feat(ci): add centralized reusable CI/CD workflows for the reqstool o… #19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| paths: | |
| - ".github/workflows/**" | |
| - "tests/**" | |
| pull_request: | |
| paths: | |
| - ".github/workflows/**" | |
| - "tests/**" | |
| permissions: | |
| contents: read | |
| jobs: | |
| lint: | |
| name: Lint workflows | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install actionlint | |
| run: | | |
| VERSION="1.7.7" | |
| curl -fsSL \ | |
| "https://github.com/rhysd/actionlint/releases/download/v${VERSION}/actionlint_${VERSION}_linux_amd64.tar.gz" \ | |
| | tar -xz actionlint | |
| sudo mv actionlint /usr/local/bin/ | |
| - name: Install zizmor | |
| run: pip install zizmor | |
| - name: Install yamllint | |
| run: pip install yamllint | |
| - name: actionlint | |
| run: actionlint .github/workflows/**/*.yml .github/workflows/*.yml | |
| - name: zizmor | |
| run: zizmor --format sarif .github/workflows/ > zizmor.sarif || true | |
| - name: yamllint | |
| run: | | |
| yamllint -d "{extends: relaxed, rules: {line-length: {max: 200}}}" \ | |
| .github/workflows/ | |
| test-check-release: | |
| name: Test — common/check-release | |
| needs: lint | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| fixture: | |
| - valid-semver | |
| - invalid-semver | |
| - valid-pep440 | |
| - invalid-pep440 | |
| - valid-maven | |
| - not-a-tag | |
| - wrong-branch | |
| - hotfix-branch | |
| - release-branch | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install act | |
| run: | | |
| VERSION="0.2.74" | |
| curl -fsSL \ | |
| "https://github.com/nektos/act/releases/download/v${VERSION}/act_Linux_x86_64.tar.gz" \ | |
| | tar -xz act | |
| sudo mv act /usr/local/bin/ | |
| mkdir -p ~/.config/act | |
| echo "-P ubuntu-latest=node:20-bullseye-slim" > ~/.config/act/actrc | |
| - name: Read fixture | |
| id: fixture | |
| run: | | |
| FIXTURE="tests/common/check-release/${{ matrix.fixture }}.json" | |
| EXPECTED=$(jq -r '.expected_exit' "$FIXTURE") | |
| GITHUB_REF=$(jq -r '.github_ref' "$FIXTURE") | |
| VERSION_FORMAT=$(jq -r '.inputs["version-format"]' "$FIXTURE") | |
| TARGET_COMMITISH=$(jq -r '.event.release.target_commitish' "$FIXTURE") | |
| { | |
| echo "expected=$EXPECTED" | |
| echo "github_ref=$GITHUB_REF" | |
| echo "version_format=$VERSION_FORMAT" | |
| echo "target_commitish=$TARGET_COMMITISH" | |
| } >> "$GITHUB_OUTPUT" | |
| - name: Build event payload | |
| run: | | |
| jq -n \ | |
| --arg commitish "${{ steps.fixture.outputs.target_commitish }}" \ | |
| --arg fmt "${{ steps.fixture.outputs.version_format }}" \ | |
| '{"release": {"target_commitish": $commitish}, "inputs": {"version-format": $fmt}}' \ | |
| > /tmp/event.json | |
| - name: Run act | |
| id: act | |
| continue-on-error: true | |
| run: | | |
| REF="${{ steps.fixture.outputs.github_ref }}" | |
| REF_NAME=$(echo "$REF" | sed 's|refs/tags/||;s|refs/heads/||') | |
| act workflow_call \ | |
| -W .github/workflows/common/check-release.yml \ | |
| --eventpath /tmp/event.json \ | |
| --env "GITHUB_REF=$REF" \ | |
| --env "GITHUB_REF_NAME=$REF_NAME" \ | |
| --no-cache-server \ | |
| -q | |
| - name: Assert outcome | |
| run: | | |
| ACT_EXIT=${{ steps.act.outcome == 'success' && '0' || '1' }} | |
| EXPECTED="${{ steps.fixture.outputs.expected }}" | |
| if [ "$ACT_EXIT" != "$EXPECTED" ]; then | |
| echo "::error::Fixture '${{ matrix.fixture }}': expected exit $EXPECTED but got $ACT_EXIT" | |
| exit 1 | |
| fi | |
| echo "Fixture '${{ matrix.fixture }}': exit $ACT_EXIT — PASS" | |
| # tests/common/release.yml and tests/common/release-preview.yml are validated | |
| # by actionlint above. act-based execution is skipped here because act does not | |
| # propagate with: inputs into nested workflow_call, and release-preview requires | |
| # curl which is absent from the micro image. Both workflows are exercised | |
| # end-to-end in the per-repo migration PRs. |