-
Notifications
You must be signed in to change notification settings - Fork 18
84 lines (83 loc) · 2.94 KB
/
weekly-test.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# Copyright (c) 2024 Intel Corporation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: Weekly Tests
on:
schedule:
- cron: "0 0 * * 0"
workflow_dispatch: null
permissions: read-all
jobs:
get-groups:
runs-on: intel-ubuntu-latest
outputs:
groups: ${{ steps.group-list.outputs.FOLDERS }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
with:
egress-policy: audit
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Output Group Directories
id: group-list
run: |
DOCKER_COMPOSE_PATHS=()
for path in $(find . -name 'docker-compose.yaml'); do
DIR_PATH=$(dirname "$path")
DOCKER_COMPOSE_PATHS+=("${DIR_PATH:2}")
done
# Convert the array to a JSON array
DOCKER_COMPOSE_PATHS_JSON=$(printf '%s\n' "${DOCKER_COMPOSE_PATHS[@]}" | uniq | jq -R '.' | jq -sc '.')
echo "FOLDERS=$DOCKER_COMPOSE_PATHS_JSON" >> $GITHUB_OUTPUT
pipeline-ci:
needs: [get-groups]
strategy:
matrix:
group: ${{ fromJson(needs.get-groups.outputs.groups) }}
experimental: [true]
fail-fast: false
uses: intel/ai-containers/.github/workflows/container-ci.yaml@main
with:
group_dir: ${{ matrix.group }}
ref: main
secrets: inherit
helm-ci:
runs-on: kubectl
steps:
- name: Harden Runner
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
with:
egress-policy: audit
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
- uses: intel/ai-containers/workflows/charts@main
with:
config: '--all --namespace helm-ci'
list_changed: false
kubeconfig_path: ${{ secrets.KUBECONFIG_PATH }}
scan:
name: gitleaks
runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
with:
egress-policy: audit
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
- uses: gitleaks/gitleaks-action@44c470ffc35caa8b1eb3e8012ca53c2f9bea4eb5 # v2.3.6
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}}