ok-to-test-command #1174
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This was adapted from https://github.com/imjohnbo/ok-to-test/blob/master/.github/workflows/integration.yml | |
| name: Validate Pull Request (fork) | |
| on: | |
| repository_dispatch: | |
| types: [ok-to-test-command] | |
| jobs: | |
| integration-tests-fork: | |
| runs-on: [self-hosted, 1ES.Pool=aso-1es-pool] | |
| if: | |
| github.event_name == 'repository_dispatch' && | |
| github.event.client_payload.slash_command.args.named.sha != '' && | |
| contains(github.event.client_payload.pull_request.head.sha, github.event.client_payload.slash_command.args.named.sha) | |
| permissions: | |
| checks: write | |
| packages: read | |
| steps: | |
| # Create check called "integration-tests-fork", and set to in_progress | |
| - name: set-check-run-in-progress | |
| uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # pinned to v7.0.1 | |
| id: set-check-run-in-progress | |
| env: | |
| number: ${{ github.event.client_payload.pull_request.number }} | |
| job: ${{ github.job }} | |
| server_url: ${{ github.server_url }} | |
| repo: ${{ github.repository }} | |
| run_id: ${{ github.run_id }} | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| const url = `${process.env.server_url}/${process.env.repo}/actions/runs/${process.env.run_id}` | |
| const { data: pull } = await github.rest.pulls.get({ | |
| ...context.repo, | |
| pull_number: process.env.number | |
| }); | |
| const ref = pull.head.sha; | |
| const { data: result } = await github.rest.checks.create({ | |
| ...context.repo, | |
| name: process.env.job, | |
| head_sha: ref, | |
| status: 'in_progress', | |
| details_url: url, | |
| }); | |
| return result; | |
| - name: Fork based /ok-to-test checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pinned to 4.1.7 | |
| with: | |
| fetch-depth: 0 # required to access tags | |
| submodules: 'true' | |
| ref: 'refs/pull/${{ github.event.client_payload.pull_request.number }}/merge' | |
| - name: Force docker to SSD | |
| run: sudo scripts/v2/linux-docker-use-ssd.sh --containerd true | |
| - name: check-changes | |
| id: check-changes | |
| run: scripts/v2/check-changes.sh | |
| - name: Log in to GitHub Docker Registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # pinned to v3.3.0 | |
| with: | |
| registry: docker.pkg.github.com # ghcr.io not yet enabled for Azure org | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| if: steps.check-changes.outputs.code-changed == 'true' | |
| # Note: Changes to this step must also be mirrored into pr-validation.yaml | |
| - name: Build devcontainer image | |
| # We must issue a manual pull before the build so the image gets copied locally, because | |
| # docker.pkg.github.com is not a valid Docker registry and doesn't work with --cache-from, | |
| # however, `docker pull` will fall back to other methods that do work and get the image loaded. | |
| # | |
| # This message comes from "docker pull": | |
| # | |
| # Run docker pull docker.pkg.github.com/azure/azure-service-operator/aso-devcontainer:latest | |
| # WARNING: ⚠️ Failed to pull manifest by the resolved digest. This registry does not | |
| # appear to conform to the distribution registry specification; falling back to | |
| # pull by tag. This fallback is DEPRECATED, and will be removed in a future | |
| # release. Please contact admins of https://docker.pkg.github.com. ⚠️ | |
| # | |
| # See: https://github.com/moby/moby/issues/41687#issuecomment-733826074 and related issues | |
| run: | | |
| docker pull docker.pkg.github.com/azure/azure-service-operator/aso-devcontainer:latest | |
| docker build --cache-from docker.pkg.github.com/azure/azure-service-operator/aso-devcontainer:latest --tag devcontainer:latest .devcontainer | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| if: steps.check-changes.outputs.code-changed == 'true' | |
| - name: Run devcontainer image | |
| id: devcontainer | |
| run: | | |
| container_id=$(docker create -w /workspace -v $GITHUB_WORKSPACE:/workspace -v /var/run/docker.sock:/var/run/docker.sock --network=host devcontainer:latest) | |
| docker start "$container_id" | |
| echo "container_id=$container_id" >> $GITHUB_ENV | |
| if: steps.check-changes.outputs.code-changed == 'true' | |
| - name: Run integration tests | |
| run: | | |
| container_id=${{ env.container_id }} | |
| docker exec -e HOSTROOT=$GITHUB_WORKSPACE -e GITHUB_ACTIONS -e AZURE_TENANT_ID -e AZURE_SUBSCRIPTION_ID -e KIND_OIDC_STORAGE_ACCOUNT_RG -e KIND_OIDC_STORAGE_ACCOUNT "$container_id" task controller:ci-integration-tests | |
| env: | |
| AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| KIND_OIDC_STORAGE_ACCOUNT_RG: ${{ secrets.KIND_OIDC_STORAGE_ACCOUNT_RG }} | |
| KIND_OIDC_STORAGE_ACCOUNT: ${{ secrets.KIND_OIDC_STORAGE_ACCOUNT }} | |
| if: steps.check-changes.outputs.code-changed == 'true' | |
| # Update check run called "integration-fork" | |
| # Note that we now don't update integration-test check anymore | |
| # due to https://github.blog/changelog/2025-02-12-notice-of-upcoming-deprecations-and-breaking-changes-for-github-actions/#changes-to-check-run-status-modification | |
| # This is actually OK though because the status of that check gets set to skipped (due to PRs originating from | |
| # a fork). Skipped checks count as successes. Note: that check still sets the status of this check to succeeded, | |
| # as otherwise it will be left pending (which does NOT count as succeeded). | |
| - name: update-integration-tests-result | |
| uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # pinned to v7.0.1 | |
| id: update-check-run | |
| if: ${{ always() }} | |
| env: | |
| number: ${{ github.event.client_payload.pull_request.number }} | |
| job: ${{ github.job }} | |
| integration_test_job: 'integration-tests' # This is the name of the job defined in pr-validation.yml | |
| # Conveniently, job.status maps to https://developer.github.com/v3/checks/runs/#update-a-check-run | |
| conclusion: ${{ job.status }} | |
| server_url: ${{ github.server_url }} | |
| repo: ${{ github.repository }} | |
| run_id: ${{ github.run_id }} | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| const url = `${process.env.server_url}/${process.env.repo}/actions/runs/${process.env.run_id}` | |
| const { data: pull } = await github.rest.pulls.get({ | |
| ...context.repo, | |
| pull_number: process.env.number | |
| }); | |
| const ref = pull.head.sha; | |
| const { data: checks } = await github.rest.checks.listForRef({ | |
| ...context.repo, | |
| ref | |
| }); | |
| const forkCheck = checks.check_runs.filter(c => c.name === process.env.job); | |
| const { data: result } = await github.rest.checks.update({ | |
| ...context.repo, | |
| check_run_id: forkCheck[0].id, | |
| status: 'completed', | |
| conclusion: process.env.conclusion, | |
| details_url: url, | |
| }); | |
| return result; |