Change the Blossom CI workflow

Signed-off-by: Przemek Tredak <ptredak@nvidia.com>

Change the Blossom CI workflow
Signed-off-by: Przemek Tredak <ptredak@nvidia.com>
92e6ee1d · Przemek Tredak · b2cda56c · 92e6ee1d · 92e6ee1d · 92e6ee1d
Commit 92e6ee1d authored Oct 21, 2022 by Przemek Tredak
3 changed files
--- a/.github/workflows/blossom-ci.yml
+++ b/.github/workflows/blossom-ci.yml
@@ -23,11 +23,8 @@ jobs:
      args: ${{ env.args }}

    # This job only runs for pull request comments
-    # The check will not scale, need to change it to
-    # something more general in the future.
    if: |
-         (contains( 'ptrendx,', format('{0},', github.actor)) ||
-         contains( 'ksivamani,', format('{0},', github.actor))) &&
+         contains( 'ptrendx,ksivaman,', format('{0},', github.actor)) &&
         github.event.comment.body == '/blossom-ci'
    steps:
      - name: Check if comment is issued by authorized person

--- a/.github/workflows/trigger-ci.yml
+++ b/.github/workflows/trigger-ci.yml
+# Copyright (c) 2022, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+#
+# See LICENSE for license information.
+
+# A workflow to trigger ci on hybrid infra (github + self hosted runner)
+name: Blossom-CI Trigger
+on:
+  issue_comment:
+    types: [created]
+jobs:
+  Authorization:
+    name: Authorization
+    runs-on: blossom
+    outputs:
+      args: ${{ env.args }}
+
+    # This job only runs for pull request comments
+    if: |
+         contains( 'ptrendx,ksivaman,', format('{0},', github.actor)) &&
+         github.event.comment.body == '/te-ci'
+    steps:
+      - name: Check if comment is issued by authorized person
+        run: blossom-ci
+        env:
+          OPERATION: 'AUTH'
+          REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          REPO_KEY_DATA: ${{ secrets.BLOSSOM_KEY }}
+
+  Vulnerability-scan:
+    name: Vulnerability scan
+    needs: [Authorization]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+        with:
+          repository: ${{ fromJson(needs.Authorization.outputs.args).repo }}
+          ref: ${{ fromJson(needs.Authorization.outputs.args).ref }}
+          lfs: 'true'
+
+      - name: Run blossom action
+        uses: NVIDIA/blossom-action@main
+        env:
+          REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          REPO_KEY_DATA: ${{ secrets.BLOSSOM_KEY }}
+        with:
+          args1: ${{ fromJson(needs.Authorization.outputs.args).args1 }}
+          args2: ${{ fromJson(needs.Authorization.outputs.args).args2 }}
+          args3: ${{ fromJson(needs.Authorization.outputs.args).args3 }}
+
+  Job-trigger:
+    name: Start ci job
+    needs: [Vulnerability-scan]
+    runs-on: blossom
+    steps:
+      - name: Start ci job
+        run: blossom-ci
+        env:
+          OPERATION: 'START-CI-JOB'
+          CI_SERVER: ${{ secrets.CI_SERVER }}
+          REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/upload-ci-logs.yml
+++ b/.github/workflows/upload-ci-logs.yml
+# Copyright (c) 2022, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+#
+# See LICENSE for license information.
+
+# A workflow to trigger ci on hybrid infra (github + self hosted runner)
+name: Blossom-CI Logs
+on:
+  workflow_dispatch:
+      inputs:
+          platform:
+            description: 'runs-on argument'
+            required: false
+          args:
+            description: 'argument'
+            required: false
+          job_name:
+            description: 'name of the job'
+            required: true
+          commit_sha:
+            description: 'SHA of the commit that was tested.'
+            required: true
+          result:
+            description: 'Job result'
+            required: true
+run-name: PR ${{ fromJson(github.event.inputs.args).pr }} - ${{ inputs.job_name }}
+jobs:
+  Upload-Log:
+    name: Upload log
+    runs-on: blossom
+    steps:
+      - name: Log
+        run: blossom-ci
+        env:
+          OPERATION: 'POST-PROCESSING'
+          CI_SERVER: ${{ secrets.CI_SERVER }}
+          REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  status_update:
+    name: Update commit status
+    runs-on: ubuntu-latest
+    permissions:
+      statuses: write
+    needs: [Upload-Log]
+    if: ${{ always() }}
+    steps:
+      - name: Set status
+        run: |
+          curl \
+          -X POST \
+          -H "Accept: application/vnd.github+json" \
+          -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
+          https://api.github.com/repos/${{ github.repository }}/statuses/${{ inputs.commit_sha }} \
+          -d "{\"state\":\"${{ inputs.result }}\",\"target_url\":\"${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\",\"description\":\"\",\"context\":\"blossom-ci/${{ inputs.job_name }}\"}"