Skip to content

Bump github/codeql-action from 3.27.0 to 3.27.3 #422

Bump github/codeql-action from 3.27.0 to 3.27.3

Bump github/codeql-action from 3.27.0 to 3.27.3 #422

Workflow file for this run

name: RIT Action Continuous Integration Test
on:
pull_request:
push:
branches:
- main
workflow_dispatch:
inputs:
rskj-branch:
description: 'Branch for RSKj'
required: false
default: 'master'
powpeg-branch:
description: 'Branch for PowPeg Node'
required: false
default: 'master'
permissions:
contents: read
env:
TEST_TAG: ${{ github.event.repository.name }}/rit:test
LATEST_TAG: ghcr.io/rsksmart/${{ github.event.repository.name }}/rit
jobs:
build-push-rit-action-container-action:
name: Test RIT Action docker container-action
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- name: Checkout
id: checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Docker meta
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with:
images: |
${{ env.LATEST_TAG }}
${{ env.TEST_TAG }}
- name: Setup Docker BuildX
id: setup-buildx
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
with:
install: true
driver-opts: network=host
platforms: linux/amd64
- name: Build and export locally Docker
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
with:
context: container-action/
load: true
tags: ${{ env.TEST_TAG }}
- name: Set Branch Variables
id: set-branch-variables
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
github_event_inputs_powpeg_branch: ${{ github.event.inputs.powpeg-branch }}
github_event_inputs_rskj_branch: ${{ github.event.inputs.rskj-branch }}
github_event_name: ${{ github.event_name }}
github_event_pull_request_number: ${{ github.event.pull_request.number }}
github_head_ref: ${{ github.head_ref }}
github_ref_name: ${{ github.ref_name }}
run: |
PR_DESCRIPTION=pr-description.txt
ALLOWED_BRANCH_CHARACTERS='[-+./0-9A-Z_a-z]'
default_rskj_branch=master
default_powpeg_branch=master
default_rit_branch=main
get_branch_from_description()
{
_prefix=$1
# On lines matching "`$_prefix:...`", replace the lines with the
# thing in ... and print the result.
_search_re='\@`'$_prefix:$ALLOWED_BRANCH_CHARACTERS'\{1,\}`@'
_replace_re='s@.*`'$_prefix:'\('$ALLOWED_BRANCH_CHARACTERS'\{1,\}\)`.*@\1@p'
_branch=$(sed -n "$_search_re $_replace_re" "$PR_DESCRIPTION")
echo "$_branch"
}
is_valid_branch_name()
{
echo "$1" | grep -qx "$ALLOWED_BRANCH_CHARACTERS\\{1,\\}"
}
if [ "$github_event_name" = workflow_dispatch ]; then
RSKJ_BRANCH=${github_event_inputs_rskj_branch:-$default_rit_branch}
POWPEG_BRANCH=${github_event_inputs_powpeg_branch:-$default_powpeg_branch}
RIT_BRANCH=$github_ref_name
elif [ "$github_event_name" = pull_request ]; then
gh pr view "$github_event_pull_request_number" --json body -q .body >"$PR_DESCRIPTION"
RSKJ_BRANCH=$(get_branch_from_description rskj)
: ${RSKJ_BRANCH:=$default_rskj_branch}
POWPEG_BRANCH=$(get_branch_from_description fed)
: ${POWPEG_BRANCH:=$default_powpeg_branch}
RIT_BRANCH=$(get_branch_from_description rit)
: ${RIT_BRANCH:=${github_head_ref:-$default_rskj_branch}}
else
RSKJ_BRANCH=$default_rskj_branch
POWPEG_BRANCH=$default_powpeg_branch
RIT_BRANCH=$default_rit_branch
fi
if ! is_valid_branch_name "$RSKJ_BRANCH"; then
echo "rskj: invalid branch name: $RSKJ_BRANCH" >&2
exit 1
fi
if ! is_valid_branch_name "$POWPEG_BRANCH"; then
echo "fed: invalid branch name: $POWPEG_BRANCH" >&2
exit 1
fi
if ! is_valid_branch_name "$RIT_BRANCH"; then
echo "rit: invalid branch name: $RIT_BRANCH" >&2
exit 1
fi
echo "RSKJ_BRANCH=$RSKJ_BRANCH" >> $GITHUB_ENV
echo "RIT_BRANCH=$RIT_BRANCH" >> $GITHUB_ENV
echo "POWPEG_BRANCH=$POWPEG_BRANCH" >> $GITHUB_ENV
- name: Test the RIT Container Action
id: test-container
env:
INPUT_RSKJ_BRANCH: ${{ env.RSKJ_BRANCH }}
INPUT_POWPEG_NODE_BRANCH: ${{ env.POWPEG_BRANCH }}
INPUT_RIT_BRANCH: ${{ env.RIT_BRANCH }}
INPUT_RIT_LOG_LEVEL: info
run: |
docker run \
--env GITHUB_OUTPUT="/github-output" \
--env INPUT_RSKJ_BRANCH="${{ env.INPUT_RSKJ_BRANCH }}" \
--env INPUT_POWPEG_NODE_BRANCH="${{ env.INPUT_POWPEG_NODE_BRANCH }}" \
--env INPUT_RIT_BRANCH="${{ env.INPUT_RIT_BRANCH }}" \
--env INPUT_RIT_LOG_LEVEL="${{ env.INPUT_RIT_LOG_LEVEL }}" \
-v "$GITHUB_OUTPUT:/github-output" \
--rm ${{ env.TEST_TAG }}
- name: GitHub container registry login
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build the RIT Action Container Image
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
with:
context: container-action/
tags: ${{ env.LATEST_TAG }}
labels: ${{ steps.meta.outputs.labels }}
load: true
push: true
test-rit-action:
needs: build-push-rit-action-container-action
name: GitHub Actions Test
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- name: Checkout
id: checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Test RIT Action
id: test-rit-action
uses: ./
with:
rskj-branch: ${{ env.RSKJ_BRANCH }}
powpeg-node-branch: ${{ env.POWPEG_BRANCH }}
rit-branch: ${{ env.RIT_BRANCH }}
- name: Print RIT Status and Message
id: output
run: |
echo "RIT Status = ${{ steps.test-rit-action.outputs.status }}"
echo "RIT Message = ${{ steps.test-rit-action.outputs.message }}"
publish-rit-action-tag:
needs: test-rit-action
name: Publish RIT Action tag
runs-on: ubuntu-latest
timeout-minutes: 60
if: github.ref == 'refs/heads/main'
permissions:
contents: write
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Publish new version
run: |
git config --global user.email "[email protected]"
git config --global user.name "RIT Release Automation"
git tag -fa v1 -m "Updating rootstock-integration-tests container action v1"
git push origin v1 --force