-
Notifications
You must be signed in to change notification settings - Fork 4
111 lines (98 loc) · 3.47 KB
/
test.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
name: Test
on:
workflow_dispatch:
# Use a manual approval process before PR's are given access to
# the secrets which are required to run the integration tests.
# The PR code should be manually approved to see if it can be trusted.
# When in doubt, do not approve the test run.
# Reference: https://dev.to/petrsvihlik/using-environment-protection-rules-to-secure-secrets-when-building-external-forks-with-pullrequesttarget-hci
pull_request_target:
branches: [ main ]
merge_group:
jobs:
approve:
name: Approve
environment:
# For security reasons, all pull requests need to be approved first before granting access to secrets
# So the environment should be set to have a reviewer/s inspect it before approving it
name: ${{ github.event_name == 'pull_request_target' && 'Test Pull Request' || 'Test Auto' }}
runs-on: ubuntu-latest
steps:
- name: Wait for approval
run: echo "Approved"
test:
name: Test ${{ matrix.job.image }}
needs: [approve]
permissions:
pull-requests: write
environment:
name: Test Auto
runs-on: ubuntu-latest
env:
TEST_IMAGE: ${{ matrix.job.image }}
strategy:
fail-fast: false
matrix:
job:
- { image: debian-systemd-docker-cli, test_options: "--include docker" }
- { image: debian-systemd-podman-cli, test_options: "--include podman" }
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || '' }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
install: true
- name: create .env file
run: |
touch .env
echo 'C8Y_BASEURL="${{ secrets.C8Y_BASEURL }}"' >> .env
echo 'C8Y_USER="${{ secrets.C8Y_USER }}"' >> .env
echo 'C8Y_PASSWORD="${{ secrets.C8Y_PASSWORD }}"' >> .env
echo 'PRIVATE_IMAGE="${{ secrets.PRIVATE_IMAGE }}"' >> .env
echo 'REGISTRY1_REPO="${{ secrets.REGISTRY1_REPO }}"' >> .env
echo 'REGISTRY1_USERNAME="${{ secrets.REGISTRY1_USERNAME }}"' >> .env
echo 'REGISTRY1_PASSWORD="${{ secrets.REGISTRY1_PASSWORD }}"' >> .env
- uses: actions/setup-python@v5
with:
python-version: '3.12'
cache: 'pip'
cache-dependency-path: |
tests/requirements.txt
- uses: taiki-e/install-action@just
#
# Build
#
- uses: actions/setup-go@v5
with:
go-version: stable
cache: false
- name: Install dependencies
run: |
go install github.com/goreleaser/nfpm/v2/cmd/nfpm@latest
go install github.com/goreleaser/goreleaser/v2@latest
- name: Build package (for testing)
run: just release-local
#
# Test
#
- name: Install dependencies
run: |
just venv
just build-test
- name: Run tests
run: just test ${{ matrix.job.test_options }}
- name: Upload test results
uses: actions/upload-artifact@v4
if: always()
with:
name: reports-${{ matrix.job.image }}
path: output
- name: Send report to commit
if: ${{ always() && github.event_name == 'pull_request_target' }}
uses: "joonvena/robotframework-reporter-action@v2.5"
with:
report_path: output
gh_access_token: ${{ secrets.GITHUB_TOKEN }}