Try to grant explicit permissions #74
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Integration tests | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- main | |
pull_request: | |
types: | |
- opened | |
- reopened | |
- synchronize | |
- converted_to_draft | |
- ready_for_review | |
- labeled | |
- unlabeled | |
- auto_merge_enabled | |
- auto_merge_disabled | |
merge_group: | |
permissions: | |
actions: read | |
checks: write | |
contents: read | |
statuses: read | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
pre_check: | |
uses: ./.github/workflows/pre-check-integration.yml | |
matrix-test: | |
needs: pre_check | |
if: needs.pre_check.outputs.should_run == 'true' | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
variation: [one, two] | |
timeout-minutes: 5 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Recreate integration-test-result if needed | |
id: get-pending-integration-result | |
uses: ./.github/actions/get-latest-check | |
with: | |
create-if-needed: true | |
- name: Get the behavior from the PR description | |
id: get-behavior | |
uses: actions/github-script@v6 | |
with: | |
result-encoding: string | |
script: | | |
let behavior = {}; | |
if (context.payload.pull_request) { | |
const { body } = context.payload.pull_request; | |
core.debug(`body: ${body}`) | |
const regex = /^\#matrix-test-${{ matrix.variation }}:\s+(.*)$/m; | |
const result = regex.exec(body); | |
core.debug(`regex result: ${result}`) | |
if (result) { | |
behavior = JSON.parse(result[1]); | |
} | |
const attempt = behavior.attempts && behavior.attempts[${{ github.run_attempt }} - 1] || {} | |
behavior = {...behavior, ...attempt} | |
} | |
console.log(behavior); | |
return JSON.stringify(behavior); | |
- name: run matrix test | |
run: | | |
sleep ${{ fromJSON(steps.get-behavior.outputs.result).sleep || 60 }} | |
exit ${{ fromJSON(steps.get-behavior.outputs.result).exitCode || 0 }} | |
continue-on-error: ${{ matrix.variation == 'two' }} | |
standalone-test: | |
needs: pre_check | |
if: >- | |
needs.pre_check.outputs.should_run == 'true' && | |
( | |
github.event_name != 'pull_request' || | |
!contains(github.event.pull_request.labels.*.name, 'skip:standalone') | |
) | |
runs-on: ubuntu-latest | |
timeout-minutes: 5 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Recreate integration-test-result if needed | |
id: get-pending-integration-result | |
uses: ./.github/actions/get-latest-check | |
with: | |
create-if-needed: true | |
- name: Get the behavior from the PR description | |
id: get-behavior | |
uses: actions/github-script@v6 | |
with: | |
result-encoding: string | |
script: | | |
let behavior = {}; | |
if (context.payload.pull_request) { | |
const { body } = context.payload.pull_request; | |
core.debug(`body: ${body}`) | |
const regex = /^\#standalone-test:\s+(.*)$/m; | |
const result = regex.exec(body); | |
core.debug(`regex result: ${result}`) | |
if (result) { | |
behavior = JSON.parse(result[1]); | |
} | |
const attempt = behavior.attempts && behavior.attempts[${{ github.run_attempt }} - 1] || {} | |
behavior = {...behavior, ...attempt} | |
} | |
console.log(behavior); | |
return JSON.stringify(behavior); | |
- name: run standalone test | |
run: | | |
sleep ${{ fromJSON(steps.get-behavior.outputs.result).sleep || 45 }} | |
exit ${{ fromJSON(steps.get-behavior.outputs.result).exitCode || 0 }} | |
set-integration-result-in-progress: | |
needs: pre_check | |
if: needs.pre_check.outputs.should_run == 'true' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- id: get-pending-integration-result | |
uses: ./.github/actions/get-latest-check | |
with: | |
create-if-needed: true | |
- name: Update integration-test-result check to in-progress | |
uses: actions/github-script@v6 | |
with: | |
script: | | |
const runId = "${{ steps.get-pending-integration-result.outputs.run_id }}"; | |
const res = await github.rest.checks.update({ | |
...context.repo, | |
check_run_id: runId, | |
status: "in_progress", | |
}) | |
core.debug(`Check update response: ${JSON.stringify(res, null, 2)}`) | |
console.log(`Updated check ${runId} to in-progress`) | |
finalize-integration-result: | |
needs: | |
- pre_check | |
- matrix-test | |
- standalone-test | |
if: >- | |
always() && | |
needs.pre_check.result == 'success' && | |
needs.matrix-test.result != 'cancelled' && | |
needs.standalone-test.result != 'cancelled' && | |
( | |
needs.pre_check.outputs.should_run == 'true' || | |
needs.pre_check.outputs.previous_success == 'true' | |
) | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- id: get-pending-integration-result | |
uses: ./.github/actions/get-latest-check | |
with: | |
create-if-needed: true | |
- name: Publish integration-test-result | |
if: always() | |
uses: actions/github-script@v6 | |
with: | |
script: | | |
const runId = "${{ steps.get-pending-integration-result.outputs.run_id }}"; | |
const previousSuccess = ${{ needs.pre_check.outputs.previous_success }}; | |
const matrixTestSuccess = "${{ needs.matrix-test.result }}" === "success"; | |
const standaloneTestSuccess = "${{ needs.standalone-test.result }}" === "success"; | |
const conclusion = previousSuccess || (matrixTestSuccess && standaloneTestSuccess) ? | |
'success' : 'failure'; | |
const res = await github.rest.checks.update({ | |
...context.repo, | |
check_run_id: runId, | |
conclusion, | |
}) | |
core.debug(`Check update response: ${JSON.stringify(res, null, 2)}`) | |
console.log(`Updated check ${runId} to ${conclusion}`) |