upgrade sops to v3.9.3 from v3.5.0 (#1087) #787
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Tests | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
schedule: | |
- cron: "0 1 * * *" | |
# Restrict tests to the most recent commit. | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
build: | |
name: Build Docker Images | |
runs-on: ubuntu-22.04 | |
outputs: | |
testcases: ${{ steps.enum-tests.outputs.testcases }} | |
steps: | |
- name: Clone repository | |
uses: actions/checkout@v4 | |
- name: Build images | |
shell: bash | |
run: make generate build | |
- name: Save images | |
shell: bash | |
run: | | |
mkdir -p docker-cache | |
docker save -o docker-cache/autograph-images.tar autograph-app autograph-app-hsm | |
- name: Enumerate tests | |
id: enum-tests | |
shell: bash | |
run: | | |
echo -n "testcases=" >> $GITHUB_OUTPUT | |
yq -o=json '.services | keys' tools/autograph-client/integration-tests.yml | jq -c >> $GITHUB_OUTPUT | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: autograph-images-${{ github.sha }} | |
path: docker-cache/ | |
lint: | |
name: Linting | |
runs-on: ubuntu-22.04 | |
permissions: | |
# Required: allow read access to the content for analysis. | |
contents: read | |
# Optional: allow read access to pull request. Use with `only-new-issues` option. | |
pull-requests: read | |
# Optional: allow write access to checks to allow the action to annotate code in the PR. | |
checks: write | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version-file: "./go.mod" | |
- name: golangci-lint | |
# If you bump this version, double check that we shouldn't also bump | |
# GOLANGCI_LINT_VERSION in the Makefile. (The version here is for the | |
# GitHub Action and the one in the Makefile is for the actual version of | |
# golangci-lint.) | |
uses: golangci/[email protected] | |
with: | |
args: --timeout 5m | |
unit-tests: | |
name: Run Unit Tests | |
runs-on: ubuntu-22.04 | |
needs: | |
- build | |
steps: | |
- name: Clone repository | |
uses: actions/checkout@v4 | |
- uses: actions/download-artifact@v4 | |
with: | |
name: autograph-images-${{ github.sha }} | |
path: docker-cache/ | |
- name: Load images | |
shell: bash | |
run: docker load -i docker-cache/autograph-images.tar | |
- name: Run Tests | |
shell: bash | |
run: | | |
docker compose run unit-test | |
integration-tests: | |
name: Run Integration Tests | |
runs-on: ubuntu-22.04 | |
needs: | |
- build | |
strategy: | |
fail-fast: false # Don't cancel other jobs if a test fails | |
matrix: | |
testcase: ${{ fromJSON(needs.build.outputs.testcases) }} | |
steps: | |
- name: Clone repository | |
uses: actions/checkout@v4 | |
- uses: actions/download-artifact@v4 | |
with: | |
name: autograph-images-${{ github.sha }} | |
path: docker-cache/ | |
- name: Load images | |
shell: bash | |
run: docker load -i docker-cache/autograph-images.tar | |
- name: Running ${{ matrix.testcase }} | |
shell: bash | |
run: docker compose -f tools/autograph-client/integration-tests.yml run ${{ matrix.testcase }} | |
- name: Fetching autograph logs | |
shell: bash | |
if: ${{ always() }} | |
run: | | |
if echo "${{ matrix.testcase }}" | grep -q hsm; then | |
docker compose -f tools/autograph-client/integration-tests.yml logs app-hsm | |
else | |
docker compose -f tools/autograph-client/integration-tests.yml logs app | |
fi | |
# A hack around matrix jobs not reporting their status up through the job that | |
# created them. See | |
# https://github.com/orgs/community/discussions/26822#discussioncomment-8285141 | |
# and | |
# https://github.com/orgs/community/discussions/26822#discussioncomment-3305794 | |
integration-tests-results: | |
if: ${{ always() }} | |
name: Check Integration Test Results (See the individual Run Integration Tests jobs for details) | |
runs-on: ubuntu-22.04 | |
needs: | |
- integration-tests | |
steps: | |
- name: See the individual Run Integration Tests jobs for details | |
run: | |
exit 1 | |
# see https://stackoverflow.com/a/67532120/4907315 | |
if: >- | |
${{ | |
contains(needs.*.result, 'failure') | |
|| contains(needs.*.result, 'cancelled') | |
|| contains(needs.*.result, 'skipped') | |
}} |