Skip to content

[Tests] Run integration tests #688

[Tests] Run integration tests

[Tests] Run integration tests #688

name: "[Tests] Run integration tests"
on:
schedule:
- cron: '0 0 * * 1-5' # At 00:00 on every day-of-week from Monday through Friday
workflow_dispatch: # or manually
# TODO: update workflow permissions to least privilege after auditing all the APIs used
# permissions: # limit the permissions of the GITHUB_TOKEN to reading repository contents
# contents: read
jobs:
cancel_previous:
permissions:
actions: write # for styfle/cancel-workflow-action to cancel/stop running workflows
runs-on: macos-latest
steps:
- name: Cancel Previous Runs
uses: styfle/cancel-workflow-action@0.12.1
with:
access_token: '${{ secrets.GITHUB_TOKEN }}'
should_run_it:
runs-on: macos-latest
outputs:
run_integration_tests: ${{ steps.should-run-step.outputs.should_run }}
pr_number: ${{ steps.pr_number.outputs.number }}
steps:
- name: Check if integrations tests should run
id: should-run-step
env:
run_it: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }}
run: |
echo "event name: ${{ github.event_name }}"
echo "should_run=${{ env.run_it }}" >> $GITHUB_OUTPUT
run-it-full-suite:
needs: [ should_run_it ]
if: needs.should_run_it.outputs.run_integration_tests == 'true'
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ macos-latest, windows-latest, ubuntu-latest ]
fail-fast: false
outputs:
job_status: ${{ job.status }}
build-scan-url: ${{ steps.run-it.outputs.build-scan-url }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
# TODO: change to 'egress-policy: block' after auditing a number of runs and updating the allowed-endpoints option accordingly
- name: Checkout code
uses: actions/checkout@v4
- uses: actions/cache@v4
with:
path: ~/.gradle/caches
key: macos-gradle-${{ hashFiles('**/*.gradle*') }}
restore-keys: |
macos-gradle-
- name: Prepare Google Service Account
env:
GCLOUD_KEY: ${{ secrets.GCLOUD_KEY }}
run: |
if [ "$RUNNER_OS" == "Windows" ]; then
GCLOUD_DIR=$HOMEPATH\\.config\\gcloud\\
mkdir -p $GCLOUD_DIR
echo $GCLOUD_KEY > key.txt
certutil -decode key.txt $GCLOUD_DIR\application_default_credentials.json
else
GCLOUD_DIR="$HOME/.config/gcloud/"
mkdir -p "$GCLOUD_DIR"
echo "$GCLOUD_KEY" | base64 --decode > "$GCLOUD_DIR/application_default_credentials.json"
fi
shell: bash
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
- name: Gradle integration tests
id: run-it
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
HEAD_REF: ${{ github.ref }}
run: ./gradlew integrationTests
- name: Export Variables for FlankScripts
if: ${{ always() }}
uses: UnlyEd/github-action-store-variable@v3.0.16
with:
variables: |
${{ runner.os }}=${{ job.status }}
${{ runner.os }}-bs=${{steps.run-it.outputs.build-scan-url}}
process-results:
needs: [ run-it-full-suite ]
runs-on: macos-latest
steps:
- name: Import variable
uses: UnlyEd/github-action-store-variable@v3.0.16
with:
delimiter: ','
variables: |
Windows,Windows-bs,macOS,macOS-bs,Linux,Linux-bs
- name: Checkout code
uses: actions/checkout@v4
- name: Download flankScripts and add it to PATH
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
./gradlew :flank-scripts:download
echo "./flank-scripts/bash" >> $GITHUB_PATH
- name: Process IT results
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
flankScripts integration_tests process_results \
--global-result=${{ needs.run-it-full-suite.outputs.job_status }} \
--run-result='${{ toJSON(env) }}' \
--github-token="$GH_TOKEN" \
--run-id=${{ github.run_id }}
trigger-pointer:
runs-on: ubuntu-latest
needs: [ process-results ]
steps:
- name: Harden Runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
# TODO: change to 'egress-policy: block' after auditing a number of runs and updating the allowed-endpoints option accordingly
- uses: tibdex/github-app-token@v2
id: generate-token
with:
app_id: ${{ secrets.FLANK_RELEASE_APP_ID }}
private_key: ${{ secrets.FLANK_RELEASE_PRIVATE_KEY }}
- name: Repository Dispatch
uses: peter-evans/repository-dispatch@v3
with:
token: ${{ steps.generate-token.outputs.token }}
event-type: integration-pointer