feat: run reusable ci workflow on post dependabot

npm · Feb 16, 2023 · b3cd790 · b3cd790
1 parent 2d98a04
commit b3cd790
Show file tree

Hide file tree

Showing 31 changed files with 678 additions and 334 deletions.
diff --git a/.github/actions/audit/action.yml b/.github/actions/audit/action.yml
@@ -5,7 +5,7 @@ name: Audit
 inputs:
   shell:
     description: shell to run on
-    default: bash
+    default: 'bash'
 
 runs:
   using: composite

diff --git a/.github/actions/create-check/action.yml b/.github/actions/create-check/action.yml
@@ -15,7 +15,7 @@ inputs:
     required: true
   job-status:
     description: Status of the check being created
-    default: in_progress
+    default: 'in_progress'
 
 outputs:
   check-id:

diff --git a/.github/actions/deps/action.yml b/.github/actions/deps/action.yml
@@ -5,12 +5,13 @@ name: Dependencies
 inputs:
   command:
     description: command to run for the dependencies step
-    default: install --ignore-scripts --no-audit --no-fund
+    default: 'install --ignore-scripts --no-audit --no-fund'
   flags:
     description: extra flags to pass to the dependencies step
+    default: ''
   shell:
     description: shell to run on
-    default: bash
+    default: 'bash'
 
 runs:
   using: composite

diff --git a/.github/actions/lint/action.yml b/.github/actions/lint/action.yml
@@ -5,9 +5,10 @@ name: Lint
 inputs:
   flags:
     description: flags to pass to the commands
+    default: ''
   shell:
     description: shell to run on
-    default: bash
+    default: 'bash'
 
 runs:
   using: composite

diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml
@@ -6,22 +6,22 @@ description: Setup a repo with standard tools
 inputs:
   node-version:
     description: node version to use
-    default: 18.x
+    default: '18.x'
   npm-version:
     description: npm version to use
-    default: latest
+    default: 'latest'
   cache:
     description: whether to cache npm install or not
-    default: false
+    default: 'false'
   shell:
     description: shell to run on
-    default: bash
+    default: 'bash'
   deps:
     description: whether to run the deps step
     default: 'true'
   deps-command:
     description: command to run for the dependencies step
-    default: install --ignore-scripts --no-audit --no-fund
+    default: 'install --ignore-scripts --no-audit --no-fund'
   deps-flags:
     description: extra flags to pass to the dependencies step
 

diff --git a/.github/actions/test/action.yml b/.github/actions/test/action.yml
@@ -5,9 +5,10 @@ name: Test
 inputs:
   flags:
     description: flags to pass to the commands
+    default: ''
   shell:
     description: shell to run on
-    default: bash
+    default: 'bash'
 
 runs:
   using: composite

diff --git a/.github/actions/upsert-comment/action.yml b/.github/actions/upsert-comment/action.yml
@@ -12,9 +12,11 @@ inputs:
     required: true
   login:
     description: Login name of user to look for comments from
-    default: github-actions[bot]
+    default: 'github-actions[bot]'
+    required: true
   body:
     description: Body of the comment, the first line will be used to match to an existing comment
+    required: true
   find:
     description: string to find in body
   replace:
@@ -54,8 +56,8 @@ runs:
           const comments = await github.paginate(github.rest.issues.listComments, { owner, repo, issue_number })
             .then(comments => comments.map(c => ({ id: c.id, login: c.user.login, body: c.body })))
 
-          console.log(`Found comments: ${JSON.stringify(comments, null, 2)}`)
           console.log(`Looking for comment with: ${JSON.stringify({ LOGIN, TITLE, INCLUDES }, null, 2)}`)
+          console.log(`Found comments: ${JSON.stringify(comments, null, 2)}`)
 
           const comment = comments.find(c =>
             c.login === LOGIN &&

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -5,26 +5,22 @@ name: CI
 on:
   workflow_dispatch:
     inputs:
-      ref:
-        required: true
-        type: string
-      check-sha:
-        type: string
       all:
-        default: true
         type: boolean
   workflow_call:
     inputs:
       ref:
-        required: true
         type: string
+      force:
+        type: boolean
       check-sha:
-        required: true
         type: string
       all:
-        default: true
         type: boolean
   pull_request:
+    branches:
+      - main
+      - latest
   push:
     branches:
       - main
@@ -36,7 +32,7 @@ on:
 jobs:
   lint:
     name: Lint
-    if: github.repository_owner == 'npm'
+    if: github.repository_owner == 'npm' && !(github.event_name == 'pull_request' && startsWith(github.head_ref, 'dependabot/') && contains(github.head_ref, '/npm-cli/template-oss') && !inputs.force)
     runs-on: ubuntu-latest
     defaults:
       run:
@@ -58,20 +54,17 @@ jobs:
 
