Triggered by thomaseizinger on merge_group #31053
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous Integration | |
| run-name: Triggered by ${{ github.actor }} on ${{ github.event_name }} | |
| on: | |
| pull_request: | |
| merge_group: | |
| types: [checks_requested] | |
| workflow_dispatch: | |
| workflow_call: | |
| inputs: | |
| stage: | |
| required: true | |
| type: string | |
| profile: | |
| required: true | |
| type: string | |
| # Cancel old workflow runs if new code is pushed | |
| concurrency: | |
| group: "ci-${{ github.event_name }}-${{ github.workflow }}-${{ github.ref }}" | |
| cancel-in-progress: ${{ github.event_name != 'workflow_call' }} | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| jobs: | |
| planner: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| jobs_to_run: ${{ steps.plan.outputs.jobs_to_run }} | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Plan jobs to run | |
| id: plan | |
| run: | | |
| set -e | |
| jobs="static-analysis,elixir,rust,tauri,kotlin,swift,codeql,control-plane,data-plane,loadtest"; | |
| # For workflow_dispatch or workflow_call, run all jobs | |
| if [ "${{ github.event_name }}" = "workflow_dispatch" ] || [ "${{ github.event_name }}" = "workflow_call" ]; then | |
| echo "jobs_to_run=$jobs" >> "$GITHUB_OUTPUT" | |
| exit 0; | |
| fi | |
| # For main branch runs, run all jobs | |
| if [ "${{ github.event_name }}" = "push" ] && [ "${{ github.ref_name }}" = "main" ]; then | |
| echo "jobs_to_run=$jobs" >> "$GITHUB_OUTPUT" | |
| exit 0; | |
| fi | |
| # For merge group, run all jobs | |
| if [ "${{ github.event_name }}" = "merge_group" ]; then | |
| echo "jobs_to_run=$jobs" >> "$GITHUB_OUTPUT" | |
| exit 0; | |
| fi | |
| # Fetch base ref for PRs | |
| if [ "${{ github.event_name }}" = "pull_request" ]; then | |
| git fetch origin ${{ github.base_ref }} --depth=1 | |
| git diff --name-only origin/${{ github.base_ref }} ${{ github.sha }} > changed_files.txt | |
| echo "Changed files:" | |
| cat changed_files.txt | |
| fi | |
| # Run all jobs if CI configuration changes | |
| if grep -q '^\.github/' changed_files.txt; then | |
| echo "jobs_to_run=$jobs" >> "$GITHUB_OUTPUT" | |
| exit 0; | |
| fi | |
| # Run all jobs if tool versions change | |
| if grep -q '^\.tool-versions' changed_files.txt; then | |
| echo "jobs_to_run=$jobs" >> "$GITHUB_OUTPUT" | |
| exit 0; | |
| fi | |
| # Run all jobs if docker-compose changes | |
| if grep -q '^docker-compose.yml' changed_files.txt; then | |
| echo "jobs_to_run=$jobs" >> "$GITHUB_OUTPUT" | |
| exit 0; | |
| fi | |
| jobs="static-analysis" # Always run static-analysis | |
| if grep -q '^rust/' changed_files.txt; then | |
| jobs="${jobs},rust,kotlin,swift,control-plane,data-plane,loadtest" | |
| fi | |
| if grep -q '^rust/gui-client/' changed_files.txt; then | |
| jobs="${jobs},tauri" | |
| fi | |
| if grep -q '^rust/tests/gui-smoke-test/' changed_files.txt; then | |
| jobs="${jobs},tauri" | |
| fi | |
| if grep -q '^elixir/' changed_files.txt; then | |
| jobs="${jobs},elixir,codeql,control-plane,data-plane" | |
| fi | |
| if grep -q '^kotlin/' changed_files.txt; then | |
| jobs="${jobs},kotlin" | |
| fi | |
| if grep -q '^swift/' changed_files.txt; then | |
| jobs="${jobs},swift" | |
| fi | |
| if grep -q '^website/' changed_files.txt; then | |
| jobs="${jobs},codeql" | |
| fi | |
| if grep -q '^scripts/tests/' changed_files.txt; then | |
| jobs="${jobs},control-plane,data-plane" | |
| fi | |
| echo "jobs_to_run=$jobs" >> "$GITHUB_OUTPUT" | |
| required-check: | |
| name: required-check | |
| needs: | |
| [ | |
| kotlin, | |
| swift, | |
| elixir, | |
| rust, | |
| tauri, | |
| static-analysis, | |
| codeql, | |
| control-plane, | |
| data-plane, | |
