Skip to content
CI

CI #456

Sign in to view logs

CI

CI #456

Workflow file for this run

.github/workflows/ci.yml at 582084b
name: CI
on:
push:
branches:
- main
- stable/*
- release-*
- trying
- staging
pull_request: { }
merge_group: { }
workflow_dispatch: { }
workflow_call: { }
defaults:
run:
# use bash shell by default to ensure pipefail behavior is the default
# see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell: bash
env:
DOCKER_PLATFORMS: "linux/amd64,linux/arm64"
jobs:
integration-tests:
name: "[IT] ${{ matrix.name }}"
timeout-minutes: 20
runs-on: [ self-hosted, linux, amd64, "16" ]
strategy:
fail-fast: false
matrix:
group: [ modules, qa-integration, qa-update ]
include:
- group: modules
name: "Module Integration Tests"
maven-modules: "'!zeebe/qa/integration-tests,!zeebe/qa/update-tests'"
maven-build-threads: 2
maven-test-fork-count: 7
tcc-enabled: 'false'
tcc-concurrency: 1
- group: qa-integration
name: "QA Integration Tests"
maven-modules: "zeebe/qa/integration-tests"
maven-build-threads: 1
maven-test-fork-count: 10
tcc-enabled: ${{ vars.TCC_ENABLED }}
tcc-concurrency: 1
- group: qa-update
name: "QA Update Tests"
maven-modules: "zeebe/qa/update-tests"
maven-build-threads: 1
maven-test-fork-count: 10
tcc-enabled: ${{ vars.TCC_ENABLED }}
tcc-concurrency: 2
env:
ZEEBE_TEST_DOCKER_IMAGE: localhost:5000/camunda/zeebe:current-test
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-zeebe
with:
maven-cache-key-modifier: it-${{ matrix.group }}
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
- uses: ./.github/actions/build-zeebe
id: build-zeebe
with:
maven-extra-args: -T1C
- uses: ./.github/actions/build-docker
with:
repository: localhost:5000/camunda/zeebe
version: current-test
push: true
distball: ${{ steps.build-zeebe.outputs.distball }}
- name: Setup TCC
if: ${{ matrix.tcc-enabled == 'true' }}
uses: atomicjar/testcontainers-cloud-setup-action@v1
env:
TC_CLOUD_LOGS_VERBOSE: true
TC_CLOUD_CONCURRENCY: ${{ matrix.tcc-concurrency }}
with:
token: ${{ secrets.TC_CLOUD_TOKEN }}
logfile: .testcontainers-agent.log
wait: true
args: >
--private-registry-url=http://localhost:5000
--private-registry-allowed-image-name-globs=camunda/zeebe
- name: Create build output log file
run: echo "BUILD_OUTPUT_FILE_PATH=$(mktemp)" >> $GITHUB_ENV
- name: Maven Test Build
run: >
./mvnw -B -T ${{ matrix.maven-build-threads }} --no-snapshot-updates
-D forkCount=${{ matrix.maven-test-fork-count }}
-D maven.javadoc.skip=true
-D skipUTs -D skipChecks
-D failsafe.rerunFailingTestsCount=3 -D flaky.test.reportDir=failsafe-reports
-P parallel-tests,extract-flaky-tests
-pl ${{ matrix.maven-modules }}
verify
| tee "${BUILD_OUTPUT_FILE_PATH}"
- name: Terminate TCC
if: ${{ matrix.tcc-enabled == 'true'}}
uses: atomicjar/testcontainers-cloud-setup-action@v1
with:
action: terminate
- name: Analyze Test Runs
if: always()
uses: ./.github/actions/analyze-test-runs
with:
buildOutputFilePath: ${{ env.BUILD_OUTPUT_FILE_PATH }}
- name: Upload test artifacts
uses: ./.github/actions/collect-test-artifacts
if: ${{ failure() || cancelled() }}
with:
name: "[IT] ${{ matrix.name }}"
unit-tests:
name: Unit tests
runs-on: [ self-hosted, linux, amd64, "16" ]
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
- name: Install and allow strace tests
run: |
sudo apt-get -qq update && sudo apt-get install -y strace
sudo sysctl -w kernel.yama.ptrace_scope=0
- uses: ./.github/actions/setup-zeebe
with:
go: false
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
- uses: ./.github/actions/build-zeebe
with:
go: false
maven-extra-args: -T1C
- name: Create build output log file
run: echo "BUILD_OUTPUT_FILE_PATH=$(mktemp)" >> $GITHUB_ENV
- name: Maven Test Build
# we use the verify goal here as flaky test extraction is bound to the post-integration-test
# phase of Maven https://maven.apache.org/guides/introduction/introduction-to-the-lifecycle.html#default-lifecycle
run: >
./mvnw -T2 -B --no-snapshot-updates
-D skipITs -D skipChecks -D surefire.rerunFailingTestsCount=3
-D junitThreadCount=16
-P skip-random-tests,parallel-tests,extract-flaky-tests
verify
| tee "${BUILD_OUTPUT_FILE_PATH}"
- name: Normalize artifact name
run: echo "ARTIFACT_NAME=$(echo ${{ matrix.project }} | sed 's/\//-/g')" >> $GITHUB_ENV
- name: Analyze Test Runs
if: always()
uses: ./.github/actions/analyze-test-runs
with:
buildOutputFilePath: ${{ env.BUILD_OUTPUT_FILE_PATH }}
- name: Upload test artifacts
uses: ./.github/actions/collect-test-artifacts
if: ${{ failure() || cancelled() }}
with:
name: "unit tests"
smoke-tests:
name: "[Smoke] ${{ matrix.os }} with ${{ matrix.arch }}"
timeout-minutes: 20
runs-on: ${{ matrix.runner }}
strategy:
fail-fast: false
matrix:
os: [ macos, windows, linux ]
arch: [ amd64 ]
include:
- os: macos
runner: macos-latest
- os: windows
runner: windows-latest
- os: linux
runner: [ self-hosted, linux, amd64 ]
- os: linux
runner: "aws-arm-core-4-default"
arch: arm64
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-zeebe
with:
go: false
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
docker: ${{ matrix.os != 'macos' && matrix.os != 'windows' }}
- uses: ./.github/actions/build-zeebe
id: build-zeebe
with:
go: false
maven-extra-args: -T1C
- uses: ./.github/actions/build-docker
id: build-docker
# Currently only Linux runners support building docker images without further ado
if: ${{ runner.os == 'Linux' }}
with:
version: current-test
distball: ${{ steps.build-zeebe.outputs.distball }}
platforms: linux/${{ matrix.arch }}
push: false
- name: Run smoke test on ${{ matrix.arch }}
env:
# For non Linux runners there is no container available for testing, see build-docker job
EXCLUDED_TEST_GROUPS: ${{ runner.os != 'Linux' && 'container' }}
run: >
./mvnw -B --no-snapshot-updates
-DskipUTs -DskipChecks -Dsurefire.rerunFailingTestsCount=3
-pl zeebe/qa/integration-tests
-P smoke-test,extract-flaky-tests
-D excludedGroups=$EXCLUDED_TEST_GROUPS
verify
- name: Upload test artifacts
uses: ./.github/actions/collect-test-artifacts
if: ${{ failure() || cancelled() }}
with:
name: "[Smoke] ${{ matrix.os }} with ${{ matrix.arch }}"
property-tests:
name: Property Tests
runs-on: [ self-hosted, linux, amd64, "16" ]
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-zeebe
with:
go: false
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
- uses: ./.github/actions/build-zeebe
with:
go: false
maven-extra-args: -T1C
- name: Create build output log file
run: echo "BUILD_OUTPUT_FILE_PATH=$(mktemp)" >> $GITHUB_ENV
- name: Maven Test Build
run: >
./mvnw -T1C -B --no-snapshot-updates
-P parallel-tests,include-random-tests
-D junitThreadCount=16
-D skipChecks
test
| tee "${BUILD_OUTPUT_FILE_PATH}"
- name: Analyze Test Runs
if: always()
uses: ./.github/actions/analyze-test-runs
with:
buildOutputFilePath: ${{ env.BUILD_OUTPUT_FILE_PATH }}
- name: Upload test artifacts
uses: ./.github/actions/collect-test-artifacts
if: ${{ failure() || cancelled() }}
with:
name: Property Tests
performance-tests:
name: Performance Tests
runs-on: [ self-hosted, linux, amd64, "16" ]
timeout-minutes: 30
env:
ZEEBE_PERFORMANCE_TEST_RESULTS_DIR: "/tmp/jmh"
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-zeebe
with:
go: false
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
- uses: ./.github/actions/build-zeebe
with:
go: false
- name: Create build output log file
run: echo "BUILD_OUTPUT_FILE_PATH=$(mktemp)" >> $GITHUB_ENV
- name: Maven Test Build
run: >
./mvnw -B --no-snapshot-updates
-P include-performance-tests
-D skipChecks
-T1C
test
| tee "${BUILD_OUTPUT_FILE_PATH}"
env:
LARGE_STATE_CONTROLLER_PERFORMANCE_TEST_SIZE_GB: "4"
- name: Analyze Test Runs
if: always()
uses: ./.github/actions/analyze-test-runs
with:
buildOutputFilePath: ${{ env.BUILD_OUTPUT_FILE_PATH }}
- name: Summarize test results
if: always()
run: |
echo '## Performance Test Results' >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
FILES="${ZEEBE_PERFORMANCE_TEST_RESULTS_DIR}/*.txt"
for file in $FILES; do
cat "${file}" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
done
echo '```' >> $GITHUB_STEP_SUMMARY
- name: Upload test artifacts
uses: ./.github/actions/collect-test-artifacts
if: ${{ failure() || cancelled() }}
