-
Notifications
You must be signed in to change notification settings - Fork 299
172 lines (158 loc) · 7.42 KB
/
test-internal-prs.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
# Description: This workflow runs test suite against PRs that are not from forks.
#
# Triggered by:
# (1) Opening a pull request
# (2) On every commit to the PR
# (3) Adding run-tests label to the PR
name: Test / Internal PRs / next-release
concurrency:
group: test-internal-prs-${{ github.event.pull_request.id }}
cancel-in-progress: true
on:
pull_request:
branches: [next-release/main]
types: [opened, synchronize, labeled]
jobs:
setup:
runs-on: ubuntu-latest
# We run tests only if
# (1) this pr is not from a fork, and
# (2) it's either 'opened' or 'synchronize' action or 'labeled' action with 'run-tests' label.
if: |
github.event.pull_request.head.repo.full_name == github.repository && (
github.event.action == 'opened' ||
github.event.action == 'synchronize' ||
(github.event.action == 'labeled' && github.event.label.name == 'run-tests')
)
permissions:
pull-requests: write # used to remove label
statuses: write # This is required for running set-status actions
steps:
- name: Remove run-tests label, if applicable
if: github.event.label.name == 'run-tests'
env:
ISSUE_NUMBER: ${{ github.event.pull_request.number }}
REPO_OWNER: ${{ github.repository_owner }}
REPO_NAME: ${{ github.event.repository.name }}
LABEL_NAME: 'run-tests'
uses: actions/github-script@98814c53be79b1d30f795b907e553d8679345975 # v6.4.0 https://github.com/actions/github-script/commit/98814c53be79b1d30f795b907e553d8679345975
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const { ISSUE_NUMBER, REPO_OWNER, REPO_NAME, LABEL_NAME } = process.env
github.rest.issues.removeLabel({ owner: REPO_OWNER, repo: REPO_NAME, issue_number: ISSUE_NUMBER, name: LABEL_NAME })
- name: Checkout Repository
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 https://github.com/actions/checkout/commit/24cb9080177205b6e8c946b17badbe402adc938f
- name: Set status to commit sha
uses: ./.github/actions/set-status
with:
sha: ${{ github.event.pull_request.head.sha }}
state: 'pending'
context: 'Run PR checks'
description: 'PR checks are now running'
# URL below is a link to the current workflow run to allow users to see the status of the workflow.
target-url: https://github.com/${{ github.event.repository.owner.login }}/${{ github.event.repository.name }}/actions/runs/${{ github.run_id }}
dependency-review:
runs-on: ubuntu-latest
needs: setup
steps:
- name: 'Checkout Repository'
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 https://github.com/actions/checkout/commit/24cb9080177205b6e8c946b17badbe402adc938f
- name: 'Dependency Review'
uses: actions/dependency-review-action@v3
with:
config-file: '.github/dependency-review/config.yml'
codeql:
needs: setup
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write # to write security event to the PR
strategy:
fail-fast: false
matrix:
language: [javascript]
steps:
- name: Checkout
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 https://github.com/actions/checkout/commit/24cb9080177205b6e8c946b17badbe402adc938f
- name: Initialize CodeQL
uses: github/codeql-action/init@d23060145bc9131d50558d5d4185494a20208101 # v2.12.5 https://github.com/github/codeql-action/commit/d23060145bc9131d50558d5d4185494a20208101
with:
languages: ${{ matrix.language }}
config-file: ./.github/codeql/codeql-config.yml
queries: +security-and-quality
- name: Autobuild
uses: github/codeql-action/autobuild@d23060145bc9131d50558d5d4185494a20208101 # v2.12.5 https://github.com/github/codeql-action/commit/d23060145bc9131d50558d5d4185494a20208101
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@d23060145bc9131d50558d5d4185494a20208101 # v2.12.5 https://github.com/github/codeql-action/commit/d23060145bc9131d50558d5d4185494a20208101
with:
category: '/language:${{ matrix.language }}'
setup-cache:
needs: setup
uses: ./.github/workflows/reusable-setup-cache.yml
with:
commit: ${{ github.event.pull_request.head.sha }}
repository: ${{ github.repository }}
unit:
uses: ./.github/workflows/reusable-unit.yml
needs: setup-cache
with:
commit: ${{ github.event.pull_request.head.sha }}
repository: ${{ github.repository }}
e2e:
uses: ./.github/workflows/reusable-e2e.yml
needs: unit
with:
commit: ${{ github.event.pull_request.head.sha }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
permissions:
id-token: write # This is required for requesting the JWT
secrets:
AUTH_E2E_ROLE_ARN: ${{ secrets.AUTH_E2E_ROLE_ARN }}
DATASTORE_E2E_ROLE_ARN: ${{ secrets.DATASTORE_E2E_ROLE_ARN }}
GEO_E2E_ROLE_ARN: ${{ secrets.GEO_E2E_ROLE_ARN }}
STORAGE_E2E_ROLE_ARN: ${{ secrets.STORAGE_E2E_ROLE_ARN }}
LIVENESS_E2E_ROLE_ARN: ${{ secrets.LIVENESS_E2E_ROLE_ARN }}
IN_APP_MESSAGING_E2E_ROLE_ARN: ${{ secrets.IN_APP_MESSAGING_E2E_ROLE_ARN }}
DOMAIN: ${{ secrets.DOMAIN }}
PHONE_NUMBER: ${{ secrets.PHONE_NUMBER }}
USERNAME: ${{ secrets.USERNAME }}
NEW_PASSWORD: ${{ secrets.NEW_PASSWORD }}
VALID_PASSWORD: ${{ secrets.VALID_PASSWORD }}
SITE_URL: ${{ secrets.SITE_URL }}
DOCSEARCH_DOCS_APP_ID: ${{ secrets.DOCSEARCH_DOCS_APP_ID }}
DOCSEARCH_DOCS_API_KEY: ${{ secrets.DOCSEARCH_DOCS_API_KEY }}
DOCSEARCH_DOCS_INDEX_NAME: ${{ secrets.DOCSEARCH_DOCS_INDEX_NAME }}
update-success-status:
if: ${{ success() }}
needs: [setup, e2e, codeql, dependency-review]
runs-on: ubuntu-latest
permissions:
statuses: write # This is required for running set-status actions
steps:
- uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 https://github.com/actions/checkout/commit/24cb9080177205b6e8c946b17badbe402adc938f
- name: Update status when tests are successful
uses: ./.github/actions/set-status
with:
sha: ${{ github.event.pull_request.head.sha }}
state: 'success'
context: 'Run PR checks'
description: 'PR checks have finished running'
target-url: https://github.com/${{ github.event.repository.owner.login }}/${{ github.event.repository.name }}/actions/runs/${{ github.run_id }}
update-failure-status:
if: ${{ failure() }}
needs: [setup, e2e, codeql, dependency-review]
runs-on: ubuntu-latest
permissions:
statuses: write # This is required for running set-status actions
steps:
- uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 https://github.com/actions/checkout/commit/24cb9080177205b6e8c946b17badbe402adc938f
- name: Update status when tests are not successful
uses: ./.github/actions/set-status
with:
sha: ${{ github.event.pull_request.head.sha }}
state: 'failure'
context: 'Run PR checks'
description: 'PR checks have failed'
target-url: https://github.com/${{ github.event.repository.owner.login }}/${{ github.event.repository.name }}/actions/runs/${{ github.run_id }}