-
Notifications
You must be signed in to change notification settings - Fork 1
164 lines (148 loc) · 5.83 KB
/
trigger-tests.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
# Given: I want to use Merge Queue
# Given: I don't want to have to run tests twice (default behavior is to require passing tests before adding to the merge queue, then run them again in the merge queue)
# Given: I always want tests to run and pass before the PR is merged to main, unless I explicitly grant an exemption
# Given: I want to grant an exemption to allow tests to be skipped if the PR consists of only changes to files with extension ".md"
# Given: I want to run the tests if I use the "/test" chatops command in a PR
# When: Events with name "pull_request" happen
# Then: Immediately report success
# When: Events with name "merge_group" happen
# And: The PR meets the criteria for granting an exemption
# Then: Immediately report success
# When: Events with name "merge_group" happen
# And: The PR does not meet the criteria for granting an exemption
# Then: Run the tests
# When: I comment "/test all" in a PR
# Then: Run all tests
# When: I comment "/test <testname>" in a PR
# Then: Run just that test
name: trigger-tests
on:
pull_request:
merge_group:
issue_comment:
types: [created]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}/build-harness
permissions:
id-token: write
contents: read
defaults:
run:
# We need -e -o pipefail for consistency with GitHub Actions' default behavior
shell: bash -e -o pipefail {0}
jobs:
skip-tests-if-pull-request-event:
if: github.event_name == 'pull_request'
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
platform:
- linux/amd64
# We used to build for arm64, and we can again in the future by simply uncommenting this line in each of the "matrix" blocks
# - linux/arm64/v8
steps:
- name: skip-tests-if-pull-request-event
# noinspection YAMLSchemaValidation
uses: defenseunicorns/delivery-github-actions-workflows/.github/actions/report-status-context@main
with:
application_id: ${{ secrets.NARWHAL_BOT_APP_ID }}
application_private_key: ${{ secrets.NARWHAL_BOT_SECRET }}
status-check: test-all (${{ matrix.platform }})
status: success
description: "Tests skipped because this is a pull_request event"
test-exemption:
if: github.event_name == 'merge_group'
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
platform:
- linux/amd64
# - linux/arm64/v8
outputs:
# return 'true' if any files in the PR are not exempt
not-exempt: ${{ steps.changed-files.outputs.not-exempt_any_modified }}
steps:
- name: checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: changed-files
id: changed-files
uses: tj-actions/changed-files@v45
with:
base_sha: ${{ github.event.merge_group.base_sha }}
sha: ${{ github.event.merge_group.head_sha }}
fail_on_initial_diff_error: true
fail_on_submodule_diff_error: true
files_yaml: |
not-exempt:
- '**'
- '!**/*.md'
- name: Show output
run: |
echo '${{ toJSON(steps.changed-files.outputs) }}'
skip-tests-if-merge-group-event-and-exemption-criteria-met:
needs: test-exemption
if: github.event_name == 'merge_group' && needs.test-exemption.outputs.not-exempt != 'true'
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
platform:
- linux/amd64
# - linux/arm64/v8
steps:
- name: skip-tests-if-merge-group-event-and-exemption-criteria-met
uses: defenseunicorns/delivery-github-actions-workflows/.github/actions/report-status-context@main
with:
application_id: ${{ secrets.NARWHAL_BOT_APP_ID }}
application_private_key: ${{ secrets.NARWHAL_BOT_SECRET }}
status-check: test-all (${{ matrix.platform }})
status: success
description: "Tests skipped because this is a merge_group event and the PR meets the criteria for granting an exemption"
test-all:
needs: test-exemption
if: github.event_name == 'merge_group' && needs.test-exemption.outputs.not-exempt == 'true'
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
platform:
- linux/amd64
# - linux/arm64/v8
steps:
- name: Checkout Repo
uses: actions/checkout@v4
with:
repository: ${{ github.event.client_payload.pull_request.head.repo.full_name || github.event.pull_request.head.repo.full_name || github.repository }}
ref: ${{ github.event.client_payload.pull_request.head.ref || github.event.pull_request.head.ref || github.ref_name }}
- name: Run Tests
uses: ./.github/actions/test
with:
application_id: ${{ secrets.NARWHAL_BOT_APP_ID }}
application_private_key: ${{ secrets.NARWHAL_BOT_SECRET }}
platform: ${{ matrix.platform }}
github-context: test-all (${{ matrix.platform }})
registry: ${{ env.REGISTRY }}
image-name: ${{ env.IMAGE_NAME }}
slash-command-dispatch-test:
if: github.event_name == 'issue_comment' && github.event.issue.pull_request && contains(github.event.comment.body, '/test')
runs-on: ubuntu-latest
steps:
- name: Get token
id: get_workflow_token
uses: peter-murray/workflow-application-token-action@v4
with:
application_id: ${{ secrets.NARWHAL_BOT_APP_ID }}
application_private_key: ${{ secrets.NARWHAL_BOT_SECRET }}
- name: Slash Command Dispatch
uses: peter-evans/slash-command-dispatch@v4
with:
token: ${{ steps.get_workflow_token.outputs.token }}
reaction-token: ${{ steps.get_workflow_token.outputs.token }}
commands: test
permission: write
issue-type: pull-request