refactor: extract, document, and test pure work selection and payload builders #861
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Pre-Commit | |
| on: | |
| merge_group: | |
| pull_request: | |
| branches: | |
| - main | |
| types: | |
| - opened | |
| - synchronize | |
| - reopened | |
| push: | |
| branches: | |
| - main | |
| schedule: | |
| # Run once a week (see https://crontab.guru) | |
| - cron: "0 0 * * 0" | |
| workflow_dispatch: | |
| concurrency: | |
| cancel-in-progress: true | |
| group: pre-commit-${{ github.workflow }}-${{ github.ref }} | |
| env: | |
| GO_VERSION: "1.26.1" | |
| PYTHON_VERSION: "3.13.5" | |
| # ansible-lint v26 requires Python 3.14 for its pre-commit virtualenv | |
| PYTHON_VERSION_ANSIBLE_LINT: "3.14.3" | |
| TASK_X_REMOTE_TASKFILES: "1" | |
| TASK_VERSION: 3.49.1 | |
| permissions: | |
| actions: read | |
| checks: write | |
| contents: read | |
| pull-requests: write # Allows merge queue updates | |
| jobs: | |
| pre-commit: | |
| name: Pre-commit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout git repository | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Set up Python ${{ env.PYTHON_VERSION_ANSIBLE_LINT }} (for ansible-lint pre-commit hook) | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION_ANSIBLE_LINT }} | |
| - name: Set up Python ${{ env.PYTHON_VERSION }} | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| cache: 'pip' | |
| cache-dependency-path: '.hooks/requirements.txt' | |
| - name: Install dependencies | |
| run: python3 -m pip install -r .hooks/requirements.txt | |
| - name: Set up Go | |
| uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Install go module dependencies | |
| run: | | |
| go install mvdan.cc/sh/v3/cmd/shfmt@latest | |
| - name: Cache Ansible collections | |
| uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 | |
| with: | |
| path: ~/.ansible/collections | |
| key: ${{ runner.os }}-ansible-collections-${{ hashFiles('ansible/requirements.yml') }} | |
| - name: Install Ansible collections | |
| env: | |
| ANSIBLE_GALAXY_SERVER_TIMEOUT: "120" | |
| run: | | |
| for i in 1 2 3 4 5; do | |
| ansible-galaxy collection install -r ansible/requirements.yml --force --no-deps --timeout 120 && exit 0 | |
| echo "Attempt $i/5 failed, retrying in $((i * 10))s..." | |
| sleep $((i * 10)) | |
| done | |
| echo "All attempts failed" | |
| exit 1 | |
| - name: Build and install local collection | |
| working-directory: ansible | |
| run: | | |
| ansible-galaxy collection build --force | |
| ansible-galaxy collection install dreadnode-nimbus_range-*.tar.gz -p ~/.ansible/collections --force --pre | |
| - name: Setup go-task | |
| env: | |
| TASK_VER: ${{ env.TASK_VERSION }} | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| # Download install script pinned to the specific version tag (not floating main) | |
| curl --location --fail --silent \ | |
| "https://raw.githubusercontent.com/go-task/task/v${TASK_VER}/install-task.sh" \ | |
| -o /tmp/install-task.sh | |
| sh /tmp/install-task.sh -d -b /usr/local/bin "v${TASK_VER}" | |
| rm -f /tmp/install-task.sh | |
| task --version | |
| - name: Run pre-commit | |
| run: task -y run-pre-commit |