7d16183347
This file contains the same acceptance test jobs with the following differences: - They only run if the `ok-to-test` command triggered the workflow and a sha has been passed. - They checkout from the external contributor's commit. Lastly, this workflow contains an extra job which updates the status in the PR based on the jobs executed. The result of a job is the parent result of all the matrix variants executed as part of it.
93 lines
3.3 KiB
YAML
93 lines
3.3 KiB
YAML
on:
|
|
repository_dispatch:
|
|
types: [ok-to-test-command]
|
|
name: Run acceptance tests [fork]
|
|
|
|
jobs:
|
|
test-with-output-secrets:
|
|
if: |
|
|
github.event_name == 'repository_dispatch' &&
|
|
github.event.client_payload.slash_command.args.named.sha != '' &&
|
|
contains(
|
|
github.event.client_payload.pull_request.head.sha,
|
|
github.event.client_payload.slash_command.args.named.sha
|
|
)
|
|
uses: ./.github/workflows/acceptance-test.yml
|
|
secrets: inherit
|
|
with:
|
|
secret: op://acceptance-tests/test-secret/password
|
|
secret-in-section: op://acceptance-tests/test-secret/test-section/password
|
|
multiline-secret: op://acceptance-tests/multiline-secret/notesPlain
|
|
export-env: false
|
|
test-with-export-env:
|
|
if: |
|
|
github.event_name == 'repository_dispatch' &&
|
|
github.event.client_payload.slash_command.args.named.sha != '' &&
|
|
contains(
|
|
github.event.client_payload.pull_request.head.sha,
|
|
github.event.client_payload.slash_command.args.named.sha
|
|
)
|
|
uses: ./.github/workflows/acceptance-test.yml
|
|
secrets: inherit
|
|
with:
|
|
secret: op://acceptance-tests/test-secret/password
|
|
secret-in-section: op://acceptance-tests/test-secret/test-section/password
|
|
multiline-secret: op://acceptance-tests/multiline-secret/notesPlain
|
|
export-env: true
|
|
test-references-with-ids:
|
|
if: |
|
|
github.event_name == 'repository_dispatch' &&
|
|
github.event.client_payload.slash_command.args.named.sha != '' &&
|
|
contains(
|
|
github.event.client_payload.pull_request.head.sha,
|
|
github.event.client_payload.slash_command.args.named.sha
|
|
)
|
|
uses: ./.github/workflows/acceptance-test.yml
|
|
secrets: inherit
|
|
with:
|
|
secret: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/password
|
|
secret-in-section: op://v5pz6venw4roosmkzdq2nhpv6u/hrgkzhrlvscomepxlgafb2m3ca/Section_tco6nsqycj6jcbyx63h5isxcny/doxu3mhkozcznnk5vjrkpdqayy
|
|
multiline-secret: op://v5pz6venw4roosmkzdq2nhpv6u/ghtz3jvcc6dqmzc53d3r3eskge/notesPlain
|
|
export-env: false
|
|
update-checks:
|
|
# required permissions for updating the status of the pull request checks
|
|
permissions:
|
|
pull-requests: write
|
|
checks: write
|
|
runs-on: ubuntu-latest
|
|
if: ${{ always() }}
|
|
strategy:
|
|
matrix:
|
|
job-name:
|
|
[
|
|
test-with-output-secrets,
|
|
test-with-export-env,
|
|
test-references-with-ids,
|
|
]
|
|
needs:
|
|
[test-with-output-secrets, test-with-export-env, test-references-with-ids]
|
|
steps:
|
|
- uses: actions/github-script@v6
|
|
env:
|
|
job: ${{ matrix.job-name }}
|
|
ref: ${{ github.event.client_payload.pull_request.head.sha }}
|
|
conclusion: ${{ needs[format('{0}', matrix.job-name )].result }}
|
|
with:
|
|
github-token: ${{ secrets.GITHUB_TOKEN }}
|
|
script: |
|
|
const { data: checks } = await github.rest.checks.listForRef({
|
|
...context.repo,
|
|
ref: process.env.ref
|
|
});
|
|
|
|
const check = checks.check_runs.filter(c => c.name === process.env.job);
|
|
|
|
const { data: result } = await github.rest.checks.update({
|
|
...context.repo,
|
|
check_run_id: check[0].id,
|
|
status: 'completed',
|
|
conclusion: process.env.conclusion
|
|
});
|
|
|
|
return result;
|