Skip to content

chore(deps): update debian molecule images #85

chore(deps): update debian molecule images

chore(deps): update debian molecule images #85

---
name: 'molecule certified EEs'
on: # yamllint disable-line rule:truthy
pull_request_target:
types:
- 'labeled'
paths:
- '.github/workflows/molecule_certified_ees.yml'
- '.github/workflows/wf_call_molecule_certified_ees.yml'
- 'defaults/**'
- 'files/**'
- 'handlers/**'
- 'library/**'
- 'lookup_plugins/**'
- 'meta/**'
- 'module_utils/**'
- 'molecule/**'
- 'tasks/**'
- 'templates/**'
- 'vars/**'
push:
branches:
- 'main'
paths:
- '.github/workflows/molecule_certified_ees.yml'
- '.github/workflows/wf_call_molecule_certified_ees.yml'
- 'defaults/**'
- 'files/**'
- 'handlers/**'
- 'library/**'
- 'lookup_plugins/**'
- 'meta/**'
- 'module_utils/**'
- 'molecule/**'
- 'tasks/**'
- 'templates/**'
- 'vars/**'
workflow_dispatch:
inputs:
repoCache:
description: 'Reset or disable the cache?'
type: 'choice'
default: 'enabled'
options:
- 'enabled'
- 'disabled'
- 'reset'
# schedule to reset caches once a week on Monday
schedule:
- cron: '30 2 * * 1'
permissions:
contents: 'read'
jobs:
check-secrets:
name: 'Check if required secrets are available'
# only run the job if the job context's branch is main or the 'run' label is set
if: >-
contains(github.event.pull_request.labels.*.name, 'run') ||
github.ref == 'refs/heads/main'
runs-on: 'ubuntu-22.04'
permissions:
contents: 'read'
outputs:
secrets-defined: '${{ steps.secret-check.outputs.secrets-defined }}'
steps:
- name: 'Harden Runner'
uses: 'step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c' # v2.9.0
with:
disable-sudo: true
egress-policy: 'block'
- name: 'Check if all required secrets are defined'
id: 'secret-check'
shell: 'bash'
run: |
(
[[ "${{ secrets.CRC_USERNAME }}" != '' ]] &&
[[ "${{ secrets.CRC_PASSWORD }}" != '' ]]
) || {
echo "secrets-defined=false" >> "${GITHUB_OUTPUT}";
exit 0;
};
# secrets not empty, so assuming defined
echo "secrets-defined=true" >> "${GITHUB_OUTPUT}";
check-should-cache:
name: 'Check whether caching should be enabled'
# only run the job if the job context's branch is main or the 'run' label is set
if: >-
contains(github.event.pull_request.labels.*.name, 'run') ||
github.ref == 'refs/heads/main'
runs-on: 'ubuntu-22.04'
permissions:
contents: 'read'
outputs:
repo-cache: '${{ steps.cache-check.outputs.repo-cache }}'
steps:
- name: 'Harden Runner'
uses: 'step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c' # v2.9.0
with:
disable-sudo: true
egress-policy: 'block'
- name: 'Check if caching should be enabled'
id: 'cache-check'
shell: 'bash'
run: |
(
[[ "${{ github.event_name }}" != "schedule" ]] &&
[[ "${{ github.event.schedule }}" != "30 2 * * 1" ]]
) || {
# event is the schedule to reset the cache, resetting cache
echo "INFO: Schedule detected, resetting cache";
echo "repo-cache=reset" >> "${GITHUB_OUTPUT}";
exit 0;
};
[[ "${{ github.event.inputs.repoCache }}" == "" ]] || {
# repoCache is set
echo "INFO: repoCache input variable defined: ${{ github.event.inputs.repoCache }}";
echo "repo-cache=${{ github.event.intputs.repoCache }}" >> "${GITHUB_OUTPUT}";
exit 0;
};
# repoCache not set, caching by default
echo "INFO: repoCache input not defined nor running in a schedule, enabling caching"
echo "repo-cache=enabled" >> "${GITHUB_OUTPUT}"
call-molecule-workflow:
name: 'Include molecule workflow'
if: "needs.check-secrets.outputs.secrets-defined == 'true'"
permissions:
contents: 'write'
needs:
- 'check-secrets'
- 'check-should-cache'
uses: './.github/workflows/wf_call_molecule_certified_ees.yml'
with:
repoCache: "${{ needs.check-should-cache.outputs.repo-cache }}"
secrets:
CRC_USERNAME: '${{ secrets.CRC_USERNAME }}'
CRC_PASSWORD: '${{ secrets.CRC_PASSWORD }}'
token: '${{ secrets.GITHUB_TOKEN }}'
...