aws-encryption-sdk-python/.github/workflows/pull.yml at master · aws/aws-encryption-sdk-python · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
name: Pull Request Workflow

on:
  pull_request:

# Concurrency control helps avoid CodeBuild throttling.
# When new commits are pushed, the previous workflow run is cancelled.
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

permissions:
  id-token: write
  contents: read

jobs:
  # Call each workflow with appropriate parameters
  codebuild_batch:
    uses: ./.github/workflows/ci_codebuild_batch.yml
    secrets:
      CI_AWS_ROLE_ARN: ${{ secrets.CI_AWS_ROLE_ARN }}
  codebuild_tests:
    uses: ./.github/workflows/ci_codebuild-tests.yml
    secrets:
      CI_AWS_ROLE_ARN: ${{ secrets.CI_AWS_ROLE_ARN }}
  decrypt_oracle:
    uses: ./.github/workflows/ci_decrypt-oracle.yaml
  static_analysis:
    uses: ./.github/workflows/ci_static-analysis.yaml
  test_vector_handler:
    uses: ./.github/workflows/ci_test-vector-handler.yaml
    secrets:
      INTEG_AWS_ACCESS_KEY_ID: ${{ secrets.INTEG_AWS_ACCESS_KEY_ID }}
      INTEG_AWS_SECRET_ACCESS_KEY: ${{ secrets.INTEG_AWS_SECRET_ACCESS_KEY }}
  tests:
    uses: ./.github/workflows/ci_tests.yaml
  pr-ci-all-required:
    if: always()
    needs:
      - codebuild_batch
      - codebuild_tests
      - decrypt_oracle
      - static_analysis
      - test_vector_handler
      - tests
    runs-on: ubuntu-22.04
    steps:
      - name: Verify all required jobs passed
        uses: re-actors/alls-green@release/v1
        with:
          jobs: ${{ toJSON(needs) }}