with:
name: Performance Tests
go-client:
name: Go client tests
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-zeebe
with:
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
- uses: ./.github/actions/build-zeebe
id: build-zeebe
- uses: ./.github/actions/build-docker
id: build-docker
with:
repository: camunda/zeebe
version: current-test
distball: ${{ steps.build-zeebe.outputs.distball }}
- name: Run Go tests
working-directory: clients/go
run: go test -mod=vendor -v ./...
codeql:
name: CodeQL
runs-on: [ self-hosted, linux, amd64, "16" ]
permissions:
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- uses: ./.github/actions/setup-zeebe
with:
go: false
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: java
queries: +security-and-quality
- uses: ./.github/actions/build-zeebe
with:
maven-extra-args: -T1C
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
upload: False
output: sarif-results
- name: Remove results for generated code
uses: advanced-security/filter-sarif@main
with:
patterns: |
+**/*.java
-**/generated-sources/**/*.java
-**/generated-test-sources/**/*.java
input: sarif-results/java.sarif
output: sarif-results/java.sarif
- name: Upload CodeQL Results
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: sarif-results/java.sarif
go-lint:
name: Go linting
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-zeebe
with:
java: false
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
- name: golangci-lint
uses: golangci/golangci-lint-action@v4
with:
# fixed to avoid triggering false positive; see https://github.com/golangci/golangci-lint-action/issues/535
version: v1.55.2
# caching issues, see: https://github.com/golangci/golangci-lint-action/issues/244#issuecomment-1052190775
skip-pkg-cache: true
skip-build-cache: true
working-directory: clients/go
go-apidiff:
name: Go Backward Compatibility
runs-on: ubuntu-latest
env:
# bors-ng fails to set ${GITHUB_BASE_REF} to the target PR branch which breaks go-apidiff
# so we use this fixed value as a workaround
GO_CLIENT_BASE_REF: stable/8.4
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-zeebe
with:
java: false
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
# Fetching a shallow copy of the ${GITHUB_BASE_REF} branch to check the compatibility against
- name: Fetching Base Branch
run: |
git fetch --depth=1 origin ${{ env.GO_CLIENT_BASE_REF }}
- uses: joelanford/go-apidiff@main
with:
base-ref: origin/${{ env.GO_CLIENT_BASE_REF }}
java-checks:
name: Java checks
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-zeebe
with:
go: false
maven-cache-key-modifier: java-checks
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
- run: ./mvnw -T1C -B -D skipTests -P !autoFormat,checkFormat,spotbugs verify
docker-checks:
name: Docker checks
runs-on: ubuntu-latest
services:
# local registry is used as this job needs to push as it builds multi-platform images
registry:
image: registry:2
ports:
- 5000:5000
env:
LOCAL_DOCKER_IMAGE: localhost:5000/camunda/zeebe
steps:
- uses: actions/checkout@v4
- uses: hadolint/[email protected]
with:
config: ./.hadolint.yaml
dockerfile: ./Dockerfile
format: sarif
output-file: ./hadolint.sarif
no-color: true
verbose: true
- name: Upload Hadolint Results
if: always()
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ./hadolint.sarif
- uses: ./.github/actions/setup-zeebe
with:
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
- uses: ./.github/actions/build-zeebe
id: build-zeebe
- uses: ./.github/actions/build-docker
id: build-docker
with:
# we use a local registry for pushing
repository: ${{ env.LOCAL_DOCKER_IMAGE }}
distball: ${{ steps.build-zeebe.outputs.distball }}
platforms: ${{ env.DOCKER_PLATFORMS }}
# push is needed for multi-arch images as buildkit does not support loading them locally
push: true
- name: Verify Docker image
uses: ./.github/actions/verify-zeebe-docker
with:
imageName: ${{ env.LOCAL_DOCKER_IMAGE }}
date: ${{ steps.build-docker.outputs.date }}
revision: ${{ github.sha }}
version: ${{ steps.build-docker.outputs.version }}
platforms: ${{ env.DOCKER_PLATFORMS }}
test-summary:
