gha: macOS & Windows #10475
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "gha: macOS & Windows" | |
| on: | |
| # Only trigger on actual pushes to these branches. | |
| # A PR merge counts as a push to the target branch. | |
| push: | |
| branches: [ 'main', 'ci-gha**' ] | |
| # Only users with write access can trigger this | |
| workflow_dispatch: | |
| inputs: | |
| run_macos: | |
| description: 'Run macOS tests' | |
| type: boolean | |
| default: true | |
| run_windows: | |
| description: 'Run Windows tests' | |
| type: boolean | |
| default: true | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| pre-flight: | |
| # Manual runs (workflow_dispatch) are treated as internal/trusted | |
| environment: >- | |
| ${{ | |
| (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && 'internal' || | |
| (contains(fromJSON(vars.TRUSTED_FORKS), github.actor) && 'internal') || | |
| 'external' | |
| }} | |
| name: Require Approval for External PRs | |
| runs-on: ubuntu-latest | |
| outputs: | |
| checkout-sha: ${{ steps.save-sha.outputs.sha }} | |
| steps: | |
| - name: Save SHA | |
| id: save-sha | |
| # github.sha will point to the head of the branch selected in the manual dropdown | |
| run: echo "sha=${{ github.sha }}" >> $GITHUB_OUTPUT | |
| # Run other jobs once the `pre-flight` job passes. When the `pre-flight` | |
| # job requires approval, these blocks all the other jobs. The jobs are defined | |
| # in separate files to keep the size of this file under control. Note how | |
| # the additional jobs inherit any secrets needed to use the remote caches and | |
| # receive what version to checkout as an input. | |
| macos-cmake: | |
| name: macOS-CMake | |
| permissions: | |
| contents: read | |
| id-token: write | |
| attestations: write | |
| # Logic: Run if it's a push OR if the manual checkbox was checked | |
| if: | | |
| github.event_name == 'push' || inputs.run_macos == true | |
| needs: [pre-flight] | |
| uses: ./.github/workflows/macos-cmake.yml | |
| with: | |
| checkout-ref: ${{ needs.pre-flight.outputs.checkout-sha }} | |
| secrets: inherit | |
| windows-cmake: | |
| name: Windows-CMake | |
| if: | | |
| github.event_name == 'push' || inputs.run_windows == true | |
| needs: [pre-flight] | |
| uses: ./.github/workflows/windows-cmake.yml | |
| with: | |
| checkout-ref: ${{ needs.pre-flight.outputs.checkout-sha }} | |
| secrets: inherit |