-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathgithub-workflow.yml
More file actions
107 lines (103 loc) · 3.89 KB
/
Copy pathgithub-workflow.yml
File metadata and controls
107 lines (103 loc) · 3.89 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
name: DeployBot
on:
pull_request_target:
types: [labeled, ready_for_review, reopened, synchronize]
pull_request_review:
types: [submitted, dismissed]
# Keep this list aligned with pipeline.ci_workflows in .mergequeue.toml.
workflow_run:
workflows: [CI]
types: [completed]
check_suite:
types: [completed]
# GitHub concurrency coalesces pending event bursts. Reconcile the complete
# durable state periodically so the last cancelled event cannot strand work.
schedule:
- cron: "*/5 * * * *"
workflow_dispatch:
permissions:
contents: write
pull-requests: write
checks: read
issues: write
actions: write # required for post-merge workflow_dispatch with github.token
jobs:
react:
# If CI intentionally hands off from a protected release branch, replace
# the default-branch guard below with that exact branch name.
if: >-
(
github.event_name != 'pull_request_target' ||
(
github.event.action == 'labeled' &&
(
github.event.label.name == 'deploy-requested' ||
github.event.label.name == 'merge-queue'
)
) ||
(
github.event.action != 'labeled' &&
github.event.pull_request.head.repo.full_name == github.repository
)
) &&
(
github.event_name != 'workflow_run' ||
(
contains(
fromJSON(
'["action_required","cancelled","failure","neutral","skipped","stale","startup_failure","success","timed_out"]'
),
github.event.workflow_run.conclusion
) &&
github.event.workflow_run.event != 'pull_request' &&
github.event.workflow_run.event != 'pull_request_target' &&
github.event.workflow_run.head_repository.full_name == github.repository &&
github.event.workflow_run.head_branch ==
github.event.repository.default_branch
)
) &&
(
github.event_name != 'check_suite' ||
(
github.event.check_suite.app.slug != 'github-actions' &&
github.event.check_suite.pull_requests[0].base.ref ==
github.event.repository.default_branch
)
)
runs-on: ubuntu-latest
concurrency:
group: deploybot-queue-${{ github.repository }}
cancel-in-progress: false
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0
with:
ref: ${{ github.event.repository.default_branch }}
persist-credentials: false
# Reviewed split-coordinator implementation; keep the full commit for
# privileged workflows.
- uses: Forward-Future/DeployBot@3fb42e2e3cf3a6f21cddf43e3d06deaa24a3ac80
with:
# Keep queue admission independent from release ownership so merged
# mode can continue admitting ready work while CI and Deploy run.
follow: "false"
timeout: ${{ (github.event_name == 'workflow_run' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && '2400' || '600' }}
release:
needs: react
# Release progress is independent from a queue-specific failure, but an
# intentionally cancelled or policy-skipped reaction starts no follower.
if: ${{ always() && (needs.react.result == 'success' || needs.react.result == 'failure') }}
runs-on: ubuntu-latest
concurrency:
group: deploybot-release-${{ github.repository }}
cancel-in-progress: false
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0
with:
ref: ${{ github.event.repository.default_branch }}
persist-credentials: false
# Release-only ownership never promotes or drains pull requests. It
# exits immediately when no exact-main release needs work.
- uses: Forward-Future/DeployBot@3fb42e2e3cf3a6f21cddf43e3d06deaa24a3ac80
with:
mode: follow
timeout: "2400"