gd32/CMSIS_5-develop/.github/workflows/corevalidation.yml

# This workflow is triggered whenever "Caller CoreValidation" workflow is completed (which is called by PR).
# This workflow ideally should be triggered also by PR, but forked PR has limited permissions which does not
# allow to use `configure-aws-credentials` actions and using secrets.
# It will update its status back to the caller PR as "CoreValidation" check name
name: CoreValidation
on:
  workflow_run:
    workflows:
      - Caller CoreValidation
    types:
      - completed

# The env variables relate to an ARM AWS account for CMSIS_5
# If you are forking CMSIS_5 repo, please use your own info.
env:
  AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }}
  AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
  AWS_IAM_PROFILE: ${{ secrets.AWS_IAM_PROFILE }}
  AWS_S3_BUCKET_NAME: ${{ secrets.AWS_S3_BUCKET_NAME }}
  AWS_SECURITY_GROUP_ID: ${{ secrets.AWS_SECURITY_GROUP_ID }}
  AWS_SUBNET_ID: ${{ secrets.AWS_SUBNET_ID }}

jobs:
  set_pending_status_to_pr:
    runs-on: ubuntu-latest
    steps:
      - name: Set a pending status to the PR
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          curl --request POST \
            --url https://api.github.com/repos/${{ github.repository }}/statuses/${{ github.event.workflow_run.head_commit.id }} \
            --header "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
            --header 'content-type: application/json' \
            --data '{
              "state": "pending",
              "context": "CoreValidation",
              "target_url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id	}}"
              }' \
            --fail

  ci_test:
    runs-on: ubuntu-latest
    needs: set_pending_status_to_pr
    permissions:
      id-token: write
      contents: read
    outputs:
      avhresult: ${{ steps.avh.conclusion }}
      testbadge: ${{ steps.avh.outputs.badge }}
    steps:
    - name: Download workflow artifact
      uses: dawidd6/action-download-artifact@v2
      with:
        github_token: ${{ secrets.GITHUB_TOKEN }}
        workflow: caller-corevalidation.yml
        run_id: ${{ github.event.workflow_run.id }}

    - name: Read the pr_num file
      id: pr_num_reader
      uses: juliangruber/read-file-action@v1.1.6
      with:
        path: ./pr_number/pr_number
        trim: true

    - name: Clone this repo
      uses: actions/checkout@v3
      with:
        fetch-depth: 0

    - name: Checkout PR
      env:
        GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
      run: |
        gh pr checkout ${{ steps.pr_num_reader.outputs.content }}

    - name: Set up Python 3.10
      uses: actions/setup-python@v4
      with:
        python-version: '3.10'

    - name: Install AVH Client for Python
      run: |
        pip install git+https://github.com/ARM-software/avhclient.git@v0.1

    - uses: ammaraskar/gcc-problem-matcher@master

    - name: Configure AWS Credentials
      uses: aws-actions/configure-aws-credentials@v1-node16
      with:
        role-to-assume: ${{ env.AWS_ASSUME_ROLE }}
        aws-region: ${{ env.AWS_DEFAULT_REGION }}

    - name: Run tests
      id: avh
      run: |
        avhclient -b aws execute --specfile CMSIS/CoreValidation/Project/avh.yml

    - name: Archive build results
      uses: actions/upload-artifact@v3
      with:
        name: builds
        path: CMSIS/CoreValidation/Project/Core_Validation-*.zip
        retention-days: 1
        if-no-files-found: error
      if: always()

    - name: Archive test results
      uses: actions/upload-artifact@v3
      with:
        name: tests
        path: CMSIS/CoreValidation/Project/Core_Validation-*.junit
        retention-days: 1
        if-no-files-found: error
      if: always()

    - name: Archive event file
      uses: actions/upload-artifact@v3
      with:
        name: EventFile
        path: ${{ github.event_path }}

  set_success_status_to_pr:
    runs-on: ubuntu-latest
    needs: ci_test
    if: ${{ success() }}
    steps:
      - name: Set success status to the PR
        env:
          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
        run: |
          curl --request POST \
            --url https://api.github.com/repos/${{ github.repository }}/statuses/${{ github.event.workflow_run.head_commit.id }} \
            --header "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
            --header 'content-type: application/json' \
            --data '{
              "state": "success",
              "context": "CoreValidation",
              "target_url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id	}}"
              }' \
            --fail

  set_failure_status_to_pr:
    runs-on: ubuntu-latest
    needs: ci_test
    if: ${{ failure() }}
    steps:
      - name: Set failure status to the PR
        env:
          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
        run: |
          curl --request POST \
            --url https://api.github.com/repos/${{ github.repository }}/statuses/${{ github.event.workflow_run.head_commit.id }} \
            --header "authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
            --header 'content-type: application/json' \
            --data '{
              "state": "failure",
              "context": "CoreValidation",
              "target_url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id	}}"
              }' \
            --fail