name: Tests
on:
schedule:
- cron: "0 * * * *"
push:
branches:
- main
- '[0-9]+.x'
- '!2[12].x'
- gha
pull_request:
branches:
- main
- '[0-9]+.x'
- '!2[12].x'
- gha
pull_request_target:
branches:
- main
- '[0-9]+.x'
- '!21.x'
- gha
types: [labeled, opened, reopened, synchronize]
workflow_dispatch:
permissions:
contents: read
jobs:
check-tag:
name: Check for Safety
if: |
(github.event_name != 'pull_request' &&
github.event_name != 'pull_request_target' &&
github.event.repository.full_name == 'protocolbuffers/protobuf') ||
(github.event_name == 'pull_request' &&
github.event.pull_request.head.repo.full_name == 'protocolbuffers/protobuf') ||
(github.event_name == 'pull_request_target' &&
github.event.pull_request.head.repo.full_name != 'protocolbuffers/protobuf')
runs-on: ubuntu-latest
outputs:
checkout-sha: ${{ steps.safe-checkout.outputs.sha }}
steps:
- name: Check
run: >
${{ github.event_name != 'pull_request_target' || github.event.label.name == ':a: safe for tests' }} ||
(echo "This pull request is from an unsafe fork and hasn't been approved to run tests." &&
echo "A protobuf team member will need to review the PR and add the 'safe for tests' tag." &&
exit 1)
- name: Cache safe commit
id: safe-checkout
run: >
${{ github.event_name != 'pull_request_target' }} ||
echo "sha=${{ github.event.pull_request.head.sha }}" >> $GITHUB_OUTPUT
remove-tag:
name: Remove safety tag
needs: [check-tag]
if: github.event.action == 'labeled'
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
- uses: actions-ecosystem/action-remove-labels@2ce5d41b4b6aa8503e285553f75ed56e0a40bae0 with:
fail_on_error: true
labels: ':a: safe for tests'
bazel:
name: Bazel
needs: [check-tag]
uses: ./.github/workflows/test_bazel.yml
with:
safe-checkout: ${{ needs.check-tag.outputs.checkout-sha }}
secrets: inherit
cpp:
name: C++
needs: [check-tag]
uses: ./.github/workflows/test_cpp.yml
with:
safe-checkout: ${{ needs.check-tag.outputs.checkout-sha }}
secrets: inherit
java:
name: Java
needs: [check-tag]
uses: ./.github/workflows/test_java.yml
with:
safe-checkout: ${{ needs.check-tag.outputs.checkout-sha }}
secrets: inherit
python:
name: Python
needs: [check-tag]
uses: ./.github/workflows/test_python.yml
with:
safe-checkout: ${{ needs.check-tag.outputs.checkout-sha }}
secrets: inherit
ruby:
name: Ruby
needs: [check-tag]
uses: ./.github/workflows/test_ruby.yml
with:
safe-checkout: ${{ needs.check-tag.outputs.checkout-sha }}
secrets: inherit
php:
name: PHP
needs: [check-tag]
uses: ./.github/workflows/test_php.yml
with:
safe-checkout: ${{ needs.check-tag.outputs.checkout-sha }}
secrets: inherit
php-ext:
name: PHP Extension
needs: [check-tag]
uses: ./.github/workflows/test_php_ext.yml
with:
safe-checkout: ${{ needs.check-tag.outputs.checkout-sha }}
secrets: inherit
csharp:
name: C#
needs: [check-tag]
uses: ./.github/workflows/test_csharp.yml
with:
safe-checkout: ${{ needs.check-tag.outputs.checkout-sha }}
secrets: inherit
objectivec:
name: Objective-C
needs: [check-tag]
uses: ./.github/workflows/test_objectivec.yml
with:
safe-checkout: ${{ needs.check-tag.outputs.checkout-sha }}
secrets: inherit
rust:
name: Rust
needs: [check-tag]
uses: ./.github/workflows/test_rust.yml
with:
safe-checkout: ${{ needs.check-tag.outputs.checkout-sha }}
secrets: inherit
upb:
name: μpb
needs: [check-tag]
uses: ./.github/workflows/test_upb.yml
with:
safe-checkout: ${{ needs.check-tag.outputs.checkout-sha }}
secrets: inherit
staleness:
name: Staleness
needs: [check-tag]
uses: ./.github/workflows/staleness_check.yml
if: ${{ github.event_name != 'schedule' }}
with:
safe-checkout: ${{ needs.check-tag.outputs.checkout-sha }}
secrets: inherit