Build and Review PR #26 #21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Review PR | |
| run-name: 'Build and Review PR #${{ github.event.pull_request.number }}' | |
| on: | |
| # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token | |
| # | |
| # This workflow uses the pull_request trigger which prevents write permissions on the | |
| # GH_TOKEN and secrets access from public forks. This should remain as a pull_request | |
| # trigger to minimize the access public forks have in the repository. The reduced | |
| # permissions are adequate but do mean that re-compiles and readme changes will have to be | |
| # made manually by the PR author. These auto-updates could be done by this workflow | |
| # for branches but in order to re-trigger a PR build (which is needed for status checks), | |
| # we would make the commits with a different user and their PAT. To minimize exposure | |
| # and complication we will request those changes be manually made by the PR author. | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| # paths: | |
| # Do not include specific paths here. We always want this build to run and produce a | |
| # status check which are branch protection rules can use. If this is skipped because of | |
| # path filtering, a status check will not be created and we won't be able to merge the PR | |
| # without disabling that requirement. If we have a status check that is always produced, | |
| # we can also use that to require all branches be up to date before they are merged. | |
| jobs: | |
| build-and-review-pr: | |
| # This reusable workflow will check to see if an action's source code has changed based on | |
| # whether the PR includes files that match the files-with-code arg or are in one of the | |
| # dirs-with-code directories. If there are source code changes, this reusable workflow | |
| # will then run the action's build (if one was provided) and update the README.md with the | |
| # the latest version of the action. If those two steps result in any changes that need to | |
| # be committed, the workflow will fail because the PR needs some updates. Instructions for | |
| # updating the PR will be available in the build log, the workflow summary and as a PR | |
| # comment if the PR came from a branch (not a fork). | |
| # This workflow assumes: | |
| # - The main README.md is at the root of the repo | |
| # - The README contains a contribution guidelines and usage examples section | |
| uses: im-open/.github/.github/workflows/reusable-build-and-review-pr.yml@v1 | |
| with: | |
| action-name: ${{ github.repository }} | |
| default-branch: main | |
| readme-name: 'README.md' | |
| # The id of the contribution guidelines section of the README.md | |
| readme-contribution-id: '#contributing' | |
| # The id of the usage examples section of the README.md | |
| readme-examples-id: '#usage-examples' | |
| # The files that contain source code for the action. Only files that affect the action's execution | |
| # should be included like action.yml or package.json. Do not include files like README.md or .gitignore. | |
| # Files do not need to be explicitly provided here if they fall under one of the dirs in dirs-with-code. | |
| # ** This value must match the same files-with-code argument specified in increment-version-on-merge.yml. | |
| files-with-code: 'action.yml,package.json,package-lock.json' | |
| # The directories that contain source code for the action. Only dirs with files that affect the action's | |
| # execution should be included like src or dist. Do not include dirs like .github or node_modules. | |
| # ** This value must match the same dirs-with-code argument specified in increment-version-on-merge.yml. | |
| dirs-with-code: 'src,dist' | |
| # The npm script to run to build the action. This is typically 'npm run build' if the | |
| # action needs to be compiled. For composite-run-steps actions this is typically empty. | |
| build-command: 'npm run build' | |
| test: | |
| runs-on: ubuntu-latest | |
| env: | |
