Skip to content

Commit 8377e1b

Browse files
MoonBoi9001claudetmigone
authored
ci: clearer check labels and split lint jobs (#1218)
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: Tomás Migone <tomas@edgeandnode.com>
1 parent 3604d2f commit 8377e1b

7 files changed

Lines changed: 241 additions & 194 deletions

File tree

.github/workflows/check-formatting.yml

Lines changed: 0 additions & 21 deletions
This file was deleted.
Lines changed: 15 additions & 47 deletions
Original file line numberDiff line numberDiff line change
@@ -1,67 +1,35 @@
1-
# For most projects, this workflow file will not need changing; you simply need
2-
# to commit it to your repository.
3-
#
4-
# You may wish to alter this file to override the set of languages analyzed,
5-
# or to provide custom queries or build logic.
6-
#
7-
# ******** NOTE ********
8-
# We have attempted to detect the languages in your repository. Please check
9-
# the `language` matrix defined below to confirm you have the correct set of
10-
# supported CodeQL languages.
11-
#
12-
name: "CodeQL"
1+
name: codeql
132

143
on:
154
push:
16-
branches: [ main ]
5+
branches: [main, main-dips]
176
pull_request:
187
# The branches below must be a subset of the branches above
19-
branches: [ main ]
8+
branches: [main, main-dips]
209
schedule:
2110
- cron: '38 7 * * 4'
2211

2312
jobs:
2413
analyze:
25-
name: Analyze
14+
name: analyze
2615
runs-on: ubuntu-22.04
2716

2817
strategy:
2918
fail-fast: false
3019
matrix:
31-
language: [ 'javascript' ]
32-
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
33-
# Learn more:
34-
# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
20+
language: ['javascript']
3521

3622
steps:
37-
- name: Checkout repository
38-
uses: actions/checkout@v2
23+
- name: Checkout repository
24+
uses: actions/checkout@v4
3925

40-
# Initializes the CodeQL tools for scanning.
41-
- name: Initialize CodeQL
42-
uses: github/codeql-action/init@v1
43-
with:
44-
languages: ${{ matrix.language }}
45-
# If you wish to specify custom queries, you can do so here or in a config file.
46-
# By default, queries listed here will override any specified in a config file.
47-
# Prefix the list here with "+" to use these queries and those in the config file.
48-
# queries: ./path/to/local/query, your-org/your-repo/queries@main
26+
- name: Initialize CodeQL
27+
uses: github/codeql-action/init@v3
28+
with:
29+
languages: ${{ matrix.language }}
4930

50-
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
51-
# If this step fails, then you should remove it and run the build manually (see below)
52-
- name: Autobuild
53-
uses: github/codeql-action/autobuild@v1
31+
- name: Autobuild
32+
uses: github/codeql-action/autobuild@v3
5433

55-
# ℹ️ Command-line programs to run using the OS shell.
56-
# 📚 https://git.io/JvXDl
57-
58-
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
59-
# and modify them (or add more) to build your code if your project
60-
# uses a compiled language
61-
62-
#- run: |
63-
# make bootstrap
64-
# make release
65-
66-
- name: Perform CodeQL Analysis
67-
uses: github/codeql-action/analyze@v1
34+
- name: Perform CodeQL Analysis
35+
uses: github/codeql-action/analyze@v3