| integration-tests, | |
| compatibility-tests, | |
| ] | |
| if: always() | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Check if all jobs are successful | |
| run: | | |
| set -e | |
| jobs_json=$(gh run view ${{ github.run_id }} --json jobs --jq '.jobs | map(select((.name | contains("required-check") | not) and (.name | contains("upload-bencher") | not)))') | |
| failed_jobs=$(echo "$jobs_json" | jq -r '[.[] | select(.conclusion == "failure")] | length') | |
| if [ "$failed_jobs" -gt 0 ]; then | |
| echo "At least one job has failed." | |
| exit 1 | |
| fi | |
| shell: | |
| name: shell-tests | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - uses: bats-core/bats-action@42fcc8700f773c075a16a90eb11674c0318ad507 # v3.0.1 | |
| id: setup-bats | |
| - run: bats scripts/tests/bats | |
| env: | |
| BATS_LIB_PATH: ${{ steps.setup-bats.outputs.lib-path }} | |
| kotlin: | |
| needs: planner | |
| if: contains(needs.planner.outputs.jobs_to_run, 'kotlin') | |
| uses: ./.github/workflows/_kotlin.yml | |
| secrets: inherit | |
| monitor-kotlin: | |
| needs: [kotlin] | |
| if: "!cancelled() && needs.kotlin.result == 'failure' && github.event_name == 'merge_group'" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - run: gh run cancel ${{ github.run_id }} | |
| swift: | |
| needs: planner | |
| if: contains(needs.planner.outputs.jobs_to_run, 'swift') | |
| uses: ./.github/workflows/_swift.yml | |
| secrets: inherit | |
| monitor-swift: | |
| needs: [swift] | |
| if: "!cancelled() && needs.swift.result == 'failure' && github.event_name == 'merge_group'" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - run: gh run cancel ${{ github.run_id }} | |
| elixir: | |
| needs: planner | |
| if: contains(needs.planner.outputs.jobs_to_run, 'elixir') | |
| uses: ./.github/workflows/_elixir.yml | |
| secrets: inherit | |
| monitor-elixir: | |
| needs: [elixir] | |
| if: "!cancelled() && needs.elixir.result == 'failure' && github.event_name == 'merge_group'" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - run: gh run cancel ${{ github.run_id }} | |
| rust: | |
| needs: planner | |
| if: contains(needs.planner.outputs.jobs_to_run, 'rust') | |
| uses: ./.github/workflows/_rust.yml | |
| secrets: inherit | |
| monitor-rust: | |
| needs: [rust] | |
| if: "!cancelled() && needs.rust.result == 'failure' && github.event_name == 'merge_group'" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - run: gh run cancel ${{ github.run_id }} | |
| tauri: | |
| needs: planner | |
| if: contains(needs.planner.outputs.jobs_to_run, 'tauri') | |
| uses: ./.github/workflows/_tauri.yml | |
| secrets: inherit | |
| monitor-tauri: | |
| needs: [tauri] | |
| if: "!cancelled() && needs.tauri.result == 'failure' && github.event_name == 'merge_group'" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - run: gh run cancel ${{ github.run_id }} | |
| static-analysis: | |
| needs: planner | |
| if: contains(needs.planner.outputs.jobs_to_run, 'static-analysis') | |
| uses: ./.github/workflows/_static-analysis.yml | |
| secrets: inherit | |
| monitor-static-analysis: | |
| needs: [static-analysis] | |
| if: "!cancelled() && needs.static-analysis.result == 'failure' && github.event_name == 'merge_group'" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - run: gh run cancel ${{ github.run_id }} | |
| codeql: | |
| needs: planner | |
| if: contains(needs.planner.outputs.jobs_to_run, 'codeql') | |
| uses: ./.github/workflows/_codeql.yml | |
| secrets: inherit | |
| monitor-codeql: | |
| needs: [codeql] | |
| if: "!cancelled() && needs.codeql.result == 'failure' && github.event_name == 'merge_group'" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - run: gh run cancel ${{ github.run_id }} | |