| DB_NAME: '' | |
| DB_SERVER: '' | |
| TIMEOUT: '' | |
| APP_NAME: '' | |
| CUSTOM_ERROR: '' | |
| LOG_LEVEL: '' | |
| CACHE_EXP_IN_HOURS: '' | |
| NO_MATCH_SETTING_1: '' | |
| NO_MATCH_SETTING_2: '' | |
| NO_MATCH_SETTING_3: '' | |
| NO_MATCH_SETTING_4: '' | |
| steps: | |
| - uses: actions/checkout@v3 | |
| #--------------------------------------------------------- | |
| # MATCHING SCOPE WITH CREATE-OUTPUT-VARIABLES SET TO FALSE | |
| #--------------------------------------------------------- | |
| - name: '-------------------------------------------------------------------------------------------------------' | |
| run: echo "" | |
| - name: When there are matching scopes and create-output-variables is false | |
| uses: ./ | |
| if: always() | |
| id: matching-scope-no-outputs | |
| with: | |
| scope: 'dev' | |
| create-output-variables: false | |
| env: | |
| DB_NAME@dev: 'db-dev' | |
| DB_NAME@prod: 'db-prod' | |
| DB_SERVER@dev: 'server-dev' | |
| DB_SERVER@prod: 'server-prod' | |
| TIMEOUT@dev prod: '32' | |
| - name: Then the outcome should be success | |
| if: always() | |
| run: | | |
| ./test/assert-values-match.sh --name "step outcome" --expected "success" --actual "${{ steps.matching-scope-no-outputs.outcome }}" | |
| - name: And the environment variables should be populated | |
| if: always() | |
| run: | | |
| ./test/assert-values-match.sh --name "DB_NAME" --expected "db-dev" --actual "${{ env.DB_NAME }}" | |
| ./test/assert-values-match.sh --name "DB_SERVER" --expected "server-dev" --actual "${{ env.DB_SERVER }}" | |
| ./test/assert-values-match.sh --name "TIMEOUT" --expected "32" --actual "${{ env.TIMEOUT }}" | |
| - name: And the outputs should not be populated | |
| if: always() | |
| run: | | |
| ./test/assert-values-match.sh --name "DB_NAME output" --expected "" --actual "${{ steps.matching-scope-no-outputs.outputs.DB_NAME }}" | |
| ./test/assert-values-match.sh --name "DB_SERVER output" --expected "" --actual "${{ steps.matching-scope-no-outputs.outputs.DB_SERVER }}" | |
| ./test/assert-values-match.sh --name "TIMEOUT output" --expected "" --actual "${{ steps.matching-scope-no-outputs.outputs.TIMEOUT }}" | |
| #-------------------------------------------------------- | |
| # MATCHING SCOPE WITH CREATE-OUTPUT-VARIABLES SET TO TRUE | |
| #-------------------------------------------------------- | |
| - name: '-------------------------------------------------------------------------------------------------------' | |
| run: echo "" | |
| - name: When there are matching scopes and create-output-variables is true | |
| uses: ./ | |
| if: always() | |
| id: matching-scope-with-outputs | |
| with: | |
| scope: 'Dev' # This should not be case sensitive | |
| create-output-variables: true | |
| env: | |
| APP_NAME@dev: 'db-dev' | |
| APP_NAME@prod: 'db-prod' | |
| CUSTOM_ERROR@dev prod: 'custom' | |
| - name: Then the outcome should be success | |
| if: always() | |
| run: | | |
| ./test/assert-values-match.sh --name "step outcome" --expected "success" --actual "${{ steps.matching-scope-with-outputs.outcome }}" | |
| - name: And the environment variables and outputs should match | |
| if: always() | |
| run: | | |
| ./test/assert-values-match.sh --name "APP_NAME" --expected "${{ env.APP_NAME }}" --actual "${{ steps.matching-scope-with-outputs.outputs.APP_NAME }}" | |
| ./test/assert-values-match.sh --name "CUSTOM_ERROR" --expected "${{ env.CUSTOM_ERROR }}" --actual "${{ steps.matching-scope-with-outputs.outputs.CUSTOM_ERROR }}" | |
| #-------------------------------------------- | |
| # MATCHING SCOPE WHEN PROVIDING AN INPUT FILE | |
| #-------------------------------------------- | |
| - name: '-------------------------------------------------------------------------------------------------------' | |
| run: echo "" | |
| - name: When there is a matching scope and an input file | |
| uses: ./ | |
| if: always() | |
| id: input-file | |
| with: | |
| scope: 'dev' | |
| create-output-variables: true | |
| input-file: ./test/config.yml | |
