diff --git a/.github/workflows/bzlmod-lock-check.yml b/.github/workflows/bzlmod-lock-check.yml index c0b6803..768e953 100644 --- a/.github/workflows/bzlmod-lock-check.yml +++ b/.github/workflows/bzlmod-lock-check.yml @@ -24,7 +24,7 @@ on: jobs: bzlmod-lock-check: - runs-on: ${{ vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} + runs-on: ${{ vars.runner_labels_ghub_standard_x64 && fromJSON(vars.runner_labels_ghub_standard_x64) || vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} steps: - name: Checkout repository (Handle all events) uses: actions/checkout@v4.2.2 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b6878a5..d9fd1c2 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -23,7 +23,7 @@ on: jobs: analyze: name: Analyze (${{ matrix.language }}) - runs-on: ubuntu-latest + runs-on: ${{ vars.runner_labels_ghub_standard_x64 && fromJSON(vars.runner_labels_ghub_standard_x64) || vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} permissions: security-events: write packages: read diff --git a/.github/workflows/copyright.yml b/.github/workflows/copyright.yml index 9e36b92..69a0750 100644 --- a/.github/workflows/copyright.yml +++ b/.github/workflows/copyright.yml @@ -24,7 +24,7 @@ on: jobs: copyright-check: - runs-on: ${{ vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} + runs-on: ${{ vars.runner_labels_ghub_standard_x64 && fromJSON(vars.runner_labels_ghub_standard_x64) || vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} steps: - name: Checkout repository uses: actions/checkout@v4.2.2 diff --git a/.github/workflows/cpp-coverage.yml b/.github/workflows/cpp-coverage.yml index 7f018e1..07ae9b5 100644 --- a/.github/workflows/cpp-coverage.yml +++ b/.github/workflows/cpp-coverage.yml @@ -63,7 +63,7 @@ permissions: jobs: coverage-report: name: C++ Coverage - runs-on: ${{ vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || inputs.runner-label }} + runs-on: ${{ vars.runner_labels_ghub_standard_x64 && fromJSON(vars.runner_labels_ghub_standard_x64) || vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || inputs.runner-label }} steps: - name: Checkout repository diff --git a/.github/workflows/docs-cleanup.yml b/.github/workflows/docs-cleanup.yml index ff88314..5bee025 100644 --- a/.github/workflows/docs-cleanup.yml +++ b/.github/workflows/docs-cleanup.yml @@ -34,7 +34,7 @@ on: jobs: docs-cleanup: name: Cleanup old documentation - runs-on: ${{ vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} + runs-on: ${{ vars.runner_labels_ghub_standard_x64 && fromJSON(vars.runner_labels_ghub_standard_x64) || vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} permissions: pages: write contents: write diff --git a/.github/workflows/docs-verify.yml b/.github/workflows/docs-verify.yml index 3c7b5c8..a323273 100644 --- a/.github/workflows/docs-verify.yml +++ b/.github/workflows/docs-verify.yml @@ -32,7 +32,7 @@ env: jobs: docs-verify: name: Docs Verification - runs-on: ${{ vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} + runs-on: ${{ vars.runner_labels_ghub_standard_x64 && fromJSON(vars.runner_labels_ghub_standard_x64) || vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} outputs: verification-result: ${{ steps.verify.outcome }} permissions: diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 9df8303..14d0226 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -48,7 +48,7 @@ env: jobs: docs-build: name: Build Documentation - runs-on: ${{ vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} + runs-on: ${{ vars.runner_labels_ghub_standard_x64 && fromJSON(vars.runner_labels_ghub_standard_x64) || vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} permissions: pull-requests: write contents: read @@ -169,7 +169,7 @@ jobs: docs-deploy: name: Deploy Documentation to GitHub Pages - runs-on: ${{ vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} + runs-on: ${{ vars.runner_labels_ghub_standard_x64 && fromJSON(vars.runner_labels_ghub_standard_x64) || vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} needs: docs-build concurrency: group: pages-deploy-${{ github.repository }}-${{ github.ref }} diff --git a/.github/workflows/format.yml b/.github/workflows/format.yml index 8cd60a7..ef070c9 100644 --- a/.github/workflows/format.yml +++ b/.github/workflows/format.yml @@ -23,7 +23,7 @@ on: jobs: format-check: - runs-on: ${{ vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} + runs-on: ${{ vars.runner_labels_ghub_standard_x64 && fromJSON(vars.runner_labels_ghub_standard_x64) || vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} steps: - name: Checkout repository uses: actions/checkout@v4.2.2 diff --git a/.github/workflows/license-check.yml b/.github/workflows/license-check.yml index e668093..6233ac8 100644 --- a/.github/workflows/license-check.yml +++ b/.github/workflows/license-check.yml @@ -32,7 +32,7 @@ on: jobs: license-check: - runs-on: ${{ vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} + runs-on: ${{ vars.runner_labels_ghub_standard_x64 && fromJSON(vars.runner_labels_ghub_standard_x64) || vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} permissions: pull-requests: write issues: write diff --git a/.github/workflows/local_on_pr.yml b/.github/workflows/local_on_pr.yml index cd8714d..a5e0a52 100644 --- a/.github/workflows/local_on_pr.yml +++ b/.github/workflows/local_on_pr.yml @@ -20,7 +20,7 @@ jobs: self_test: name: 🔬 Self Test - runs-on: ubuntu-latest + runs-on: ${{ vars.runner_labels_ghub_standard_x64 && fromJSON(vars.runner_labels_ghub_standard_x64) || vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} steps: - name: 📥 Check out uses: actions/checkout@v6 diff --git a/.github/workflows/qnx-build.yml b/.github/workflows/qnx-build.yml index b7482f8..4e80022 100644 --- a/.github/workflows/qnx-build.yml +++ b/.github/workflows/qnx-build.yml @@ -60,7 +60,7 @@ on: jobs: qnx-build: name: Build QNX target - runs-on: ${{ vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} + runs-on: ${{ vars.runner_labels_ghub_standard_x64 && fromJSON(vars.runner_labels_ghub_standard_x64) || vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} environment: ${{ inputs.environment-name }} permissions: contents: read diff --git a/.github/workflows/required-approvals.yml b/.github/workflows/required-approvals.yml index 3a63f62..96e4060 100644 --- a/.github/workflows/required-approvals.yml +++ b/.github/workflows/required-approvals.yml @@ -22,7 +22,7 @@ on: jobs: check-approvals: - runs-on: ${{ vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} + runs-on: ${{ vars.runner_labels_ghub_standard_x64 && fromJSON(vars.runner_labels_ghub_standard_x64) || vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} permissions: id-token: write contents: read diff --git a/.github/workflows/rust-coverage.yml b/.github/workflows/rust-coverage.yml index 1e4212e..3930ba5 100644 --- a/.github/workflows/rust-coverage.yml +++ b/.github/workflows/rust-coverage.yml @@ -60,7 +60,7 @@ on: jobs: rust-coverage: name: Rust Coverage - runs-on: ${{ vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} + runs-on: ${{ vars.runner_labels_ghub_standard_x64 && fromJSON(vars.runner_labels_ghub_standard_x64) || vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} steps: - name: Checkout repository (Handle all events) uses: actions/checkout@v4.2.2 diff --git a/.github/workflows/score-pr-checks.yml b/.github/workflows/score-pr-checks.yml index 4daa87c..79ec984 100644 --- a/.github/workflows/score-pr-checks.yml +++ b/.github/workflows/score-pr-checks.yml @@ -18,7 +18,7 @@ on: jobs: bazel-module-name-check: - runs-on: ubuntu-latest + runs-on: ${{ vars.runner_labels_ghub_standard_x64 && fromJSON(vars.runner_labels_ghub_standard_x64) || vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} steps: - name: Checkout code uses: actions/checkout@v4 diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml index 96fda4a..8bf3701 100644 --- a/.github/workflows/static-analysis.yml +++ b/.github/workflows/static-analysis.yml @@ -34,7 +34,7 @@ on: jobs: static-analysis: name: Static Code Analysis - runs-on: ${{ vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} + runs-on: ${{ vars.runner_labels_ghub_standard_x64 && fromJSON(vars.runner_labels_ghub_standard_x64) || vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} steps: - name: Checkout repository uses: actions/checkout@v4.2.2 diff --git a/.github/workflows/template-sync.yml b/.github/workflows/template-sync.yml index 6eb9c65..5dde85a 100644 --- a/.github/workflows/template-sync.yml +++ b/.github/workflows/template-sync.yml @@ -30,7 +30,7 @@ on: jobs: repo-sync: - runs-on: ubuntu-latest + runs-on: ${{ vars.runner_labels_ghub_standard_x64 && fromJSON(vars.runner_labels_ghub_standard_x64) || vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} permissions: contents: write pull-requests: write diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 3147d22..4e9bb0a 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -42,7 +42,7 @@ on: jobs: unit-tests: name: Test Execution - runs-on: ubuntu-latest + runs-on: ${{ vars.runner_labels_ghub_standard_x64 && fromJSON(vars.runner_labels_ghub_standard_x64) || vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} steps: - name: Checkout repository (Handle all events) diff --git a/README.md b/README.md index e61e1a0..691db54 100644 --- a/README.md +++ b/README.md @@ -6,24 +6,24 @@ These workflows integrate with **Bazel** and provide a consistent way to run **d ## Available Workflows -| Workflow | Description | -|-------------------------|--------------------------------------------------------------------| -| **Documentation Build** | Builds project documentation and deploys it to GitHub Pages | -| **Documentation Cleanup** | Cleans up old documentation versions from the `gh-pages` branch | -| **License Check** | Verifies OSS licenses and compliance | -| **Static Code Analysis**| Runs Clang-Tidy, Clippy, Pylint, and other linters | -| **Tests** | Executes tests using GoogleTest, Rust test, or pytest | -| **Rust Coverage** | Computes Rust