-
Notifications
You must be signed in to change notification settings - Fork 1
105 lines (93 loc) · 3.1 KB
/
test.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
name: Test
on:
workflow_dispatch:
# Use a manual approval process before PR's are given access to
# the secrets which are required to run the integration tests.
# The PR code should be manually approved to see if it can be trusted.
# When in doubt, do not approve the test run.
# Reference: https://dev.to/petrsvihlik/using-environment-protection-rules-to-secure-secrets-when-building-external-forks-with-pullrequesttarget-hci
pull_request_target:
branches: [ main ]
merge_group:
jobs:
approve:
name: Approve
environment:
# For security reasons, all pull requests need to be approved first before granting access to secrets
# So the environment should be set to have a reviewer/s inspect it before approving it
name: ${{ github.event_name == 'pull_request_target' && 'Test Pull Request' || 'Test Auto' }}
runs-on: ubuntu-latest
steps:
- name: Wait for approval
run: echo "Approved"
test:
name: Test
needs: [approve]
permissions:
pull-requests: write
environment:
name: Test Auto
runs-on: ubuntu-latest
env:
COMPOSE_PROJECT_NAME: ci_${{github.run_id}}_${{github.run_attempt || '1'}}
IMAGE: ${{ matrix.job.image }}_ci_${{github.run_id}}_${{github.run_attempt || '1'}}
IMAGE_SRC: ${{ matrix.job.image }}
strategy:
fail-fast: false
matrix:
job:
- { image: debian-11 }
- { image: debian-12 }
- { image: ubuntu-20.04 }
- { image: ubuntu-22.04 }
- { image: ubuntu-24.04 }
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || '' }}
- name: create .env file
run: |
touch .env
echo 'C8Y_BASEURL="${{ secrets.C8Y_BASEURL }}"' >> .env
echo 'C8Y_USER="${{ secrets.C8Y_USER }}"' >> .env
echo 'C8Y_PASSWORD="${{ secrets.C8Y_PASSWORD }}"' >> .env
- uses: actions/setup-python@v5
with:
python-version: '3.9'
cache: 'pip'
cache-dependency-path: |
tests/requirements.txt
- uses: taiki-e/install-action@just
#
# Build
#
- uses: actions/setup-go@v5
with:
go-version: '>=1.17.0'
cache: false
- name: Install dependencies
run: go install github.com/goreleaser/nfpm/v2/cmd/nfpm@latest
- name: Build package (for testing)
run: just build
#
# Test
#
- name: Install dependencies
run: |
just venv
just build-test
- name: Run tests
run: just test
- name: Upload test results
uses: actions/upload-artifact@v4
if: always()
with:
name: reports-${{ matrix.job.image }}
path: output
- name: Send report to commit
if: ${{ always() && github.event_name == 'pull_request_target' }}
uses: "joonvena/robotframework-reporter-action@v2.5"
with:
report_path: output
gh_access_token: ${{ secrets.GITHUB_TOKEN }}