.github/workflows/docker-build.yml

Lines changed: 176 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,176 @@
1+
name: docker build
2+
3+
on:
4+
workflow_dispatch:
5+
push:
6+
branches:
7+
- main
8+
tags:
9+
- v*.*.*
10+
pull_request: {}
11+
12+
env:
13+
AGENT_IMAGE: ghcr.io/graphprotocol/indexer-agent
14+
CLI_IMAGE: ghcr.io/graphprotocol/indexer-cli
15+
16+
jobs:
17+
agent:
18+
name: agent (${{ matrix.platform }})
19+
strategy:
20+
fail-fast: false
21+
matrix:
22+
include:
23+
- platform: amd64
24+
runner: ubuntu-24.04
25+
target: linux/amd64
26+
- platform: arm64
27+
runner: ubuntu-24.04-arm
28+
target: linux/arm64
29+
runs-on: ${{ matrix.runner }}
30+
permissions:
31+
packages: write
32+
steps:
33+
- name: Prepare platform pair
34+
run: |
35+
platform=${{ matrix.target }}
36+
echo "PLATFORM_PAIR=${platform//\//-}" >> "$GITHUB_ENV"
37+
38+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
39+
40+
- uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
41+
42+
- uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
43+
with:
44+
registry: ghcr.io
45+
username: ${{ github.repository_owner }}
46+
password: ${{ secrets.GITHUB_TOKEN }}
47+
48+
- name: Docker labels
49+
id: meta
50+
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
51+
with:
52+
images: ${{ env.AGENT_IMAGE }}
53+
54+
- name: Build and push by digest
55+
id: build
56+
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
57+
with:
58+
context: .
59+
file: Dockerfile.indexer-agent
60+
platforms: ${{ matrix.target }}
61+
labels: ${{ steps.meta.outputs.labels }}
62+
build-args: NPM_TOKEN=${{ secrets.graphprotocol_npm_token }}
63+
cache-from: type=gha,scope=${{ env.PLATFORM_PAIR }}
64+
cache-to: type=gha,mode=max,scope=${{ env.PLATFORM_PAIR }}
65+
outputs: type=image,name=${{ env.AGENT_IMAGE }},push-by-digest=true,name-canonical=true,push=${{ github.event_name != 'pull_request' }}
66+
67+
- name: Export digest
68+
if: github.event_name != 'pull_request'
69+
run: |
70+
mkdir -p ${{ runner.temp }}/digests
71+
digest="${{ steps.build.outputs.digest }}"
72+
touch "${{ runner.temp }}/digests/${digest#sha256:}"
73+
74+
- uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
75+
if: github.event_name != 'pull_request'
76+
with:
77+
name: digests-${{ env.PLATFORM_PAIR }}
78+
path: ${{ runner.temp }}/digests/*
79+
if-no-files-found: error
80+
retention-days: 1
81+
82+
agent-manifest:
83+
name: agent (manifest)
84+
needs: agent
85+
if: |
86+
!cancelled()
87+
&& needs.agent.result == 'success'
88+
&& github.event_name != 'pull_request'
89+
runs-on: ubuntu-latest
90+
permissions:
91+
packages: write
92+
steps:
93+
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
94+
with:
95+
path: ${{ runner.temp }}/digests
96+
pattern: digests-*
97+
merge-multiple: true
98+
99+
- uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
100+
101+
- uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
102+
with:
103+
registry: ghcr.io
104+
username: ${{ github.repository_owner }}
105+
password: ${{ secrets.GITHUB_TOKEN }}
106+
107+
- name: Docker tags
108+
id: meta
109+
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
110+
with:
111+
images: ${{ env.AGENT_IMAGE }}
112+
tags: |
113+
type=sha
114+
type=ref,event=branch
115+
type=ref,event=tag
116+
type=semver,pattern={{version}}
117+
type=semver,pattern={{major}}.{{minor}}
118+
type=semver,pattern={{major}}
119+
type=raw,value=latest,enable={{is_default_branch}}
120+
121+
122+
# Glob `*` expands to digest-named files written by the build job's Export digest step.
123+
- name: Create manifest list and push
124+
working-directory: ${{ runner.temp }}/digests
125+
run: |
126+
# shellcheck disable=SC2046
127+
# Both substitutions intentionally produce multiple shell args that
128+
# must word-split: jq emits per-tag `-t <tag>` pairs, and printf
129+
# expands the digest glob into one positional per file.
130+
docker buildx imagetools create \
131+
$(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
132+
$(printf '${{ env.AGENT_IMAGE }}@sha256:%s ' *)
133+
134+
- name: Inspect image
135+
run: |
136+
docker buildx imagetools inspect ${{ env.AGENT_IMAGE }}:${{ steps.meta.outputs.version }}
137+
138+
cli:
139+
name: cli
140+
runs-on: ubuntu-22.04
141+
permissions:
142+
packages: write
143+
steps:
144+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
145+
146+
- name: Docker meta
147+
id: docker_meta
148+
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
149+
with:
150+
images: ${{ env.CLI_IMAGE }}
151+
tags: |
152+
type=sha
153+
type=ref,event=branch
154+
type=ref,event=tag
155+
type=semver,pattern={{version}}
156+
type=semver,pattern={{major}}.{{minor}}
157+
type=semver,pattern={{major}}
158+
type=raw,value=latest,enable={{is_default_branch}}
159+
160+
- uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
161+
162+
- uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
163+
with:
164+
registry: ghcr.io
165+
username: ${{ github.repository_owner }}
166+
password: ${{ secrets.GITHUB_TOKEN }}
167+
168+
- name: Build and push Indexer CLI image
169+
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
170+
with:
171+
context: .
172+
file: Dockerfile.indexer-cli
173+
push: ${{ github.event_name != 'pull_request' }}
174+
tags: ${{ steps.docker_meta.outputs.tags }}
175+
labels: ${{ steps.docker_meta.outputs.labels }}
176+
build-args: NPM_TOKEN=${{ secrets.graphprotocol_npm_token }}

.github/workflows/indexer-agent-image.yml

Lines changed: 0 additions & 57 deletions
This file was deleted.

.github/workflows/indexer-cli-image.yml

Lines changed: 0 additions & 57 deletions
This file was deleted.

0 commit comments

Comments
 (0)