mirror of
https://github.com/ossf/scorecard.git
synced 2024-10-06 05:37:42 +03:00
219404e0b7
Removing gitcache
153 lines
6.0 KiB
YAML
153 lines
6.0 KiB
YAML
# Copyright 2021 Security Scorecard Authors
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# Run secret-dependent integration tests only after /ok-to-test approval
|
|
on:
|
|
pull_request:
|
|
repository_dispatch:
|
|
types: [ok-to-test-command]
|
|
|
|
name: Integration tests
|
|
env:
|
|
IMAGE_NAME: scorecard
|
|
OUTPUT_PATH: output
|
|
jobs:
|
|
integration-trusted:
|
|
runs-on: ubuntu-latest
|
|
if: (github.event_name == 'repository_dispatch') || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository)
|
|
steps:
|
|
- id: debug-outputs
|
|
run: |
|
|
echo ${{ github.event_name }}
|
|
echo ${{ github.event.client_payload }}
|
|
|
|
- id: verify-sha-input
|
|
if: github.event_name == 'repository_dispatch'
|
|
run: |
|
|
echo \"${{ github.event.client_payload.pull_request.head.sha }}\"
|
|
echo \"${{ github.event.client_payload.slash_command.args.named.sha }}\"
|
|
SHAINPUT=$(echo ${{github.event.client_payload.slash_command.args.named.sha}} | cut -c1-7)
|
|
if [ ${#SHAINPUT} -le 6 ]; then echo "error::input sha not at least 7 characters long" ; exit 1
|
|
else echo "done"
|
|
fi
|
|
SHAHEAD=$(echo ${{github.event.client_payload.pull_request.head.sha}} | cut -c1-7)
|
|
echo ${#SHAINPUT}
|
|
echo ${#SHAHEAD}
|
|
if [ "${SHAHEAD}" != "${SHAINPUT}" ]; then echo "sha input from slash command does not equal the head sha" ; exit 1
|
|
else echo "shas are equal"
|
|
fi
|
|
|
|
- name: pull_request actions/checkout
|
|
if: github.event_name == 'pull_request'
|
|
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
|
|
|
|
- name: pull_request actions/checkout
|
|
if: github.event_name == 'repository_dispatch'
|
|
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
|
|
with:
|
|
ref: 'refs/pull/${{ github.event.client_payload.pull_request.number }}/merge'
|
|
|
|
- name: setup-go
|
|
uses: actions/setup-go@37335c7bb261b353407cff977110895fa0b4f7d8 # v2.1.3
|
|
with:
|
|
go-version: '1.16'
|
|
|
|
- name: Set up Cloud SDK
|
|
uses: google-github-actions/setup-gcloud@daadedc81d5f9d3c06d2c92f49202a3cc2b919ba # v0.2.1
|
|
with:
|
|
project_id: ${{ secrets.GCP_PROJECT_ID }}
|
|
service_account_key: ${{ secrets.GCRTOKEN }}
|
|
export_default_credentials: true
|
|
|
|
- name: Use gcloud CLI
|
|
run: gcloud info
|
|
|
|
- name: Prepare test env
|
|
run: |
|
|
go mod download
|
|
|
|
- name: Run E2E
|
|
env:
|
|
GITHUB_AUTH_TOKEN: ${{ secrets.GH_AUTH_TOKEN }}
|
|
run: |
|
|
go env -w GOFLAGS=-mod=mod
|
|
make ci-e2e
|
|
|
|
- name: Build docker image
|
|
run: make dockerbuild
|
|
|
|
- name: Test docker image
|
|
env:
|
|
GITHUB_AUTH_TOKEN: ${{ secrets.GH_AUTH_TOKEN }}
|
|
run: |
|
|
mkdir $OUTPUT_PATH
|
|
docker run -e GITHUB_AUTH_TOKEN=$GITHUB_AUTH_TOKEN $IMAGE_NAME --show-details --repo=https://github.com/ossf/scorecard --metadata=openssf --format json > ./$OUTPUT_PATH/results.json
|
|
ginkgo -p -v --focus="E2E TEST:executable" ./e2e/...
|
|
|
|
- name: find comment
|
|
if: ${{ always() }}
|
|
uses: peter-evans/find-comment@309ce798ba1c3627e3809dd68c694a29ef048fe2 # v1.2.0
|
|
id: fc
|
|
with:
|
|
issue-number: ${{ github.event.pull_request.number || github.event.client_payload.pull_request.number }}
|
|
comment-author: 'github-actions[bot]'
|
|
body-includes: Integration tests ran for
|
|
|
|
- name: create or update comment
|
|
if: (${{ always() }})
|
|
uses: peter-evans/create-or-update-comment@a35cf36e5301d70b76f316e867e7788a55a31dae # v1.4.5
|
|
with:
|
|
issue-number: ${{ github.event.pull_request.number || github.event.client_payload.pull_request.number }}
|
|
comment-id: ${{ steps.fc.outputs.comment-id }}
|
|
body: |
|
|
Integration tests ${{ job.status }} for [${{ github.event.client_payload.slash_command.args.named.sha || github.event.pull_request.head.sha }}](https://github.com/ossf/scorecard/actions/runs/${{ github.run_id }})
|
|
|
|
- name: set fork job status
|
|
uses: actions/github-script@a3e7071a34d7e1f219a8a4de9a5e0a34d1ee1293 # v4.0.2
|
|
if: ${{ always() }}
|
|
id: update-check-run
|
|
env:
|
|
number: ${{ github.event.client_payload.pull_request.number }}
|
|
job: ${{ github.job }}
|
|
# Conveniently, job.status maps to https://developer.github.com/v3/checks/runs/#update-a-check-run
|
|
conclusion: ${{ job.status }}
|
|
sha: ${{ github.event.client_payload.slash_command.args.named.sha }}
|
|
event_name: ${{ github.event_name }}
|
|
with:
|
|
github-token: ${{ secrets.GITHUB_TOKEN }}
|
|
script: |
|
|
if (process.env.event_name !== 'repository_dispatch') {
|
|
console.log("Not repository_dispatch... nothing to do!");
|
|
return process.env.event_name;
|
|
}
|
|
|
|
const ref = process.env.sha;
|
|
|
|
const { data: checks } = await github.checks.listForRef({
|
|
...context.repo,
|
|
ref
|
|
});
|
|
|
|
const check = checks.check_runs.filter(c => c.name === process.env.job);
|
|
console.log(check);
|
|
|
|
const { data: result } = await github.checks.update({
|
|
...context.repo,
|
|
check_run_id: check[0].id,
|
|
status: 'completed',
|
|
conclusion: process.env.conclusion
|
|
});
|
|
|
|
return result;
|