# # SPDX-FileCopyrightText: Copyright (c) 1993-2025 NVIDIA CORPORATION & AFFILIATES. All rights reserved. # SPDX-License-Identifier: Apache-2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # A workflow to trigger ci on hybrid infra (github + self hosted runner) name: Blossom-CI on: issue_comment: types: [created] workflow_dispatch: inputs: platform: description: "runs-on argument" required: false args: description: "argument" required: false jobs: Authorization: name: Authorization runs-on: blossom outputs: args: ${{ env.args }} # This job only runs for pull request comments if: | github.event.comment.body == '/blossom-ci' && ( github.actor == 'rajeevsrao' || github.actor == 'kevinch-nv' || github.actor == 'ttyio' || github.actor == 'zerollzeng' || github.actor == 'nvpohanh' || github.actor == 'poweiw' ) steps: - name: Check if comment is issued by authorized person run: blossom-ci env: OPERATION: "AUTH" REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }} REPO_KEY_DATA: ${{ secrets.BLOSSOM_KEY }} Vulnerability-scan: name: Vulnerability scan needs: [Authorization] runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v2 with: repository: ${{ fromJson(needs.Authorization.outputs.args).repo }} ref: ${{ fromJson(needs.Authorization.outputs.args).ref }} lfs: "true" - name: Run blossom action uses: NVIDIA/blossom-action@main env: REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }} REPO_KEY_DATA: ${{ secrets.BLOSSOM_KEY }} with: args1: ${{ fromJson(needs.Authorization.outputs.args).args1 }} args2: ${{ fromJson(needs.Authorization.outputs.args).args2 }} args3: ${{ fromJson(needs.Authorization.outputs.args).args3 }} Job-trigger: name: Start ci job needs: [Vulnerability-scan] runs-on: blossom steps: - name: Start ci job run: blossom-ci env: OPERATION: "START-CI-JOB" CI_SERVER: ${{ secrets.CI_SERVER }} REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }} Upload-Log: name: Upload log runs-on: blossom if: github.event_name == 'workflow_dispatch' steps: - name: Jenkins log for pull request ${{ fromJson(github.event.inputs.args).pr }} (click here) run: blossom-ci env: OPERATION: "POST-PROCESSING" CI_SERVER: ${{ secrets.CI_SERVER }} REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }}