From 7d161833471b1728892d6a41b0923f318befb1e1 Mon Sep 17 00:00:00 2001 From: Eddy Filip Date: Thu, 20 Feb 2025 15:27:44 +0100 Subject: [PATCH] Add fork workflow for acceptance tests This file contains the same acceptance test jobs with the following differences: - They only run if the `ok-to-test` command triggered the workflow and a sha has been passed. - They checkout from the external contributor's commit. Lastly, this workflow contains an extra job which updates the status in the PR based on the jobs executed. The result of a job is the parent result of all the matrix variants executed as part of it. --- .github/workflows/test-fork.yml | 92 +++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 .github/workflows/test-fork.yml diff --git a/.github/workflows/test-fork.yml b/.github/workflows/test-fork.yml new file mode 100644 index 0000000..2db31d2 --- /dev/null +++ b/.github/workflows/test-fork.yml @@ -0,0 +1,92 @@ +on: + repository_dispatch: + types: [ok-to-test-command] +name: Run acceptance tests [fork] + +jobs: + test-with-output-secrets: + if: | + github.event_name == 'repository_dispatch' && + github.event.client_payload.slash_command.args.named.sha != '' && + contains( + github.event.client_payload.pull_request.head.sha, + github.event.client_payload.slash_command.args.named.sha + ) + uses: ./.github/workflows/acceptance-test.yml + secrets: inherit + with: + secret: op://acceptance-tests/test-secret/password + secret-in-section: op://acceptance-tests/test-secret/test-section/password + multiline-secret: op://acceptance-tests/multiline-secret/notesPlain + export-env: false + test-with-export-env: + if: | + github.event_name == 'repository_dispatch' && + github.event.client_payload.slash_command.args.named.sha != '' && + contains( + github.event.client_payload.pull_request.head.sha, + github.event.client_payload.slash_command.args.named.sha + ) + uses: ./.github/workflows/acceptance-test.yml + secrets: inherit + with: + secret: op://acceptance-tests/test-secret/password + secret-in-section: op://acceptance-tests/test-secret/test-section/password + multiline-secret: op://acceptance-tests/multiline-secret/notesPlain + export-env: true + test-references-with-ids: + if: | + github.event_name == 'repository_dispatch' && + github.event.client_payload.slash_command.args.named.sha != '' && + contains( + github.event.client_payload.pull_request.head.sha, + github.event.client_payload.slash_command.args.named.sha + ) + uses: ./.github/workflows/acceptance-test.yml + secrets: inherit + with: + secret: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/password + secret-in-section: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/Section_tco6nsqycj6jcbyx63h5isxcny/doxu3mhkozcznnk5vjrkpdqayy + multiline-secret: op://v5pz6venw4roosmkzdq2nhpv6u/ghtz3jvcc6dqmzc53d3r3eskge/notesPlain + export-env: false + update-checks: + # required permissions for updating the status of the pull request checks + permissions: + pull-requests: write + checks: write + runs-on: ubuntu-latest + if: ${{ always() }} + strategy: + matrix: + job-name: + [ + test-with-output-secrets, + test-with-export-env, + test-references-with-ids, + ] + needs: + [test-with-output-secrets, test-with-export-env, test-references-with-ids] + steps: + - uses: actions/github-script@v6 + env: + job: ${{ matrix.job-name }} + ref: ${{ github.event.client_payload.pull_request.head.sha }} + conclusion: ${{ needs[format('{0}', matrix.job-name )].result }} + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const { data: checks } = await github.rest.checks.listForRef({ + ...context.repo, + ref: process.env.ref + }); + + const check = checks.check_runs.filter(c => c.name === process.env.job); + + const { data: result } = await github.rest.checks.update({ + ...context.repo, + check_run_id: check[0].id, + status: 'completed', + conclusion: process.env.conclusion + }); + + return result;