Skip to content

Commit

Permalink
[feature] ok-to-test allows testing on forked branches with secrets (#…
Browse files Browse the repository at this point in the history 
…320)
  • Loading branch information
@alldoami
alldoami committed Dec 3, 2020
1 parent 2bbcddf commit badc47d
Show file tree
Hide file tree
Showing 4 changed files with 135 additions and 14 deletions.
97 changes: 97 additions & 0 deletions .github/workflows/integration.yml
View file
@@ -0,0 +1,97 @@
# Run secret-dependent integration tests only after /ok-to-test approval
on:
pull_request:
repository_dispatch:
types: [ok-to-test-command]

name: Integration tests

jobs:
# Branch-based pull request
integration-trusted:
runs-on: ubuntu-latest
# Runs tests when a PR is opened from the original repo (not a forked repo), which protects the secrets and builds for trusted contributors
if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository
strategy:
matrix:
target:
- test-acceptance
steps:
- uses: actions/checkout@v2
- uses: actions/setup-go@v2
with:
go-version: '1.15.2'
- name: Install dependencies
run: make setup

- name: make ${{ matrix.target }}
env:
REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.REVIEWDOG_GITHUB_API_TOKEN }}
SNOWFLAKE_USER: ${{ secrets.SNOWFLAKE_USER }}
SNOWFLAKE_PASSWORD: ${{ secrets.SNOWFLAKE_PASSWORD }}
SNOWFLAKE_ACCOUNT: ${{ secrets.SNOWFLAKE_ACCOUNT }}
SNOWFLAKE_ROLE: ${{ secrets.SNOWFLAKE_ROLE }}
run: make ${{ matrix.target }}

# Repo owner has commented /ok-to-test on a (fork-based) pull request
integration-fork:
runs-on: ubuntu-latest
if:
# Strict rule to check the latest commit sha with the one provided in the ok-to-test command
github.event_name == 'repository_dispatch' &&
github.event.client_payload.slash_command.sha == github.event.client_payload.pull_request.head.sha
# Integration tests needing secrets
strategy:
matrix:
target:
- test-acceptance
steps:
- uses: actions/checkout@v2
with:
ref: 'refs/pull/${{ github.event.client_payload.pull_request.number }}/merge'
- uses: actions/setup-go@v2
with:
go-version: '1.15.2'
- name: Install dependencies
run: make setup

- name: make ${{ matrix.target }}
env:
REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.REVIEWDOG_GITHUB_API_TOKEN }}
SNOWFLAKE_USER: ${{ secrets.SNOWFLAKE_USER }}
SNOWFLAKE_PASSWORD: ${{ secrets.SNOWFLAKE_PASSWORD }}
SNOWFLAKE_ACCOUNT: ${{ secrets.SNOWFLAKE_ACCOUNT }}
SNOWFLAKE_ROLE: ${{ secrets.SNOWFLAKE_ROLE }}
run: make ${{ matrix.target }}
- uses: actions/github-script@v1
id: update-check-run
if: ${{ always() }}
env:
number: ${{ github.event.client_payload.pull_request.number }}
job: ${{ github.job }}
# Conveniently, job.status maps to https://developer.github.com/v3/checks/runs/#update-a-check-run
conclusion: ${{ job.status }}
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const { data: pull } = await github.pulls.get({
...context.repo,
pull_number: process.env.number
});
const ref = pull.head.sha;
const { data: checks } = await github.checks.listForRef({
...context.repo,
ref
});
const check = checks.check_runs.filter(c => c.name === process.env.job);
const { data: result } = await github.checks.update({
...context.repo,
check_run_id: check[0].id,
status: 'completed',
conclusion: process.env.conclusion
});
return result;
29 changes: 29 additions & 0 deletions .github/workflows/ok-to-test.yml
View file
@@ -0,0 +1,29 @@
# If someone with write access comments "/ok-to-test" on a pull request, emit a repository_dispatch event
name: Label

on:
issue_comment:
types: [created]

jobs:
ok-to-test:
runs-on: ubuntu-latest
steps:
- name: Generate token
id: generate_token
uses: tibdex/github-app-token@v1
with:
app_id: ${{ secrets.OK_TO_TEST_APP_ID }}
private_key: ${{ secrets.OK_TO_TEST_PRIVATE_KEY }}

- name: Slash Command Dispatch
uses: peter-evans/slash-command-dispatch@v1
env:
TOKEN: ${{ steps.generate_token.outputs.token }}
with:
token: ${{ env.TOKEN }} # GitHub App installation access token
reaction-token: ${{ secrets.GITHUB_TOKEN }}
issue-type: pull-request
commands: ok-to-test
named-args: true
permission: write
18 changes: 8 additions & 10 deletions .github/workflows/ci.yml → .github/workflows/unit.yml
View file
@@ -1,28 +1,26 @@
on: push
# Run unit tests that don't require secrets on any branch/fork pull request
on:
pull_request:
types: [review_requested, edited, synchronized]

name: Unit tests

jobs:
run:
unit:
runs-on: ubuntu-latest
strategy:
matrix:
target:
- check-docs
- check-mod
- lint-ci
- test-acceptance-ci
- test
steps:
- uses: actions/checkout@v2
- uses: actions/setup-go@v2
with:
go-version: '1.15.2'
- name: Install dependencies
run: make setup

- name: make ${{ matrix.target }}
env:
REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.REVIEWDOG_GITHUB_API_TOKEN }}
SNOWFLAKE_USER: ${{ secrets.SNOWFLAKE_USER }}
SNOWFLAKE_PASSWORD: ${{ secrets.SNOWFLAKE_PASSWORD }}
SNOWFLAKE_ACCOUNT: ${{ secrets.SNOWFLAKE_ACCOUNT }}
SNOWFLAKE_ROLE: ${{ secrets.SNOWFLAKE_ROLE }}
run: make ${{ matrix.target }}
5 changes: 1 addition & 4 deletions Makefile
View file
Expand Up @@ -69,10 +69,6 @@ test-acceptance: fmt deps ## runs all tests, including the acceptance tests whic
SKIP_WAREHOUSE_GRANT_TESTS=1 SKIP_SHARE_TESTS=1 SKIP_MANAGED_ACCOUNT_TEST=1 TF_ACC=1 go test -v -coverprofile=coverage.txt -covermode=atomic $(TESTARGS) ./...
.PHONY: test-acceptance

test-acceptance-ci: ## runs all tests, including the acceptance tests which create and destroys real resources
SKIP_WAREHOUSE_GRANT_TESTS=1 SKIP_SHARE_TESTS=1 SKIP_MANAGED_ACCOUNT_TEST=1 TF_ACC=1 go test -v -coverprofile=coverage.txt -covermode=atomic $(TESTARGS) ./...
.PHONY: test-acceptance

deps:
go mod tidy
.PHONY: deps
Expand Down Expand Up @@ -114,5 +110,6 @@ check-mod:
.PHONY: check-mod

fmt:
go get golang.org/x/tools/cmd/goimports
goimports -w -d $$(find . -type f -name '*.go' -not -path "./vendor/*" -not -path "./dist/*")
.PHONY: fmt

0 comments on commit badc47d

Please sign in to comment.