From 455a9f311218f138e8a892e3195a93a28c8d4d20 Mon Sep 17 00:00:00 2001 From: Tomas Karasek Date: Fri, 4 Aug 2023 13:53:48 +0300 Subject: [PATCH 1/3] Add integration test workflow for PRs --- .github/workflows/integration-tests-pr.yml | 120 +++++++++++++++++++++ .github/workflows/integration-tests.yml | 5 +- 2 files changed, 124 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/integration-tests-pr.yml diff --git a/.github/workflows/integration-tests-pr.yml b/.github/workflows/integration-tests-pr.yml new file mode 100644 index 0000000..56826e3 --- /dev/null +++ b/.github/workflows/integration-tests-pr.yml @@ -0,0 +1,120 @@ +on: + pull_request: + workflow_dispatch: + inputs: + tests: + description: 'The tests to run.' + required: true + sha: + description: 'The hash value of the commit.' + required: true + pull_request_number: + description: 'The number of the PR.' + required: false + +name: Integration tests on PR + +jobs: + integration-fork: + runs-on: ubuntu-latest + defaults: + run: + working-directory: .ansible/collections/ansible_collections/equinix/cloud + + if: github.event_name == 'workflow_dispatch' && inputs.sha != '' + steps: + - uses: actions-ecosystem/action-regex-match@v2 + id: disallowed-char-check + with: + text: ${{ inputs.tests }} + regex: '[^a-z0-9_]' + flags: gi + + # Check out merge commit + - name: Checkout PR + uses: actions/checkout@v3 + with: + ref: ${{ inputs.sha }} + path: .ansible/collections/ansible_collections/equinix/cloud + + # Install deps + - name: update packages + run: sudo apt-get update -y + + - name: install make + run: sudo apt-get install -y build-essential + + - name: setup python 3 + uses: actions/setup-python@v4 + with: + python-version: '3.8' + + - name: install dependencies + run: pip3 install -r requirements-dev.txt -r requirements.txt + + - name: install ansible dependencies + run: ansible-galaxy collection install amazon.aws:==6.0.1 + + - name: install collection + run: make install + + - name: replace existing keys + run: rm -rf ~/.ansible/test && mkdir -p ~/.ansible/test && ssh-keygen -m PEM -q -t rsa -N '' -f ~/.ansible/test/id_rsa + + - run: make deps && make TEST_ARGS="-v ${{ inputs.tests }}" test + if: ${{ steps.disallowed-char-check.outputs.match == '' }} + env: + METAL_API_TOKEN: ${{ secrets.METAL_API_TOKEN }} + + - name: Get the hash value of the latest commit from the PR branch + uses: octokit/graphql-action@v2.x + id: commit-hash + if: ${{ inputs.pull_request_number != '' }} + with: + query: | + query PRHeadCommitHash($owner: String!, $repo: String!, $pr_num: Int!) { + repository(owner:$owner, name:$repo) { + pullRequest(number: $pr_num) { + headRef { + target { + ... on Commit { + oid + } + } + } + } + } + } + owner: ${{ github.event.repository.owner.login }} + repo: ${{ github.event.repository.name }} + pr_num: ${{ fromJSON(inputs.pull_request_number) }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - uses: actions/github-script@v6 + id: update-check-run + if: ${{ inputs.pull_request_number != '' && fromJson(steps.commit-hash.outputs.data).repository.pullRequest.headRef.target.oid == inputs.sha }} + env: + number: ${{ inputs.pull_request_number }} + job: ${{ github.job }} + conclusion: ${{ job.status }} + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const { data: pull } = await github.rest.pulls.get({ + ...context.repo, + pull_number: process.env.number + }); + const ref = pull.head.sha; + const { data: checks } = await github.rest.checks.listForRef({ + ...context.repo, + ref + }); + const check = checks.check_runs.filter(c => c.name === process.env.job); + const { data: result } = await github.rest.checks.update({ + ...context.repo, + check_run_id: check[0].id, + status: 'completed', + conclusion: process.env.conclusion + }); + return result; diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index a4a0545..4e780fe 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -5,7 +5,10 @@ on: paths-ignore: - '**.md' - 'docs' - - LICENSE + - LICENSE + branches: + - main + # pull_request: # types: [review_requested,opened,reopened,synchronize] From 28e92e312efc303e7c9c9adde31d23e3f539f97d Mon Sep 17 00:00:00 2001 From: Tomas Karasek Date: Mon, 7 Aug 2023 10:26:52 +0300 Subject: [PATCH 2/3] remove aws role install from PR integration test workflow --- .github/workflows/integration-tests-pr.