|
| 1 | +name: 'Dependabot Build and Verify (DEBUG)' |
| 2 | + |
| 3 | +on: |
| 4 | + push: |
| 5 | + branches: |
| 6 | + - sascha-verify-dependabot-action |
| 7 | + |
| 8 | +permissions: |
| 9 | + contents: read |
| 10 | + pull-requests: read |
| 11 | + |
| 12 | +jobs: |
| 13 | + build-and-verify: |
| 14 | + runs-on: ubuntu-latest |
| 15 | + |
| 16 | + services: |
| 17 | + registry: |
| 18 | + image: registry:3 |
| 19 | + ports: |
| 20 | + - 5000:5000 |
| 21 | + |
| 22 | + steps: |
| 23 | + - name: 'Get PR Details' |
| 24 | + id: pr-details |
| 25 | + env: |
| 26 | + GH_TOKEN: ${{ github.token }} |
| 27 | + run: | |
| 28 | + PR_NUMBER="339" |
| 29 | + REPO="${{ github.repository }}" |
| 30 | + echo "Fetching details for PR #$PR_NUMBER from $REPO" |
| 31 | + |
| 32 | + # Get PR details using GitHub CLI |
| 33 | + PR_DATA=$(gh pr view "$PR_NUMBER" --repo "$REPO" --json title,author,headRefName,headRepositoryOwner) |
| 34 | + |
| 35 | + PR_TITLE=$(echo "$PR_DATA" | jq -r '.title') |
| 36 | + echo "PR Title: $PR_TITLE" |
| 37 | + echo "pr_title=$PR_TITLE" >> $GITHUB_OUTPUT |
| 38 | + |
| 39 | + PR_AUTHOR=$(echo "$PR_DATA" | jq -r '.author.login') |
| 40 | + echo "PR Author: $PR_AUTHOR" |
| 41 | + echo "pr_author=$PR_AUTHOR" >> $GITHUB_OUTPUT |
| 42 | + |
| 43 | + PR_HEAD_REF=$(echo "$PR_DATA" | jq -r '.headRefName') |
| 44 | + echo "PR Head Ref: $PR_HEAD_REF" |
| 45 | + echo "pr_head_ref=$PR_HEAD_REF" >> $GITHUB_OUTPUT |
| 46 | +
|
| 47 | + - name: 'Checkout PR Branch' |
| 48 | + uses: actions/checkout@v6 |
| 49 | + with: |
| 50 | + ref: ${{ steps.pr-details.outputs.pr_head_ref }} |
| 51 | + |
| 52 | + - name: 'Extract Module Path from PR Title' |
| 53 | + id: extract-path |
| 54 | + run: | |
| 55 | + PR_TITLE="${{ steps.pr-details.outputs.pr_title }}" |
| 56 | + echo "PR Title: $PR_TITLE" |
| 57 | +
|
| 58 | + # Extract path from PR title (e.g., "Bump svelte from 4.2.20 to 5.53.6 in /fotobox/frontend-app") |
| 59 | + # Look for " in /" pattern and extract everything after it |
| 60 | + if [[ "$PR_TITLE" =~ \ in\ (/[^[:space:]]+) ]]; then |
| 61 | + MODULE_PATH="${BASH_REMATCH[1]}" |
| 62 | + echo "Extracted module path: $MODULE_PATH" |
| 63 | + echo "module_path=$MODULE_PATH" >> $GITHUB_OUTPUT |
| 64 | + else |
| 65 | + echo "::error::Could not extract module path from PR title: $PR_TITLE" |
| 66 | + exit 1 |
| 67 | + fi |
| 68 | +
|
| 69 | + - name: 'Check for go.mod' |
| 70 | + id: check-gomod |
| 71 | + run: | |
| 72 | + MODULE_PATH="${{ steps.extract-path.outputs.module_path }}" |
| 73 | + GOMOD_PATH="${MODULE_PATH#/}/go.mod" |
| 74 | +
|
| 75 | + if [ -f "$GOMOD_PATH" ]; then |
| 76 | + echo "Found go.mod at $GOMOD_PATH" |
| 77 | + # Extract Go version from go.mod (e.g., "go 1.25" -> "1.25") |
| 78 | + GO_VERSION=$(grep -E '^go [0-9]+\.[0-9]+' "$GOMOD_PATH" | awk '{print $2}') |
| 79 | + echo "Extracted Go version: $GO_VERSION" |
| 80 | + echo "has_gomod=true" >> $GITHUB_OUTPUT |
| 81 | + echo "go_version=$GO_VERSION" >> $GITHUB_OUTPUT |
| 82 | + else |
| 83 | + echo "No go.mod found at $GOMOD_PATH" |
| 84 | + echo "has_gomod=false" >> $GITHUB_OUTPUT |
| 85 | + fi |
| 86 | +
|
| 87 | + - name: 'Setup Go' |
| 88 | + if: steps.check-gomod.outputs.has_gomod == 'true' |
| 89 | + uses: actions/setup-go@v6 |
| 90 | + with: |
| 91 | + go-version: ${{ steps.check-gomod.outputs.go_version }} |
| 92 | + |
| 93 | + - name: 'Setup ko' |
| 94 | + if: steps.check-gomod.outputs.has_gomod == 'true' |
| 95 | + env: |
| 96 | + GH_TOKEN: ${{ github.token }} |
| 97 | + run: | |
| 98 | + gh release download --repo ko-build/ko --pattern "ko_*_${OS}_${ARCH}.tar.gz" --output - | sudo tar -xzf - -C /usr/local/bin ko |
| 99 | + ko version |
| 100 | +
|
| 101 | + - name: 'Check for Build Script' |
| 102 | + id: check-build |
| 103 | + run: | |
| 104 | + MODULE_PATH="${{ steps.extract-path.outputs.module_path }}" |
| 105 | + BUILD_SCRIPT="${MODULE_PATH#/}/build" |
| 106 | +
|
| 107 | + if [ -f "$BUILD_SCRIPT" ]; then |
| 108 | + echo "Build script found at $BUILD_SCRIPT" |
| 109 | + echo "has_build=true" >> $GITHUB_OUTPUT |
| 110 | + echo "build_script=$BUILD_SCRIPT" >> $GITHUB_OUTPUT |
| 111 | + else |
| 112 | + echo "No build script found at $BUILD_SCRIPT" |
| 113 | + echo "has_build=false" >> $GITHUB_OUTPUT |
| 114 | + fi |
| 115 | +
|
| 116 | + - name: 'Run Build Script' |
| 117 | + if: steps.check-build.outputs.has_build == 'true' |
| 118 | + id: run-build |
| 119 | + continue-on-error: true |
| 120 | + env: |
| 121 | + REGISTRY: localhost:5000 |
| 122 | + run: | |
| 123 | + BUILD_SCRIPT="${{ steps.check-build.outputs.build_script }}" |
| 124 | + echo "Running build script: $BUILD_SCRIPT" |
| 125 | + echo "REGISTRY is set to: $REGISTRY" |
| 126 | + chmod +x "$BUILD_SCRIPT" |
| 127 | + "$BUILD_SCRIPT" |
| 128 | +
|
| 129 | + - name: 'Record Build Result' |
| 130 | + if: steps.check-build.outputs.has_build == 'true' |
| 131 | + run: | |
| 132 | + if [ "${{ steps.run-build.outcome }}" == "success" ]; then |
| 133 | + echo "build_success=true" >> $GITHUB_OUTPUT |
| 134 | + else |
| 135 | + echo "build_success=false" >> $GITHUB_OUTPUT |
| 136 | + fi |
| 137 | + id: build-result |
| 138 | + |
| 139 | + - name: 'Check for Verify Script' |
| 140 | + id: check-verify |
| 141 | + run: | |
| 142 | + MODULE_PATH="${{ steps.extract-path.outputs.module_path }}" |
| 143 | + VERIFY_SCRIPT="${MODULE_PATH#/}/verify" |
| 144 | +
|
| 145 | + if [ -f "$VERIFY_SCRIPT" ]; then |
| 146 | + echo "Verify script found at $VERIFY_SCRIPT" |
| 147 | + echo "has_verify=true" >> $GITHUB_OUTPUT |
| 148 | + echo "verify_script=$VERIFY_SCRIPT" >> $GITHUB_OUTPUT |
| 149 | + else |
| 150 | + echo "::warning::Verify script is required but not found at $VERIFY_SCRIPT" |
| 151 | + echo "has_verify=false" >> $GITHUB_OUTPUT |
| 152 | + fi |
| 153 | +
|
| 154 | + - name: 'Run Verify Script' |
| 155 | + if: steps.check-verify.outputs.has_verify == 'true' |
| 156 | + id: run-verify |
| 157 | + continue-on-error: true |
| 158 | + env: |
| 159 | + REGISTRY: localhost:5000 |
| 160 | + run: | |
| 161 | + VERIFY_SCRIPT="${{ steps.check-verify.outputs.verify_script }}" |
| 162 | + echo "Running verify script: $VERIFY_SCRIPT" |
| 163 | + echo "REGISTRY is set to: $REGISTRY" |
| 164 | + chmod +x "$VERIFY_SCRIPT" |
| 165 | + "$VERIFY_SCRIPT" |
| 166 | +
|
| 167 | + - name: 'Record Verify Result' |
