mirror of
https://github.com/ossf/scorecard.git
synced 2024-10-26 10:28:10 +03:00
Feature - ok-to-test in github action
This commit is contained in:
parent
e94e53965e
commit
9b4b8be7e0
120
.github/workflows/integration.yml
vendored
Normal file
120
.github/workflows/integration.yml
vendored
Normal file
@ -0,0 +1,120 @@
|
||||
# Run secret-dependent integration tests only after /ok-to-test approval
|
||||
on:
|
||||
pull_request:
|
||||
repository_dispatch:
|
||||
types: [ok-to-test-command]
|
||||
|
||||
name: Integration tests
|
||||
|
||||
jobs:
|
||||
integration-trusted:
|
||||
runs-on: ubuntu-latest
|
||||
if: (github.event_name == 'repository_dispatch') || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository)
|
||||
steps:
|
||||
- id: debug-outputs
|
||||
run: |
|
||||
echo ${{ github.event_name }}
|
||||
echo ${{ github.event.client_payload }}
|
||||
|
||||
- id: verify-sha-input
|
||||
if: github.event_name == 'repository_dispatch'
|
||||
run: |
|
||||
echo \"${{ github.event.client_payload.pull_request.head.sha }}\"
|
||||
echo \"${{ github.event.client_payload.slash_command.args.named.sha }}\"
|
||||
SHAINPUT=$(echo ${{github.event.client_payload.slash_command.args.named.sha}} | cut -c1-7)
|
||||
if [ ${#SHAINPUT} -le 6 ]; then echo "error::input sha not at least 7 characters long" ; exit 1
|
||||
else echo "done"
|
||||
fi
|
||||
SHAHEAD=$(echo ${{github.event.client_payload.pull_request.head.sha}} | cut -c1-7)
|
||||
echo ${#SHAINPUT}
|
||||
echo ${#SHAHEAD}
|
||||
if [ "${SHAHEAD}" != "${SHAINPUT}" ]; then echo "sha input from slash command does not equal the head sha" ; exit 1
|
||||
else echo "shas are equal"
|
||||
fi
|
||||
|
||||
- name: pull_request actions/checkout
|
||||
if: github.event_name == 'pull_request'
|
||||
uses: actions/checkout@v2
|
||||
|
||||
- name: pull_request actions/checkout
|
||||
if: github.event_name == 'repository_dispatch'
|
||||
uses: actions/checkout@v2
|
||||
with:
|
||||
ref: 'refs/pull/${{ github.event.client_payload.pull_request.number }}/merge'
|
||||
|
||||
- name: setup-go
|
||||
uses: actions/setup-go@v2
|
||||
with:
|
||||
go-version: '1.15.5'
|
||||
|
||||
- name: Run ci-e2e
|
||||
env:
|
||||
GITHUB_AUTH_TOKEN: ${{ secrets.GH_AUTH_TOKEN }}
|
||||
run: |
|
||||
if [[ ! -v GITHUB_AUTH_TOKEN ]]; then
|
||||
echo "GITHUB_AUTH_TOKEN is not set, skip test"
|
||||
exit 1
|
||||
elif [[ -z "$GITHUB_AUTH_TOKEN" ]]; then
|
||||
echo "GITHUB_AUTH_TOKEN is set to the empty string, skip test"
|
||||
exit 1
|
||||
else
|
||||
go get github.com/onsi/ginkgo/ginkgo@v1.14.2
|
||||
go mod download
|
||||
make ci-e2e
|
||||
fi
|
||||
|
||||
- name: find comment
|
||||
if: ${{ always() }}
|
||||
uses: peter-evans/find-comment@v1
|
||||
id: fc
|
||||
with:
|
||||
issue-number: ${{ github.event.pull_request.number || github.event.client_payload.pull_request.number }}
|
||||
comment-author: 'github-actions[bot]'
|
||||
body-includes: Integration tests ran for
|
||||
|
||||
- name: create or update comment
|
||||
if: (${{ always() }})
|
||||
uses: peter-evans/create-or-update-comment@v1
|
||||
with:
|
||||
