-
Notifications
You must be signed in to change notification settings - Fork 37
130 lines (117 loc) · 4.09 KB
/
Copy pathbake.yml
File metadata and controls
130 lines (117 loc) · 4.09 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: Build, test and publish extensions
on:
push:
workflow_dispatch:
inputs:
extension_name:
description: "The PostgreSQL extension to build (directory name)"
required: true
type: string
defaults:
run:
shell: 'bash -Eeuo pipefail -x {0}'
permissions: {}
jobs:
# Gather extensions that have been modified
change-triage:
name: Check changed files
runs-on: ubuntu-24.04
outputs:
matrix: ${{ steps.get-matrix.outputs.matrix}}
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- name: Fetch valid targets
id: get-targets
uses: dagger/dagger-for-github@27b130bf0f79a7f6fbbbe0fbca6760dc9bb40a77 # v8.4.1
env:
# renovate: datasource=github-tags depName=dagger/dagger versioning=semver
DAGGER_VERSION: 0.20.6
with:
version: ${{ env.DAGGER_VERSION }}
verb: call
module: ./dagger/maintenance/
args: get-targets
- name: Validate extension name
if: github.event_name == 'workflow_dispatch'
env:
INPUT_EXTENSION_NAME: ${{ github.event.inputs.extension_name }}
VALID_TARGETS: ${{ steps.get-targets.outputs.output }}
run: |
if ! echo "$VALID_TARGETS" | jq -e --arg ext "$INPUT_EXTENSION_NAME" 'index($ext)' > /dev/null; then
echo "::error::'$INPUT_EXTENSION_NAME' is not a valid extension target. Valid targets: $VALID_TARGETS"
exit 1
fi
- name: Compute paths-filter extensions block
env:
VALID_TARGETS: ${{ steps.get-targets.outputs.output }}
run: |
if ! echo "$VALID_TARGETS" | jq -e 'length > 0' > /dev/null; then
echo "::error::dagger get-targets returned no extensions: $VALID_TARGETS"
exit 1
fi
{
echo 'EXTENSIONS<<YAML_EOF'
echo "$VALID_TARGETS" | jq -r '.[] | "\(.):\n - \"\(.)/**\"\n - *shared"'
echo 'YAML_EOF'
} >> "$GITHUB_ENV"
- name: Check for changes
uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1
id: filter
with:
filters: |
_shared: &shared
- 'docker-bake.hcl'
- 'Taskfile.yml'
- 'test/**'
- 'dagger/maintenance/**'
- '.github/workflows/bake_targets.yml'
${{ env.EXTENSIONS }}
# Compute a matrix containing the list of all extensions that have been modified
- name: Compute matrix
id: get-matrix
env:
# JSON array containing the extensions that have been changed
CHANGES: ${{ steps.filter.outputs.changes }}
# Input Extension name
INPUT_EXTENSION_NAME: ${{ github.event.inputs.extension_name }}
EVENT_NAME: ${{ github.event_name }}
run: |
if [[ "${EVENT_NAME}" == 'workflow_dispatch' ]]; then
CHANGES="[\"$INPUT_EXTENSION_NAME\"]"
fi
# Filter away the shared filter
EXTENSIONS_CHANGED=$(echo "$CHANGES" | jq -c 'map(select(. != "_shared"))')
echo "matrix=$EXTENSIONS_CHANGED" >> "$GITHUB_OUTPUT"
Bake:
name: Bake
needs: change-triage
permissions:
packages: write
contents: read
id-token: write
security-events: write
if: ${{ join(fromJSON(needs.change-triage.outputs.matrix)) != '' }}
strategy:
fail-fast: false
matrix:
extension: ${{ fromJSON(needs.change-triage.outputs.matrix) }}
uses: ./.github/workflows/bake_targets.yml
with:
extension_name: ${{ matrix.extension }}
secrets:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
Catalogs:
name: Update Catalogs
needs: Bake
runs-on: ubuntu-24.04
permissions:
contents: write
if: github.ref == 'refs/heads/main'
steps:
- name: Repository Dispatch
uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4
with:
event-type: update-catalogs