Skip to content

Commit 630f79a

Browse files
authored
feat: added CHECKOUT_TOKEN support to go-test and go-check workflows (#138)
* feat: added CHECKOUT_TOKEN support to go-test and go-check workflows * feat: added env support to go-test and go-check workflows * feat: allow custom runner configuration in most workflows * feat: added os-versions input to go-test * Pass checkout-token through inputs * feat: support app creds for checkout * feat: turn some intputs into secrets * feat: disable codecov when token is not available
1 parent 92c1983 commit 630f79a

10 files changed

Lines changed: 145 additions & 12 deletions

.github/workflows/go-check.yml

Lines changed: 41 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,16 +12,56 @@ on:
1212
required: false
1313
type: boolean
1414
default: false
15+
runner:
16+
required: false
17+
type: string
18+
default: '"ubuntu-latest"'
19+
env:
20+
required: false
21+
type: string
22+
secrets:
23+
CHECKOUT_TOKEN:
24+
required: false
25+
CHECKOUT_APP_ID:
26+
required: false
27+
CHECKOUT_PRIVATE_KEY:
28+
required: false
1529

1630
jobs:
1731
unit:
18-
runs-on: ubuntu-latest
32+
runs-on: ${{ fromJSON(vars['UCI_GO_CHECK_RUNNER'] || inputs['runner']) }}
1933
name: All
2034
steps:
35+
- name: Set env
36+
if: ${{ inputs.env }}
37+
env:
38+
ENV: ${{ inputs.env }}
39+
run: |
40+
echo "$ENV" >> $GITHUB_ENV
41+
- name: Inspect secrets
42+
id: secrets
43+
env:
44+
SECRETS: ${{ toJSON(secrets) }}
45+
run: |
46+
while read -r key; do
47+
jq -nr --arg k "$key" --argjson s "$SECRETS" \
48+
'if ($s[$k] // "") == "" then "false" else "true" end' \
49+
| xargs -I{} echo "$key={}" \
50+
| tee -a "$GITHUB_OUTPUT"
51+
done <<< "$(jq -r 'keys[]' <<< "$SECRETS")"
52+
- name: Create GitHub App installation token
53+
id: checkout-app
54+
if: steps.secrets.outputs.CHECKOUT_APP_ID == 'true' && steps.secrets.outputs.CHECKOUT_PRIVATE_KEY == 'true'
55+
uses: actions/create-github-app-token@v2
56+
with:
57+
app-id: ${{ secrets.CHECKOUT_APP_ID }}
58+
private-key: ${{ secrets.CHECKOUT_PRIVATE_KEY }}
59+
owner: ${{ github.repository_owner }}
2160
- name: Check out the repository
2261
uses: actions/checkout@v5
2362
with:
2463
submodules: recursive
64+
token: ${{ steps.checkout-app.outputs.token || secrets.CHECKOUT_TOKEN }}
2565
- name: Extend the GitHub context
2666
id: github
2767
env:

.github/workflows/go-test.yml

Lines changed: 54 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,10 @@ name: Go Test
22
on:
33
workflow_call:
44
inputs:
5+
os-versions:
6+
required: false
7+
type: string
8+
default: '["ubuntu", "windows", "macos"]'
59
go-versions:
610
required: false
711
type: string
@@ -10,9 +14,30 @@ on:
1014
required: false
1115
type: boolean
1216
default: false
17+
runner-ubuntu:
18+
required: false
19+
type: string
20+
default: '"ubuntu-latest"'
21+
runner-windows:
22+
required: false
23+
type: string
24+
default: '"windows-latest"'
25+
runner-macos:
26+
required: false
27+
type: string
28+
default: '"macos-latest"'
29+
env:
30+
required: false
31+
type: string
1332
secrets:
1433
CODECOV_TOKEN:
1534
required: false
35+
CHECKOUT_TOKEN:
36+
required: false
37+
CHECKOUT_APP_ID:
38+
required: false
39+
CHECKOUT_PRIVATE_KEY:
40+
required: false
1641

