forked from hashicorp/vault
-
Notifications
You must be signed in to change notification settings - Fork 0
199 lines (191 loc) · 8.29 KB
/
test-go.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
on:
workflow_call:
inputs:
go-arch:
description: The execution architecture (arm, amd64, etc.)
required: true
type: string
enterprise:
description: A flag indicating if this workflow is executing for the enterprise repository.
required: true
type: string
total-runners:
description: Number of runners to use for executing the tests on.
required: true
type: string
env-vars:
description: A map of environment variables as JSON.
required: false
type: string
default: '{}'
extra-flags:
description: A space-separated list of additional build flags.
required: false
type: string
runs-on:
description: An expression indicating which kind of runners to use.
required: false
type: string
default: ubuntu-latest
go-build-tags:
description: A comma-separated list of additional build tags to consider satisfied during the build.
required: false
type: string
env: ${{ fromJSON(inputs.env-vars) }}
jobs:
test-generate-test-package-list:
runs-on: ${{ fromJSON(inputs.runs-on) }}
name: Verify Test Package Distribution
steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
- id: test
working-directory: .github/scripts
run: |
ENTERPRISE=${{ inputs.enterprise }} ./test-generate-test-package-lists.sh
runner-indexes:
runs-on: ${{ fromJSON(inputs.runs-on) }}
name: Generate runner indexes
#
# This job generates a JSON Array of integers ranging from 1 to 16.
# That array is used in the matrix section of the test-go job below.
#
outputs:
runner-indexes: ${{ steps.generate-index-list.outputs.indexes }}
steps:
- id: generate-index-list
run: |
INDEX_LIST="$(seq 1 ${{ inputs.total-runners }})"
INDEX_JSON="$(jq --null-input --compact-output '. |= [inputs]' <<< "${INDEX_LIST}")"
echo "indexes=${INDEX_JSON}" >> "${GITHUB_OUTPUT}"
test-go:
permissions:
id-token: write # Note: this permission is explicitly required for Vault auth
contents: read
name: "${{ matrix.runner-index }}"
needs:
- runner-indexes
runs-on: ${{ fromJSON(inputs.runs-on) }}
strategy:
fail-fast: false
matrix:
#
# Initialize the runner-index key with the JSON array of integers
# generated above.
#
runner-index: ${{ fromJSON(needs.runner-indexes.outputs.runner-indexes) }}
env:
GOPRIVATE: github.com/hashicorp/*
TIMEOUT_IN_MINUTES: 60
steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
- uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613
with:
go-version-file: ./.go-version
cache: true
- name: Authenticate to Vault
id: vault-auth
if: github.repository == 'hashicorp/vault-enterprise'
run: vault-auth
- name: Fetch Secrets
id: secrets
if: github.repository == 'hashicorp/vault-enterprise'
uses: hashicorp/vault-action@130d1f5f4fe645bb6c83e4225c04d64cfb62de6e
with:
url: ${{ steps.vault-auth.outputs.addr }}
caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
token: ${{ steps.vault-auth.outputs.token }}
secrets: |
kv/data/github/${{ github.repository }}/datadog-ci DATADOG_API_KEY;
kv/data/github/${{ github.repository }}/github-token username-and-token | github-token;
kv/data/github/${{ github.repository }}/license license_1 | VAULT_LICENSE_CI;
kv/data/github/${{ github.repository }}/license license_2 | VAULT_LICENSE_2;
kv/data/github/${{ github.repository }}/hcp-link HCP_API_ADDRESS;
kv/data/github/${{ github.repository }}/hcp-link HCP_AUTH_URL;
kv/data/github/${{ github.repository }}/hcp-link HCP_CLIENT_ID;
kv/data/github/${{ github.repository }}/hcp-link HCP_CLIENT_SECRET;
kv/data/github/${{ github.repository }}/hcp-link HCP_RESOURCE_ID;
- id: setup-git-private
name: Setup Git configuration (private)
if: github.repository == 'hashicorp/vault-enterprise'
run: |
git config --global url."https://${{ steps.secrets.outputs.github-token }}@github.com".insteadOf https://github.com
- id: setup-git-public
name: Setup Git configuration (public)
if: github.repository != 'hashicorp/vault-enterprise'
run: |
git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN}}@github.com".insteadOf https://github.com
- id: run-go-tests
name: Run Go tests
timeout-minutes: ${{ fromJSON(env.TIMEOUT_IN_MINUTES) }}
run: |
set -exo pipefail
#
# This script creates a Bash array with 16 elements each
# containing a space delimited list of package names. The
# array element corresponding to this instance's
# matrix.runner-index value.
#
ENTERPRISE=${{ inputs.enterprise }} source .github/scripts/generate-test-package-lists.sh
# Build the dynamically generated source files.
make prep
mkdir -p test-results/go-test
# We don't want VAULT_LICENSE set when running Go tests, because that's
# not what developers have in their environments and it could break some
# tests; it would be like setting VAULT_TOKEN. However some non-Go
# CI commands, like the UI tests, shouldn't have to worry about licensing.
# So we provide the tests which want an externally supplied license with licenses
# via the VAULT_LICENSE_CI and VAULT_LICENSE_2 environment variables, and here we unset it.
# shellcheck disable=SC2034
VAULT_LICENSE=
# Assign test licenses to relevant variables if they aren't already
if [[ ${{ github.repository }} == 'hashicorp/vault' ]]; then
export VAULT_LICENSE_CI=${{ secrets.ci_license }}
export VAULT_LICENSE_2=${{ secrets.ci_license_2 }}
export HCP_API_ADDRESS=${{ secrets.HCP_API_ADDRESS }}
export HCP_AUTH_URL=${{ secrets.HCP_AUTH_URL }}
export HCP_CLIENT_ID=${{ secrets.HCP_CLIENT_ID }}
export HCP_CLIENT_SECRET=${{ secrets.HCP_CLIENT_SECRET }}
export HCP_RESOURCE_ID=${{ secrets.HCP_RESOURCE_ID }}
# Temporarily removing this variable to cause HCP Link tests
# to be skipped.
#export HCP_SCADA_ADDRESS=${{ secrets.HCP_SCADA_ADDRESS }}
fi
# shellcheck disable=SC2086 # can't quote package list
GOARCH=${{ inputs.go-arch }} \
go run gotest.tools/gotestsum --format=short-verbose \
--junitfile test-results/go-test/results.xml \
--jsonfile test-results/go-test/results.json \
-- \
-tags "${{ inputs.go-build-tags }}" \
-timeout=${{ env.TIMEOUT_IN_MINUTES }}m \
-parallel=20 \
${{ inputs.extra-flags }} \
\
${test_packages[${{ matrix.runner-index }}]}
- name: Prepare datadog-ci
if: github.repository == 'hashicorp/vault'
continue-on-error: true
run: |
curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
chmod +x /usr/local/bin/datadog-ci
- name: Upload test results to DataDog
continue-on-error: true
env:
DD_ENV: ci
run: |
if [[ ${{ github.repository }} == 'hashicorp/vault' ]]; then
export DATADOG_API_KEY=${{ secrets.DATADOG_API_KEY }}
fi
datadog-ci junit upload --service "$GITHUB_REPOSITORY" test-results/go-test/results.xml
- name: Archive test results
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
with:
name: test-results-${{ matrix.runner-index }}
path: test-results/
if: always()
- name: Create a summary of tests
uses: test-summary/action@62bc5c68de2a6a0d02039763b8c754569df99e3f
with:
paths: "test-results/go-test/results.xml"
show: "fail"
if: always()