Integration Tests #325
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Integration Tests | |
on: | |
pull_request: | |
types: [opened, synchronize] | |
merge_group: | |
jobs: | |
check-token: | |
name: Check secrets access | |
runs-on: ubuntu-latest | |
environment: "test-trigger-is" | |
outputs: | |
has_token: ${{ steps.set-token-status.outputs.has_token }} | |
steps: | |
- name: Check if DECO_WORKFLOW_TRIGGER_APP_ID is set | |
id: set-token-status | |
run: | | |
if [ -z "${{ secrets.DECO_WORKFLOW_TRIGGER_APP_ID }}" ]; then | |
echo "DECO_WORKFLOW_TRIGGER_APP_ID is empty. User has no access to secrets." | |
echo "::set-output name=has_token::false" | |
else | |
echo "DECO_WORKFLOW_TRIGGER_APP_ID is set. User has access to secrets." | |
echo "::set-output name=has_token::true" | |
fi | |
trigger-tests: | |
name: Trigger Tests | |
runs-on: ubuntu-latest | |
needs: check-token | |
if: github.event_name == 'pull_request' && needs.check-token.outputs.has_token == 'true' | |
environment: "test-trigger-is" | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Generate GitHub App Token | |
id: generate-token | |
uses: actions/create-github-app-token@v1 | |
with: | |
app-id: ${{ secrets.DECO_WORKFLOW_TRIGGER_APP_ID }} | |
private-key: ${{ secrets.DECO_WORKFLOW_TRIGGER_PRIVATE_KEY }} | |
owner: ${{ secrets.ORG_NAME }} | |
repositories: ${{secrets.REPO_NAME}} | |
- name: Trigger Workflow in Another Repo | |
env: | |
GH_TOKEN: ${{ steps.generate-token.outputs.token }} | |
run: | | |
gh workflow run terraform-isolated-pr.yml -R ${{ secrets.ORG_NAME }}/${{secrets.REPO_NAME}} \ | |
--ref main \ | |
-f pull_request_number=${{ github.event.pull_request.number }} \ | |
-f commit_sha=${{ github.event.pull_request.head.sha }} | |
# Statuses and checks apply to specific commits (by hash). | |
# Enforcement of required checks is done both at the PR level and the merge queue level. | |
# In case of multiple commits in a single PR, the hash of the squashed commit | |
# will not match the one for the latest (approved) commit in the PR. | |
# We auto approve the check for the merge queue for two reasons: | |
# * Queue times out due to duration of tests. | |
# * Avoid running integration tests twice, since it was already run at the tip of the branch before squashing. | |
auto-approve: | |
if: github.event_name == 'merge_group' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Mark Check | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
shell: bash | |
run: | | |
gh api -X POST -H "Accept: application/vnd.github+json" \ | |
-H "X-GitHub-Api-Version: 2022-11-28" \ | |
/repos/${{ github.repository }}/statuses/${{ github.sha }} \ | |
-f 'state=success' \ | |
-f 'context=Integration Tests Check' |