issue-number: ${{ github.event.pull_request.number || github.event.client_payload.pull_request.number }}
|
||||
comment-id: ${{ steps.fc.outputs.comment-id }}
|
||||
body: |
|
||||
Integration tests ${{ job.status }} for [${{ github.event.client_payload.slash_command.args.named.sha || github.event.pull_request.head.sha }}](https://github.com/chanzuckerberg/terraform-provider-snowflake/actions/runs/${{ github.run_id }})
|
||||
|
||||
- name: set fork job status
|
||||
uses: actions/github-script@v3
|
||||
if: ${{ always() }}
|
||||
id: update-check-run
|
||||
env:
|
||||
number: ${{ github.event.client_payload.pull_request.number }}
|
||||
job: ${{ github.job }}
|
||||
# Conveniently, job.status maps to https://developer.github.com/v3/checks/runs/#update-a-check-run
|
||||
conclusion: ${{ job.status }}
|
||||
sha: ${{ github.event.client_payload.slash_command.args.named.sha }}
|
||||
event_name: ${{ github.event_name }}
|
||||
with:
|
||||
github-token: ${{ secrets.GITHUB_TOKEN }}
|
||||
script: |
|
||||
if (process.env.event_name !== 'repository_dispatch') {
|
||||
console.log("Not repository_dispatch... nothing to do!");
|
||||
return process.env.event_name;
|
||||
}
|
||||
|
||||
const ref = process.env.sha;
|
||||
|
||||
const { data: checks } = await github.checks.listForRef({
|
||||
...context.repo,
|
||||
ref
|
||||
});
|
||||
|
||||
const check = checks.check_runs.filter(c => c.name === process.env.job);
|
||||
console.log(check);
|
||||
|
||||
const { data: result } = await github.checks.update({
|
||||
...context.repo,
|
||||
check_run_id: check[0].id,
|
||||
status: 'completed',
|
||||
conclusion: process.env.conclusion
|
||||
});
|
||||
|
||||
return result;
|
35
.github/workflows/ok-to-test.yml
vendored
Normal file
35
.github/workflows/ok-to-test.yml
vendored
Normal file
@ -0,0 +1,35 @@
|
||||
# If someone with write access comments "/ok-to-test" on a pull request, emit a repository_dispatch event
|
||||
name: Ok To Test
|
||||
|
||||
on:
|
||||
issue_comment:
|
||||
types: [created]
|
||||
|
||||
jobs:
|
||||
ok-to-test:
|
||||
runs-on: ubuntu-latest
|
||||
# Only run for PRs, not issue comments
|
||||
if: ${{ github.event.issue.pull_request }}
|
||||
steps:
|
||||
# Generate a GitHub App installation access token from an App ID and private key
|
||||
# To create a new GitHub App:
|
||||
# https://developer.github.com/apps/building-github-apps/creating-a-github-app/
|
||||
# See app.yml for an example app manifest
|
||||
- name: Generate token
|
||||
id: generate_token
|
||||
uses: tibdex/github-app-token@v1
|
||||
with:
|
||||
app_id: ${{ secrets.APP_ID }}
|
||||
private_key: ${{ secrets.PRIVATE_KEY }}
|
||||
|
||||
- name: Slash Command Dispatch
|
||||
uses: peter-evans/slash-command-dispatch@v1
|
||||
env:
|
||||
TOKEN: ${{ steps.generate_token.outputs.token }}
|
||||
with:
|
||||
token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} # PAT or OAuth token will also work
|
||||
reaction-token: ${{ secrets.GITHUB_TOKEN }}
|
||||
issue-type: pull-request
|
||||
commands: ok-to-test
|
||||
named-args: true
|
||||
permission: write
|
Loading…
Reference in New Issue
Block a user