diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml new file mode 100644 index 0000000000..755309e556 --- /dev/null +++ b/.github/workflows/integration.yml @@ -0,0 +1,97 @@ +# Run secret-dependent integration tests only after /ok-to-test approval +on: + pull_request: + repository_dispatch: + types: [ok-to-test-command] + +name: Integration tests + +jobs: + # Branch-based pull request + integration-trusted: + runs-on: ubuntu-latest + # Runs tests when a PR is opened from the original repo (not a forked repo), which protects the secrets and builds for trusted contributors + if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository + strategy: + matrix: + target: + - test-acceptance + steps: + - uses: actions/checkout@v2 + - uses: actions/setup-go@v2 + with: + go-version: '1.15.2' + - name: Install dependencies + run: make setup + + - name: make ${{ matrix.target }} + env: + REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.REVIEWDOG_GITHUB_API_TOKEN }} + SNOWFLAKE_USER: ${{ secrets.SNOWFLAKE_USER }} + SNOWFLAKE_PASSWORD: ${{ secrets.SNOWFLAKE_PASSWORD }} + SNOWFLAKE_ACCOUNT: ${{ secrets.SNOWFLAKE_ACCOUNT }} + SNOWFLAKE_ROLE: ${{ secrets.SNOWFLAKE_ROLE }} + run: make ${{ matrix.target }} + + # Repo owner has commented /ok-to-test on a (fork-based) pull request + integration-fork: + runs-on: ubuntu-latest + if: + # Strict rule to check the latest commit sha with the one provided in the ok-to-test command + github.event_name == 'repository_dispatch' && + github.event.client_payload.slash_command.sha == github.event.client_payload.pull_request.head.sha + # Integration tests needing secrets + strategy: + matrix: + target: + - test-acceptance + steps: + - uses: actions/checkout@v2 + with: + ref: 'refs/pull/${{ github.event.client_payload.pull_request.number }}/merge' + - uses: actions/setup-go@v2 + with: + go-version: '1.15.2' + - name: Install dependencies + run: make setup + + - name: make ${{ matrix.target }} + env: + REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.REVIEWDOG_GITHUB_API_TOKEN }} + SNOWFLAKE_USER: ${{ secrets.SNOWFLAKE_USER }} + SNOWFLAKE_PASSWORD: ${{ secrets.SNOWFLAKE_PASSWORD }} + SNOWFLAKE_ACCOUNT: ${{ secrets.SNOWFLAKE_ACCOUNT }} + SNOWFLAKE_ROLE: ${{ secrets.SNOWFLAKE_ROLE }} + run: make ${{ matrix.target }} + - uses: actions/github-script@v1 + id: update-check-run + if: ${{ always() }} + env: + number: ${{ github.event.client_payload.pull_request.number }} + job: ${{ github.job }} + # Conveniently, job.status maps to https://developer.github.com/v3/checks/runs/#update-a-check-run + conclusion: ${{ job.status }} + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const { data: pull } = await github.pulls.get({ + ...context.repo, + pull_number: process.env.number + }); + const ref = pull.head.sha; + + const { data: checks } = await github.checks.listForRef({ + ...context.repo, + ref + }); + + const check = checks.check_runs.filter(c => c.name === process.env.job); + + const { data: result } = await github.checks.update({ + ...context.repo, + check_run_id: check[0].id, + status: 'completed', + conclusion: process.env.conclusion + }); + + return result; diff --git a/.github/workflows/ok-to-test.yml b/.github/workflows/ok-to-test.yml new file mode 100644 index 0000000000..8fd36e4319 --- /dev/null +++ b/.github/workflows/ok-to-test.yml @@ -0,0 +1,29 @@ +# If someone with write access comments "/ok-to-test" on a pull request, emit a repository_dispatch event +name: Label + +on: + issue_comment: + types: [created] + +jobs: + ok-to-test: + runs-on: ubuntu-latest + steps: + - name: Generate token + id: generate_token + uses: tibdex/github-app-token@v1 + with: + app_id: ${{ secrets.OK_TO_TEST_APP_ID }} + private_key: ${{ secrets.OK_TO_TEST_PRIVATE_KEY }} + + - name: Slash Command Dispatch + uses: peter-evans/slash-command-dispatch@v1 + env: + TOKEN: ${{ steps.generate_token.outputs.token }} + with: + token: ${{ env.TOKEN }} # GitHub App installation access token + reaction-token: ${{ secrets.GITHUB_TOKEN }} + issue-type: pull-request + commands: ok-to-test + named-args: true + permission: write diff --git a/.github/workflows/ci.yml b/.github/workflows/unit.yml similarity index 51% rename from .github/workflows/ci.yml rename to .github/workflows/unit.yml index 03c4b7fd55..d74458327f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/unit.yml @@ -1,7 +1,12 @@ -on: push +# Run unit tests that don't require secrets on any branch/fork pull request +on: + pull_request: + types: [review_requested, edited, synchronized] + +name: Unit tests jobs: - run: + unit: runs-on: ubuntu-latest strategy: matrix: @@ -9,7 +14,7 @@ jobs: - check-docs - check-mod - lint-ci - - test-acceptance-ci + - test steps: - uses: actions/checkout@v2 - uses: actions/setup-go@v2 @@ -17,12 +22,5 @@ jobs: go-version: '1.15.2' - name: Install dependencies run: make setup - - name: make ${{ matrix.target }} - env: - REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.REVIEWDOG_GITHUB_API_TOKEN }} - SNOWFLAKE_USER: ${{ secrets.SNOWFLAKE_USER }} - SNOWFLAKE_PASSWORD: ${{ secrets.SNOWFLAKE_PASSWORD }} - SNOWFLAKE_ACCOUNT: ${{ secrets.SNOWFLAKE_ACCOUNT }} - SNOWFLAKE_ROLE: ${{ secrets.SNOWFLAKE_ROLE }} run: make ${{ matrix.target }} diff --git a/Makefile b/Makefile index 902458c158..ecb71da511 100644 --- a/Makefile +++ b/Makefile @@ -69,10 +69,6 @@ test-acceptance: fmt deps ## runs all tests, including the acceptance tests whic SKIP_WAREHOUSE_GRANT_TESTS=1 SKIP_SHARE_TESTS=1 SKIP_MANAGED_ACCOUNT_TEST=1 TF_ACC=1 go test -v -coverprofile=coverage.txt -covermode=atomic $(TESTARGS) ./... .PHONY: test-acceptance -test-acceptance-ci: ## runs all tests, including the acceptance tests which create and destroys real resources - SKIP_WAREHOUSE_GRANT_TESTS=1 SKIP_SHARE_TESTS=1 SKIP_MANAGED_ACCOUNT_TEST=1 TF_ACC=1 go test -v -coverprofile=coverage.txt -covermode=atomic $(TESTARGS) ./... -.PHONY: test-acceptance - deps: go mod tidy .PHONY: deps @@ -114,5 +110,6 @@ check-mod: .PHONY: check-mod fmt: + go get golang.org/x/tools/cmd/goimports goimports -w -d $$(find . -type f -name '*.go' -not -path "./vendor/*" -not -path "./dist/*") .PHONY: fmt