tflite-micro/.github/workflows/pr_test.yml at main · tensorflow/tflite-micro · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
name: PR Tests

on:
  pull_request_target:
    types:
      - synchronize
      - labeled

concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
  cancel-in-progress: true

jobs:
  gatekeeper:
    runs-on: ubuntu-latest
    outputs:
      scope: ${{ steps.check-scope.outputs.scope }}
      is_trusted: ${{ steps.check-scope.outputs.is_trusted }}
    steps:
      - name: check-scope
        id: check-scope
        uses: actions/github-script@v8
        with:
          github-token: ${{ secrets.TFLM_BOT_REPO_TOKEN }}
          script: |
            const { data: permission } = await github.rest.repos.getCollaboratorPermissionLevel({
              owner: context.repo.owner,
              repo: context.repo.repo,
              username: context.payload.pull_request.user.login
            });
            const trustedRoles = ['admin', 'maintain', 'write', 'triage'];
            const isTrusted = trustedRoles.includes(permission.permission);
            core.setOutput('is_trusted', isTrusted ? 'true' : 'false');

            const labels = context.payload.pull_request.labels.map(l => l.name);

            let scope = "none";
            if (labels.includes('ci:full')) {
              scope = "all";
            } else if (labels.includes('ci:ready')) {
              scope = "basic";
            } else if (isTrusted) {
              // Maintainers and bots have 'basic' scope by default on every push
              scope = "basic";
            }

            if (context.payload.action === 'labeled') {
              const labelName = context.payload.label.name;
              if (labelName !== 'ci:ready' && labelName !== 'ci:full') {
                scope = "none";
              }
            }

            core.setOutput('scope', scope);

  approval-gate:
    needs: gatekeeper
    if: needs.gatekeeper.outputs.scope != 'none'
    runs-on: ubuntu-latest
    # If untrusted, use integration-test. Otherwise, use empty string (no gate).
    environment: ${{ needs.gatekeeper.outputs.is_trusted == 'false' && 'integration-test' || '' }}
    steps:
      - name: Authorize
        run: echo "CI Authorized."

  call-check-tflite-files:
    uses: ./.github/workflows/check_tflite_files.yml
    with:
      trigger-sha: ${{ github.event.pull_request.head.sha }}
      pr-number: ${{ github.event.pull_request.number }}
      pr-body: ${{ github.event.pull_request.body }}

  call-core:
    needs: [gatekeeper, approval-gate]
    if: needs.gatekeeper.outputs.scope != 'none'
    uses: ./.github/workflows/suite_core.yml
    with:
      trigger-sha: ${{ github.event.pull_request.head.sha }}
    secrets:
      tflm-bot-token: ${{ secrets.TFLM_BOT_PACKAGE_READ_TOKEN }}

  call-windows:
    needs: [gatekeeper, approval-gate]
    if: needs.gatekeeper.outputs.scope != 'none'
    uses: ./.github/workflows/test_windows.yml
    with:
      trigger-sha: ${{ github.event.pull_request.head.sha }}

  call-cortex-m:
    needs: [gatekeeper, approval-gate]
    if: needs.gatekeeper.outputs.scope != 'none'
    uses: ./.github/workflows/suite_cortex_m.yml
    with:
      trigger-sha: ${{ github.event.pull_request.head.sha }}
      scope: ${{ needs.gatekeeper.outputs.scope }}
    secrets:
      tflm-bot-token: ${{ secrets.TFLM_BOT_PACKAGE_READ_TOKEN }}

  call-xtensa:
    needs: [gatekeeper, approval-gate]
    if: needs.gatekeeper.outputs.scope != 'none'
    uses: ./.github/workflows/suite_xtensa.yml
    with:
      trigger-sha: ${{ github.event.pull_request.head.sha }}
      scope: ${{ needs.gatekeeper.outputs.scope }}
    secrets:
      tflm-bot-token: ${{ secrets.TFLM_BOT_PACKAGE_READ_TOKEN }}

  call-hexagon:
    needs: [gatekeeper, approval-gate]
    if: needs.gatekeeper.outputs.scope != 'none'
    uses: ./.github/workflows/suite_hexagon.yml
    with:
      trigger-sha: ${{ github.event.pull_request.head.sha }}
    secrets:
      tflm-bot-token: ${{ secrets.TFLM_BOT_PACKAGE_READ_TOKEN }}

  call-riscv:
    needs: [gatekeeper, approval-gate]
    if: needs.gatekeeper.outputs.scope == 'all'
    uses: ./.github/workflows/suite_riscv.yml
    with:
      trigger-sha: ${{ github.event.pull_request.head.sha }}
    secrets:
      tflm-bot-token: ${{ secrets.TFLM_BOT_PACKAGE_READ_TOKEN }}

  tests-passed:
    needs: [gatekeeper, approval-gate, call-check-tflite-files, call-core, call-windows, call-cortex-m, call-xtensa, call-hexagon, call-riscv]
    if: always()
    runs-on: ubuntu-latest
    steps:
      - run: |
          # If skipped, result is 'skipped' or 'success' depending on logic?
          # needs.*.result contains 'skipped' if job didn't run.
          # We fail if any result is 'failure' or 'cancelled'.
          if [[ "${{ contains(needs.*.result, 'failure') }}" == "true" || "${{ contains(needs.*.result, 'cancelled') }}" == "true" ]]; then
            echo "One or more dependent jobs failed."
            exit 1
          fi
          # If gatekeeper said none, everything skipped. That's success (nothing failed).
          exit 0