code coverage and uploads HTML reports | -| **C++ Coverage** | Computes C++ code coverage using LCOV and uploads HTML reports | -| **Formatting Check** | Verifies code formatting using Bazel-based tools | -| **Copyright Check** | Ensures all source files have the required copyright headers | -| **Required Approvals** | Enforces stricter CODEOWNERS rules for multi-team approvals | -| **QNX Build (Gated)** | Builds QNX Bazel targets with environment-gated secrets for forks | -| **Documentation Verification** | Verifies documentation builds correctly and uploads results | -| **CodeQL Scan** | Performs security and quality analysis using GitHub CodeQL | -| **SCORE PR Checks** | Validates Bazel module naming conventions in pull requests | -| **Bzlmod Lockfile Check** | Enforces `MODULE.bazel.lock` consistency via `bazel mod tidy` | -| **Template Sync** | Synchronizes repository with eclipse-score/module_template | +| Workflow | Description | +| ------------------------------ | ----------------------------------------------------------------- | +| **Documentation Build** | Builds project documentation and deploys it to GitHub Pages | +| **Documentation Cleanup** | Cleans up old documentation versions from the `gh-pages` branch | +| **License Check** | Verifies OSS licenses and compliance | +| **Static Code Analysis** | Runs Clang-Tidy, Clippy, Pylint, and other linters | +| **Tests** | Executes tests using GoogleTest, Rust test, or pytest | +| **Rust Coverage** | Computes Rust code coverage and uploads HTML reports | +| **C++ Coverage** | Computes C++ code coverage using LCOV and uploads HTML reports | +| **Formatting Check** | Verifies code formatting using Bazel-based tools | +| **Copyright Check** | Ensures all source files have the required copyright headers | +| **Required Approvals** | Enforces stricter CODEOWNERS rules for multi-team approvals | +| **QNX Build (Gated)** | Builds QNX Bazel targets with environment-gated secrets for forks | +| **Documentation Verification** | Verifies documentation builds correctly and uploads results | +| **CodeQL Scan** | Performs security and quality analysis using GitHub CodeQL | +| **SCORE PR Checks** | Validates Bazel module naming conventions in pull requests | +| **Bzlmod Lockfile Check** | Enforces `MODULE.bazel.lock` consistency via `bazel mod tidy` | +| **Template Sync** | Synchronizes repository with eclipse-score/module_template | --- @@ -574,16 +574,31 @@ This setup significantly reduces CI build time and improves reuse across differe All workflows in this repository use the following logic for selecting the runner: ```yaml -runs-on: ${{ vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} +runs-on: ${{ vars.runner_labels_ghub_standard_x64 && fromJSON(vars.runner_labels_ghub_standard_x64) || vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} ``` This means: -- If your repository defines a variable named `REPO_RUNNER_LABELS` (e.g., in repository or organization settings), its value will be used as the runner label(s). +- If your repository defines a variable named `runner_labels_ghub_standard_x64` or `REPO_RUNNER_LABELS` (e.g., in repository or organization settings), its value will be used as the runner label(s). This allows you to use **self-hosted runners** or any custom runner configuration. -- If `REPO_RUNNER_LABELS` is **not set**, the workflow will default to GitHub-hosted `ubuntu-latest`. +- If `runner_labels_ghub_standard_x64` or `REPO_RUNNER_LABELS` is **not set**, the workflow will default to GitHub-hosted `ubuntu-latest`. **Why?** This approach allows forked repositories or projects with special requirements to use their own runners, while everyone else gets a reliable default. -> ℹ️ **Tip:** To use a self-hosted runner, set the `REPO_RUNNER_LABELS` variable in your repository or organization settings to the label(s) of your runner. +> ℹ️ **Tip:** To use a self-hosted runner, set the `runner_labels_ghub_standard_x64` or `REPO_RUNNER_LABELS` variable in your repository or organization settings to the label(s) of your runner. + +### Runner labels variable naming convention + +Since it is very likely the case that different workflows will need different runners of different sizes, oses and architectures to be cost efficiently using the runner infrastructure the variable that specifies the runner labels shall follow this naming convention: + +`runner_labels___` + +As of today following runner label variables are supported: + +- runner_labels_ghub_standard_x64 + - os: ghub - GitHub Ubuntu latest OS image + - size: standard - Maps to the specs of the "Ubuntu latest" GitHub hosted runner + - architecture: x64 - Maps to the architecture of the standard "Ubuntu latest" GitHub hosted runner. The value is taken from the [GitHub hosted runners reference page](https://docs.github.com/en/actions/reference/runners/github-hosted-runners) + +Due to this new naming convention the variable **REPO_RUNNER_LABELS is deprecated** and will be removed eventually! \ No newline at end of file