       - name: Setup
         id: setup
-        continue-on-error: ${{ !!steps.check.outputs.check-id }}
         uses: ./.github/actions/setup
 
       - name: Get Changed Workspaces
         id: workspaces
-        continue-on-error: ${{ !!steps.check.outputs.check-id }}
         uses: ./.github/actions/changed-workspaces
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           files: ${{ (inputs.all && '--all') || '' }}
 
       - name: Lint
         uses: ./.github/actions/lint
-        continue-on-error: ${{ !!steps.check.outputs.check-id }}
         with:
           flags: ${{ steps.workspaces.outputs.flags }}
 
@@ -85,7 +78,7 @@ jobs:
 
   test:
     name: Test - ${{ matrix.platform.name }} - ${{ matrix.node-version }}
-    if: github.repository_owner == 'npm'
+    if: github.repository_owner == 'npm' && !(github.event_name == 'pull_request' && startsWith(github.head_ref, 'dependabot/') && contains(github.head_ref, '/npm-cli/template-oss') && !inputs.force)
     runs-on: ${{ matrix.platform.os }}
     defaults:
       run:
@@ -116,7 +109,7 @@ jobs:
         shell: bash
         run: |
           if [[ "${{ matrix.node-version }}" == "14.17.0" || "${{ inputs.all }}" == "true" ]]; then
-            echo "result=true" >> $GITHUB_OUTPUT 
+            echo "result=true" >> $GITHUB_OUTPUT
           fi
 
       - name: Checkout
@@ -138,15 +131,13 @@ jobs:
         if: steps.continue-matrix.outputs.result
         uses: ./.github/actions/setup
         id: setup
-        continue-on-error: ${{ !!steps.check.outputs.check-id }}
         with:
           node-version: ${{ matrix.node-version }}
           shell: ${{ matrix.platform.shell }}
 
       - name: Get Changed Workspaces
         if: steps.continue-matrix.outputs.result
         id: workspaces
-        continue-on-error: ${{ !!steps.check.outputs.check-id }}
         uses: ./.github/actions/changed-workspaces
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
@@ -155,7 +146,6 @@ jobs:
       - name: Test
         if: steps.continue-matrix.outputs.result
         uses: ./.github/actions/test
-        continue-on-error: ${{ !!steps.check.outputs.check-id }}
         with:
           flags: ${{ steps.workspaces.outputs.flags }}
           shell: ${{ matrix.platform.shell }}

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -3,6 +3,15 @@
 name: CodeQL
 
 on:
+  workflow_dispatch:
+  workflow_call:
+    inputs:
+      ref:
+        type: string
+      force:
+        type: boolean
+      check-sha:
+        type: string
   push:
     branches:
       - main
@@ -18,7 +27,7 @@ on:
 jobs:
   analyze:
     name: Analyze
-    if: github.repository_owner == 'npm'
+    if: github.repository_owner == 'npm' && !(github.event_name == 'pull_request' && startsWith(github.head_ref, 'dependabot/') && contains(github.head_ref, '/npm-cli/template-oss') && !inputs.force)
     runs-on: ubuntu-latest
     defaults:
       run:
@@ -27,9 +36,21 @@ jobs:
       actions: read
       contents: read
       security-events: write
+      checks: write
     steps:
       - name: Checkout
         uses: actions/checkout@v3
+        with:
+          ref: ${{ inputs.ref }}
+
+      - name: Create Check
+        uses: ./.github/actions/create-check
+        if: inputs.check-sha
+        id: check
+        with:
+          sha: ${{ inputs.check-sha }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+          job-name: Analyze
 
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v2
@@ -38,3 +59,11 @@ jobs:
 
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v2
+
+      - name: Conclude Check
+        uses: ./.github/actions/conclude-check
+        if: steps.check.outputs.check-id && (success() || failure())
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          conclusion: ${{ job.status }}
+          check-id: ${{ steps.check.outputs.check-id }}