diff --git a/.github/workflows/go-check.yml b/.github/workflows/go-check.yml index 45d22a9..1f2d38a 100644 --- a/.github/workflows/go-check.yml +++ b/.github/workflows/go-check.yml @@ -12,16 +12,56 @@ on: required: false type: boolean default: false + runner: + required: false + type: string + default: '"ubuntu-latest"' + env: + required: false + type: string + secrets: + CHECKOUT_TOKEN: + required: false + CHECKOUT_APP_ID: + required: false + CHECKOUT_PRIVATE_KEY: + required: false jobs: unit: - runs-on: ubuntu-latest + runs-on: ${{ fromJSON(vars['UCI_GO_CHECK_RUNNER'] || inputs['runner']) }} name: All steps: + - name: Set env + if: ${{ inputs.env }} + env: + ENV: ${{ inputs.env }} + run: | + echo "$ENV" >> $GITHUB_ENV + - name: Inspect secrets + id: secrets + env: + SECRETS: ${{ toJSON(secrets) }} + run: | + while read -r key; do + jq -nr --arg k "$key" --argjson s "$SECRETS" \ + 'if ($s[$k] // "") == "" then "false" else "true" end' \ + | xargs -I{} echo "$key={}" \ + | tee -a "$GITHUB_OUTPUT" + done <<< "$(jq -r 'keys[]' <<< "$SECRETS")" + - name: Create GitHub App installation token + id: checkout-app + if: steps.secrets.outputs.CHECKOUT_APP_ID == 'true' && steps.secrets.outputs.CHECKOUT_PRIVATE_KEY == 'true' + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ secrets.CHECKOUT_APP_ID }} + private-key: ${{ secrets.CHECKOUT_PRIVATE_KEY }} + owner: ${{ github.repository_owner }} - name: Check out the repository uses: actions/checkout@v5 with: submodules: recursive + token: ${{ steps.checkout-app.outputs.token || secrets.CHECKOUT_TOKEN }} - name: Extend the GitHub context id: github env: diff --git a/.github/workflows/go-test.yml b/.github/workflows/go-test.yml index 238ec31..9c58ecd 100644 --- a/.github/workflows/go-test.yml +++ b/.github/workflows/go-test.yml @@ -2,6 +2,10 @@ name: Go Test on: workflow_call: inputs: + os-versions: + required: false + type: string + default: '["ubuntu", "windows", "macos"]' go-versions: required: false type: string @@ -10,9 +14,30 @@ on: required: false type: boolean default: false + runner-ubuntu: + required: false + type: string + default: '"ubuntu-latest"' + runner-windows: + required: false + type: string + default: '"windows-latest"' + runner-macos: + required: false + type: string + default: '"macos-latest"' + env: + required: false + type: string secrets: CODECOV_TOKEN: required: false + CHECKOUT_TOKEN: + required: false + CHECKOUT_APP_ID: + required: false + CHECKOUT_PRIVATE_KEY: + required: false defaults: run: @@ -23,15 +48,40 @@ jobs: strategy: fail-fast: false matrix: - os: [ "ubuntu", "windows", "macos" ] + os: ${{ fromJSON(inputs.os-versions) }} go: ${{ fromJSON(inputs.go-versions) }} env: GOTESTFLAGS: -cover -coverprofile=module-coverage.txt -coverpkg=./... GO386FLAGS: '' GORACEFLAGS: '' - runs-on: ${{ fromJSON(vars[format('UCI_GO_TEST_RUNNER_{0}', matrix.os)] || format('"{0}-latest"', matrix.os)) }} + runs-on: ${{ fromJSON(vars[format('UCI_GO_TEST_RUNNER_{0}', matrix.os)] || inputs[format('runner-{0}', matrix.os)]) }} name: ${{ matrix.os }} (go ${{ matrix.go }}) steps: + - name: Set env + if: ${{ inputs.env }} + env: + ENV: ${{ inputs.env }} + run: | + echo "$ENV" >> $GITHUB_ENV + - name: Inspect secrets + id: secrets + env: + SECRETS: ${{ toJSON(secrets) }} + run: | + while read -r key; do + jq -nr --arg k "$key" --argjson s "$SECRETS" \ + 'if ($s[$k] // "") == "" then "false" else "true" end' \ + | xargs -I{} echo "$key={}" \ + | tee -a "$GITHUB_OUTPUT" + done <<< "$(jq -r 'keys[]' <<< "$SECRETS")" + - name: Create GitHub App installation token + id: checkout-app + if: steps.secrets.outputs.CHECKOUT_APP_ID == 'true' && steps.secrets.outputs.CHECKOUT_PRIVATE_KEY == 'true' + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ secrets.CHECKOUT_APP_ID }} + private-key: ${{ secrets.CHECKOUT_PRIVATE_KEY }} + owner: ${{ github.repository_owner }} - name: Use msys2 on windows if: matrix.os == 'windows' # The executable for msys2 is also called bash.cmd @@ -43,6 +93,7 @@ jobs: uses: actions/checkout@v5 with: submodules: recursive + token: ${{ steps.checkout-app.outputs.token || secrets.CHECKOUT_TOKEN }} - name: Check out the latest stable version of Go id: stable uses: actions/setup-go@v5 @@ -144,6 +195,7 @@ jobs: id: coverages run: echo "files=$(find . -type f -name 'module-coverage.txt' | tr -s '\n' ',' | sed 's/,$//')" >> $GITHUB_OUTPUT - name: Upload coverage to Codecov + if: steps.secrets.outputs.CODECOV_TOKEN == 'true' uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0 env: OS: ${{ matrix.os }} diff --git a/.github/workflows/release-check.yml b/.github/workflows/release-check.yml index c2ea890..44c4caf 100644 --- a/.github/workflows/release-check.yml +++ b/.github/workflows/release-check.yml @@ -14,6 +14,10 @@ on: required: false type: string default: '/' + runner: + required: false + type: string + default: '"ubuntu-latest"' outputs: json: description: JSON aggregation of release.json artifacts @@ -21,7 +25,7 @@ on: jobs: release-check: - runs-on: ubuntu-latest + runs-on: ${{ fromJSON(vars['UCI_RELEASE_CHECK_RUNNER'] || inputs['runner']) }} strategy: fail-fast: false matrix: @@ -338,7 +342,7 @@ jobs: path: release.json aggregate: needs: [release-check] - runs-on: ubuntu-latest + runs-on: ${{ fromJSON(vars['UCI_RELEASE_CHECK_RUNNER'] || inputs['runner']) }} outputs: json: ${{ toJSON(fromJSON(steps.aggregate.outputs.json)) }} steps: diff --git a/.github/workflows/releaser.yml b/.github/workflows/releaser.yml index 80cd04d..79edb95 100644 --- a/.github/workflows/releaser.yml +++ b/.github/workflows/releaser.yml @@ -18,6 +18,10 @@ on: required: false type: boolean default: false + runner: + required: false + type: string + default: '"ubuntu-latest"' outputs: json: description: JSON aggregation of release.json artifacts @@ -28,7 +32,7 @@ on: jobs: releaser: - runs-on: ubuntu-latest + runs-on: ${{ fromJSON(vars['UCI_RELEASER_RUNNER'] || inputs['runner']) }} strategy: fail-fast: false matrix: @@ -185,7 +189,7 @@ jobs: overwrite: true aggregate: needs: [releaser] - runs-on: ubuntu-latest + runs-on: ${{ fromJSON(vars['UCI_RELEASER_RUNNER'] || inputs['runner']) }} outputs: json: ${{ toJSON(fromJSON(steps.aggregate.outputs.json)) }} steps: diff --git a/.github/workflows/reusable-generated-pr.yml b/.github/workflows/reusable-generated-pr.yml index e785c82..8967ca6 100644 --- a/.github/workflows/reusable-generated-pr.yml +++ b/.github/workflows/reusable-generated-pr.yml @@ -2,10 +2,15 @@ name: Close Generated PRs on: workflow_call: + inputs: + runner: + required: false + type: string + default: '"ubuntu-latest"' jobs: stale: - runs-on: ubuntu-latest + runs-on: ${{ fromJSON(vars['UCI_GENERATED_PR_RUNNER'] || inputs['runner']) }} permissions: issues: write pull-requests: write diff --git a/.github/workflows/reusable-semantic-pull-request.yml b/.github/workflows/reusable-semantic-pull-request.yml index ee3fc5b..60fb551 100644 --- a/.github/workflows/reusable-semantic-pull-request.yml +++ b/.github/workflows/reusable-semantic-pull-request.yml @@ -2,11 +2,16 @@ name: Semantic PR on: workflow_call: + inputs: + runner: + required: false + type: string + default: '"ubuntu-latest"' jobs: main: name: Validate PR title - runs-on: ubuntu-latest + runs-on: ${{ fromJSON(vars['UCI_SEMANTIC_PULL_REQUEST_RUNNER'] || inputs['runner']) }} steps: - uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6.1.1 env: diff --git a/.github/workflows/reusable-spellcheck.yml b/.github/workflows/reusable-spellcheck.yml index 47166b3..aa3c782 100644 --- a/.github/workflows/reusable-spellcheck.yml +++ b/.github/workflows/reusable-spellcheck.yml @@ -2,10 +2,15 @@ name: Check Spelling on: workflow_call: + inputs: + runner: + required: false + type: string + default: '"ubuntu-latest"' jobs: spellcheck: - runs-on: ubuntu-latest + runs-on: ${{ fromJSON(vars['UCI_SPELLCHECK_RUNNER'] || inputs['runner']) }} steps: - uses: actions/checkout@v5 diff --git a/.github/workflows/reusable-stale-issue.yml b/.github/workflows/reusable-stale-issue.yml index 0031233..e871d75 100644 --- a/.github/workflows/reusable-stale-issue.yml +++ b/.github/workflows/reusable-stale-issue.yml @@ -2,10 +2,15 @@ name: Close Stale Issues on: workflow_call: + inputs: + runner: + required: false + type: string + default: '"ubuntu-latest"' jobs: stale: - runs-on: ubuntu-latest + runs-on: ${{ fromJSON(vars['UCI_STALE_ISSUE_RUNNER'] || inputs['runner']) }} permissions: issues: write pull-requests: write diff --git a/.github/workflows/tagpush.yml b/.github/workflows/tagpush.yml index 25bdb5d..fe51a73 100644 --- a/.github/workflows/tagpush.yml +++ b/.github/workflows/tagpush.yml @@ -2,11 +2,16 @@ name: Manual Release Nag on: workflow_call: + inputs: + runner: + required: false + type: string + default: '"ubuntu-latest"' jobs: nag: if: startsWith(github.ref, 'refs/tags') && github.event.pusher.name != 'web3-bot' - runs-on: ubuntu-latest + runs-on: ${{ fromJSON(vars['UCI_TAGPUSH_RUNNER'] || inputs['runner']) }} name: All steps: - id: tag diff --git a/CHANGELOG.md b/CHANGELOG.md index 1c4bf91..ee46c2f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,14 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## Unreleased +### Added +- `env` input support to `go-test` and `go-check` workflows +- `CHECKOUT_TOKEN`, `CHECKOUT_APP_ID` and `CHECKOUT_PRIVATE_KEY` secrets support to `go-test` and `go-check` workflows +- custom `runner` configuration to most workflows +- `os-versions` input support to `go-test` workflow + +### Changed +- disabled codecov when token is not available ## [1.0.34] - 2025-09-16 ### Fixed