| - name: Then the outcome should be success | |
| if: always() | |
| run: | | |
| ./test/assert-values-match.sh --name "step outcome" --expected "success" --actual "${{ steps.input-file.outcome }}" | |
| - name: And the environment variables and outputs should match | |
| if: always() | |
| run: | | |
| ./test/assert-values-match.sh --name "LOG_LEVEL" --expected "${{ env.LOG_LEVEL }}" --actual "${{ steps.input-file.outputs.LOG_LEVEL }}" | |
| ./test/assert-values-match.sh --name "CACHE_EXP_IN_HOURS" --expected "${{ env.CACHE_EXP_IN_HOURS }}" --actual "${{ steps.input-file.outputs.CACHE_EXP_IN_HOURS }}" | |
| #-------------------------------------------------------- | |
| # NO MATCHING SCOPE WITH ERROR-ON-NO-MATCH SET TO FALSE | |
| #-------------------------------------------------------- | |
| - name: '-------------------------------------------------------------------------------------------------------' | |
| run: echo "" | |
| - name: When there are no matching scopes and error-on-no-match is false | |
| uses: ./ | |
| if: always() | |
| id: no-matching-scope-no-error | |
| with: | |
| scope: 'aScopeThatDoesNotMatchAnything' | |
| create-output-variables: true | |
| error-on-no-match: false | |
| env: | |
| SETTING_1@dev: 's1-d' | |
| SETTING_1@prod: 's1-p' | |
| SETTING_2@dev prod: 'setting2' | |
| - name: Then the outcome should be success | |
| if: always() | |
| run: | | |
| ./test/assert-values-match.sh --name "step outcome" --expected "success" --actual "${{ steps.no-matching-scope-no-error.outcome }}" | |
| - name: And no environment variables or outputs should be created | |
| if: always() | |
| run: | | |
| ./test/assert-values-match.sh --name "step outcome" --expected "" --actual "${{ env.NO_MATCH_SETTING_1 }}" | |
| ./test/assert-values-match.sh --name "step outcome" --expected "" --actual "${{ env.NO_MATCH_SETTING_2 }}" | |
| ./test/assert-values-match.sh --name "step outcome" --expected "" --actual "${{ steps.no-matching-scope-no-error.outputs.NO_MATCH_SETTING_1 }}" | |
| ./test/assert-values-match.sh --name "step outcome" --expected "" --actual "${{ steps.no-matching-scope-no-error.outputs.NO_MATCH_SETTING_2 }}" | |
| #-------------------------------------------------------- | |
| # NO MATCHING SCOPE WITH ERROR-ON-NO-MATCH SET TO TRUE | |
| #-------------------------------------------------------- | |
| - name: '-------------------------------------------------------------------------------------------------------' | |
| run: echo "" | |
| - name: When there are no matching scopes and error-on-no-match is true | |
| uses: ./ | |
| if: always() | |
| continue-on-error: true # This is needed because we expect the step to fail. It needs to "pass" in order for the test job to succeed. | |
| id: no-matching-scope-with-error | |
| with: | |
| scope: 'aScopeThatDoesNotMatchAnything_part2' | |
| create-output-variables: true | |
| error-on-no-match: true | |
| env: | |
| SETTING_3@dev: 's3-d' | |
| SETTING_3@prod: 's3-p' | |
| SETTING_4@dev prod: 'setting4' | |
| - name: Then the outcome should be failure | |
| if: always() | |
| run: | | |
| ./test/assert-values-match.sh --name "step outcome" --expected "failure" --actual "${{ steps.no-matching-scope-with-error.outcome }}" | |
| - name: And no environment variables or outputs should be created | |
| if: always() | |
| run: | | |
| ./test/assert-values-match.sh --name "step outcome" --expected "" --actual "${{ env.NO_MATCH_SETTING_3 }}" | |
| ./test/assert-values-match.sh --name "step outcome" --expected "" --actual "${{ env.NO_MATCH_SETTING_4 }}" | |
| ./test/assert-values-match.sh --name "step outcome" --expected "" --actual "${{ steps.no-matching-scope-with-error.outputs.NO_MATCH_SETTING_3 }}" | |
| ./test/assert-values-match.sh --name "step outcome" --expected "" --actual "${{ steps.no-matching-scope-with-error.outputs.NO_MATCH_SETTING_4 }}" | |
| - name: '-------------------------------------------------------------------------------------------------------' | |
| run: echo "" |