terraform-provider-azurerm/.github/workflows/run-team-city-tests-on-comment.yaml at 7ea5d51841588d6d4d2e26df5cc68c353a3bc195 · hashicorp/terraform-provider-azurerm · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
---
name: Run TeamCity Tests on Comment

on:
  issue_comment:
    types: [created]

permissions:
  contents: read
  pull-requests: write
  issues: write

jobs:
  check-team-membership:
    runs-on: ubuntu-latest
    # Only run on pull request comments that starts with /test
    if: github.event.issue.pull_request && startsWith(github.event.comment.body, '/test')
    outputs:
      is-team-member: ${{ steps.check-membership.outputs.is-member }}
    env:
      AUTHORIZED_TEAM: terraform-azure
    steps:
      - name: Check team membership
        id: check-membership
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
          github-token: ${{ secrets.GH_MEMEBERSHIP_CHECK_TOKEN }}
          script: |
            const teamSlug = "${{ env.AUTHORIZED_TEAM }}";
            const org = context.repo.owner;
            const username = context.actor;

            try {
              const response = await github.rest.teams.getMembershipForUserInOrg({
                org: org,
                team_slug: teamSlug,
                username: username,
              });

              const isMember = response.data.state === 'active';
              core.setOutput('is-member', isMember);

              if (isMember) {
                core.info(`User ${username} is a member of team ${teamSlug}`);
              } else {
                core.warning(`User ${username} is not an active member of team ${teamSlug}`);
              }

              return isMember;
            } catch (error) {
              if (error.status === 404) {
                core.warning(`User ${username} is not a member of team ${teamSlug}`);
                core.setOutput('is-member', false);
                return false;
              }
              throw error;
            }

  run-tests:
    runs-on: ubuntu-latest
    needs: check-team-membership
    if: needs.check-team-membership.outputs.is-team-member == 'true'
    env:
      TCTEST_SERVER: ${{ secrets.TCTEST_SERVER }}
      TCTEST_FILEREGEX: 'internal/services/[a-z]*/[_a-zA-Z]*(resource|data_source)'
      TCTEST_SKIP_QUEUE: 'true'
      TCTEST_TOKEN_TC: ${{ secrets.TCTEST_TOKEN_TC }}
      TCTEST_BUILDTYPEID: TF_AzureRM_AZURERM_SERVICE_PUBLIC
      TCTEST_REPO: terraform-providers/terraform-provider-azurerm
    steps:
      - name: Setup Go
        uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.2.0
        with:
          go-version: '1.25'

      - name: Get tctest version
        id: tctest-version
        run: |
          LATEST_RELEASE=$(curl -s https://api.github.com/repos/katbyte/tctest/releases/latest | grep "tag_name" | cut -d '"' -f 4)
          echo "version=${LATEST_RELEASE}" >> $GITHUB_OUTPUT
          echo "Latest tctest release: $LATEST_RELEASE"

      - name: Cache tctest binary
        id: cache-tctest
        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
        with:
          path: ~/go/bin/tctest
          key: tctest-${{ runner.os }}-${{ steps.tctest-version.outputs.version }}

      - name: Install tctest
        if: steps.cache-tctest.outputs.cache-hit != 'true'
        run: |
          go install github.com/katbyte/tctest@latest

      - name: Run tctest
        run: |
          PR_NUMBER=${{ github.event.issue.number }}
          COMMENT_BODY="${{ github.event.comment.body }}"
          echo "Running tctest for PR #${PR_NUMBER}"
          tctest pr ${PR_NUMBER} --properties "POST_GITHUB_COMMENT=true"

      - name: Comment on success
        if: success()
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            await github.rest.reactions.createForIssueComment({
              owner: context.repo.owner,
              repo: context.repo.repo,
              comment_id: context.payload.comment.id,
              content: 'rocket'
            });

      - name: Comment on failure
        if: failure()
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            await github.rest.issues.createComment({
              owner: context.repo.owner,
              repo: context.repo.repo,
              issue_number: context.issue.number,
              body: '❌ Failed to trigger TeamCity tests. Please check the workflow logs for details.'
            });

  unauthorized-comment:
    runs-on: ubuntu-latest
    needs: check-team-membership
    if: needs.check-team-membership.outputs.is-team-member == 'false'
    steps:
      - name: Comment unauthorized
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            await github.rest.issues.createComment({
              owner: context.repo.owner,
              repo: context.repo.repo,
              issue_number: context.issue.number,
              body: '⚠️ You are not authorized to run tests. Only members of the designated team can trigger test runs.'
            });