# Used by the merge queue to check all tests, including the unit test matrix.
# New test jobs must be added to the `needs` lists!
# This name is hard-coded in the branch rules; remember to update that if this name changes
name: Test summary
if: always()
runs-on: ubuntu-latest
needs:
- integration-tests
- unit-tests
- smoke-tests
- property-tests
- performance-tests
- go-client
- codeql
- java-checks
- go-lint
- go-apidiff
- docker-checks
steps:
- run: exit ${{ ((contains(needs.*.result, 'skipped') || contains(needs.*.result, 'failure')) && 1) || 0 }}
deploy-snapshots:
name: Deploy snapshot artifacts
needs: [ test-summary ]
runs-on: ubuntu-latest
if: github.repository == 'camunda/zeebe' && github.ref == 'refs/heads/main'
concurrency:
group: deploy-maven-snapshot
cancel-in-progress: false
steps:
- uses: actions/checkout@v4
- name: Import Secrets
id: secrets
uses: hashicorp/[email protected]
with:
url: ${{ secrets.VAULT_ADDR }}
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
secrets: |
secret/data/products/zeebe/ci/zeebe ARTIFACTS_USR;
secret/data/products/zeebe/ci/zeebe ARTIFACTS_PSW;
- uses: actions/[email protected]
with:
distribution: 'temurin'
java-version: '21'
# Use CI Nexus as co-located pull-through cache for Maven artifacts via ~/.m2/settings.xml
- name: 'Create settings.xml'
uses: s4u/[email protected]
with:
githubServer: false
servers: |
[{
"id": "camunda-nexus",
"username": "${{ steps.secrets.outputs.ARTIFACTS_USR }}",
"password": "${{ steps.secrets.outputs.ARTIFACTS_PSW }}"
}]
mirrors: '[{"url": "https://repository.nexus.camunda.cloud/content/groups/internal/", "id": "camunda-nexus", "mirrorOf": "zeebe,zeebe-snapshots", "name": "camunda Nexus"}]'
# compile and generate-sources to ensure that the Javadoc can be properly generated; compile is
# necessary when using annotation preprocessors for code generation, as otherwise the symbols are
# not resolve-able by the Javadoc generator
- run: ./mvnw -B -D skipTests -D skipChecks compile generate-sources source:jar javadoc:jar deploy
env:
MAVEN_USERNAME: ${{ steps.secrets.outputs.ARTIFACTS_USR }}
MAVEN_PASSWORD: ${{ steps.secrets.outputs.ARTIFACTS_PSW }}
deploy-docker-snapshot:
name: Deploy snapshot Docker image
needs: [ test-summary ]
runs-on: ubuntu-latest
if: github.repository == 'camunda/zeebe' && github.ref == 'refs/heads/main'
concurrency:
group: deploy-docker-snapshot
cancel-in-progress: false
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-zeebe
with:
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
docker-token: REGISTRY_HUB_DOCKER_COM_PSW
- uses: ./.github/actions/build-zeebe
id: build-zeebe
- uses: ./.github/actions/build-docker
id: build-docker
with:
repository: camunda/zeebe
version: SNAPSHOT
platforms: ${{ env.DOCKER_PLATFORMS }}
push: true
distball: ${{ steps.build-zeebe.outputs.distball }}
deploy-benchmark-images:
name: Deploy benchmark images
needs: [ test-summary ]
runs-on: ubuntu-latest
if: github.repository == 'camunda/zeebe' && github.ref == 'refs/heads/main'
concurrency:
group: deploy-benchmark-images
cancel-in-progress: false
permissions:
contents: 'read'
id-token: 'write'
steps:
- uses: actions/checkout@v4
- uses: google-github-actions/auth@v2
id: auth
with:
token_format: 'access_token'
workload_identity_provider: 'projects/628707732411/locations/global/workloadIdentityPools/zeebe-gh-actions/providers/gha-provider'
service_account: '[email protected]'
- name: Login to GCR
uses: docker/login-action@v3
with:
registry: gcr.io
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}
- uses: ./.github/actions/setup-zeebe
with:
secret_vault_secretId: ${{ secrets.VAULT_SECRET_ID }}
secret_vault_address: ${{ secrets.VAULT_ADDR }}
