[build] consolidate nightly workflow #70
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Manage Trunk Restrictions | |
| permissions: {} | |
| concurrency: | |
| group: manage-trunk-restrictions | |
| cancel-in-progress: false | |
| on: | |
| pull_request: | |
| types: [ready_for_review, closed] | |
| branches: | |
| - trunk | |
| workflow_dispatch: | |
| inputs: | |
| restrict: | |
| description: 'Restrict trunk branch' | |
| required: true | |
| type: boolean | |
| workflow_call: | |
| inputs: | |
| restrict: | |
| description: 'Restrict trunk branch' | |
| required: true | |
| type: boolean | |
| jobs: | |
| approve: | |
| name: Approve Manual Trigger | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'workflow_dispatch' && github.event.repository.fork == false | |
| environment: production | |
| steps: | |
| - run: echo "Manual trigger approved" | |
| manage-trunk: | |
| name: Manage Trunk Branch | |
| needs: [approve] | |
| runs-on: ubuntu-latest | |
| if: | | |
| always() && | |
| (needs.approve.result == 'success' || needs.approve.result == 'skipped') && | |
| github.event.repository.fork == false && | |
| (github.event_name == 'workflow_dispatch' || github.event_name == 'workflow_call' || | |
| (startsWith(github.event.pull_request.head.ref, 'release-preparation-') && | |
| (github.event.action == 'ready_for_review' || | |
| (github.event.action == 'closed' && github.event.pull_request.merged == false)))) | |
| strategy: | |
| matrix: | |
| ruleset_id: | |
| - 11911909 # Release In Progress Access (restrict updates to trunk to release managers) | |
| - 11912022 # Release In Progress Flow (requires branches to be up to date before merging) | |
| env: | |
| TRUNK_RESTRICTED: ${{ inputs.restrict || github.event.action == 'ready_for_review' }} | |
| steps: | |
| - name: Update ruleset enforcement | |
| uses: octokit/[email protected] | |
| with: | |
| route: PUT /repos/{owner}/{repo}/rulesets/{ruleset_id} | |
| owner: ${{ github.repository_owner }} | |
| repo: ${{ github.event.repository.name }} | |
| ruleset_id: ${{ matrix.ruleset_id }} | |
| enforcement: ${{ env.TRUNK_RESTRICTED == 'true' && 'active' || 'disabled' }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.SELENIUM_CI_TOKEN }} |