dependabot - disable npm, schedule go monday aft (#415) #1246
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| push: | |
| branches: | |
| - "main" | |
| tags: | |
| - "v*" | |
| pull_request: | |
| name: Test and publish | |
| permissions: | |
| contents: write | |
| deployments: write | |
| issues: write | |
| packages: write | |
| env: | |
| CC_BINARY_URL: https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 | |
| jobs: | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/setup-go@v3 | |
| with: | |
| go-version: '1.20.3' | |
| - uses: actions/checkout@v3 | |
| - name: Run tests | |
| run: | | |
| export GIT_COMMIT_SHA='${{ github.sha }}' | |
| export GIT_BRANCH="$(echo '${{ github.ref }}' | sed -E -e 's/.*\/(.*)/\1/')" | |
| echo "Running tests..." | |
| mkdir unitcoverage | |
| go test -cover $(go list ./... | grep -v integration_test) -args -test.gocoverdir="$PWD/unitcoverage" | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: unit-test-coverage | |
| path: ./unitcoverage/ | |
| publish: | |
| name: Goreleaser | |
| runs-on: ubuntu-latest | |
| needs: test | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v2 | |
| - name: Write .env file | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| touch .env | |
| echo GITHUB_TOKEN="$GITHUB_TOKEN" >> .env | |
| - name: Login to GHCR | |
| uses: docker/login-action@v2 | |
| if: "!startsWith(github.ref, 'refs/tags/v')" | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v2 | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: goreleaser release preview | |
| run: make release-preview | |
| if: "!startsWith(github.ref, 'refs/tags/v')" | |
| - name: Tag Docker images appropriately | |
| run: > | |
| docker tag ghcr.io/ecadlabs/signatory:${{ github.sha }}-amd64 ghcr.io/ecadlabs/signatory:${{ github.head_ref || github.ref_name }}-amd64; | |
| docker tag ghcr.io/ecadlabs/signatory:${{ github.sha }}-arm64 ghcr.io/ecadlabs/signatory:${{ github.head_ref || github.ref_name }}-arm64; | |
| docker tag ghcr.io/ecadlabs/signatory:${{ github.sha }}-armv7 ghcr.io/ecadlabs/signatory:${{ github.head_ref || github.ref_name }}-armv7; | |
| if: "!startsWith(github.ref, 'refs/tags/v')" | |
| - name: Push Signatory preview images to GH Container Registry | |
| run: > | |
| docker push ghcr.io/ecadlabs/signatory:${{ github.head_ref || github.ref_name }}-amd64; | |
| docker push ghcr.io/ecadlabs/signatory:${{ github.head_ref || github.ref_name }}-arm64; | |
| docker push ghcr.io/ecadlabs/signatory:${{ github.head_ref || github.ref_name }}-armv7; | |
| if: "!startsWith(github.ref, 'refs/tags/v')" | |
| - name: goreleaser release | |
| run: make release | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| integration-tests: | |
| if: "!startsWith(github.ref, 'refs/tags/v')" | |
| needs: publish | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| testenvs: | |
| - current | |
| - next | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v2 | |
| if: "!startsWith(github.ref, 'refs/tags/v')" | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Run tests | |
| env: | |
| IMAGE: ghcr.io/ecadlabs/signatory:${{ github.head_ref || github.ref_name }}-amd64 | |
| VAULT_AWS_USER: ${{ secrets.INTEGRATIONTEST_VAULT_AWS_USER }} | |
| VAULT_AWS_KEY: ${{ secrets.INTEGRATIONTEST_VAULT_AWS_KEY }} | |
| VAULT_AWS_SECRET: ${{ secrets.INTEGRATIONTEST_VAULT_AWS_SECRET }} | |
| VAULT_AWS_REGION: ${{ secrets.INTEGRATIONTEST_VAULT_AWS_REGION }} | |
| VAULT_AWS_PKH_TZ2: ${{ secrets.INTEGRATIONTEST_VAULT_AWS_TZ2 }} | |
