101 lines
3.1 KiB
YAML
101 lines
3.1 KiB
YAML
#
|
|
# SPDX-FileCopyrightText: Copyright (c) 1993-2025 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
#
|
|
|
|
# A workflow to trigger ci on hybrid infra (github + self hosted runner)
|
|
name: Blossom-CI
|
|
on:
|
|
issue_comment:
|
|
types: [created]
|
|
workflow_dispatch:
|
|
inputs:
|
|
platform:
|
|
description: "runs-on argument"
|
|
required: false
|
|
args:
|
|
description: "argument"
|
|
required: false
|
|
jobs:
|
|
Authorization:
|
|
name: Authorization
|
|
runs-on: blossom
|
|
outputs:
|
|
args: ${{ env.args }}
|
|
|
|
# This job only runs for pull request comments
|
|
if: |
|
|
github.event.comment.body == '/blossom-ci' &&
|
|
(
|
|
github.actor == 'rajeevsrao' ||
|
|
github.actor == 'kevinch-nv' ||
|
|
github.actor == 'ttyio' ||
|
|
github.actor == 'zerollzeng' ||
|
|
github.actor == 'nvpohanh' ||
|
|
github.actor == 'poweiw'
|
|
)
|
|
steps:
|
|
- name: Check if comment is issued by authorized person
|
|
run: blossom-ci
|
|
env:
|
|
OPERATION: "AUTH"
|
|
REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
REPO_KEY_DATA: ${{ secrets.BLOSSOM_KEY }}
|
|
|
|
Vulnerability-scan:
|
|
name: Vulnerability scan
|
|
needs: [Authorization]
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v2
|
|
with:
|
|
repository: ${{ fromJson(needs.Authorization.outputs.args).repo }}
|
|
ref: ${{ fromJson(needs.Authorization.outputs.args).ref }}
|
|
lfs: "true"
|
|
- name: Run blossom action
|
|
uses: NVIDIA/blossom-action@main
|
|
env:
|
|
REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
REPO_KEY_DATA: ${{ secrets.BLOSSOM_KEY }}
|
|
with:
|
|
args1: ${{ fromJson(needs.Authorization.outputs.args).args1 }}
|
|
args2: ${{ fromJson(needs.Authorization.outputs.args).args2 }}
|
|
args3: ${{ fromJson(needs.Authorization.outputs.args).args3 }}
|
|
|
|
Job-trigger:
|
|
name: Start ci job
|
|
needs: [Vulnerability-scan]
|
|
runs-on: blossom
|
|
steps:
|
|
- name: Start ci job
|
|
run: blossom-ci
|
|
env:
|
|
OPERATION: "START-CI-JOB"
|
|
CI_SERVER: ${{ secrets.CI_SERVER }}
|
|
REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
Upload-Log:
|
|
name: Upload log
|
|
runs-on: blossom
|
|
if: github.event_name == 'workflow_dispatch'
|
|
steps:
|
|
- name: Jenkins log for pull request ${{ fromJson(github.event.inputs.args).pr }} (click here)
|
|
run: blossom-ci
|
|
env:
|
|
OPERATION: "POST-PROCESSING"
|
|
CI_SERVER: ${{ secrets.CI_SERVER }}
|
|
REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|