1742
defaults:
1843
run:
@@ -23,15 +48,40 @@ jobs:
2348
strategy:
2449
fail-fast: false
2550
matrix:
26-
os: [ "ubuntu", "windows", "macos" ]
51+
os: ${{ fromJSON(inputs.os-versions) }}
2752
go: ${{ fromJSON(inputs.go-versions) }}
2853
env:
2954
GOTESTFLAGS: -cover -coverprofile=module-coverage.txt -coverpkg=./...
3055
GO386FLAGS: ''
3156
GORACEFLAGS: ''
32-
runs-on: ${{ fromJSON(vars[format('UCI_GO_TEST_RUNNER_{0}', matrix.os)] || format('"{0}-latest"', matrix.os)) }}
57+
runs-on: ${{ fromJSON(vars[format('UCI_GO_TEST_RUNNER_{0}', matrix.os)] || inputs[format('runner-{0}', matrix.os)]) }}
3358
name: ${{ matrix.os }} (go ${{ matrix.go }})
3459
steps:
60+
- name: Set env
61+
if: ${{ inputs.env }}
62+
env:
63+
ENV: ${{ inputs.env }}
64+
run: |
65+
echo "$ENV" >> $GITHUB_ENV
66+
- name: Inspect secrets
67+
id: secrets
68+
env:
69+
SECRETS: ${{ toJSON(secrets) }}
70+
run: |
71+
while read -r key; do
72+
jq -nr --arg k "$key" --argjson s "$SECRETS" \
73+
'if ($s[$k] // "") == "" then "false" else "true" end' \
74+
| xargs -I{} echo "$key={}" \
75+
| tee -a "$GITHUB_OUTPUT"
76+
done <<< "$(jq -r 'keys[]' <<< "$SECRETS")"
77+
- name: Create GitHub App installation token
78+
id: checkout-app
79+
if: steps.secrets.outputs.CHECKOUT_APP_ID == 'true' && steps.secrets.outputs.CHECKOUT_PRIVATE_KEY == 'true'
80+
uses: actions/create-github-app-token@v2
81+
with:
82+
app-id: ${{ secrets.CHECKOUT_APP_ID }}
83+
private-key: ${{ secrets.CHECKOUT_PRIVATE_KEY }}
84+
owner: ${{ github.repository_owner }}
3585
- name: Use msys2 on windows
3686
if: matrix.os == 'windows'
3787
# The executable for msys2 is also called bash.cmd
@@ -43,6 +93,7 @@ jobs:
4393
uses: actions/checkout@v5
4494
with:
4595
submodules: recursive
96+
token: ${{ steps.checkout-app.outputs.token || secrets.CHECKOUT_TOKEN }}
4697
- name: Check out the latest stable version of Go
4798
id: stable
4899
uses: actions/setup-go@v5
@@ -144,6 +195,7 @@ jobs:
144195
id: coverages
145196
run: echo "files=$(find . -type f -name 'module-coverage.txt' | tr -s '\n' ',' | sed 's/,$//')" >> $GITHUB_OUTPUT
146197
- name: Upload coverage to Codecov
198+
if: steps.secrets.outputs.CODECOV_TOKEN == 'true'
147199
uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
148200
env:
149201
OS: ${{ matrix.os }}

.github/workflows/release-check.yml

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,14 +14,18 @@ on:
1414
required: false
1515
type: string
1616
default: '/'
17+
runner:
18+
required: false
19+
type: string
20+
default: '"ubuntu-latest"'
1721
outputs:
1822
json:
1923
description: JSON aggregation of release.json artifacts
2024
value: ${{ jobs.aggregate.outputs.json }}
2125

2226
jobs:
2327
release-check:
24-
runs-on: ubuntu-latest
28+
runs-on: ${{ fromJSON(vars['UCI_RELEASE_CHECK_RUNNER'] || inputs['runner']) }}
2529
strategy:
2630
fail-fast: false
2731
matrix:
@@ -338,7 +342,7 @@ jobs:
338342
path: release.json
339343
aggregate:
340344
needs: [release-check]
341-
runs-on: ubuntu-latest
345+
runs-on: ${{ fromJSON(vars['UCI_RELEASE_CHECK_RUNNER'] || inputs['runner']) }}
342346
outputs:
343347
json: ${{ toJSON(fromJSON(steps.aggregate.outputs.json)) }}
344348
steps:

.github/workflows/releaser.yml

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,10 @@ on:
1818
required: false
1919
type: boolean
2020
default: false
21+
runner:
22+
required: false
23+
type: string
24+
default: '"ubuntu-latest"'
2125
outputs:
2226
json:
2327
description: JSON aggregation of release.json artifacts
@@ -28,7 +32,7 @@ on:
2832

