forked from zcash/zcash
-
Notifications
You must be signed in to change notification settings - Fork 0
107 lines (96 loc) · 3.65 KB
/
ci-skip.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
name: CI skip
on:
# We use `pull_request_target` to have access to the necessary secrets to
# create the commit status in PRs created from forks. We avoid command
# injection by:
# - never using the PR's branch name.
# - passing the PR's repository name through an intermediate environment
# variable.
# - never running commands with the fork's code checked out (we only require
# its commits to be present in the repository).
pull_request_target:
# Any update here needs to be done for the `no-ci-required` step (see below),
# and mirrored into `ci.yml`.
paths:
# Workflows that have no effect on the CI workflow.
- '.github/dependabot.yml'
- '.github/workflows/audits.yml'
- '.github/workflows/book.yml'
- '.github/workflows/ci-skip.yml'
- '.github/workflows/lints.yml'
- '.github/workflows/release-docker-hub.yml'
# Documentation.
- 'contrib/debian/copyright'
- 'doc/**'
- '**.md'
- 'COPYING'
- 'INSTALL'
permissions:
contents: read
statuses: write
jobs:
required-pass:
name: Bypass required-pass steps
runs-on: ubuntu-latest
steps:
- name: Check out the base branch
uses: actions/checkout@v4
with:
# We fetch the entire repository to ensure we have the common ancestor
# of the base branch and the PR branch.
fetch-depth: 0
- name: Fetch the commits for the PR branch
run: git fetch $HEAD_REPO $HEAD_SHA
env:
HEAD_REPO: ${{ github.event.pull_request.head.repo }}
HEAD_SHA: ${{ github.event.pull_request.head.sha }}
- name: Check whether the changes are only to the set of filtered paths
id: no-ci-required
run: |
cat <<EOF > ./subclass.py
import os
import re
import shlex
import sys
paths = [
r'^\.github/dependabot\.yml$',
r'^\.github/workflows/audits\.yml$',
r'^\.github/workflows/book\.yml$',
r'^\.github/workflows/ci-skip\.yml$',
r'^\.github/workflows/lints\.yml$',
r'^\.github/workflows/release-docker-hub\.yml$',
r'^contrib/debian/copyright$',
r'^doc/.*',
r'.*\.md$',
r'^COPYING$',
r'^INSTALL$',
]
paths_regex = '(?:%s)' % '|'.join(paths)
changed_files = shlex.split(os.environ["CHANGED_FILES"])
if len(changed_files) == 0:
sys.exit(1)
verified = True
for f in changed_files:
if not re.match(paths_regex, f):
verified = False
print('result=verified' if verified else 'result=skipped')
EOF
CHANGED_FILES=$(git diff --name-only ${{ github.sha }}...$HEAD_SHA --)
echo $CHANGED_FILES
CHANGED_FILES=$CHANGED_FILES python3 ./subclass.py >> $GITHUB_OUTPUT
env:
HEAD_SHA: ${{ github.event.pull_request.head.sha }}
- name: Submit required-passed status
if: ${{ !cancelled() && steps.no-ci-required.outputs.result == 'verified' }}
uses: actions/github-script@v7
with:
script: |
await github.request("POST /repos/{owner}/{repo}/statuses/{sha}", {
owner: context.repo.owner,
repo: context.repo.repo,
sha: context.payload.pull_request.head.sha,
state: "success",
target_url: `https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}`,
description: "Finished",
context: "CI / Required status checks"
})