[ViPPET] PR workflow (by @ktaube26 via pull_request) #546
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "[ViPPET] PR workflow" | |
| run-name: "[ViPPET] PR workflow (by @${{ github.actor }} via ${{ github.event_name }})" | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| - release-* | |
| - initial-vippet-api | |
| paths: | |
| - 'tools/visual-pipeline-and-platform-evaluation-tool/**' | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: {} | |
| jobs: | |
| pre-merge-pipeline: | |
| permissions: | |
| contents: read | |
| strategy: | |
| fail-fast: false | |
| uses: open-edge-platform/orch-ci/.github/workflows/pre-merge.yml@070a95caeeed643fc9d1a34c11eac78179ce136d # 0.1.34 | |
| with: | |
| runs_on: ubuntu-24.04-16core-64GB | |
| bootstrap_tools: 'nodejs' | |
| run_version_check: false | |
| run_build: false | |
| run_lint: true | |
| lint_makeflags: '-k' | |
| run_test: true | |
| run_docker_build: true | |
| run_reuse_check: false | |
| project_folder: 'tools/visual-pipeline-and-platform-evaluation-tool' | |
| trivy_config_path: 'tools/visual-pipeline-and-platform-evaluation-tool/trivy.yaml' | |
| trivy_image_skip: "intel/vippet-app:test" | |
| filter-docker-related-changes: | |
| permissions: | |
| contents: read | |
| name: Detect Dockerfile changes | |
| runs-on: ubuntu-latest | |
| outputs: | |
| docker_changed: ${{ steps.check.outputs.docker_changed }} | |
| steps: | |
| - name: Check out edge-ai-libraries repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #4.2.2 | |
| with: | |
| persist-credentials: false | |
| fetch-depth: 0 | |
| - name: Fetch main branch for comparison | |
| run: git fetch origin main | |
| - id: check | |
| name: Detect changes in docker directory | |
| run: | | |
| echo "🔍 Checking for changes in 'tools/visual-pipeline-and-platform-evaluation-tool/'..." | |
| CHANGED_FILES=$(git diff --name-only origin/main HEAD) | |
| echo "📄 Changed files:" | |
| echo "$CHANGED_FILES" | |
| if echo "$CHANGED_FILES" | grep -q '^tools/visual-pipeline-and-platform-evaluation-tool/.*Dockerfile'; then | |
| echo "docker_changed=true" >> "$GITHUB_OUTPUT" | |
| echo "🟡 Docker-related changes detected." | |
| else | |
| echo "docker_changed=false" >> "$GITHUB_OUTPUT" | |
| echo "✅ No docker-related changes." | |
| fi | |
| trivy-config-scan: | |
| permissions: | |
| contents: read | |
| needs: [ filter-docker-related-changes ] | |
| if: needs.filter-docker-related-changes.outputs.docker_changed == 'true' | |
| name: Trivy Dockerfiles Scan | |
| strategy: | |
| fail-fast: false | |
| uses: ./.github/workflows/trivy-config-mode.yaml | |
| with: | |
| dockerfile-path: 'tools/visual-pipeline-and-platform-evaluation-tool/' | |
| trivy-config-path: 'tools/visual-pipeline-and-platform-evaluation-tool/trivy.yaml' | |
| trivy-report-format: 'json' | |
| severity-levels: 'HIGH,CRITICAL' | |
| output-report-path: vippet-trivy-dockerfiles.json | |
| name: vippet-dockerfiles-scan | |
| final-check: | |
| permissions: | |
| contents: read | |
| runs-on: ubuntu-latest | |
| if: ${{ always() }} | |
| needs: [pre-merge-pipeline] | |
| steps: | |
| - name: Final Status Check | |
| env: | |
| pre_merge_pipeline_result: ${{ needs.pre-merge-pipeline.result }} | |
| run: | | |
| echo "Pre-merge pipeline result: $pre_merge_pipeline_result" | |
| if [ "$pre_merge_pipeline_result" == "success" ] || [ "$pre_merge_pipeline_result" == "skipped" ]; then | |
| echo "Pre-merge checks passed successfully." | |
| else | |
| echo "Pre-merge checks failed. PR can't be merged." | |
| exit 1 | |
| fi |