| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115 |
- # Run secret-dependent e2e tests only after /ok-to-test approval
- on:
- pull_request:
- repository_dispatch:
- types: [ok-to-test-command]
- permissions:
- id-token: write
- checks: write
- contents: read
- name: e2e tests
- env:
- # Common versions
- GO_VERSION: '1.21'
- GINKGO_VERSION: 'v2.8.0'
- DOCKER_BUILDX_VERSION: 'v0.4.2'
- KIND_VERSION: 'v0.17.0'
- KIND_IMAGE: 'kindest/node:v1.26.0'
- # Common users. We can't run a step 'if secrets.GHCR_USERNAME != ""' but we can run
- # a step 'if env.GHCR_USERNAME' != ""', so we copy these to succinctly test whether
- # credentials have been provided before trying to run steps that need them.
- GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}
- GCP_SM_SA_JSON: ${{ secrets.GCP_SM_SA_JSON}}
- GCP_GKE_ZONE: ${{ secrets.GCP_GKE_ZONE}}
- GCP_GSA_NAME: ${{ secrets.GCP_GSA_NAME}} # Goolge Service Account
- GCP_KSA_NAME: ${{ secrets.GCP_KSA_NAME}} # Kubernetes Service Account
- GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID}}
- AWS_REGION: "eu-central-1"
- AWS_OIDC_ROLE_ARN: ${{ secrets.AWS_OIDC_ROLE_ARN }}
- TFC_AZURE_CLIENT_ID: ${{ secrets.TFC_AZURE_CLIENT_ID}}
- TFC_AZURE_CLIENT_SECRET: ${{ secrets.TFC_AZURE_CLIENT_SECRET }}
- TFC_AZURE_TENANT_ID: ${{ secrets.TFC_AZURE_TENANT_ID}}
- TFC_AZURE_SUBSCRIPTION_ID: ${{ secrets.TFC_AZURE_SUBSCRIPTION_ID }}
- TFC_VAULT_URL: ${{ secrets.TFC_VAULT_URL}}
-
- SCALEWAY_API_URL: ${{ secrets.SCALEWAY_API_URL }}
- SCALEWAY_REGION: ${{ secrets.SCALEWAY_REGION }}
- SCALEWAY_PROJECT_ID: ${{ secrets.SCALEWAY_PROJECT_ID }}
- SCALEWAY_ACCESS_KEY: ${{ secrets.SCALEWAY_ACCESS_KEY }}
- SCALEWAY_SECRET_KEY: ${{ secrets.SCALEWAY_SECRET_KEY }}
- DELINEA_TLD: ${{ secrets.DELINEA_TLD }}
- DELINEA_URL_TEMPLATE: ${{ secrets.DELINEA_URL_TEMPLATE }}
- DELINEA_TENANT: ${{ secrets.DELINEA_TENANT }}
- DELINEA_CLIENT_ID: ${{ secrets.DELINEA_CLIENT_ID }}
- DELINEA_CLIENT_SECRET: ${{ secrets.DELINEA_CLIENT_SECRET }}
- jobs:
- integration-trusted:
- runs-on: ubuntu-latest
- if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && github.actor !='dependabot[bot]'
- steps:
- - name: Branch based PR checkout
- uses: actions/checkout@v4
- - name: Fetch History
- run: git fetch --prune --unshallow
- - uses: ./.github/actions/e2e
- # Repo owner has commented /ok-to-test on a (fork-based) pull request
- integration-fork:
- runs-on: ubuntu-latest
- if: github.event_name == 'repository_dispatch'
- steps:
- # Check out merge commit
- - name: Fork based /ok-to-test checkout
- uses: actions/checkout@v4
- with:
- ref: 'refs/pull/${{ github.event.client_payload.pull_request.number }}/merge'
- - name: Fetch History
- run: git fetch --prune --unshallow
- - uses: ./.github/actions/e2e
- # Update check run called "integration-fork"
- - uses: actions/github-script@v6
- id: update-check-run
- if: ${{ always() }}
- env:
- number: ${{ github.event.client_payload.pull_request.number }}
- job: ${{ github.job }}
- # Conveniently, job.status maps to https://developer.github.com/v3/checks/runs/#update-a-check-run
- conclusion: ${{ job.status }}
- with:
- github-token: ${{ secrets.GITHUB_TOKEN }}
- script: |
- const { data: pull } = await github.rest.pulls.get({
- ...context.repo,
- pull_number: process.env.number
- });
- const ref = pull.head.sha;
- console.log("\n\nPR sha: " + ref)
- const { data: checks } = await github.rest.checks.listForRef({
- ...context.repo,
- ref
- });
- console.log("\n\nPR CHECKS: " + checks)
- const check = checks.check_runs.filter(c => c.name === process.env.job);
- console.log("\n\nPR Filtered CHECK: " + check)
- console.log(check)
- const { data: result } = await github.rest.checks.update({
- ...context.repo,
- check_run_id: check[0].id,
- status: 'completed',
- conclusion: process.env.conclusion
- });
- return result;
|