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/integration-tests-pr.yml b/.github/workflows/integration-tests-pr.yml index 56826e3..b951c34 100644 --- a/.github/workflows/integration-tests-pr.yml +++ b/.github/workflows/integration-tests-pr.yml @@ -52,9 +52,6 @@ jobs: - name: install dependencies run: pip3 install -r requirements-dev.txt -r requirements.txt - - name: install ansible dependencies - run: ansible-galaxy collection install amazon.aws:==6.0.1 - - name: install collection run: make install From b372d2fa1cef78c4dcfdb873c2e3b24a39aa6f31 Mon Sep 17 00:00:00 2001 From: Tomas Karasek Date: Mon, 7 Aug 2023 10:57:33 +0300 Subject: [PATCH 3/3] Rework PR integration test workflow with authorize job --- .github/workflows/integration-tests-pr.yml | 110 +++++---------------- 1 file changed, 25 insertions(+), 85 deletions(-) diff --git a/.github/workflows/integration-tests-pr.yml b/.github/workflows/integration-tests-pr.yml index b951c34..f868264 100644 --- a/.github/workflows/integration-tests-pr.yml +++ b/.github/workflows/integration-tests-pr.yml @@ -1,43 +1,35 @@ -on: - pull_request: +on: + pull_request_target: + paths: + - plugins + - tests + - Makefile + - requirements.txt + - requirements-dev.txt workflow_dispatch: - inputs: - tests: - description: 'The tests to run.' - required: true - sha: - description: 'The hash value of the commit.' - required: true - pull_request_number: - description: 'The number of the PR.' - required: false -name: Integration tests on PR +permissions: + pull-requests: read + contents: read jobs: - integration-fork: + authorize: + environment: + ${{ github.event_name == 'pull_request_target' && + github.event.pull_request.head.repo.full_name != github.repository && + 'external' || 'internal' }} runs-on: ubuntu-latest - defaults: - run: - working-directory: .ansible/collections/ansible_collections/equinix/cloud - - if: github.event_name == 'workflow_dispatch' && inputs.sha != '' steps: - - uses: actions-ecosystem/action-regex-match@v2 - id: disallowed-char-check - with: - text: ${{ inputs.tests }} - regex: '[^a-z0-9_]' - flags: gi + - run: true - # Check out merge commit - - name: Checkout PR - uses: actions/checkout@v3 + integration-test-pr: + needs: authorize + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 with: - ref: ${{ inputs.sha }} - path: .ansible/collections/ansible_collections/equinix/cloud + ref: ${{ github.event.pull_request.head.sha || github.ref }} - # Install deps - name: update packages run: sudo apt-get update -y @@ -58,60 +50,8 @@ jobs: - name: replace existing keys run: rm -rf ~/.ansible/test && mkdir -p ~/.ansible/test && ssh-keygen -m PEM -q -t rsa -N '' -f ~/.ansible/test/id_rsa - - run: make deps && make TEST_ARGS="-v ${{ inputs.tests }}" test - if: ${{ steps.disallowed-char-check.outputs.match == '' }} + - name: run tests + run: make testall env: METAL_API_TOKEN: ${{ secrets.METAL_API_TOKEN }} - - - name: Get the hash value of the latest commit from the PR branch - uses: octokit/graphql-action@v2.x - id: commit-hash - if: ${{ inputs.pull_request_number != '' }} - with: - query: | - query PRHeadCommitHash($owner: String!, $repo: String!, $pr_num: Int!) { - repository(owner:$owner, name:$repo) { - pullRequest(number: $pr_num) { - headRef { - target { - ... on Commit { - oid - } - } - } - } - } - } - owner: ${{ github.event.repository.owner.login }} - repo: ${{ github.event.repository.name }} - pr_num: ${{ fromJSON(inputs.pull_request_number) }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: actions/github-script@v6 - id: update-check-run - if: ${{ inputs.pull_request_number != '' && fromJson(steps.commit-hash.outputs.data).repository.pullRequest.headRef.target.oid == inputs.sha }} - env: - number: ${{ inputs.pull_request_number }} - job: ${{ github.job }} - conclusion: ${{ job.status }} - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - const { data: pull } = await github.rest.pulls.get({ - ...context.repo, - pull_number: process.env.number - }); - const ref = pull.head.sha; - const { data: checks } = await github.rest.checks.listForRef({ - ...context.repo, - ref - }); - const check = checks.check_runs.filter(c => c.name === process.env.job); - const { data: result } = await github.rest.checks.update({ - ...context.repo, - check_run_id: check[0].id, - status: 'completed', - conclusion: process.env.conclusion - }); - return result;