Skip to content

Try to grant explicit permissions #72

Try to grant explicit permissions

Try to grant explicit permissions #72

Workflow file for this run

name: Integration tests
on:
workflow_dispatch:
push:
branches:
- main
pull_request:
types:
- opened
- reopened
- synchronize
- converted_to_draft
- ready_for_review
- labeled
- unlabeled
- auto_merge_enabled
- auto_merge_disabled
merge_group:
permissions:
actions: write
checks: write
contents: read
pull-requests: read
statuses: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
pre_check:
uses: ./.github/workflows/pre-check-integration.yml
matrix-test:
needs: pre_check
if: needs.pre_check.outputs.should_run == 'true'
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
variation: [one, two]
timeout-minutes: 5
steps:
- uses: actions/checkout@v3
- name: Recreate integration-test-result if needed
id: get-pending-integration-result
uses: ./.github/actions/get-latest-check
with:
create-if-needed: true
- name: Get the behavior from the PR description
id: get-behavior
uses: actions/github-script@v6
with:
result-encoding: string
script: |
let behavior = {};
if (context.payload.pull_request) {
const { body } = context.payload.pull_request;
core.debug(`body: ${body}`)
const regex = /^\#matrix-test-${{ matrix.variation }}:\s+(.*)$/m;
const result = regex.exec(body);
core.debug(`regex result: ${result}`)
if (result) {
behavior = JSON.parse(result[1]);
}
const attempt = behavior.attempts && behavior.attempts[${{ github.run_attempt }} - 1] || {}
behavior = {...behavior, ...attempt}
}
console.log(behavior);
return JSON.stringify(behavior);
- name: run matrix test
run: |
sleep ${{ fromJSON(steps.get-behavior.outputs.result).sleep || 60 }}
exit ${{ fromJSON(steps.get-behavior.outputs.result).exitCode || 0 }}
continue-on-error: ${{ matrix.variation == 'two' }}
standalone-test:
needs: pre_check
if: >-
needs.pre_check.outputs.should_run == 'true' &&
(
github.event_name != 'pull_request' ||
!contains(github.event.pull_request.labels.*.name, 'skip:standalone')
)
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- uses: actions/checkout@v3
- name: Recreate integration-test-result if needed
id: get-pending-integration-result
uses: ./.github/actions/get-latest-check
with:
create-if-needed: true
- name: Get the behavior from the PR description
id: get-behavior
uses: actions/github-script@v6
with:
result-encoding: string
script: |
let behavior = {};
if (context.payload.pull_request) {
const { body } = context.payload.pull_request;
core.debug(`body: ${body}`)
const regex = /^\#standalone-test:\s+(.*)$/m;
const result = regex.exec(body);
core.debug(`regex result: ${result}`)
if (result) {
behavior = JSON.parse(result[1]);
}
const attempt = behavior.attempts && behavior.attempts[${{ github.run_attempt }} - 1] || {}
behavior = {...behavior, ...attempt}
}
console.log(behavior);
return JSON.stringify(behavior);
- name: run standalone test
run: |
sleep ${{ fromJSON(steps.get-behavior.outputs.result).sleep || 45 }}
exit ${{ fromJSON(steps.get-behavior.outputs.result).exitCode || 0 }}
set-integration-result-in-progress:
needs: pre_check
if: needs.pre_check.outputs.should_run == 'true'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- id: get-pending-integration-result
uses: ./.github/actions/get-latest-check
with:
create-if-needed: true
- name: Update integration-test-result check to in-progress
uses: actions/github-script@v6
with:
script: |
const runId = "${{ steps.get-pending-integration-result.outputs.run_id }}";
const res = await github.rest.checks.update({
...context.repo,
check_run_id: runId,
status: "in_progress",
})
core.debug(`Check update response: ${JSON.stringify(res, null, 2)}`)
console.log(`Updated check ${runId} to in-progress`)
finalize-integration-result:
needs:
- pre_check
- matrix-test
- standalone-test
if: >-
always() &&
needs.pre_check.result == 'success' &&
needs.matrix-test.result != 'cancelled' &&
needs.standalone-test.result != 'cancelled' &&
(
needs.pre_check.outputs.should_run == 'true' ||
needs.pre_check.outputs.previous_success == 'true'
)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- id: get-pending-integration-result
uses: ./.github/actions/get-latest-check
with:
create-if-needed: true
- name: Publish integration-test-result
if: always()
uses: actions/github-script@v6
with:
script: |
const runId = "${{ steps.get-pending-integration-result.outputs.run_id }}";
const previousSuccess = ${{ needs.pre_check.outputs.previous_success }};
const matrixTestSuccess = "${{ needs.matrix-test.result }}" === "success";
const standaloneTestSuccess = "${{ needs.standalone-test.result }}" === "success";
const conclusion = previousSuccess || (matrixTestSuccess && standaloneTestSuccess) ?
'success' : 'failure';
const res = await github.rest.checks.update({
...context.repo,
check_run_id: runId,
conclusion,
})
core.debug(`Check update response: ${JSON.stringify(res, null, 2)}`)
console.log(`Updated check ${runId} to ${conclusion}`)