ok-to-test-command #1085
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This was adapted from https://github.com/imjohnbo/ok-to-test/blob/master/.github/workflows/integration.yml | |
| name: Validate Pull Request (fork) | |
| on: | |
| repository_dispatch: | |
| types: [ok-to-test-command] | |
| jobs: | |
| integration-tests-fork: | |
| runs-on: [self-hosted, 1ES.Pool=aso-1es-pool] | |
| if: | |
| github.event_name == 'repository_dispatch' && | |
| github.event.client_payload.slash_command.args.named.sha != '' && | |
| contains(github.event.client_payload.pull_request.head.sha, github.event.client_payload.slash_command.args.named.sha) | |
| permissions: | |
| checks: write | |
| packages: read | |
| steps: | |
| # Update check run called "integration-tests" setting status to in_progress | |
| # Note: There is no way to specify which suite the check we create goes into apparently, see: | |
| # https://github.community/t/specify-check-suite-when-creating-a-checkrun/118380 | |
| # Also, details_url doesn't currently work when set via a GITHUB_TOKEN which is what we're using, see: | |
| # https://github.community/t/create-a-check-run-details-url-is-not-being-set/166002 | |
| # Given the above limitations, we create a new check for the fork integration tests, and then at the end | |
| # of this job we update the "integration-tests" check to be passing as well (so this single job really | |
| # ends up writing the status 2 checks, 1 is "integration-tests" and one is "integration-tests-fork"). | |
| - name: set-check-run-in-progress | |
| uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # pinned to v7.0.1 | |
| id: set-check-run-in-progress | |
| env: | |
| number: ${{ github.event.client_payload.pull_request.number }} | |
| job: ${{ github.job }} | |
| server_url: ${{ github.server_url }} | |
| repo: ${{ github.repository }} | |
| run_id: ${{ github.run_id }} | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| const url = `${process.env.server_url}/${process.env.repo}/actions/runs/${process.env.run_id}` | |
| const { data: pull } = await github.rest.pulls.get({ | |
| ...context.repo, | |
| pull_number: process.env.number | |
| }); | |
| const ref = pull.head.sha; | |
| const { data: result } = await github.rest.checks.create({ | |
| ...context.repo, | |
| name: process.env.job, | |
| head_sha: ref, | |
| status: 'in_progress', | |
| details_url: url, | |
| }); | |
| return result; | |
| - name: Fork based /ok-to-test checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pinned to 4.1.7 | |
| with: | |
| fetch-depth: 0 # required to access tags | |
| submodules: 'true' | |
| ref: 'refs/pull/${{ github.event.client_payload.pull_request.number }}/merge' | |
| - name: Force docker to SSD | |
| run: sudo scripts/v2/linux-docker-use-ssd.sh --containerd true | |
| - name: check-changes | |
| id: check-changes | |
| run: scripts/v2/check-changes.sh | |
| - name: Log in to GitHub Docker Registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # pinned to v3.3.0 | |
| with: | |
| registry: docker.pkg.github.com # ghcr.io not yet enabled for Azure org | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| if: steps.check-changes.outputs.code-changed == 'true' | |
| # Note: Changes to this step must also be mirrored into pr-validation.yaml | |
| - name: Build devcontainer image | |
| # We must issue a manual pull before the build so the image gets copied locally, because | |
| # docker.pkg.github.com is not a valid Docker registry and doesn't work with --cache-from, | |
| # however, `docker pull` will fall back to other methods that do work and get the image loaded. | |
| # | |
| # This message comes from "docker pull": | |
| # | |
| # Run docker pull docker.pkg.github.com/azure/azure-service-operator/aso-devcontainer:latest | |
| # WARNING: ⚠️ Failed to pull manifest by the resolved digest. This registry does not | |
| # appear to conform to the distribution registry specification; falling back to | |
| # pull by tag. This fallback is DEPRECATED, and will be removed in a future | |
| # release. Please contact admins of https://docker.pkg.github.com. ⚠️ | |
| # | |
| # See: https://github.com/moby/moby/issues/41687#issuecomment-733826074 and related issues | |
| run: | | |
| docker pull docker.pkg.github.com/azure/azure-service-operator/aso-devcontainer:latest | |
| docker build --cache-from docker.pkg.github.com/azure/azure-service-operator/aso-devcontainer:latest --tag devcontainer:latest .devcontainer | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| if: steps.check-changes.outputs.code-changed == 'true' | |
| - name: Run devcontainer image | |
| id: devcontainer | |
| run: | | |
| container_id=$(docker create -w /workspace -v $GITHUB_WORKSPACE:/workspace -v /var/run/docker.sock:/var/run/docker.sock --network=host devcontainer:latest) | |
| docker start "$container_id" | |
| echo "container_id=$container_id" >> $GITHUB_ENV | |
| if: steps.check-changes.outputs.code-changed == 'true' | |
| - name: Run integration tests | |
| run: | | |
| container_id=${{ env.container_id }} | |
| docker exec -e HOSTROOT=$GITHUB_WORKSPACE -e GITHUB_ACTIONS -e AZURE_TENANT_ID -e AZURE_SUBSCRIPTION_ID -e KIND_OIDC_STORAGE_ACCOUNT_RG -e KIND_OIDC_STORAGE_ACCOUNT "$container_id" task controller:ci-integration-tests | |
| env: | |
| AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| KIND_OIDC_STORAGE_ACCOUNT_RG: ${{ secrets.KIND_OIDC_STORAGE_ACCOUNT_RG }} | |
| KIND_OIDC_STORAGE_ACCOUNT: ${{ secrets.KIND_OIDC_STORAGE_ACCOUNT }} | |
| if: steps.check-changes.outputs.code-changed == 'true' | |
| # Update check run called "integration-fork" | |
| - name: update-integration-tests-result | |
| uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # pinned to v7.0.1 | |
| id: update-check-run | |
| if: ${{ always() }} | |
| env: | |
| number: ${{ github.event.client_payload.pull_request.number }} | |
| job: ${{ github.job }} | |
| integration_test_job: 'integration-tests' # This is the name of the job defined in pr-validation.yml | |
| # Conveniently, job.status maps to https://developer.github.com/v3/checks/runs/#update-a-check-run | |
| conclusion: ${{ job.status }} | |
| server_url: ${{ github.server_url }} | |
| repo: ${{ github.repository }} | |
| run_id: ${{ github.run_id }} | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| const url = `${process.env.server_url}/${process.env.repo}/actions/runs/${process.env.run_id}` | |
| const { data: pull } = await github.rest.pulls.get({ | |
| ...context.repo, | |
| pull_number: process.env.number | |
| }); | |
| const ref = pull.head.sha; | |
| const { data: checks } = await github.rest.checks.listForRef({ | |
| ...context.repo, | |
| ref | |
| }); | |
| const forkCheck = checks.check_runs.filter(c => c.name === process.env.job); | |
| await github.rest.checks.update({ | |
| ...context.repo, | |
| check_run_id: forkCheck[0].id, | |
| status: 'completed', | |
| conclusion: process.env.conclusion, | |
| details_url: url, | |
| }); | |
| const mainCheck = checks.check_runs.filter(c => c.name === process.env.integration_test_job); | |
| const { data: result } = await github.rest.checks.update({ | |
| ...context.repo, | |
| check_run_id: mainCheck[0].id, | |
| status: 'completed', | |
| conclusion: process.env.conclusion, | |
| details_url: url, | |
| }); | |
| return result; |