chore: update workflows #990
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Integration Tests | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| - chore/remove-aliases | |
| paths-ignore: | |
| - '**/*.md' | |
| - '**/*.jpg' | |
| - '**/README.txt' | |
| - '**/LICENSE.txt' | |
| - 'docs/**' | |
| - 'ISSUE_TEMPLATE/**' | |
| - '**/remove-old-artifacts.yml' | |
| pull_request_target: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - '**/*.md' | |
| - '**/*.jpg' | |
| - '**/README.txt' | |
| - '**/LICENSE.txt' | |
| - 'docs/**' | |
| - 'ISSUE_TEMPLATE/**' | |
| - '**/remove-old-artifacts.yml' | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: read # This is required for actions/checkout | |
| jobs: | |
| approve: | |
| # Auto-approve for non-fork scenarios | |
| if: > | |
| github.event_name == 'push' || | |
| github.event_name == 'workflow_dispatch' || | |
| github.event.pull_request.head.repo.full_name == github.repository | |
| runs-on: ubuntu-latest | |
| steps: | |
| - run: echo "Approved — not a fork PR" | |
| approve-fork: | |
| # Require manual approval for fork PRs | |
| if: > | |
| github.event_name == 'pull_request_target' && | |
| github.event.pull_request.head.repo.full_name != github.repository | |
| runs-on: ubuntu-latest | |
| environment: integration-tests | |
| steps: | |
| - run: echo "Fork PR approved by maintainer" | |
| run-integration-tests-default: | |
| name: Run Integration Tests (Default) | |
| needs: [ approve, approve-fork ] | |
| if: | | |
| always() && | |
| (needs.approve.result == 'success' || needs.approve-fork.result == 'success') && | |
| !(needs.approve.result == 'failure' || needs.approve-fork.result == 'failure') | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| dbEngine: ["aurora-mysql", "aurora-postgres"] | |
| steps: | |
| - name: 'Clone repository' | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
| - name: "Set up JDK 8" | |
| uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 | |
| with: | |
| distribution: "corretto" | |
| java-version: 8 | |
| - name: Set up Node.js | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | |
| with: | |
| node-version: "22.x" | |
| - name: Install dependencies | |
| run: npm install --no-save | |
| - name: Configure AWS Credentials | |
| id: creds | |
| uses: aws-actions/configure-aws-credentials@e7f100cf4c008499ea8adda475de1042d6975c7b # v6 | |
| with: | |
| role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_DEPLOY_ROLE }} | |
| role-session-name: nodejs_int_default_tests | |
| role-duration-seconds: 21600 | |
| aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | |
| output-credentials: true | |
| - name: Run Integration Tests | |
| run: | | |
| ./gradlew --no-parallel --no-daemon test-${{ matrix.dbEngine }} --info | |
| env: | |
| RDS_DB_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
| AWS_ACCESS_KEY_ID: ${{ steps.creds.outputs.aws-access-key-id }} | |
| AWS_SECRET_ACCESS_KEY: ${{ steps.creds.outputs.aws-secret-access-key }} | |
| AWS_SESSION_TOKEN: ${{ steps.creds.outputs.aws-session-token }} | |
| AURORA_MYSQL_DB_ENGINE_VERSION: default | |
| AURORA_PG_DB_ENGINE_VERSION: default | |
| - name: "Get Github Action IP" | |
| if: always() | |
| id: ip | |
| uses: haythem/public-ip@bdddd92c198b0955f0b494a8ebeac529754262ff # v1.3 | |
| - name: "Remove Github Action IP" | |
| if: always() | |
| run: | | |
| aws ec2 revoke-security-group-ingress \ | |
| --group-name default \ | |
| --protocol -1 \ | |
| --port -1 \ | |
| --cidr ${{ steps.ip.outputs.ipv4 }}/32 \ | |
| 2>&1 > /dev/null; | |
| - name: Archive results | |
| if: always() | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: integration-report-default-${{ matrix.dbEngine }} | |
| path: ./tests/integration/container/reports | |
| retention-days: 5 | |
| run-integration-tests-latest: | |
| name: Run Integration Tests (Latest) | |
| runs-on: ubuntu-latest | |
| needs: run-integration-tests-default | |
| if: | | |
| always() && | |
| needs.run-integration-tests-default.result == 'success' | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| dbEngine: ["aurora-mysql", "aurora-postgres" ] | |
| steps: | |
| - name: Clone repository | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 | |
| - name: "Set up JDK 8" | |
| uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 | |
| with: | |
| distribution: "corretto" | |
| java-version: 8 | |
| - name: Set up Node.js | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | |
| with: | |
| node-version: "22.x" | |
| - name: Install dependencies | |
| run: npm install --no-save | |
| - name: Configure AWS Credentials | |
| id: creds | |
| uses: aws-actions/configure-aws-credentials@e7f100cf4c008499ea8adda475de1042d6975c7b # v6 | |
| with: | |
| role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_DEPLOY_ROLE }} | |
| role-session-name: nodejs_int_latest_tests | |
| role-duration-seconds: 21600 | |
| aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | |
| output-credentials: true | |
| - name: Run Integration Tests | |
| run: | | |
| ./gradlew --no-parallel --no-daemon test-${{ matrix.dbEngine }} --info | |
| env: | |
| RDS_DB_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
| AWS_ACCESS_KEY_ID: ${{ steps.creds.outputs.aws-access-key-id }} | |
| AWS_SECRET_ACCESS_KEY: ${{ steps.creds.outputs.aws-secret-access-key }} | |
| AWS_SESSION_TOKEN: ${{ steps.creds.outputs.aws-session-token }} | |
| AURORA_MYSQL_DB_ENGINE_VERSION: latest | |
| AURORA_PG_DB_ENGINE_VERSION: latest | |
| - name: "Get Github Action IP" | |
| if: always() | |
| id: ip | |
| uses: haythem/public-ip@bdddd92c198b0955f0b494a8ebeac529754262ff # v1.3 | |
| - name: "Remove Github Action IP" | |
| if: always() | |
| run: | | |
| aws ec2 revoke-security-group-ingress \ | |
| --group-name default \ | |
| --protocol -1 \ | |
| --port -1 \ | |
| --cidr ${{ steps.ip.outputs.ipv4 }}/32 \ | |
| 2>&1 > /dev/null; | |
| - name: Archive results | |
| if: always() | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: integration-report-latest-${{ matrix.dbEngine }} | |
| path: ./tests/integration/container/reports | |
| retention-days: 5 |