-
Notifications
You must be signed in to change notification settings - Fork 1
121 lines (106 loc) · 3.66 KB
/
test.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
name: Test
on:
workflow_dispatch:
# Use a manual approval process before PR's are given access to
# the secrets which are required to run the integration tests.
# The PR code should be manually approved to see if it can be trusted.
# When in doubt, do not approve the test run.
# Reference: https://dev.to/petrsvihlik/using-environment-protection-rules-to-secure-secrets-when-building-external-forks-with-pullrequesttarget-hci
pull_request_target:
branches: [ main ]
push:
branches: [ main ]
merge_group:
jobs:
approve:
name: Approve
environment:
# For security reasons, all pull requests need to be approved first before granting access to secrets
# So the environment should be set to have a reviewer/s inspect it before approving it
name: ${{ github.event_name == 'pull_request_target' && 'Test Pull Request' || 'Test Auto' }}
runs-on: ubuntu-20.04
steps:
- name: Wait for approval
run: echo "Approved"
test:
name: Test
needs: approve
environment:
name: Test Auto
runs-on: ubuntu-20.04
env:
COMPOSE_PROJECT_NAME: ci_${{ matrix.job.image }}_${{github.run_id}}_${{github.run_attempt || '1'}}
DEVICE_ID: ci_${{ matrix.job.image }}_${{github.run_id}}_${{github.run_attempt || '1'}}
strategy:
fail-fast: false
matrix:
job:
- { image: fedora }
- { image: debian }
# - { image: alpine }
steps:
# Checkout either the PR or the branch
- name: Checkout PR
if: ${{ github.event_name == 'pull_request_target' }}
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }} # Check out the code of the PR. Only after the manual approval process
- name: Checkout
uses: actions/checkout@v3
if: ${{ github.event_name != 'pull_request_target' }}
- uses: reubenmiller/setup-go-c8y-cli@main
- name: install c8y-tedge extension
run: c8y extension install thin-edge/c8y-tedge
- name: create .env file
run: |
touch .env
echo "DEVICE_ID=$DEVICE_ID" >> .env
echo 'C8Y_BASEURL="${{ secrets.C8Y_BASEURL }}"' >> .env
echo 'C8Y_USER="${{ secrets.C8Y_USER }}"' >> .env
echo 'C8Y_PASSWORD="${{ secrets.C8Y_PASSWORD }}"' >> .env
echo 'IMAGE="${{ matrix.job.image }}"' >> .env
cat .env
- uses: actions/setup-go@v3
with:
go-version: '>=1.17.0'
- run: go install github.com/goreleaser/nfpm/v2/cmd/nfpm@latest
name: Install dependencies
- uses: actions/setup-python@v4
with:
python-version: '3.9'
cache: 'pip'
cache-dependency-path: |
tests/requirements.txt
- uses: extractions/setup-just@v1
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Install dependencies
run: |
just venv
- name: Start demo
run: |
just build
just up
just bootstrap
- name: Run tests
run: just test
- name: Upload test results
uses: actions/upload-artifact@v3
if: always()
with:
name: reports-${{matrix.job.target}}
path: output
- name: Stop demo
if: always()
run: just down-all
- name: Cleanup Devices
if: always()
run: |
just cleanup "$DEVICE_ID"
- name: Send report to commit
uses: joonvena/robotframework-reporter-action@v2.3
if: always()
with:
gh_access_token: ${{ secrets.GITHUB_TOKEN }}
report_path: 'output'
show_passed_tests: 'false'