-
Notifications
You must be signed in to change notification settings - Fork 4
140 lines (131 loc) · 5.52 KB
/
tests-on-pr-push-and-merge.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
name: Run tests against PRs (pre and post merge)
on:
workflow_dispatch: { }
push:
branches: [ main ]
paths-ignore: [ '**.md' ]
pull_request:
# Branch settings require status checks before merging, so don't add paths-ignore.
branches: [ main ]
jobs:
lint-and-static-analysis:
runs-on: ubuntu-latest
if: "!contains( github.event.sender.login, 'broadbot')"
steps:
- name: Checkout current code
id: checkout_code
uses: actions/checkout@v3
with:
token: ${{ secrets.BROADBOT_GITHUB_TOKEN }}
- name: Set up JDK
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: 17
- name: Run linter
id: run_linter
run: |
./gradlew spotlessCheck
- name: Run static analysis
id: run_static_analysis
run: |
./gradlew spotbugsMain spotbugsTest
tests-against-source-code:
strategy:
matrix:
testTag: [ "unit", "integration" ]
fail-fast: false
runs-on: ubuntu-latest
if: "!contains( github.event.sender.login, 'broadbot')"
steps:
- name: Checkout current code
id: checkout_code
uses: actions/checkout@v3
with:
token: ${{ secrets.BROADBOT_GITHUB_TOKEN }}
- name: Set up JDK 17
id: setup_jdk
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: 17
- name: Cache Gradle packages
id: cache_gradle
uses: actions/cache@v3
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: v1-${{ runner.os }}-gradle-${{ hashfiles('**/gradle-wrapper.properties') }}-${{ hashFiles('**/*.gradle') }}
restore-keys: v1-${{ runner.os }}-gradle-${{ hashfiles('**/gradle-wrapper.properties') }}
- name: Render config
id: render_config
run: |
# For security reasons, Broad prefers we read GHA secrets instead of reading from vault.
# this step does the equivalent of the tools/render-config.sh script.
# on local machines, the script fetches a SA from Vault.
# in GH actions, the SA key is stored in a GH repo secret.
# regardless of how it was fetched, tests and scripts expect these
# keys to be stored in rendered/broad/
mkdir -p rendered/broad/
echo "$TEST_USER_SA_KEY" > rendered/broad/test-user-account.json
echo "$EXT_PROJECT_SA_KEY" > rendered/broad/external-project-account.json
echo "$JANITOR_CLIENT_SA_KEY" > rendered/broad/janitor-client.json
echo "$BROOKLYN_THUNDERLORD" > rendered/broad/[email protected]
echo "$ETHAN_BONECHEWER" > rendered/broad/[email protected]
echo "$JOHN_WHITECLAW" > rendered/broad/[email protected]
echo "$LILY_SHADOWMOON" > rendered/broad/[email protected]
echo "$NOAH_FROSTWOLF" > rendered/broad/[email protected]
echo "$PENELOPE_TWILIGHTSHAMMER" > rendered/broad/[email protected]
env:
TEST_USER_SA_KEY: ${{ secrets.TEST_USER_SA_KEY }}
EXT_PROJECT_SA_KEY: ${{ secrets.EXT_PROJECT_SA_KEY }}
JANITOR_CLIENT_SA_KEY: ${{ secrets.JANITOR_CLIENT_SA_KEY }}
BROOKLYN_THUNDERLORD: ${{ secrets.BROOKLYN_THUNDERLORD }}
ETHAN_BONECHEWER: ${{ secrets.ETHAN_BONECHEWER }}
JOHN_WHITECLAW: ${{ secrets.JOHN_WHITECLAW }}
LILY_SHADOWMOON: ${{ secrets.LILY_SHADOWMOON }}
NOAH_FROSTWOLF: ${{ secrets.NOAH_FROSTWOLF }}
PENELOPE_TWILIGHTSHAMMER: ${{ secrets.PENELOPE_TWILIGHTSHAMMER }}
- name: Update client credentials
run: |
./tools/client-credentials.sh "src/main/resources/broad_secret.json" ${{ secrets.BROAD_CLIENT_ID }} ${{ secrets.BROAD_CLIENT_SECRET }} \
"rendered/broad_secret.json"
- name: Build Docker image
id: build_docker_image
run: |
# additionally pull the main branch for on-push-to-PRs, so we can diff and see what changed
if [ "$GHA_EVENT_NAME" = "pull_request" ]; then
git fetch --no-tags --depth=1 origin main
if [ -z "$(git diff --name-only origin/main | grep '^docker/')" ]; then
echo "No changes to docker/ directory. Using default Docker image."
exit 0
fi
fi
echo "Building new Docker image."
imageTag="ghaTest"
./tools/build-docker.sh $imageTag # generates an image with this tag
echo "test_docker_image=-PdockerImage=terra-cli/local:$imageTag" >> $GITHUB_OUTPUT
env:
GITHUB_TOKEN: ${{ secrets.BROADBOT_GITHUB_TOKEN }}
GHA_EVENT_NAME: ${{ github.event_name }}
- name: Run tests
id: run_tests
run: |
# runs against the default server: broad-dev
echo "Running tests with tag: ${{ matrix.testTag }}"
echo "Using docker image (uses default if blank): $TEST_DOCKER_IMAGE"
./gradlew runTestsWithTag -PtestTag=${{ matrix.testTag }} -Pplatform=gcp $TEST_DOCKER_IMAGE -PquietConsole --scan
env:
TEST_DOCKER_IMAGE: ${{ steps.build_docker_image.outputs.test_docker_image }}
- name: Archive logs and context file
id: archive_logs_and_context
if: always()
uses: actions/upload-artifact@v3
with:
name: logs-and-context-${{ matrix.testTag }}
path: |
build/test-context/.terra/logs/
build/test-context/.terra/context.json
build/test-context/*/.terra/logs/
build/test-context/*/.terra/context.json