updated_apps
if: needs.find_updated_apps.outputs.updated_apps != '[]'
permissions:
checks: write
contents: read
strategy:
fail-fast: false
matrix:
updated: ${{ fromJson(needs.find_updated_apps.outputs.updated_apps) }}
uses: ./.github/workflows/workflow_call.docker.validate.yaml
with:
project: ${{ matrix.updated.project }}
application: ${{ matrix.updated.application }}
validate_workflow:
name: βœ… Summary OCI images validation
runs-on: ubuntu-22.04
needs: [validate_images, find_updated_apps]
if: always()
steps:
- name: 🚫 No applications to validate
if: needs.find_updated_apps.outputs.updated_apps == '[]'
run: echo "::notice title=OCI image validation::No applications to validate... succeeding."
- name: βœ… All applications have been validated
if: needs.find_updated_apps.outputs.updated_apps != '[]' && needs.validate_images.result == 'success'
run: echo "::notice title=OCI image validation::All applications have been validated successfully."
- name: ❌ Some applications have not been validated
if: needs.find_updated_apps.outputs.updated_apps != '[]' && needs.validate_images.result != 'success'
run: echo "::error title=OCI image validation::Some applications have not been validated successfully... see the logs for more details." && exit 1 # trunk-ignore(yamllint/line-length)