secret_vault_roleId: ${{ secrets.VAULT_ROLE_ID }}
- run: ./mvnw -B -D skipTests -D skipChecks -pl zeebe/benchmarks/project -am package
- name: Build Starter Image
run: ./mvnw -pl zeebe/benchmarks/project jib:build -P starter
- name: Build Worker Image
run: ./mvnw -pl zeebe/benchmarks/project jib:build -P worker
deploy-snyk-projects:
name: Deploy Snyk development projects
needs: [ test-summary ]
if: |
github.repository == 'camunda/zeebe' &&
github.event_name == 'push' &&
(startsWith(github.ref_name, 'stable/') || github.ref_name == 'main')
concurrency:
group: deploy-snyk-projects
cancel-in-progress: false
uses: ./.github/workflows/snyk.yml
with:
monitor: true
build: true
secrets: inherit
notify-if-failed:
name: Send slack notification on build failure
runs-on: ubuntu-latest
needs: [ test-summary, deploy-snapshots, deploy-docker-snapshot, deploy-snyk-projects ]
if: failure() && github.repository == 'camunda/zeebe' && github.ref == 'refs/heads/main'
steps:
- id: slack-notify
name: Send slack notification
uses: slackapi/[email protected]
with:
# For posting a rich message using Block Kit
payload: |
{
"text": ":alarm: Build on `main` failed! :alarm:\n${{ github.event.head_commit.url }}",
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": ":alarm: Build on `main` failed! :alarm:"
}
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "Please check the related commit: ${{ github.event.head_commit.url }}\n \\cc @zeebe-medic"
}
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
auto-merge:
# This workflow will auto merge a PR authored by backport-action or renovate[bot].
# It runs only on open PRs ready for review.
#
# It will merge the PR only if it is authored by backport-action and all CI checks are successful
# OR if it is authored by renovate[bot] and all CI checks are successful.
#
# The workflow is divided into multiple sequential jobs to allow giving only minimal permissions to
# the GitHub token passed around.
name: Auto-merge backport, release, and renovate PRs
runs-on: ubuntu-latest
needs: [ test-summary ]
if: |
github.repository == 'camunda/zeebe' &&
(github.actor == 'backport-action' || github.actor == 'renovate[bot]' || github.actor == 'camundait')
permissions:
checks: read
pull-requests: write
env:
GITHUB_TOKEN: ${{ secrets.AUTOMERGE_TOKEN }}
steps:
- uses: actions/checkout@v4
- id: approve-and-merge-backport-renovate
name: Approve and merge backport PR
run: |
gh pr review ${{ github.event.pull_request.number }} --approve
# Call the API directly to work around https://github.com/cli/cli/issues/8352
gh api graphql -f query='mutation PullRequestAutoMerge {enablePullRequestAutoMerge(input: {pullRequestId: "${{ github.event.pull_request.node_id }}"}) {clientMutationId}}'
# This job will trigger another workflow such that it will trigger a re-run of this failing workflow
# We can't automatically do this here, since you can only re-run a workflow if it has finished,
# and while this job is running, the workflow clearly hasn't finished
#
# It will only retry if the workflow failed, the run count is < 3 (to avoid infinite loops), and
# the author is backport-action, renovate, or camundait (for release PRs)
retry-workflow:
name: Retry release, renovate, or backport PRs automatically
needs: [ test-summary ]
if: |
failure() &&
fromJSON(github.run_attempt) < 3 &&
github.repository == 'camunda/zeebe' &&
(github.actor == 'backport-action' || github.actor == 'renovate[bot]' || github.actor == 'camundait')
runs-on: ubuntu-latest
env:
GH_REPO: ${{ github.repository }}
GH_TOKEN: ${{ github.token }}
steps:
- name: Retry workflow run ${{ github.run_id }}
run: gh workflow run retry-workflow.yml -F run_id=${{ github.run_id }}