| 168 | + if: steps.check-verify.outputs.has_verify == 'true' |
| 169 | + run: | |
| 170 | + if [ "${{ steps.run-verify.outcome }}" == "success" ]; then |
| 171 | + echo "verify_success=true" >> $GITHUB_OUTPUT |
| 172 | + else |
| 173 | + echo "verify_success=false" >> $GITHUB_OUTPUT |
| 174 | + fi |
| 175 | + id: verify-result |
| 176 | + |
| 177 | + - name: 'Check Final Status' |
| 178 | + if: always() |
| 179 | + run: | |
| 180 | + # Fail the workflow if verify script failed or doesn't exist |
| 181 | + if [ "${{ steps.check-verify.outputs.has_verify }}" != "true" ] || [ "${{ steps.verify-result.outputs.verify_success }}" == "false" ]; then |
| 182 | + echo "::error::Workflow failed: verify script missing or failed" |
| 183 | + exit 1 |
| 184 | + fi |
| 185 | + # Fail if build script exists but failed |
| 186 | + if [ "${{ steps.check-build.outputs.has_build }}" == "true" ] && [ "${{ steps.build-result.outputs.build_success }}" == "false" ]; then |
| 187 | + echo "::error::Workflow failed: build script failed" |
| 188 | + exit 1 |
| 189 | + fi |
| 190 | +
|
| 191 | + - name: 'Summary' |
| 192 | + if: always() |
| 193 | + run: | |
| 194 | + echo "## Dependabot Build and Verify Summary (Manual Test)" >> $GITHUB_STEP_SUMMARY |
| 195 | + echo "" >> $GITHUB_STEP_SUMMARY |
| 196 | + echo "**PR Number:** #339" >> $GITHUB_STEP_SUMMARY |
| 197 | + echo "**PR Author:** ${{ steps.pr-details.outputs.pr_author }}" >> $GITHUB_STEP_SUMMARY |
| 198 | + echo "**Module Path:** \`${{ steps.extract-path.outputs.module_path }}\`" >> $GITHUB_STEP_SUMMARY |
| 199 | + echo "" >> $GITHUB_STEP_SUMMARY |
| 200 | + echo "| Check | Status |" >> $GITHUB_STEP_SUMMARY |
| 201 | + echo "|-------|--------|" >> $GITHUB_STEP_SUMMARY |
| 202 | +
|
| 203 | + # Build script status |
| 204 | + if [ "${{ steps.check-build.outputs.has_build }}" == "true" ]; then |
| 205 | + if [ "${{ steps.build-result.outputs.build_success }}" == "true" ]; then |
| 206 | + echo "| Build script found | :white_check_mark: |" >> $GITHUB_STEP_SUMMARY |
| 207 | + echo "| Build execution | :white_check_mark: |" >> $GITHUB_STEP_SUMMARY |
| 208 | + else |
| 209 | + echo "| Build script found | :white_check_mark: |" >> $GITHUB_STEP_SUMMARY |
| 210 | + echo "| Build execution | :x: |" >> $GITHUB_STEP_SUMMARY |
| 211 | + fi |
| 212 | + else |
| 213 | + echo "| Build script found | :x: |" >> $GITHUB_STEP_SUMMARY |
| 214 | + fi |
| 215 | +
|
| 216 | + # Verify script status |
| 217 | + if [ "${{ steps.check-verify.outputs.has_verify }}" == "true" ]; then |
| 218 | + if [ "${{ steps.verify-result.outputs.verify_success }}" == "true" ]; then |
| 219 | + echo "| Verify script found | :white_check_mark: |" >> $GITHUB_STEP_SUMMARY |
| 220 | + echo "| Verify execution | :white_check_mark: |" >> $GITHUB_STEP_SUMMARY |
| 221 | + else |
| 222 | + echo "| Verify script found | :white_check_mark: |" >> $GITHUB_STEP_SUMMARY |
| 223 | + echo "| Verify execution | :x: |" >> $GITHUB_STEP_SUMMARY |
| 224 | + fi |
| 225 | + else |
| 226 | + echo "| Verify script found | :x: |" >> $GITHUB_STEP_SUMMARY |
| 227 | + fi |
| 228 | +
|
| 229 | +# Made with Bob |
0 commit comments