-
Notifications
You must be signed in to change notification settings - Fork 118
150 lines (132 loc) · 4.94 KB
/
run_integration_tests.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
name: "[Tests] Run integration tests"
on:
schedule:
- cron: '0 0 * * 1-5' # At 00:00 on every day-of-week from Monday through Friday
workflow_dispatch: # or manually
# TODO: update workflow permissions to least privilege after auditing all the APIs used
# permissions: # limit the permissions of the GITHUB_TOKEN to reading repository contents
# contents: read
jobs:
cancel_previous:
permissions:
actions: write # for styfle/cancel-workflow-action to cancel/stop running workflows
runs-on: macos-latest
steps:
- name: Cancel Previous Runs
uses: styfle/[email protected]
with:
access_token: '${{ secrets.GITHUB_TOKEN }}'
should_run_it:
runs-on: macos-latest
outputs:
run_integration_tests: ${{ steps.should-run-step.outputs.should_run }}
pr_number: ${{ steps.pr_number.outputs.number }}
steps:
- name: Check if integrations tests should run
id: should-run-step
env:
run_it: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }}
run: |
echo "event name: ${{ github.event_name }}"
echo "should_run=${{ env.run_it }}" >> $GITHUB_OUTPUT
run-it-full-suite:
needs: [ should_run_it ]
if: needs.should_run_it.outputs.run_integration_tests == 'true'
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ macos-latest, windows-latest, ubuntu-latest ]
fail-fast: false
outputs:
job_status: ${{ job.status }}
build-scan-url: ${{ steps.run-it.outputs.build-scan-url }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
# TODO: change to 'egress-policy: block' after auditing a number of runs and updating the allowed-endpoints option accordingly
- name: Checkout code
uses: actions/checkout@v4
- uses: actions/cache@v4
with:
path: ~/.gradle/caches
key: macos-gradle-${{ hashFiles('**/*.gradle*') }}
restore-keys: |
macos-gradle-
- name: Prepare Google Service Account
env:
GCLOUD_KEY: ${{ secrets.GCLOUD_KEY }}
run: |
if [ "$RUNNER_OS" == "Windows" ]; then
GCLOUD_DIR=$HOMEPATH\\.config\\gcloud\\
mkdir -p $GCLOUD_DIR
echo $GCLOUD_KEY > key.txt
certutil -decode key.txt $GCLOUD_DIR\application_default_credentials.json
else
GCLOUD_DIR="$HOME/.config/gcloud/"
mkdir -p "$GCLOUD_DIR"
echo "$GCLOUD_KEY" | base64 --decode > "$GCLOUD_DIR/application_default_credentials.json"
fi
shell: bash
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
- name: Gradle integration tests
id: run-it
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
HEAD_REF: ${{ github.ref }}
run: ./gradlew integrationTests
- name: Export Variables for FlankScripts
if: ${{ always() }}
uses: UnlyEd/[email protected]
with:
variables: |
${{ runner.os }}=${{ job.status }}
${{ runner.os }}-bs=${{steps.run-it.outputs.build-scan-url}}
process-results:
needs: [ run-it-full-suite ]
runs-on: macos-latest
steps:
- name: Import variable
uses: UnlyEd/[email protected]
with:
delimiter: ','
variables: |
Windows,Windows-bs,macOS,macOS-bs,Linux,Linux-bs
- name: Checkout code
uses: actions/checkout@v4
- name: Download flankScripts and add it to PATH
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
./gradlew :flank-scripts:download
echo "./flank-scripts/bash" >> $GITHUB_PATH
- name: Process IT results
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
flankScripts integration_tests process_results \
--global-result=${{ needs.run-it-full-suite.outputs.job_status }} \
--run-result='${{ toJSON(env) }}' \
--github-token="$GH_TOKEN" \
--run-id=${{ github.run_id }}
trigger-pointer:
runs-on: ubuntu-latest
needs: [ process-results ]
steps:
- name: Harden Runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
# TODO: change to 'egress-policy: block' after auditing a number of runs and updating the allowed-endpoints option accordingly
- uses: tibdex/github-app-token@v2
id: generate-token
with:
app_id: ${{ secrets.FLANK_RELEASE_APP_ID }}
private_key: ${{ secrets.FLANK_RELEASE_PRIVATE_KEY }}
- name: Repository Dispatch
uses: peter-evans/repository-dispatch@v3
with:
token: ${{ steps.generate-token.outputs.token }}
event-type: integration-pointer