| control-plane: | |
| needs: planner | |
| if: contains(needs.planner.outputs.jobs_to_run, 'control-plane') | |
| uses: ./.github/workflows/_control-plane.yml | |
| secrets: inherit | |
| monitor-control-plane: | |
| needs: [control-plane] | |
| if: "!cancelled() && needs.control-plane.result == 'failure' && github.event_name == 'merge_group'" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - run: gh run cancel ${{ github.run_id }} | |
| data-plane: | |
| needs: planner | |
| if: contains(needs.planner.outputs.jobs_to_run, 'data-plane') | |
| uses: ./.github/workflows/_data-plane.yml | |
| secrets: inherit | |
| with: | |
| # Build debug/ on PRs and merge group, no prefix for production release images | |
| image_prefix: ${{ ((github.event_name == 'pull_request' || github.event_name == 'merge_group') && 'debug') || '' }} | |
| profile: ${{ inputs.profile || 'debug' }} | |
| stage: ${{ inputs.stage || 'debug' }} | |
| monitor-data-plane: | |
| needs: [data-plane] | |
| if: "!cancelled() && needs.data-plane.result == 'failure' && github.event_name == 'merge_group'" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - run: gh run cancel ${{ github.run_id }} | |
| loadtest: | |
| needs: planner | |
| if: contains(needs.planner.outputs.jobs_to_run, 'loadtest') | |
| uses: ./.github/workflows/_loadtest.yml | |
| secrets: inherit | |
| monitor-loadtest: | |
| needs: [loadtest] | |
| if: "!cancelled() && needs.loadtest.result == 'failure' && github.event_name == 'merge_group'" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - run: gh run cancel ${{ github.run_id }} | |
| integration-tests: | |
| uses: ./.github/workflows/_integration_tests.yml | |
| needs: [control-plane, data-plane] | |
| secrets: inherit | |
| with: | |
| gateway_image: ${{ needs.data-plane.outputs.gateway_image }} | |
| client_image: ${{ needs.data-plane.outputs.client_image }} | |
| relay_image: ${{ needs.data-plane.outputs.relay_image }} | |
| http_test_server_image: ${{ needs.data-plane.outputs.http_test_server_image }} | |
| compatibility-tests: | |
| strategy: | |
| fail-fast: ${{ github.event_name == 'merge_group' }} | |
| matrix: | |
| client: | |
| - image: "ghcr.io/firezone/client" | |
| tag: "latest" | |
| gateway: | |
| - image: ${{ needs.data-plane.outputs.gateway_image }} | |
| tag: ${{ github.sha }} | |
| ci-name: sha | |
| - image: "ghcr.io/firezone/gateway" | |
| tag: "latest" | |
| ci-name: latest | |
| # Don't run compatibility tests when called from hotfix.yml or publish.yml on `main` because | |
| # it'll be red if there was a breaking change we're trying to publish, | |
| # and the deploy_production workflow checks for main to be green. | |
| if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }} | |
| name: compatibility-tests-client(${{ matrix.client.tag }})-gateway(${{ matrix.gateway.ci-name }}) | |
| uses: ./.github/workflows/_integration_tests.yml | |
| needs: [control-plane, data-plane] | |
| secrets: inherit | |
| with: | |
| gateway_image: ${{ matrix.gateway.image }} | |
| gateway_tag: ${{ matrix.gateway.tag }} | |
| client_image: ${{ matrix.client.image }} | |
| client_tag: ${{ matrix.client.tag }} | |
| coverage-finish: | |
| name: coverage-finish | |
| needs: [elixir, rust] | |
| if: needs.elixir.result != 'skipped' || needs.rust.result != 'skipped' | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Finalize coverage upload | |
| uses: coverallsapp/github-action@648a8eb78e6d50909eff900e4ec85cab4524a45b # v2.3.6 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| parallel-finished: true | |
| carryforward: elixir-api,elixir-web,elixir-domain,rust-tunnel-test,rust-test-Linux,rust-test-macOS,rust-test-Windows | |
| fail-on-error: false # Make CI less flaky |