Components workflow #12
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Components workflow | |
| on: | |
| workflow_call: | |
| inputs: | |
| component_dir: | |
| description: "Dir in root directory" | |
| type: string | |
| required: true | |
| build_version: | |
| description: "Specifies the build version to apply to all binaries produced by this workflow" | |
| type: string | |
| required: true | |
| publish_binaries: | |
| description: "Enable publishing binaries to repos" | |
| type: boolean | |
| default: false | |
| ref: | |
| description: "The branch, tag or SHA to checkout" | |
| type: string | |
| default: "" | |
| registry: | |
| description: "The container registry to push images to" | |
| type: string | |
| required: true | |
| workflow_dispatch: | |
| inputs: | |
| ref: | |
| description: "The branch, tag or SHA to checkout" | |
| required: true | |
| default: "main" | |
| component_dir: | |
| description: "Path to the component (relative to the root of the repository)" | |
| required: true | |
| ################################### DELETE ME - only for testing | |
| registry: | |
| description: "The container registry to push images to" | |
| type: string | |
| required: true | |
| default: "ghcr.io/open-edge-platform" | |
| publish_binaries: | |
| description: "Enable publishing binaries to repos" | |
| type: boolean | |
| default: true | |
| ################################### DELETE ME END | |
| permissions: {} # No permissions by default on workflow level | |
| env: | |
| COMPONENT_DIR: ${{ inputs.component_dir }} | |
| jobs: | |
| component-check: | |
| name: Component workflow | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| timeout-minutes: 30 | |
| env: | |
| TAG: ${{ inputs.build_version || github.sha }} | |
| # Update these when the tags in dev_tools/builder_images/*/Makefile are updated. | |
| # Remember that new tags will be available only after the code with the change is merged | |
| # and the builder image workflow is run and completed successfully. | |
| REGISTRY: ${{ inputs.registry }} | |
| BUILDER_REGISTRY: ghcr.io/open-edge-platform/geti/builders | |
| PYTHON_BUILDER_IMAGE: python-builder:v1.0.0 | |
| GO_BUILDER_IMAGE: go-builder:v1.0.0 | |
| steps: | |
| - name: Harden the runner (audit all outbound calls) | |
| uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout code | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: false | |
| ref: ${{ inputs.ref || '' }} | |
| - name: Read component config | |
| id: component-config | |
| uses: ./.github/actions/read-component-config | |
| with: | |
| component_dir: ${{ env.COMPONENT_DIR }} | |
| - name: Initial cleanup | |
| if: steps.component-config.outputs.cleanup_type == 'initial' || steps.component-config.outputs.cleanup_type == 'all' | |
| uses: ./.github/actions/cleanup-runner | |
| with: | |
| type: "initial" | |
| - name: Check if Python/Go project | |
| id: check-python-go | |
| run: | | |
| BUILDER_IMAGE="" | |
| if [ -f "${COMPONENT_DIR}/setup.py" ] || [ -f "${COMPONENT_DIR}/pyproject.toml" ] || [ -f "${COMPONENT_DIR}/.python" ]; then | |
| BUILDER_IMAGE=${BUILDER_REGISTRY}/${PYTHON_BUILDER_IMAGE} | |
| elif [ -f "${COMPONENT_DIR}/go.mod" ] || [ -f "${COMPONENT_DIR}/.go" ]; then | |
| BUILDER_IMAGE=${BUILDER_REGISTRY}/${GO_BUILDER_IMAGE} | |
| fi | |
| echo "BUILDER_IMAGE=${BUILDER_IMAGE}" >> $GITHUB_ENV | |
| echo "BUILDER_IMAGE=${BUILDER_IMAGE}" | |
| - name: Static code analysis | |
| run: make builder -C "${COMPONENT_DIR}" static-code-analysis | |
| - name: Unit testing | |
| run: make builder -C "${COMPONENT_DIR}" test-unit | |
| - name: Integration testing | |
| env: | |
| INPUTS_INTEGRATION_BUILDER: ${{ steps.component-config.outputs.integration_builder }} | |
| run: | | |
| if [[ "$INPUTS_INTEGRATION_BUILDER" == "false" ]]; then | |
| sudo apt-get update && sudo apt-get install -y ffmpeg && make -C "${COMPONENT_DIR}" test-integration | |
| else | |
| make builder -C "${COMPONENT_DIR}" test-integration | |
| fi | |
| - name: Pre-build cleanup | |
| if: steps.component-config.outputs.cleanup_type == 'pre-build' || steps.component-config.outputs.cleanup_type == 'all' | |
| uses: ./.github/actions/cleanup-runner | |
| with: | |
| type: "pre-build" | |
| - name: Build image | |
| id: build-image | |
| run: | | |
| OUTPUT=$(make -C "${COMPONENT_DIR}" build-image) | |
| if echo "$OUTPUT" | grep -q "Skipping"; then | |
| echo "SKIP_IMAGE=true" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Log in to GitHub Container Registry | |
| if: steps.build-image.outputs.SKIP_IMAGE != 'true' && inputs.publish_binaries | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Push image | |
| if: steps.build-image.outputs.SKIP_IMAGE != 'true' && inputs.publish_binaries | |
| run: make -C "${COMPONENT_DIR}" publish-image | |
| # - name: Lint chart | |
| # if: steps.build-image.outputs.SKIP_IMAGE != 'true' | |
| # run: make -C "${COMPONENT_DIR}" lint-chart | |
| # - name: Publish chart | |
| # if: steps.build-image.outputs.SKIP_IMAGE != 'true' && inputs.publish_binaries | |
| # run: make -C "${COMPONENT_DIR}" publish-chart |