ok-to-test-command #1093
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
pull_request: | |
repository_dispatch: | |
types: [ok-to-test-command] # corresponds to ./ok-to-test.yml `commands:` field | |
name: Pull request | |
jobs: | |
lint: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Install Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: 1.19.x | |
- name: Restore cache | |
uses: actions/cache@v3 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go-mod- | |
- name: Fmt | |
run: make fmt | |
- name: Vet | |
run: make vet | |
- name: tfproviderlintx | |
run: make tfproviderlintx | |
test: | |
strategy: | |
matrix: | |
go-version: [1.19.x] | |
platform: [ubuntu-latest, macos-latest, windows-latest] | |
runs-on: ${{ matrix.platform }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Install Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: ${{ matrix.go-version }} | |
- name: Restore cache | |
uses: actions/cache@v3 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go-mod- | |
- name: Test | |
run: make test | |
docs: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Install Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: 1.19.x | |
- name: Generate Docs | |
run: | | |
make generate-docs | |
- name: Check diff | |
run: | | |
git diff --exit-code --ignore-all-space ./docs/ | |
# NOTE: The following two `validate-` jobs (and the top-of-file config) are inspired by: https://github.com/imjohnbo/ok-to-test | |
# Branch-based pull request from owner or trusted developer who has WRITE access. | |
validate-interface-trusted: | |
if: "!contains(github.event.pull_request.labels.*.name, 'breaking-change') && github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository" | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Install Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: 1.19.x | |
- name: Restore cache | |
uses: actions/cache@v3 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go-mod- | |
- name: Install Terraform CLI | |
uses: hashicorp/setup-terraform@v3 | |
- name: Validate Interface | |
run: make validate-interface | |
env: | |
FASTLY_API_KEY: ${{ secrets.FASTLY_API_TOKEN }} | |
# IMPORTANT: Workflows from forks do not have access to sensitive data such as secrets | |
# https://bit.ly/gh-actions-fork-secret-access | |
# We work around this using ./ok-to-test.yml | |
# Repo owner has commented /ok-to-test on a (fork-based) pull request | |
# This will run the build not as the forked owner but as your own token user. | |
validate-interface-fork: | |
permissions: | |
pull-requests: write | |
checks: write | |
if: | | |
!contains(github.event.pull_request.labels.*.name, 'breaking-change') && | |
github.event_name == 'repository_dispatch' && | |
github.event.client_payload.slash_command.args.named.sha != '' && | |
contains( | |
github.event.client_payload.pull_request.head.sha, | |
github.event.client_payload.slash_command.args.named.sha | |
) | |
runs-on: ubuntu-latest | |
steps: | |
- name: Fork based /ok-to-test checkout | |
uses: actions/checkout@v4 | |
with: | |
ref: 'refs/pull/${{ github.event.client_payload.pull_request.number }}/merge' | |
# START `validate-interface-trusted` | |
- name: Install Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: 1.19.x | |
- name: Restore cache | |
uses: actions/cache@v3 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go-mod- | |
- name: Install Terraform CLI | |
uses: hashicorp/setup-terraform@v3 | |
- name: Validate Interface | |
run: make validate-interface | |
env: | |
FASTLY_API_KEY: ${{ secrets.FASTLY_API_TOKEN }} | |
# END `validate-interface-trusted` | |
- run: | | |
echo "Integration tests... success! ;-)" | |
# Update check run called "integration-fork" | |
- uses: actions/github-script@v6 | |
id: update-check-run | |
if: ${{ always() }} | |
env: | |
number: ${{ github.event.client_payload.pull_request.number }} | |
job: ${{ github.job }} | |
# Conveniently, job.status maps to https://developer.github.com/v3/checks/runs/#update-a-check-run | |
conclusion: ${{ job.status }} | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
script: | | |
const { data: pull } = await github.rest.pulls.get({ | |
...context.repo, | |
pull_number: process.env.number | |
}); | |
const ref = pull.head.sha; | |
const { data: checks } = await github.rest.checks.listForRef({ | |
...context.repo, | |
ref | |
}); | |
const check = checks.check_runs.filter(c => c.name === process.env.job); | |
const { data: result } = await github.rest.checks.update({ | |
...context.repo, | |
check_run_id: check[0].id, | |
status: 'completed', | |
conclusion: process.env.conclusion | |
}); | |
return result; | |
validate-goreleaser: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Install Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: 1.19.x | |
- name: Restore cache | |
uses: actions/cache@v3 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go-mod- | |
- name: Run GoReleaser | |
uses: goreleaser/goreleaser-action@v5 | |
with: | |
install-only: true | |
- name: Validate Goreleaser | |
run: make goreleaser GORELEASER_ARGS="--skip-validate --clean --snapshot" # snapshot is needed as local git has no tags |