mirror of
https://github.com/kata-containers/kata-containers.git
synced 2026-03-18 10:44:10 +00:00
9d3b9fb438
Pin Github owned actions to specific hashes as recommended as tags are mutable see https://pin-gh-actions.kammel.dev/. This one of the recommendations that scorecard gives us. Note this was generated with `frizbee actions` Signed-off-by: stevenhorsman <steven@uk.ibm.com>
54 lines
1.6 KiB
YAML
54 lines
1.6 KiB
YAML
name: Gatekeeper
|
|
|
|
# Gatekeeper uses the "skips.py" to determine which job names/regexps are
|
|
# required for given PR and waits for them to either complete or fail
|
|
# reporting the status.
|
|
|
|
on:
|
|
pull_request_target:
|
|
types:
|
|
- opened
|
|
- synchronize
|
|
- reopened
|
|
- labeled
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
gatekeeper:
|
|
runs-on: ubuntu-22.04
|
|
permissions:
|
|
actions: read
|
|
contents: read
|
|
issues: read
|
|
pull-requests: read
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
fetch-depth: 0
|
|
persist-credentials: false
|
|
- id: gatekeeper
|
|
env:
|
|
TARGET_BRANCH: ${{ github.event.pull_request.base.ref }}
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
COMMIT_HASH: ${{ github.event.pull_request.head.sha }}
|
|
GH_PR_NUMBER: ${{ github.event.pull_request.number }}
|
|
run: |
|
|
#!/usr/bin/env bash -x
|
|
mapfile -t lines < <(python3 tools/testing/gatekeeper/skips.py -t)
|
|
export REQUIRED_JOBS="${lines[0]}"
|
|
export REQUIRED_REGEXPS="${lines[1]}"
|
|
export REQUIRED_LABELS="${lines[2]}"
|
|
echo "REQUIRED_JOBS: $REQUIRED_JOBS"
|
|
echo "REQUIRED_REGEXPS: $REQUIRED_REGEXPS"
|
|
echo "REQUIRED_LABELS: $REQUIRED_LABELS"
|
|
python3 tools/testing/gatekeeper/jobs.py
|
|
exit $?
|
|
shell: /usr/bin/bash -x {0}
|