Coverage Map Refresh #5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # .github/workflows/coverage-refresh.yml | |
| name: 'Coverage Map Refresh' | |
| on: | |
| schedule: | |
| - cron: '0 6 * * 1' # weekly floor | |
| push: | |
| branches: [master] | |
| paths: | |
| - 'toolchain/mfc/test/cases.py' | |
| - 'src/**/*.fpp' | |
| workflow_dispatch: | |
| permissions: | |
| contents: write | |
| concurrency: | |
| group: coverage-refresh | |
| cancel-in-progress: true | |
| jobs: | |
| refresh: | |
| if: github.repository == 'MFlowCode/MFC' | |
| timeout-minutes: 240 | |
| runs-on: | |
| group: phoenix | |
| labels: gt | |
| steps: | |
| # persist-credentials: false stops actions/checkout from configuring the | |
| # default GITHUB_TOKEN as an http.extraheader, which otherwise OVERRIDES the | |
| # app-token credentials embedded in the push URL below — making the push | |
| # authenticate as github-actions[bot] (not a ruleset bypass actor) and get | |
| # rejected by the require-PR rule. With it off, the app token is used and the | |
| # mfc-map-bot bypass applies. | |
| - uses: actions/checkout@v4 | |
| with: { clean: false, persist-credentials: false } | |
| - name: Build + collect coverage map (SLURM) | |
| run: bash .github/scripts/submit-slurm-job.sh .github/workflows/common/coverage-refresh.sh cpu none phoenix | |
| # Mint a short-lived GitHub App installation token. The app is on the master | |
| # ruleset's bypass list (Integration actor), so its push satisfies the | |
| # "require pull request" rule that rejects the default GITHUB_TOKEN. | |
| - name: Generate app token | |
| id: app-token | |
| uses: actions/create-github-app-token@v3 | |
| with: | |
| app-id: ${{ secrets.MAP_BOT_APP_ID }} | |
| private-key: ${{ secrets.MAP_BOT_APP_PRIVATE_KEY }} | |
| - name: Commit refreshed map | |
| env: | |
| GH_TOKEN: ${{ steps.app-token.outputs.token }} | |
| run: | | |
| if ! git diff --quiet tests/coverage_map.json.gz; then | |
| git config user.name "mfc-map-bot[bot]" | |
| git config user.email "mfc-map-bot[bot]@users.noreply.github.com" | |
| git add tests/coverage_map.json.gz | |
| # --no-verify: this bot commit stages only the binary coverage map; it | |
| # must not run the repo pre-commit hook (./mfc.sh precheck/spelling), | |
| # which is for source changes and aborts the commit on the runner. | |
| git commit --no-verify -m "test: refresh coverage map [skip ci]" | |
| # Push to master via the app installation token. The app is a bypass | |
| # actor on the master ruleset, so the require-PR rule does not reject it. | |
| git push "https://x-access-token:${GH_TOKEN}@github.com/MFlowCode/MFC.git" HEAD:master | |
| else | |
| echo "Coverage map unchanged." | |
| fi |