[Tests] Run integration tests #665
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "[Tests] Run integration tests" | |
on: | |
schedule: | |
- cron: '0 0 * * 1-5' # At 00:00 on every day-of-week from Monday through Friday | |
workflow_dispatch: # or manually | |
# TODO: update workflow permissions to least privilege after auditing all the APIs used | |
# permissions: # limit the permissions of the GITHUB_TOKEN to reading repository contents | |
# contents: read | |
jobs: | |
cancel_previous: | |
permissions: | |
actions: write # for styfle/cancel-workflow-action to cancel/stop running workflows | |
runs-on: macos-latest | |
steps: | |
- name: Cancel Previous Runs | |
uses: styfle/[email protected] | |
with: | |
access_token: '${{ secrets.GITHUB_TOKEN }}' | |
should_run_it: | |
runs-on: macos-latest | |
outputs: | |
run_integration_tests: ${{ steps.should-run-step.outputs.should_run }} | |
pr_number: ${{ steps.pr_number.outputs.number }} | |
steps: | |
- name: Check if integrations tests should run | |
id: should-run-step | |
env: | |
run_it: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} | |
run: | | |
echo "event name: ${{ github.event_name }}" | |
echo "should_run=${{ env.run_it }}" >> $GITHUB_OUTPUT | |
run-it-full-suite: | |
needs: [ should_run_it ] | |
if: needs.should_run_it.outputs.run_integration_tests == 'true' | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: [ macos-latest, windows-latest, ubuntu-latest ] | |
fail-fast: false | |
outputs: | |
job_status: ${{ job.status }} | |
build-scan-url: ${{ steps.run-it.outputs.build-scan-url }} | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@v2 | |
with: | |
egress-policy: audit | |
# TODO: change to 'egress-policy: block' after auditing a number of runs and updating the allowed-endpoints option accordingly | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- uses: actions/cache@v4 | |
with: | |
path: ~/.gradle/caches | |
key: macos-gradle-${{ hashFiles('**/*.gradle*') }} | |
restore-keys: | | |
macos-gradle- | |
- name: Prepare Google Service Account | |
env: | |
GCLOUD_KEY: ${{ secrets.GCLOUD_KEY }} | |
run: | | |
if [ "$RUNNER_OS" == "Windows" ]; then | |
GCLOUD_DIR=$HOMEPATH\\.config\\gcloud\\ | |
mkdir -p $GCLOUD_DIR | |
echo $GCLOUD_KEY > key.txt | |
certutil -decode key.txt $GCLOUD_DIR\application_default_credentials.json | |
else | |
GCLOUD_DIR="$HOME/.config/gcloud/" | |
mkdir -p "$GCLOUD_DIR" | |
echo "$GCLOUD_KEY" | base64 --decode > "$GCLOUD_DIR/application_default_credentials.json" | |
fi | |
shell: bash | |
- name: Setup Gradle | |
uses: gradle/actions/setup-gradle@v4 | |
- name: Gradle integration tests | |
id: run-it | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
HEAD_REF: ${{ github.ref }} | |
run: ./gradlew integrationTests | |
- name: Export Variables for FlankScripts | |
if: ${{ always() }} | |
uses: UnlyEd/[email protected] | |
with: | |
variables: | | |
${{ runner.os }}=${{ job.status }} | |
${{ runner.os }}-bs=${{steps.run-it.outputs.build-scan-url}} | |
process-results: | |
needs: [ run-it-full-suite ] | |
runs-on: macos-latest | |
steps: | |
- name: Import variable | |
uses: UnlyEd/[email protected] | |
with: | |
delimiter: ',' | |
variables: | | |
Windows,Windows-bs,macOS,macOS-bs,Linux,Linux-bs | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Download flankScripts and add it to PATH | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
./gradlew :flank-scripts:download | |
echo "./flank-scripts/bash" >> $GITHUB_PATH | |
- name: Process IT results | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
flankScripts integration_tests process_results \ | |
--global-result=${{ needs.run-it-full-suite.outputs.job_status }} \ | |
--run-result='${{ toJSON(env) }}' \ | |
--github-token="$GH_TOKEN" \ | |
--run-id=${{ github.run_id }} | |
trigger-pointer: | |
runs-on: ubuntu-latest | |
needs: [ process-results ] | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@v2 | |
with: | |
egress-policy: audit | |
# TODO: change to 'egress-policy: block' after auditing a number of runs and updating the allowed-endpoints option accordingly | |
- uses: tibdex/github-app-token@v2 | |
id: generate-token | |
with: | |
app_id: ${{ secrets.FLANK_RELEASE_APP_ID }} | |
private_key: ${{ secrets.FLANK_RELEASE_PRIVATE_KEY }} | |
- name: Repository Dispatch | |
uses: peter-evans/repository-dispatch@v3 | |
with: | |
token: ${{ steps.generate-token.outputs.token }} | |
event-type: integration-pointer |