install: Only open / once #552
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Integration Test | |
| permissions: | |
| pull-requests: read | |
| contents: read | |
| statuses: write | |
| # Running testing farm needs TF_API_KEY secret available inside the forked repo. | |
| # So the pull_request_target trigger has to be used in this case. To protect the | |
| # secrets this workflow has a PR sender permission checking at first job. Only | |
| # collaborator with repo write or admin permission can run this workflow. | |
| on: | |
| pull_request_target: | |
| types: [opened, synchronize, reopened] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| AWS_REGION: us-west-2 | |
| jobs: | |
| pr-info: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Query author repository permissions | |
| uses: octokit/[email protected] | |
| id: user_permission | |
| with: | |
| route: GET /repos/${{ github.repository }}/collaborators/${{ github.event.sender.login }}/permission | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # restrict running of tests to users with admin or write permission for the repository | |
| # see https://docs.github.com/en/rest/collaborators/collaborators?apiVersion=2022-11-28#get-repository-permissions-for-a-user | |
| - name: Check if user does have correct permissions | |
| if: contains('admin write', fromJson(steps.user_permission.outputs.data).permission) | |
| id: check_user_perm | |
| run: | | |
| echo "User '${{ github.event.sender.login }}' has permission '${{ fromJson(steps.user_permission.outputs.data).permission }}' allowed values: 'admin', 'write'" | |
| echo "allowed_user=true" >> $GITHUB_OUTPUT | |
| - name: Get information for pull request | |
| uses: octokit/[email protected] | |
| id: pr-api | |
| with: | |
| route: GET /repos/${{ github.repository }}/pulls/${{ github.event.number }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| outputs: | |
| allowed_user: ${{ steps.check_user_perm.outputs.allowed_user }} | |
| sha: ${{ fromJson(steps.pr-api.outputs.data).head.sha }} | |
| ref: ${{ fromJson(steps.pr-api.outputs.data).head.ref }} | |
| repo_url: ${{ fromJson(steps.pr-api.outputs.data).head.repo.html_url }} | |
| integration: | |
| needs: pr-info | |
| if: ${{ needs.pr-info.outputs.allowed_user == 'true' && !contains(github.event.pull_request.labels.*.name, 'control/skip-ci') }} | |
| continue-on-error: true | |
| strategy: | |
| matrix: | |
| arch: [x86_64, aarch64] | |
| distro: [rhel-9-5, centos-stream-9, fedora-40] | |
| exclude: | |
| - arch: x86_64 | |
| distro: centos-stream-9 | |
| - arch: aarch64 | |
| distro: fedora-40 | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Clone repository | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ needs.pr-info.outputs.sha }} | |
| fetch-depth: 0 | |
| - name: Run the tests | |
| uses: sclorg/testing-farm-as-github-action@v2 | |
| with: | |
| compose: Fedora-40 | |
| api_key: ${{ secrets.TF_API_KEY }} | |
| git_url: ${{ needs.pr-info.outputs.repo_url }} | |
| git_ref: ${{ needs.pr-info.outputs.ref }} | |
| arch: ${{ matrix.arch }} | |
| update_pull_request_status: true | |
| pull_request_status_name: "bootc-${{ matrix.distro }}-${{ matrix.arch }}" | |
| tmt_context: "arch=${{ matrix.arch }}" | |
| tmt_plan_regex: "/install-upgrade/" | |
| tf_scope: private | |
| secrets: "QUAY_USERNAME=${{ secrets.QUAY_USERNAME }};QUAY_PASSWORD=${{ secrets.QUAY_PASSWORD }};QUAY_SECRET=${{ secrets.QUAY_SECRET }};RHEL_REGISTRY_URL=${{ secrets.RHEL_REGISTRY_URL }};DOWNLOAD_NODE=${{ secrets.DOWNLOAD_NODE }};AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }};AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }}" | |
| variables: "TEST_OS=${{ matrix.distro }};ARCH=${{ matrix.arch }};AWS_REGION=${{ env.AWS_REGION }}" |