envoy/.github/workflows/_check_coverage.yml at main · wbpcode/envoy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
name: Check/coverage

permissions:
  contents: read

on:
  workflow_call:
    secrets:
      gcp-key:
        required: true

    inputs:
      request:
        type: string
        required: true
      trusted:
        type: boolean
        required: true

concurrency:
  group: ${{ github.head_ref || github.run_id }}-${{ github.workflow }}-coverage
  cancel-in-progress: true


jobs:
  coverage:
    permissions:
      actions: read
      contents: read
      packages: read
    uses: ./.github/workflows/_run.yml
    name: ${{ matrix.name ||matrix.target }}
    with:
      bazel-cache: true
      bazel-extra: '--config=rbe'
      cache-build-image: ${{ fromJSON(inputs.request).request.build-image.default }}
      concurrency-suffix: -${{ matrix.target }}
      error-match: |
        ERROR
        error:
        Error:
        lower than limit
      rbe: true
      request: ${{ inputs.request }}
      runs-on: ${{ fromJSON(inputs.request).config.ci.agent-ubuntu }}
      steps-post: ${{ matrix.steps-post }}
      target: ${{ matrix.target }}
      timeout-minutes: 180
      upload-name: ${{ matrix.target }}
      upload-path: generated/${{ matrix.target }}/html
      trusted: ${{ inputs.trusted }}
    strategy:
      fail-fast: false
      matrix:
        include:
        - target: coverage
          name: Coverage
          upload-name: coverage
          upload-path: generated/coverage/html
          steps-post: |
            - uses: envoyproxy/toolshed/actions/jq@8d5d8d4b9eeb5e4e76b92341b0b1b1f6438af231  # v0.4.5
              with:
                output-path: generated/coverage/html/gcs-metadata.json
                input-format: yaml
                input: |
                  bucket: ${{
                    inputs.trusted
                    && vars.GCS_ARTIFACT_BUCKET_POST
                    || vars.GCS_ARTIFACT_BUCKET_PRE }}
                  sha: ${{ fromJSON(inputs.request).request.sha }}
                  path_upload: coverage
                  redirect: ${{
                    vars.GCS_ARTIFACT_PREFIX && format('{0}-', vars.GCS_ARTIFACT_PREFIX)
                    }}${{ fromJSON(inputs.request).request.pr
                          || fromJSON(inputs.request).request.target-branch }}
            - shell: bash
              run: |
                ln -sf %{{ github.workspace }}/generated %{{ runner.temp }}/generated
        - target: fuzz_coverage
          name: Fuzz coverage
          steps-post: |
            - uses: envoyproxy/toolshed/actions/jq@8d5d8d4b9eeb5e4e76b92341b0b1b1f6438af231  # v0.4.5
              with:
                output-path: generated/fuzz_coverage/html/gcs-metadata.json
                input-format: yaml
                input: |
                  bucket: ${{
                    inputs.trusted
                    && vars.GCS_ARTIFACT_BUCKET_POST
                    || vars.GCS_ARTIFACT_BUCKET_PRE }}
                  sha: ${{ fromJSON(inputs.request).request.sha }}
                  path_upload: fuzz_coverage
                  redirect: ${{
                    vars.GCS_ARTIFACT_PREFIX && format('{0}-', vars.GCS_ARTIFACT_PREFIX)
                    }}${{ fromJSON(inputs.request).request.pr
                          || fromJSON(inputs.request).request.target-branch }}
            - shell: bash
              run: |
                ln -sf %{{ github.workspace }}/generated %{{ runner.temp }}/generated

  upload:
    secrets:
      gcp-key: ${{ secrets.gcp-key }}
    if: >-
      !cancelled()
    needs: coverage
    uses: ./.github/workflows/_upload_gcs.yml
    with:
      artifacts: |
        ["coverage", "fuzz_coverage"]