2933
jobs:
3034
releaser:
31-
runs-on: ubuntu-latest
35+
runs-on: ${{ fromJSON(vars['UCI_RELEASER_RUNNER'] || inputs['runner']) }}
3236
strategy:
3337
fail-fast: false
3438
matrix:
@@ -185,7 +189,7 @@ jobs:
185189
overwrite: true
186190
aggregate:
187191
needs: [releaser]
188-
runs-on: ubuntu-latest
192+
runs-on: ${{ fromJSON(vars['UCI_RELEASER_RUNNER'] || inputs['runner']) }}
189193
outputs:
190194
json: ${{ toJSON(fromJSON(steps.aggregate.outputs.json)) }}
191195
steps:

.github/workflows/reusable-generated-pr.yml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,10 +2,15 @@ name: Close Generated PRs
22

33
on:
44
workflow_call:
5+
inputs:
6+
runner:
7+
required: false
8+
type: string
9+
default: '"ubuntu-latest"'
510

611
jobs:
712
stale:
8-
runs-on: ubuntu-latest
13+
runs-on: ${{ fromJSON(vars['UCI_GENERATED_PR_RUNNER'] || inputs['runner']) }}
914
permissions:
1015
issues: write
1116
pull-requests: write

.github/workflows/reusable-semantic-pull-request.yml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,11 +2,16 @@ name: Semantic PR
22

33
on:
44
workflow_call:
5+
inputs:
6+
runner:
7+
required: false
8+
type: string
9+
default: '"ubuntu-latest"'
510

611
jobs:
712
main:
813
name: Validate PR title
9-
runs-on: ubuntu-latest
14+
runs-on: ${{ fromJSON(vars['UCI_SEMANTIC_PULL_REQUEST_RUNNER'] || inputs['runner']) }}
1015
steps:
1116
- uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6.1.1
1217
env:

.github/workflows/reusable-spellcheck.yml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,10 +2,15 @@ name: Check Spelling
22

33
on:
44
workflow_call:
5+
inputs:
6+
runner:
7+
required: false
8+
type: string
9+
default: '"ubuntu-latest"'
510

611
jobs:
712
spellcheck:
8-
runs-on: ubuntu-latest
13+
runs-on: ${{ fromJSON(vars['UCI_SPELLCHECK_RUNNER'] || inputs['runner']) }}
914
steps:
1015
- uses: actions/checkout@v5
1116

.github/workflows/reusable-stale-issue.yml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,10 +2,15 @@ name: Close Stale Issues
22

33
on:
44
workflow_call:
5+
inputs:
6+
runner:
7+
required: false
8+
type: string
9+
default: '"ubuntu-latest"'
510

611
jobs:
712
stale:
8-
runs-on: ubuntu-latest
13+
runs-on: ${{ fromJSON(vars['UCI_STALE_ISSUE_RUNNER'] || inputs['runner']) }}
914
permissions:
1015
issues: write
1116
pull-requests: write

.github/workflows/tagpush.yml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,11 +2,16 @@ name: Manual Release Nag
22

33
on:
44
workflow_call:
5+
inputs:
6+
runner:
7+
required: false
8+
type: string
9+
default: '"ubuntu-latest"'
510

611
jobs:
712
nag:
813
if: startsWith(github.ref, 'refs/tags') && github.event.pusher.name != 'web3-bot'
9-
runs-on: ubuntu-latest
14+
runs-on: ${{ fromJSON(vars['UCI_TAGPUSH_RUNNER'] || inputs['runner']) }}
1015
name: All
1116
steps:
1217
- id: tag

CHANGELOG.md

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,14 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
55
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
66

77
## Unreleased
8+
### Added
9+
- `env` input support to `go-test` and `go-check` workflows
10+
- `CHECKOUT_TOKEN`, `CHECKOUT_APP_ID` and `CHECKOUT_PRIVATE_KEY` secrets support to `go-test` and `go-check` workflows
11+
- custom `runner` configuration to most workflows
12+
- `os-versions` input support to `go-test` workflow
13+
14+
### Changed
15+
- disabled codecov when token is not available
816

917
## [1.0.34] - 2025-09-16
1018
### Fixed

0 commit comments

Comments
 (0)