AWS CodeBuild CI #36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: AWS CodeBuild CI | |
on: | |
release: | |
types: [ published ] | |
pull_request: | |
types: [ opened, synchronize, reopened, labeled, unlabeled ] | |
branches: [ main ] | |
workflow_dispatch: | |
inputs: | |
aws-sdk-kotlin-pr: | |
description: aws-sdk-kotlin PR number (optional) | |
type: number | |
required: false | |
smithy-kotlin-pr: | |
description: smithy-kotlin PR number (optional) | |
type: number | |
required: false | |
check-pr: | |
description: I verified that the PRs are not running any malicious code (If running for an external contributor) | |
required: true | |
type: boolean | |
default: false | |
env: | |
SDK_PR: ${{ inputs.aws-sdk-kotlin-pr }} | |
SMITHY_PR: ${{ inputs.smithy-kotlin-pr }} | |
permissions: | |
id-token: write | |
contents: read | |
pull-requests: write | |
# Allow one instance of this workflow per pull request, and cancel older runs when new changes are pushed | |
concurrency: | |
group: ci-codebuild-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
service-check-batch-and-artifact-size-metrics: | |
if: github.event_name == 'workflow_dispatch' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Verify PRs are not running malicious code | |
if: ${{ (inputs.aws-sdk-kotlin-pr != '' || inputs.smithy-kotlin-pr != '') && inputs.check-pr == false }} | |
run: | | |
echo Please verify the PRs are not running any malicious code and mark the checkbox true when running the workflow | |
exit 1 | |
- name: Checkout sources | |
uses: actions/checkout@v2 | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }} | |
aws-region: us-west-2 | |
- name: Show Results | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
const getComments = | |
`query { | |
repository(owner:"${context.repo.owner}", name:"${context.repo.repo}"){ | |
pullRequest(number: ${context.issue.number ?? inputs.aws-sdk-kotlin-pr}) { | |
id | |
comments(last:100) { | |
nodes { | |
id | |
body | |
author { | |
login | |
} | |
isMinimized | |
} | |
} | |
} | |
} | |
}` | |
const response = await github.graphql(getComments) | |
const comments = response.repository.pullRequest.comments.nodes | |
const mutations = comments | |
.filter(comment => comment.author.login == 'github-actions' && !comment.isMinimized && comment.body.startsWith('Affected Artifacts')) | |
.map(comment => | |
github.graphql( | |
`mutation { | |
minimizeComment(input:{subjectId:"${comment.id}", classifier:OUTDATED}){ | |
clientMutationId | |
} | |
}` | |
) | |
) | |
await Promise.all(mutations) | |
const fs = require('node:fs') | |
const comment = fs.readFileSync('build/reports/metrics/artifact-analysis.md', 'utf8') | |
const writeComment = | |
`mutation { | |
addComment(input:{body:"test", subjectId:"${response.repository.pullRequest.id}"}){ | |
clientMutationId | |
} | |
}` | |
await github.graphql(writeComment) | |
- name: Evaluate Result | |
if: ${{ !contains(github.event.pull_request.labels.*.name, 'acknowledge-artifact-size-increase') }} | |
run: | | |
cd build/reports/metrics | |
cat has-significant-change.txt | grep false || { | |
echo An artifact increased in size by more than allowed or a new artifact was created. | |
echo If this is expected please add the 'acknowledge-artifact-size-increase' label to this pull request. | |
exit 1 | |
} | |
release-artifact-size-metrics: | |
if: github.event_name == 'release' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v2 | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }} | |
aws-region: us-west-2 | |
- name: Calculate Artifact Size Metrics | |
id: svc-check-batch | |
run: | | |
REPOSITORY=$(echo ${{ github.repository }} | cut -d '/' -f 2) | |
.github/scripts/run-codebuild-batch-job.sh \ | |
--project gh-aws-sdk-kotlin-svc-check-batch \ | |
--source ${{ github.event.pull_request.head.sha }} \ | |
--repository $REPOSITORY \ | |
--release ${{ github.event.release.tag_name }} | |
- name: Cancel build | |
if: ${{ cancelled() }} | |
env: | |
BUILD_ID: ${{ steps.svc-check-batch.outputs.aws-build-id }} | |
run: | | |
if [ ! -z "$BUILD_ID" ]; then | |
echo "cancelling in-progress batch build: id=$BUILD_ID" | |
aws codebuild stop-build --id $BUILD_ID | |
fi | |
- name: Collect Artifact Size Metrics | |
run: ./gradlew collectDelegatedArtifactSizeMetrics -Prelease=${{ github.event.release.tag_name }} | |
- name: Save Artifact Size Metrics | |
run: ./gradlew saveArtifactSizeMetrics | |
- name: Put Artifact Size Metrics in CloudWatch | |
run: ./gradlew putArtifactSizeMetricsInCloudWatch -Prelease=${{ github.event.release.tag_name }} |