From f939e57f3ad3c89f0865eb471dd03375fb237dc2 Mon Sep 17 00:00:00 2001 From: Pieter Noordhuis Date: Thu, 19 Dec 2024 12:50:59 +0100 Subject: [PATCH] Trigger integration tests on push to main (#2035) ## Changes The existing workflow already had 2 trigger conditions, so instead of adding a third (and seeing more "skipped" jobs), I split them up into dedicated workflow files, each with their own trigger condition. The integration test status is reported back via commit status. ## Tests We can confirm that everything works as expected as this PR moves from here to the merge group to main. --- .github/workflows/integration-approve.yml | 32 ++++++++++ .github/workflows/integration-main.yml | 33 ++++++++++ .github/workflows/integration-pr.yml | 56 ++++++++++++++++ .github/workflows/integration-tests.yml | 78 ----------------------- 4 files changed, 121 insertions(+), 78 deletions(-) create mode 100644 .github/workflows/integration-approve.yml create mode 100644 .github/workflows/integration-main.yml create mode 100644 .github/workflows/integration-pr.yml delete mode 100644 .github/workflows/integration-tests.yml diff --git a/.github/workflows/integration-approve.yml b/.github/workflows/integration-approve.yml new file mode 100644 index 00000000..4bdeb62a --- /dev/null +++ b/.github/workflows/integration-approve.yml @@ -0,0 +1,32 @@ +name: integration-approve + +on: + merge_group: + +jobs: + # Trigger for merge groups. + # + # Statuses and checks apply to specific commits (by hash). + # Enforcement of required checks is done both at the PR level and the merge queue level. + # In case of multiple commits in a single PR, the hash of the squashed commit + # will not match the one for the latest (approved) commit in the PR. + # + # We auto approve the check for the merge queue for two reasons: + # + # * Queue times out due to duration of tests. + # * Avoid running integration tests twice, since it was already run at the tip of the branch before squashing. + # + trigger: + runs-on: ubuntu-latest + + steps: + - name: Auto-approve squashed commit + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + shell: bash + run: | + gh api -X POST -H "Accept: application/vnd.github+json" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + /repos/${{ github.repository }}/statuses/${{ github.sha }} \ + -f 'state=success' \ + -f 'context=Integration Tests Check' diff --git a/.github/workflows/integration-main.yml b/.github/workflows/integration-main.yml new file mode 100644 index 00000000..064e439c --- /dev/null +++ b/.github/workflows/integration-main.yml @@ -0,0 +1,33 @@ +name: integration-main + +on: + push: + branches: + - main + +jobs: + # Trigger for pushes to the main branch. + # + # This workflow triggers the integration test workflow in a different repository. + # It requires secrets from the "test-trigger-is" environment, which are only available to authorized users. + trigger: + runs-on: ubuntu-latest + environment: "test-trigger-is" + + steps: + - name: Generate GitHub App Token + id: generate-token + uses: actions/create-github-app-token@v1 + with: + app-id: ${{ secrets.DECO_WORKFLOW_TRIGGER_APP_ID }} + private-key: ${{ secrets.DECO_WORKFLOW_TRIGGER_PRIVATE_KEY }} + owner: ${{ secrets.ORG_NAME }} + repositories: ${{secrets.REPO_NAME}} + + - name: Trigger Workflow in Another Repo + env: + GH_TOKEN: ${{ steps.generate-token.outputs.token }} + run: | + gh workflow run cli-isolated-nightly.yml -R ${{ secrets.ORG_NAME }}/${{secrets.REPO_NAME}} \ + --ref main \ + -f commit_sha=${{ github.event.after }} diff --git a/.github/workflows/integration-pr.yml b/.github/workflows/integration-pr.yml new file mode 100644 index 00000000..bf2dcd8b --- /dev/null +++ b/.github/workflows/integration-pr.yml @@ -0,0 +1,56 @@ +name: integration-pr + +on: + pull_request: + types: [opened, synchronize] + +jobs: + check-token: + runs-on: ubuntu-latest + environment: "test-trigger-is" + + outputs: + has_token: ${{ steps.set-token-status.outputs.has_token }} + + steps: + - name: Check if DECO_WORKFLOW_TRIGGER_APP_ID is set + id: set-token-status + run: | + if [ -z "${{ secrets.DECO_WORKFLOW_TRIGGER_APP_ID }}" ]; then + echo "DECO_WORKFLOW_TRIGGER_APP_ID is empty. User has no access to secrets." + echo "::set-output name=has_token::false" + else + echo "DECO_WORKFLOW_TRIGGER_APP_ID is set. User has access to secrets." + echo "::set-output name=has_token::true" + fi + + # Trigger for pull requests. + # + # This workflow triggers the integration test workflow in a different repository. + # It requires secrets from the "test-trigger-is" environment, which are only available to authorized users. + # It depends on the "check-token" workflow to confirm access to this environment to avoid failures. + trigger: + runs-on: ubuntu-latest + environment: "test-trigger-is" + + if: needs.check-token.outputs.has_token == 'true' + needs: check-token + + steps: + - name: Generate GitHub App Token + id: generate-token + uses: actions/create-github-app-token@v1 + with: + app-id: ${{ secrets.DECO_WORKFLOW_TRIGGER_APP_ID }} + private-key: ${{ secrets.DECO_WORKFLOW_TRIGGER_PRIVATE_KEY }} + owner: ${{ secrets.ORG_NAME }} + repositories: ${{secrets.REPO_NAME}} + + - name: Trigger Workflow in Another Repo + env: + GH_TOKEN: ${{ steps.generate-token.outputs.token }} + run: | + gh workflow run cli-isolated-pr.yml -R ${{ secrets.ORG_NAME }}/${{secrets.REPO_NAME}} \ + --ref main \ + -f pull_request_number=${{ github.event.pull_request.number }} \ + -f commit_sha=${{ github.event.pull_request.head.sha }} diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml deleted file mode 100644 index d56728c2..00000000 --- a/.github/workflows/integration-tests.yml +++ /dev/null @@ -1,78 +0,0 @@ -name: integration - -on: - - pull_request: - types: [opened, synchronize] - - merge_group: - - -jobs: - check-token: - runs-on: ubuntu-latest - environment: "test-trigger-is" - outputs: - has_token: ${{ steps.set-token-status.outputs.has_token }} - steps: - - name: Check if DECO_WORKFLOW_TRIGGER_APP_ID is set - id: set-token-status - run: | - if [ -z "${{ secrets.DECO_WORKFLOW_TRIGGER_APP_ID }}" ]; then - echo "DECO_WORKFLOW_TRIGGER_APP_ID is empty. User has no access to secrets." - echo "::set-output name=has_token::false" - else - echo "DECO_WORKFLOW_TRIGGER_APP_ID is set. User has access to secrets." - echo "::set-output name=has_token::true" - fi - - trigger-tests: - runs-on: ubuntu-latest - needs: check-token - if: github.event_name == 'pull_request' && needs.check-token.outputs.has_token == 'true' - environment: "test-trigger-is" - - steps: - - uses: actions/checkout@v4 - - - name: Generate GitHub App Token - id: generate-token - uses: actions/create-github-app-token@v1 - with: - app-id: ${{ secrets.DECO_WORKFLOW_TRIGGER_APP_ID }} - private-key: ${{ secrets.DECO_WORKFLOW_TRIGGER_PRIVATE_KEY }} - owner: ${{ secrets.ORG_NAME }} - repositories: ${{secrets.REPO_NAME}} - - - name: Trigger Workflow in Another Repo - env: - GH_TOKEN: ${{ steps.generate-token.outputs.token }} - run: | - gh workflow run cli-isolated-pr.yml -R ${{ secrets.ORG_NAME }}/${{secrets.REPO_NAME}} \ - --ref main \ - -f pull_request_number=${{ github.event.pull_request.number }} \ - -f commit_sha=${{ github.event.pull_request.head.sha }} - - - - # Statuses and checks apply to specific commits (by hash). - # Enforcement of required checks is done both at the PR level and the merge queue level. - # In case of multiple commits in a single PR, the hash of the squashed commit - # will not match the one for the latest (approved) commit in the PR. - # We auto approve the check for the merge queue for two reasons: - # * Queue times out due to duration of tests. - # * Avoid running integration tests twice, since it was already run at the tip of the branch before squashing. - auto-approve: - if: github.event_name == 'merge_group' - runs-on: ubuntu-latest - steps: - - name: Mark Check - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - shell: bash - run: | - gh api -X POST -H "Accept: application/vnd.github+json" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - /repos/${{ github.repository }}/statuses/${{ github.sha }} \ - -f 'state=success' \ - -f 'context=Integration Tests Check'