forked from envoyproxy/envoy
-
Notifications
You must be signed in to change notification settings - Fork 2
121 lines (112 loc) · 4.29 KB
/
_request.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
name: Request/incoming
permissions:
contents: read
on:
workflow_call:
secrets:
app-id:
required: true
app-key:
required: true
# Defaults are set .github/config.yml on the `main` branch.
inputs:
config-file:
type: string
default: ./.github/config.yml
concurrency:
group: |
${{ github.actor != 'trigger-release-envoy[bot]'
&& github.head_ref
|| github.run_id
}}-${{ github.workflow }}-env-prime
cancel-in-progress: true
env:
CI_DEBUG: ${{ (vars.CI_DEBUG || vars.RUNNER_DEBUG) && true || false }}
jobs:
incoming:
if: ${{ github.repository == 'envoyproxy/envoy' || vars.ENVOY_CI }}
runs-on: ubuntu-22.04
permissions:
contents: read
pull-requests: read
outputs:
env: ${{ steps.data.outputs.value }}
config: ${{ steps.config.outputs.config }}
steps:
- uses: envoyproxy/toolshed/gh-actions/jq@680d414be3f56cbb161dfdebebece85d81c3f686 # actions-v0.2.24
id: started
name: Create timestamp
with:
options: -r
filter: |
now
- uses: envoyproxy/toolshed/gh-actions/github/checkout@680d414be3f56cbb161dfdebebece85d81c3f686 # actions-v0.2.24
id: checkout
name: Checkout Envoy repository
with:
pr: ${{ github.event.number }}
branch: ${{ github.ref_name }}
config: |
fetch-depth: ${{ startsWith(github.event_name, 'pull_request') && 1 || 2 }}
# This step *LOOKS AT* the repo at the point requested
# Its essential that this _job_ *MUST NOT EXECUTE ANY CODE FROM THE CHECKED OUT REPO*
# *ALL* variables collected should be treated as untrusted and should be sanitized before
# use
- name: Generate environment variables from commit
uses: envoyproxy/toolshed/gh-actions/envoy/ci/request@680d414be3f56cbb161dfdebebece85d81c3f686 # actions-v0.2.24
id: env
with:
branch-name: ${{ steps.checkout.outputs.branch-name }}
config-file: ${{ inputs.config-file }}
merge-commit: ${{ steps.checkout.outputs.merge-commit }}
started: ${{ steps.started.outputs.value }}
token: ${{ secrets.GITHUB_TOKEN }}
vars: ${{ toJSON(vars) }}
- name: Request summary
id: summary
uses: envoyproxy/toolshed/gh-actions/github/env/summary@680d414be3f56cbb161dfdebebece85d81c3f686 # actions-v0.2.24
with:
actor: ${{ toJSON(fromJSON(steps.env.outputs.data).request.actor) }}
base-sha: ${{ fromJSON(steps.env.outputs.data).request.base-sha }}
link: ${{ format('https://github.com/{0}/actions/runs/{1}', github.repository, github.run_id) }}
output-path: GITHUB_STEP_SUMMARY
pr: ${{ github.event.number }}
data: ${{ steps.env.outputs.data }}
tables: ${{ toJSON(fromJSON(steps.env.outputs.data).config.tables) }}
icon: ${{ fromJSON(steps.env.outputs.data).config.envoy.icon }}
message: ${{ fromJSON(steps.env.outputs.data).request.message }}
ref: ${{ fromJSON(steps.env.outputs.data).request.ref }}
sha: ${{ fromJSON(steps.env.outputs.data).request.sha }}
target-branch: ${{ fromJSON(steps.env.outputs.data).request.target-branch }}
- name: Environment data
uses: envoyproxy/toolshed/gh-actions/jq@680d414be3f56cbb161dfdebebece85d81c3f686 # actions-v0.2.24
id: data
with:
input: |
env: ${{ steps.env.outputs.data }}
title: ${{ steps.summary.outputs.title }}
link: ${{ format('https://github.com/{0}/actions/runs/{1}', github.repository, github.run_id) }}
summary: ${{ steps.summary.outputs.summary }}
input-format: yaml
filter: |
.title as $title
| .env.config.envoy.icon as $icon
| .link as $link
| "\($icon) Request ([\($title)](\($link)))" as $linkedTitle
| .summary as $summary
| .env
| .summary = {
$summary,
$title,
$link,
"linked-title": $linkedTitle}
| del(.config.tables)
checks:
if: ${{ github.repository == 'envoyproxy/envoy' || vars.ENVOY_CI }}
needs: incoming
uses: ./.github/workflows/_start.yml
secrets:
app-id: ${{ secrets.app-id }}
app-key: ${{ secrets.app-key }}
with:
env: ${{ needs.incoming.outputs.env }}