From 12ac468b303341ffee8d2dd4af9ff86db2bfc2d4 Mon Sep 17 00:00:00 2001 From: Sam Gammon Date: Thu, 7 Mar 2024 20:29:57 -0800 Subject: [PATCH] chore: refactor into reusable workflows Signed-off-by: Sam Gammon --- .github/workflows/ci.yml | 8 ++--- .github/workflows/codeql.yml | 5 ++- .github/workflows/dependency-review.yml | 6 ++-- .../workflows/gradle-wrapper-validation.yml | 8 ++--- .github/workflows/on.pr.yml | 35 +++++++++++++++++++ .github/workflows/on.push.yml | 25 +++++++++++++ 6 files changed, 68 insertions(+), 19 deletions(-) create mode 100644 .github/workflows/on.pr.yml create mode 100644 .github/workflows/on.push.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 11300f727446..27f729ad5178 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,12 +1,8 @@ name: CI on: - push: - branches: - - master - pull_request: - branches: - - master + workflow_call: {} + workflow_dispatch: {} permissions: contents: read diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 6be21cbc81cf..f4573b064184 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -12,11 +12,10 @@ name: "CodeQL" on: + workflow_call: {} + workflow_dispatch: {} push: branches: ["master"] - pull_request: - # The branches below must be a subset of the branches above - branches: ["master"] schedule: - cron: "0 0 * * 1" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 8b419a6a39ad..744b5a7be1b2 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -1,9 +1,7 @@ name: 'Dependency Graph' on: - pull_request: {} - push: - branches: - - master + workflow_call: { } + workflow_dispatch: { } permissions: contents: read diff --git a/.github/workflows/gradle-wrapper-validation.yml b/.github/workflows/gradle-wrapper-validation.yml index ab739790b00d..f4e238476e49 100644 --- a/.github/workflows/gradle-wrapper-validation.yml +++ b/.github/workflows/gradle-wrapper-validation.yml @@ -1,11 +1,7 @@ name: "Validate Gradle Wrapper" on: - push: - branches: - - master - pull_request: - branches: - - master + workflow_call: {} + workflow_dispatch: {} permissions: contents: read diff --git a/.github/workflows/on.pr.yml b/.github/workflows/on.pr.yml new file mode 100644 index 000000000000..c754a8975dc3 --- /dev/null +++ b/.github/workflows/on.pr.yml @@ -0,0 +1,35 @@ +name: PR + +on: + pull_request: + branches: + - master + +permissions: + contents: read + +jobs: + ## Run main CI build and tests. + run-ci: + name: "Build & Test" + uses: ./.github/workflows/ci.yml + permissions: + actions: write + contents: write + + ## Validate the Gradle Wrapper binary + checks-gradle-wrapper: + name: "Checks" + uses: ./.github/workflows/gradle-wrapper-validation.yml + + ## Publish and check the dependency graph. + checks-dependency-graph: + name: "Checks" + uses: ./.github/workflows/dependency-review.yml + permissions: + id-token: write + + ## Run CodeQL checks + checks-codeql: + name: "Checks" + uses: ./.github/workflows/codeql.yml diff --git a/.github/workflows/on.push.yml b/.github/workflows/on.push.yml new file mode 100644 index 000000000000..a22c0d799612 --- /dev/null +++ b/.github/workflows/on.push.yml @@ -0,0 +1,25 @@ +name: Push + +on: + push: + branches: + - master + +permissions: + contents: read + +jobs: + ## Run main CI build and tests. + run-ci: + name: "Build & Test" + uses: ./.github/workflows/ci.yml + permissions: + actions: write + contents: write + + ## Publish and check the dependency graph. + checks-dependency-graph: + name: "Checks" + uses: ./.github/workflows/dependency-review.yml + permissions: + id-token: write