Skip to content

Commit

Permalink
Allow maintainers to run integration tests on PR from a fork (nsidc#818)
Browse files Browse the repository at this point in the history
  • Loading branch information
chuckwondo authored Sep 20, 2024
1 parent e113d41 commit 2939f80
Show file tree
Hide file tree
Showing 7 changed files with 69 additions and 19 deletions.
3 changes: 2 additions & 1 deletion .github/actions/install-pkg/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ description: Install earthaccess Python package and testing dependencies

inputs:
python-version:
description: Version of Python to use
required: true

runs:
Expand All @@ -16,7 +17,7 @@ runs:
- name: Display full python version
shell: bash
id: full-python-version
run: echo "{version}=$(python -c "import sys; print('-'.join(str(v) for v in sys.version_info))")" >> $GITHUB_OUTPUT
run: echo "version=$(python -c "import sys; print('-'.join(str(v) for v in sys.version_info))")" >> $GITHUB_OUTPUT

- name: Install package and test dependencies
shell: bash
Expand Down
50 changes: 46 additions & 4 deletions .github/workflows/integration-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ name: Integration Tests

on:
pull_request:
pull_request_target:
push:
branches:
- main
Expand All @@ -19,28 +20,69 @@ concurrency:

jobs:
integration-tests:
#
# This condition prevents DUPLICATE attempts to run integration tests for
# PRs coming from FORKS.
#
# When a PR originates from a fork, both a pull_request and a
# pull_request_target event are triggered. This means that without a
# condition, GitHub will attempt to run integration tests TWICE, once for
# each event.
#
# To prevent this, this condition ensures that integration tests are run
# in only ONE of the following cases:
#
# 1. The event is NOT a pull_request. This covers the case when the event
# is a pull_request_target (i.e., a PR from a fork), as well as all
# other cases listed in the "on" block at the top of this file.
# 2. The event IS a pull_request AND the base repo and head repo are the
# same (i.e., the PR is NOT from a fork).
#
if: github.event_name != 'pull_request' || github.event.pull_request.base.repo.full_name == github.event.pull_request.head.repo.full_name
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.9", "3.10", "3.11", "3.12"]
fail-fast: false

steps:
- uses: actions/checkout@v4
- name: Fetch user permission
id: permission
uses: actions-cool/check-user-permission@v2
with:
require: write
username: ${{ github.triggering_actor }}

- name: Check user permission
if: ${{ steps.permission.outputs.require-result == 'false' }}
# If the triggering actor does not have write permission (i.e., this is a
# PR from a fork), then we exit, otherwise most of the integration tests will
# fail because they require access to secrets. In this case, a maintainer
# will need to make sure the PR looks safe, and if so, manually re-run the
# failed pull_request_target jobs.
run: |
echo "User **${{ github.triggering_actor }}** does not have permission to run integration tests." >> $GITHUB_STEP_SUMMARY
echo "A maintainer must perform a security review and re-run this build, if the code is safe." >> $GITHUB_STEP_SUMMARY
echo "See [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/resources/github-actions-preventing-pwn-requests)." >> $GITHUB_STEP_SUMMARY
exit 1
- name: Checkout source
uses: actions/checkout@v4

- uses: ./.github/actions/install-pkg
- name: Install package with dependencies
uses: ./.github/actions/install-pkg
with:
python-version: ${{ matrix.python-version }}

- name: Test
- name: Run integration tests
env:
EARTHDATA_USERNAME: ${{ secrets.EDL_USERNAME }}
EARTHDATA_PASSWORD: ${{ secrets.EDL_PASSWORD }}
EARTHACCESS_TEST_USERNAME: ${{ secrets.EDL_USERNAME }}
EARTHACCESS_TEST_PASSWORD: ${{ secrets.EDL_PASSWORD }}
run: ./scripts/integration-test.sh

- name: Upload coverage
- name: Upload coverage report
# Don't upload coverage when using the `act` tool to run the workflow locally
if: ${{ !env.ACT }}
uses: codecov/codecov-action@v4
3 changes: 2 additions & 1 deletion .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,8 @@ jobs:
fail-fast: false

steps:
- uses: actions/checkout@v4
- name: Checkout sources
uses: actions/checkout@v4

- uses: ./.github/actions/install-pkg
with:
Expand Down
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
.ipynb_checkpoints
.python-version
.mypy_cache
.nox/
__pycache__
.pytest_cache
htmlcov
Expand Down
23 changes: 12 additions & 11 deletions docs/contributing/development.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,35 +33,36 @@ environment for each run.

## Manual development environment setup

While `nox` is the fastest way to get started, you may soon find that you need a full
development environment, for example to test in a REPL. This development environment
also includes `nox`.
While `nox` is the fastest way to get started, you will likely need a full
development environment for making code contributions, for example to test in a
REPL, or to resolve references in your favorite IDE. This development
environment also includes `nox`.

Create and activate a virtual environment with `venv`, which comes by default with
Python, in the `.venv` directory:
Create and activate a virtual environment with `venv`, which comes by default
with Python, in the `.venv` directory:

```bash
python -m venv .venv
source .venv/bin/activate
```

Install _earthaccess_ in editable mode with optional development dependencies:
Install `earthaccess` in editable mode with optional development dependencies:

```bash
pip install --editable ".[dev,test,docs]"
```

??? note "For conda users"

For your convenience, there is a `environment.yml` file at the root of this
repository. You can create a dev environment quickly with:
For your convenience, there is an `environment.yml` file at the root of this
repository, allowing you to create a conda environment quickly, as follows:

```bash
conda env create --file environment.yml
```

## Managing Dependencies

If you need to add a new dependency, edit `pyproject.toml` and insert the dependency in
the correct location (either in the `dependencies` array or
`[project.optional-dependencies]`.
If you need to add a new dependency, edit `pyproject.toml` and insert the
dependency in the correct location (either in the `dependencies` array or under
`[project.optional-dependencies]`).
4 changes: 4 additions & 0 deletions environment.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,7 @@ dependencies:
- pip
- pip:
- --editable .[dev,test,docs]
variables:
# Allow pip installs when conda environment is active
PIP_REQUIRE_VENV: 0
PIP_REQUIRE_VIRTUALENV: 0
4 changes: 2 additions & 2 deletions noxfile.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
DIR = Path(__file__).parent.resolve()

nox.needs_version = ">=2024.3.2"
nox.options.sessions = ["typecheck", "test_unit"]
nox.options.sessions = ["typecheck", "tests"]
nox.options.default_venv_backend = "uv|virtualenv"


Expand All @@ -20,7 +20,7 @@ def typecheck(session: nox.Session) -> None:


@nox.session
def test_unit(session: nox.Session) -> None:
def tests(session: nox.Session) -> None:
"""Run the unit tests."""
session.install("--editable", ".[test]")
session.run("pytest", "tests/unit", *session.posargs)
Expand Down

0 comments on commit 2939f80

Please sign in to comment.