|
1 | 1 | name: CI |
2 | 2 |
|
3 | 3 | on: |
4 | | - # Push triggers act as a stability gate: they run on `main` (post-merge, |
5 | | - # including SaaS jobs) and on `stable/**` branches (release stability). |
6 | | - # Feature branches are covered by the `pull_request` trigger, so listing |
7 | | - # them here would cause duplicate (push) + (pull_request) runs on the |
8 | | - # same commit. |
| 4 | + # Push trigger acts as a stability gate for `stable/**` branches only. |
| 5 | + # Merges to `main` are handled by the Release workflow (which runs the |
| 6 | + # full release pipeline including its own validation), so we don't |
| 7 | + # double-up by also running CI here. Feature branches are covered by |
| 8 | + # the `pull_request` trigger. |
9 | 9 | push: |
10 | 10 | branches: |
11 | | - - main |
12 | 11 | - "stable/**" |
13 | 12 | pull_request: |
14 | 13 |
|
@@ -135,78 +134,3 @@ jobs: |
135 | 134 | if: always() |
136 | 135 | run: docker compose -f docker/8.9/docker-compose.yaml down |
137 | 136 |
|
138 | | - # SaaS integration tests hit real SaaS endpoints and require environment |
139 | | - # secrets. To protect secret material and avoid running untrusted code |
140 | | - # against production-like infrastructure, these only run on pushes to |
141 | | - # `main` — i.e. after a PR has been reviewed and merged. |
142 | | - saas_integration: |
143 | | - if: github.event_name == 'push' && github.ref == 'refs/heads/main' |
144 | | - runs-on: ubuntu-latest |
145 | | - environment: integration |
146 | | - steps: |
147 | | - - name: Check out the repo |
148 | | - uses: actions/checkout@v6 |
149 | | - |
150 | | - - name: Use Node.js |
151 | | - uses: actions/setup-node@v6 |
152 | | - with: |
153 | | - node-version: "22" |
154 | | - |
155 | | - - name: Install dependencies |
156 | | - run: npm ci |
157 | | - |
158 | | - - name: Run Integration Tests |
159 | | - run: | |
160 | | - npm run test:8.7:saas |
161 | | - env: |
162 | | - ZEEBE_REST_ADDRESS: ${{ vars.ZEEBE_REST_ADDRESS }} |
163 | | - ZEEBE_GRPC_ADDRESS: ${{ vars.ZEEBE_GRPC_ADDRESS }} |
164 | | - ZEEBE_CLIENT_ID: ${{ secrets.ZEEBE_CLIENT_ID }} |
165 | | - ZEEBE_AUTHORIZATION_SERVER_URL: ${{ vars.ZEEBE_AUTHORIZATION_SERVER_URL }} |
166 | | - ZEEBE_CLIENT_SECRET: ${{ secrets.ZEEBE_CLIENT_SECRET }} |
167 | | - ZEEBE_TOKEN_AUDIENCE: ${{ vars.ZEEBE_TOKEN_AUDIENCE }} |
168 | | - CAMUNDA_OAUTH_URL: ${{ vars.CAMUNDA_OAUTH_URL }} |
169 | | - CAMUNDA_TASKLIST_BASE_URL: ${{ vars.CAMUNDA_TASKLIST_BASE_URL }} |
170 | | - CAMUNDA_OPERATE_BASE_URL: ${{ vars.CAMUNDA_OPERATE_BASE_URL }} |
171 | | - CAMUNDA_OPTIMIZE_BASE_URL: ${{ vars.CAMUNDA_OPTIMIZE_BASE_URL }} |
172 | | - CAMUNDA_MODELER_BASE_URL: https://modeler.cloud.camunda.io/api |
173 | | - CAMUNDA_CONSOLE_CLIENT_ID: ${{ secrets.CAMUNDA_CONSOLE_CLIENT_ID }} |
174 | | - CAMUNDA_CONSOLE_CLIENT_SECRET: ${{ secrets.CAMUNDA_CONSOLE_CLIENT_SECRET }} |
175 | | - CAMUNDA_CONSOLE_BASE_URL: ${{ vars.CAMUNDA_CONSOLE_BASE_URL }} |
176 | | - CAMUNDA_CONSOLE_OAUTH_AUDIENCE: ${{ vars.CAMUNDA_CONSOLE_OAUTH_AUDIENCE}} |
177 | | - |
178 | | - # SaaS 8.8 integration. Same policy as saas_integration — main pushes only. |
179 | | - saas_integration_8_8: |
180 | | - if: github.event_name == 'push' && github.ref == 'refs/heads/main' |
181 | | - runs-on: ubuntu-latest |
182 | | - environment: integration-8.8 |
183 | | - steps: |
184 | | - - name: Check out the repo |
185 | | - uses: actions/checkout@v6 |
186 | | - |
187 | | - - name: Use Node.js |
188 | | - uses: actions/setup-node@v6 |
189 | | - with: |
190 | | - node-version: "22" |
191 | | - |
192 | | - - name: Install dependencies |
193 | | - run: npm ci |
194 | | - |
195 | | - - name: Run Integration Tests |
196 | | - run: | |
197 | | - npm run test:8.8:saas |
198 | | - env: |
199 | | - ZEEBE_REST_ADDRESS: ${{ vars.ZEEBE_REST_ADDRESS }} |
200 | | - ZEEBE_GRPC_ADDRESS: ${{ vars.ZEEBE_GRPC_ADDRESS }} |
201 | | - ZEEBE_CLIENT_ID: ${{ secrets.ZEEBE_CLIENT_ID }} |
202 | | - ZEEBE_AUTHORIZATION_SERVER_URL: ${{ vars.ZEEBE_AUTHORIZATION_SERVER_URL }} |
203 | | - ZEEBE_CLIENT_SECRET: ${{ secrets.ZEEBE_CLIENT_SECRET }} |
204 | | - ZEEBE_TOKEN_AUDIENCE: ${{ vars.ZEEBE_TOKEN_AUDIENCE }} |
205 | | - CAMUNDA_OAUTH_URL: ${{ vars.CAMUNDA_OAUTH_URL }} |
206 | | - CAMUNDA_TASKLIST_BASE_URL: ${{ vars.CAMUNDA_TASKLIST_BASE_URL }} |
207 | | - CAMUNDA_OPERATE_BASE_URL: ${{ vars.CAMUNDA_OPERATE_BASE_URL }} |
208 | | - CAMUNDA_OPTIMIZE_BASE_URL: ${{ vars.CAMUNDA_OPTIMIZE_BASE_URL }} |
209 | | - CAMUNDA_MODELER_BASE_URL: https://modeler.cloud.camunda.io/api |
210 | | - CAMUNDA_CONSOLE_CLIENT_ID: ${{ secrets.CAMUNDA_CONSOLE_CLIENT_ID }} |
211 | | - CAMUNDA_CONSOLE_CLIENT_SECRET: ${{ secrets.CAMUNDA_CONSOLE_CLIENT_SECRET }} |
212 | | - CAMUNDA_CONSOLE_BASE_URL: ${{ vars.CAMUNDA_CONSOLE_BASE_URL }} |
0 commit comments