From bef0464b1d15b3212780ba2c42f28c516ca12d2f Mon Sep 17 00:00:00 2001
From: Nick Boldt <nboldt@redhat.com>
Date: Mon, 29 Jan 2024 13:30:51 -0400
Subject: [PATCH 1/2] chore: skip the golang build if there's no changes to the
 golang files (see regex)

Signed-off-by: Nick Boldt <nboldt@redhat.com>
---
 .github/workflows/pr.yaml | 64 +++++++++++++++++++++++++++++----------
 1 file changed, 48 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml
index 7611e18b..97856f09 100644
--- a/.github/workflows/pr.yaml
+++ b/.github/workflows/pr.yaml
@@ -22,27 +22,59 @@ on:
     - 1.[0-9]+.x
 
 jobs:
+  check-changes:
+    # check if the change for this PR necessitates a rebuild of containers
+    runs-on: ubuntu-latest
+    needs: authorize
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.ref }}
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+      - name: check-changes
+        # check changes in this commit for regex include and exclude matches; pipe to an env var
+        # note regexes are different for the PR check than for *-container-build.yaml
+        run: |
+          CHANGES="$(git diff --name-only | \
+          grep -E "workflows/pr.yaml|Makefile|bundle/|config/|go.mod|go.sum|.+\.go" | \
+          grep -v -E "/.rhdh/")";
+          echo "Changed files for this commit:"
+          echo "=============================="
+          echo "$CHANGES"
+          echo "=============================="
+          echo "CHANGES=$CHANGES" >> $GITHUB_ENV
+
   pr-validate:
     name: PR Validate
     runs-on: ubuntu-latest
-
+    needs: check-changes
     steps:
-    - uses: actions/checkout@v3
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Go
+        uses: actions/setup-go@v4
+        with:
+          go-version-file: 'go.mod'
 
-    - name: Setup Go
-      uses: actions/setup-go@v4
-      with:
-        go-version-file: 'go.mod'
+      # gosec needs a "build" stage so connect it to the lint step which we always do
+      - name: build
+        run: make lint
 
-    - name: build
-      run: |
-        make lint test
+      - name: test
+        # run this stage only if there are changes that match the includes and not the excludes
+        if: ${{ env.CHANGES != '' }}
+        run: make test
 
-    - name: Run Gosec Security Scanner
-      run: make gosec
+      - name: Run Gosec Security Scanner
+        run: make gosec
 
-    - name: Upload SARIF file
-      uses: github/codeql-action/upload-sarif@v2
-      with:
-        # Path to SARIF file relative to the root of the repository
-        sarif_file: gosec.sarif
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          # Path to SARIF file relative to the root of the repository
+          sarif_file: gosec.sarif

From 08f91f8439a7a85b32eb35bfac7f8ac566634595 Mon Sep 17 00:00:00 2001
From: Nick Boldt <nboldt@redhat.com>
Date: Mon, 29 Jan 2024 13:36:18 -0400
Subject: [PATCH 2/2] don't fail if nothing returned by grep

Signed-off-by: Nick Boldt <nboldt@redhat.com>
---
 .github/workflows/next-container-build.yaml | 2 ++
 .github/workflows/pr-container-build.yaml   | 2 ++
 .github/workflows/pr.yaml                   | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/.github/workflows/next-container-build.yaml b/.github/workflows/next-container-build.yaml
index c3f9c40d..e744c83c 100644
--- a/.github/workflows/next-container-build.yaml
+++ b/.github/workflows/next-container-build.yaml
@@ -41,6 +41,8 @@ jobs:
       - name: check-changes
         # check changes in this commit for regex include and exclude matches; pipe to an env var
         run: |
+          # don't fail if nothing returned by grep
+          set +e 
           CHANGES="$(git diff --name-only HEAD~1 | \
           grep -E "docker/|\.dockerignore|workflows/.+-container-build.yaml|Makefile|bundle/|config/|go.mod|go.sum|.+\.go" | \
           grep -v -E ".+_test.go|/.rhdh/")";
diff --git a/.github/workflows/pr-container-build.yaml b/.github/workflows/pr-container-build.yaml
index 66c924ab..919dbe45 100644
--- a/.github/workflows/pr-container-build.yaml
+++ b/.github/workflows/pr-container-build.yaml
@@ -62,6 +62,8 @@ jobs:
       - name: check-changes
         # check changes in this commit for regex include and exclude matches; pipe to an env var
         run: |
+          # don't fail if nothing returned by grep
+          set +e 
           CHANGES="$(git diff --name-only HEAD~1 | \
           grep -E "docker/|\.dockerignore|workflows/.+-container-build.yaml|Makefile|bundle/|config/|go.mod|go.sum|.+\.go" | \
           grep -v -E ".+_test.go|/.rhdh/")";
diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml
index 97856f09..8ffdaa23 100644
--- a/.github/workflows/pr.yaml
+++ b/.github/workflows/pr.yaml
@@ -37,6 +37,8 @@ jobs:
         # check changes in this commit for regex include and exclude matches; pipe to an env var
         # note regexes are different for the PR check than for *-container-build.yaml
         run: |
+          # don't fail if nothing returned by grep
+          set +e 
           CHANGES="$(git diff --name-only | \
           grep -E "workflows/pr.yaml|Makefile|bundle/|config/|go.mod|go.sum|.+\.go" | \
           grep -v -E "/.rhdh/")";