From f49712f984131a071c8e19c37045d9a2a859d29e Mon Sep 17 00:00:00 2001 From: Mohammad Adil Date: Wed, 16 Jun 2021 15:24:23 -0700 Subject: [PATCH 1/2] Add blossom pre-merge pipeline Signed-off-by: Mohammad Adil --- .github/workflows/blossom-ci.yml | 90 ++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 .github/workflows/blossom-ci.yml diff --git a/.github/workflows/blossom-ci.yml b/.github/workflows/blossom-ci.yml new file mode 100644 index 0000000000..15e16d34c6 --- /dev/null +++ b/.github/workflows/blossom-ci.yml @@ -0,0 +1,90 @@ +# A workflow to trigger ci on hybrid infra (github + self hosted runner) +name: Blossom-CI +on: + issue_comment: + types: [created] + workflow_dispatch: + inputs: + platform: + description: 'runs-on argument' + required: false + args: + description: 'argument' + required: false +jobs: + Authorization: + name: Authorization + runs-on: blossom + outputs: + args: ${{ env.args }} + + # This job only runs for pull request comments + if: | + contains( 'madil90,Nic-Ma,wyli', format('{0},', github.actor)) && + github.event.comment.body == '/build' + steps: + - name: Check if comment is issued by authorized person + run: blossom-ci + env: + OPERATION: 'AUTH' + REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }} + REPO_KEY_DATA: ${{ secrets.BLOSSOM_KEY }} + + Vulnerability-scan: + name: Vulnerability scan + needs: [Authorization] + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v2 + with: + repository: ${{ fromJson(needs.Authorization.outputs.args).repo }} + ref: ${{ fromJson(needs.Authorization.outputs.args).ref }} + lfs: 'true' + + # repo specific steps + #- name: Setup java + # uses: actions/setup-java@v1 + # with: + # java-version: 1.8 + + # add blackduck properties https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/631308372/Methods+for+Configuring+Analysis#Using-a-configuration-file + #- name: Setup blackduck properties + # run: | + # PROJECTS=$(mvn -am dependency:tree | grep maven-dependency-plugin | awk '{ out="com.nvidia:"$(NF-1);print out }' | grep rapids | xargs | sed -e 's/ /,/g') + # echo detect.maven.build.command="-pl=$PROJECTS -am" >> application.properties + # echo detect.maven.included.scopes=compile >> application.properties + + - name: Run blossom action + uses: NVIDIA/blossom-action@main + env: + REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }} + REPO_KEY_DATA: ${{ secrets.BLOSSOM_KEY }} + with: + args1: ${{ fromJson(needs.Authorization.outputs.args).args1 }} + args2: ${{ fromJson(needs.Authorization.outputs.args).args2 }} + args3: ${{ fromJson(needs.Authorization.outputs.args).args3 }} + + Job-trigger: + name: Start ci job + needs: [Vulnerability-scan] + runs-on: blossom + steps: + - name: Start ci job + run: blossom-ci + env: + OPERATION: 'START-CI-JOB' + CI_SERVER: ${{ secrets.CI_SERVER }} + REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + Post-processing: + name: Post processing + runs-on: blossom + if : github.event_name == 'workflow_dispatch' + steps: + - name: Start post processing + run: blossom-ci + env: + OPERATION: 'POST-PROCESSING' + CI_SERVER: ${{ secrets.CI_SERVER }} + REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 730ebfbe75b50ddae97b609bfbb5dc8f583bac71 Mon Sep 17 00:00:00 2001 From: Mohammad Adil Date: Thu, 17 Jun 2021 16:31:55 -0700 Subject: [PATCH 2/2] End build if newer version present Signed-off-by: Mohammad Adil --- .github/workflows/blossom-ci.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/blossom-ci.yml b/.github/workflows/blossom-ci.yml index 15e16d34c6..64a5b5cf9f 100644 --- a/.github/workflows/blossom-ci.yml +++ b/.github/workflows/blossom-ci.yml @@ -11,6 +11,12 @@ on: args: description: 'argument' required: false + +concurrency: + # automatically cancel the previously triggered workflows when there's a newer version + group: build-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + jobs: Authorization: name: Authorization