client-python/.github/workflows/pipeline.yml at main · zitadel/client-python · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
name: Pipeline

on:
  push:
    branches:
      - main
      - master
      - next
      - next-major
      - beta
      - alpha
      - '[0-9]*.x'
      - develop
      - 'release/**'
      - 'hotfix/**'
      - 'support/**'
  pull_request:

permissions:
  contents: write
  actions: read
  checks: write
  pull-requests: write

jobs:
  lint-commits:
    name: Run Commitlint Checks
    if: github.event_name == 'pull_request'
    uses: ./.github/workflows/commitlint.yml
    with:
      ref: ${{ github.event.pull_request.head.sha }}
    secrets: inherit

  code-style:
    name: Run Linter Formatter
    uses: ./.github/workflows/linting.yml
    with:
      ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.ref }}
      commit_changes: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
    secrets: inherit

  compat-check:
    name: Run Compatibility Checks
    uses: ./.github/workflows/integration.yml
    with:
      library_ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.ref }}
      sanity_ref: sanity
    secrets: inherit

  type-check:
    name: Run Type Checks
    uses: ./.github/workflows/typecheck.yml
    with:
      ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.ref }}
    secrets: inherit

  run-tests:
    name: Run Test Suite
    uses: ./.github/workflows/test.yml
    with:
      ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.ref }}
    secrets: inherit

  code-inspection:
    name: Run Qodana Inspections
    needs: run-tests
    if: ${{ always() }}
    uses: ./.github/workflows/qodana.yml
    with:
      ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.ref }}
    secrets: inherit

  build-docker:
    name: Build Docker Container
    needs: run-tests
    uses: ./.github/workflows/docker.yml
    with:
      ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.ref }}
    secrets: inherit

  check-deps:
    name: Run Dependency Checks
    uses: ./.github/workflows/unused.yml
    with:
      ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.ref }}
    secrets: inherit

  all-passed:
    name: Check Build Status
    runs-on: ubuntu-latest
    if: always()
    needs:
      - lint-commits
      - code-style
      - compat-check
      - type-check
      - run-tests
      - code-inspection
      - build-docker
      - check-deps
    steps:
      - name: Harden runner
        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
        with:
          egress-policy: audit

      - name: Verify all jobs passed
        run: |
          if [[ "${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}" == "true" ]]; then
            echo "One or more jobs failed or were cancelled."
            exit 1
          fi