| VAULT_AWS_PKH_TZ3: ${{ secrets.INTEGRATIONTEST_VAULT_AWS_TZ3 }} | |
| VAULT_AZ_CLIENTCERTTHUMB: ${{ secrets.INTEGRATIONTEST_VAULT_AZ_CLIENTCERTTHUMB }} | |
| VAULT_AZ_CLIENTID: ${{ secrets.INTEGRATIONTEST_VAULT_AZ_CLIENTID }} | |
| VAULT_AZ_RESGROUP: ${{ secrets.INTEGRATIONTEST_VAULT_AZ_RESGROUP }} | |
| VAULT_AZ_SP_KEY: ${{ secrets.INTEGRATIONTEST_VAULT_AZ_SP_KEY }} | |
| VAULT_AZ_SUBID: ${{ secrets.INTEGRATIONTEST_VAULT_AZ_SUBID }} | |
| VAULT_AZ_TENANTID: ${{ secrets.INTEGRATIONTEST_VAULT_AZ_TENANTID }} | |
| VAULT_AZ_VAULT: ${{ secrets.INTEGRATIONTEST_VAULT_AZ_VAULT }} | |
| VAULT_AZ_TZ2: ${{ secrets.INTEGRATIONTEST_VAULT_AZ_TZ2 }} | |
| VAULT_AZ_TZ3: ${{ secrets.INTEGRATIONTEST_VAULT_AZ_TZ3 }} | |
| VAULT_GCP_PROJECTID: ${{ secrets.INTEGRATIONTEST_VAULT_GCP_PROJECTID }} | |
| VAULT_GCP_PRIVATEKEYID: ${{ secrets.INTEGRATIONTEST_VAULT_GCP_PRIVATEKEYID }} | |
| VAULT_GCP_PRIVATEKEY: ${{ secrets.INTEGRATIONTEST_VAULT_GCP_PRIVATEKEY }} | |
| VAULT_GCP_CLIENTEMAIL: ${{ secrets.INTEGRATIONTEST_VAULT_GCP_CLIENTEMAIL }} | |
| VAULT_GCP_CLIENTID: ${{ secrets.INTEGRATIONTEST_VAULT_GCP_CLIENTID }} | |
| VAULT_GCP_X509_URL: ${{ secrets.INTEGRATIONTEST_VAULT_GCP_X509_URL }} | |
| VAULT_GCP_KEYRING: ${{ secrets.INTEGRATIONTEST_VAULT_GCP_KEYRING }} | |
| VAULT_GCP_LOCATION: ${{ secrets.INTEGRATIONTEST_VAULT_GCP_LOCATION }} | |
| VAULT_GCP_TZ3: ${{ secrets.INTEGRATIONTEST_VAULT_GCP_TZ3 }} | |
| run: > | |
| cd integration_test; | |
| export ARCH=amd64; | |
| . ./.env.${{ matrix.testenvs }}; | |
| envsubst < gcp-token-template.json > gcp-token.json; | |
| echo $VAULT_AZ_SP_KEY |base64 -d >service-principal.key; | |
| docker compose up -d --wait --pull always; | |
| docker exec octez sudo chown -R tezos /home/tezos/.tezos-client; | |
| go test ./...; | |
| docker compose kill; | |
| rm -f gcp-token.json; | |
| rm -f service-principal.key; | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: integration-test-coverage-env${{ matrix.testenvs }} | |
| path: ./integration_test/coverage/ | |
| report-coverage: | |
| needs: integration-tests | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Setup Code Climate test-reporter | |
| run: | | |
| curl -L "$CC_BINARY_URL" > ./cc-test-reporter | |
| chmod +x ./cc-test-reporter | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: unit-test-coverage | |
| path: unit-test-coverage | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: integration-test-coverage-envcurrent | |
| path: integration-test-coverage-envcurrent | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: integration-test-coverage-envnext | |
| path: integration-test-coverage-envnext | |
| - name: Report Coverage | |
| run: | | |
| export CC_TEST_REPORTER_ID='${{ secrets.CC_TEST_REPORTER_ID }}' | |
| if [[ ! -z "$CC_TEST_REPORTER_ID" ]]; then | |
| echo "Generating coverage report..." | |
| export GIT_COMMIT_SHA='${{ github.sha }}' | |
| export GIT_BRANCH="$(echo '${{ github.ref }}' | sed -E -e 's/.*\/(.*)/\1/')" | |
| ./cc-test-reporter before-build | |
| go tool covdata textfmt -i=./unit-test-coverage,./integration-test-coverage-envcurrent,./integration-test-coverage-envnext -o ./c.out | |
| rm -rf ./unit-test-coverage | |
| rm -rf ./integration-test-coverage-envcurrent | |
| rm -rf ./integration-test-coverage-envnext | |
| sed -i 's/\/go\/src\/github.com/github.com/g' ./c.out | |
| mod="$(cat go.mod | awk '/^module/ {print $2}')" | |
| ./cc-test-reporter after-build -p "${mod}/" -t gocov | |
| fi |