mirror of
https://github.com/ossf/scorecard.git
synced 2024-09-17 11:57:12 +03:00
4a88dac00f
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](48af2dc4a9...30f413bfed)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
120 lines
4.3 KiB
YAML
120 lines
4.3 KiB
YAML
# Copyright 2021 Security Scorecard Authors
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# Run secret-dependent integration tests only after approval
|
|
name: Integration tests
|
|
on: pull_request_target
|
|
|
|
permissions:
|
|
contents: read
|
|
pull-requests: write
|
|
|
|
jobs:
|
|
approve:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1
|
|
with:
|
|
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
|
|
|
- name: approve
|
|
run: echo For security reasons, all pull requests need to be approved before running integration tests.
|
|
|
|
integration-trusted:
|
|
runs-on: ubuntu-latest
|
|
environment: integration-test
|
|
needs: [approve]
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1
|
|
with:
|
|
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
|
|
|
- name: pull_request actions/checkout
|
|
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2.3.4
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
|
|
- name: setup-go
|
|
uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923 # v2.2.0
|
|
with:
|
|
go-version: '1.17'
|
|
|
|
- name: Cache builds
|
|
# https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
|
|
uses: actions/cache@30f413bfed0a2bc738fdfd409e5a9e96b24545fd #v2.1.7
|
|
with:
|
|
# In order:
|
|
# * Module download cache
|
|
# * Build cache (Linux)
|
|
# * Build cache (Mac)
|
|
# * Build cache (Windows)
|
|
path: |
|
|
~/go/pkg/mod
|
|
~/.cache/go-build
|
|
~/Library/Caches/go-build
|
|
%LocalAppData%\go-build
|
|
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-go-
|
|
|
|
- name: Prepare test env
|
|
run: |
|
|
go mod download
|
|
|
|
- name: Run GITHUB_TOKEN E2E #using retry because the GitHub token is being throttled.
|
|
uses: nick-invision/retry@7f8f3d9f0f62fe5925341be21c2e8314fd4f7c7c
|
|
env:
|
|
GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
with:
|
|
max_attempts: 3
|
|
retry_on: error
|
|
timeout_minutes: 30
|
|
command: make e2e-gh-token
|
|
|
|
- name: Run PAT E2E #using retry because the GitHub token is being throttled.
|
|
uses: nick-invision/retry@7f8f3d9f0f62fe5925341be21c2e8314fd4f7c7c
|
|
env:
|
|
GITHUB_AUTH_TOKEN: ${{ secrets.GH_AUTH_TOKEN }}
|
|
with:
|
|
max_attempts: 3
|
|
retry_on: error
|
|
timeout_minutes: 30
|
|
command: make e2e-pat
|
|
|
|
- name: codecov
|
|
uses: codecov/codecov-action@81cd2dc8148241f03f5839d295e000b8f761e378 # 2.1.0
|
|
with:
|
|
files: ./e2e-coverage.out
|
|
verbose: true
|
|
|
|
- name: find comment
|
|
uses: peter-evans/find-comment@1769778a0c5bd330272d749d12c036d65e70d39d # v1.2.0
|
|
id: fc
|
|
with:
|
|
issue-number: ${{ github.event.pull_request.number || github.event.client_payload.pull_request.number }}
|
|
comment-author: 'github-actions[bot]'
|
|
body-includes: Integration tests ran for
|
|
|
|
- name: create or update comment
|
|
uses: peter-evans/create-or-update-comment@c9fcb64660bc90ec1cc535646af190c992007c32 # v1.4.5
|
|
with:
|
|
issue-number: ${{ github.event.pull_request.number || github.event.client_payload.pull_request.number }}
|
|
comment-id: ${{ steps.fc.outputs.comment-id }}
|
|
body: |
|
|
Integration tests ${{ job.status }} for
|
|
[${{ github.event.client_payload.slash_command.args.named.sha || github.event.pull_request.head.sha }}]
|
|
(https://github.com/ossf/scorecard/actions/runs/${{ github.run_id }})
|