-
Notifications
You must be signed in to change notification settings - Fork 1
136 lines (114 loc) · 3.89 KB
/
pull-request.yml
File metadata and controls
136 lines (114 loc) · 3.89 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
name: pull-request
on:
workflow_dispatch:
pull_request:
branches:
- develop
jobs:
lint:
runs-on: ubuntu-latest
steps:
- name: checkout the calling repo
uses: actions/checkout@v6
with:
fetch-depth: 0
- name: build-common
uses: ./.github/actions/build-common
- name: tflint --init
if: ${{ hashFiles('.tflint.hcl') }}
run: |
tflint --init
shell: bash
- name: lint
shell: bash
run: |
make lint-ci
test:
runs-on: ubuntu-latest
permissions:
checks: write
pull-requests: write
steps:
- name: checkout the calling repo
uses: actions/checkout@v6
with:
fetch-depth: 0
- name: build-common
uses: ./.github/actions/build-common
- name: run tests
shell: bash
run: |
make coverage-ci
- name: coverage comment
if: ${{ github.event.pull_request.user.login != 'dependabot[bot]' && hashFiles('./reports/coverage.xml') && hashFiles('./reports/pytest-coverage.txt') }}
uses: MishaKav/pytest-coverage-comment@287292879eaaff04116f36d3eb1a670f6e5df1a4
with:
pytest-coverage-path: ./reports/pytest-coverage.txt
pytest-xml-coverage-path: ./reports/coverage.xml
junitxml-path: ./reports/junit/results.xml
- name: convert sonar reports
if: ${{ hashFiles('./reports/junit/*.xml') || hashFiles('./reports/coverage.xml') }}
uses: ./.github/actions/sonar-reports
- name: prepare sonar properties
if: ${{ hashFiles('./sonar-project.properties') }}
uses: ./.github/actions/sonar-properties
- name: sonarqube scan
uses: SonarSource/sonarqube-scan-action@a31c9398be7ace6bbfaf30c0bd5d415f843d45e9
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
- name: publish test report
uses: mikepenz/action-junit-report@bccf2e31636835cf0874589931c4116687171386
if: ${{ !cancelled() }}
with:
report_paths: 'reports/junit/*.xml'
require_tests: true
fail_on_failure: true
dependabot:
if: github.actor == 'dependabot[bot]' && github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'NHSDigital/terraform-aws-metrics-lambda'
needs:
- lint
- test
permissions:
contents: write
pull-requests: write
runs-on: ubuntu-latest
steps:
- name: verify dependabot commits
uses: actions/github-script@v8
with:
script: |
const commits = await github.rest.pulls.listCommits({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number
})
for (const commit of commits.data) {
let author = commit.author;
if (author.login != 'dependabot[bot]' || author.type != 'Bot') {
throw new Error(`auto-merge-dependabot not permitted for author login: ${author.login} type: ${author.type}`);
}
}
if (commits.data.length>249) {
// api returns max 250 commits
throw new Error("too many commits to verify commiter");
}
- name: Approve pull request
uses: actions/github-script@v8
with:
script: |
github.rest.pulls.createReview({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number,
event: 'APPROVE'
})
- name: Merge pull request
uses: actions/github-script@v8
with:
script: |
github.rest.pulls.merge({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number,
merge_method: 'merge'
})