1- # This workflow will install Python dependencies, run tests and lint with a single version of Python
2- # For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
3-
4- name : PR
1+ name : PR CI - Integration/E2E
52
63on :
7- pull_request_target :
8- types : [ labeled, synchronize ]
9- branches : [ main ]
4+ workflow_run :
5+ workflows : ["PR Approval - Unittest" ]
6+ types : [completed ]
107
118concurrency :
129 group : pr-queue
1310 cancel-in-progress : false
1411
1512jobs :
16- approve : # First step
17- # minimize potential vulnerabilities
18- if : ${{ contains(github.event.pull_request.labels.*.name, 'ok-to-test') }}
19- runs-on : ubuntu-latest
20- steps :
21- - name : Approve
22- run : echo For security reasons, all pull requests need to be approved first before running any automated CI.
23- unittest :
24- name : unittest
25- runs-on : ubuntu-latest
26- needs : [ approve ]
27- strategy :
28- matrix :
29- python-version : [ '3.9', '3.10', '3.11', '3.12', '3.13' ]
30- steps :
31- - uses : actions/checkout@v4
32- with :
33- ref : ${{ github.event.pull_request.head.sha }}
34- - name : Set up Python ${{ matrix.python-version }}
35- uses : actions/setup-python@v5
36- with :
37- python-version : ${{ matrix.python-version }}
38- - name : Install dependencies
39- run : |
40- # ldap requirements
41- sudo apt update -y
42- sudo apt-get install build-essential python3-dev libldap2-dev libsasl2-dev vim -y
43- python -m pip install --upgrade pip
44- pip install flake8 pytest pytest-cov
45- if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
46- if [ -f tests_requirements.txt ]; then pip install -r tests_requirements.txt; fi
47- - name : Lint with flake8
48- run : |
49- # stop the build if there are Python syntax errors or undefined names
50- flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
51- # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
52- flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
53- - name : Configure AWS credentials for pytest
54- uses : aws-actions/configure-aws-credentials@v4
55- with :
56- aws-access-key-id : ${{ secrets.ACCESS_KEY_ID }}
57- aws-secret-access-key : ${{ secrets.SECRET_ACCESS_KEY }}
58- aws-region : ${{ secrets.REGION }}
59- - name : 📃 Unittest tests with pytest
60- env :
61- BUCKET : ${{ secrets.BUCKET }}
62- REGION : ${{ secrets.REGION }}
63- run : |
64- python -m pytest -v tests/unittest
65-
6613 terraform_apply :
6714 name : terraform_apply
68- needs : [ approve, unittest ]
6915 runs-on : ubuntu-latest
16+ if : github.event.workflow_run.repository.full_name == github.repository && github.event.workflow_run.head_repository.full_name == github.repository && github.event.workflow_run.conclusion == 'success' && length(github.event.workflow_run.pull_requests) > 0
7017 strategy :
7118 matrix :
7219 python-version : [ '3.13' ]
@@ -75,12 +22,13 @@ jobs:
7522 steps :
7623 - uses : actions/checkout@v4
7724 with :
78- ref : ${{ github.event.pull_request.head.sha }}
25+ ref : ${{ github.event.workflow_run.head_sha }}
26+ persist-credentials : false
7927 - name : Set up Python ${{ matrix.python-version }}
8028 uses : actions/setup-python@v5
8129 with :
8230 python-version : ${{ matrix.python-version }}
83- - name : Configure AWS credentials for pytest
31+ - name : Configure AWS credentials
8432 uses : aws-actions/configure-aws-credentials@v4
8533 with :
8634 aws-access-key-id : ${{ secrets.ACCESS_KEY_ID }}
12169
12270 integration :
12371 name : integration
124- needs : [ approve, unittest, terraform_apply ]
72+ needs : [terraform_apply]
12573 runs-on : ubuntu-latest
74+ if : github.event.workflow_run.repository.full_name == github.repository && github.event.workflow_run.head_repository.full_name == github.repository && github.event.workflow_run.conclusion == 'success' && length(github.event.workflow_run.pull_requests) > 0
12675 strategy :
12776 max-parallel : 1
12877 matrix :
14392 steps :
14493 - uses : actions/checkout@v4
14594 with :
146- ref : ${{ github.event.pull_request.head.sha }}
95+ ref : ${{ github.event.workflow_run.head_sha }}
96+ persist-credentials : false
14797 - name : Set up Python ${{ matrix.python-version }}
14898 uses : actions/setup-python@v5
14999 with :
@@ -152,18 +102,12 @@ jobs:
152102 run : |
153103 # ldap requirements
154104 sudo apt update -y
155- sudo apt-get install build-essential python3-dev libldap2-dev libsasl2-dev vim -y
105+ sudo apt-get install -y build-essential python3-dev libldap2-dev libsasl2-dev
156106 python -m pip install --upgrade pip
157- pip install flake8 pytest pytest-cov
107+ pip install pytest pytest-cov
158108 if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
159109 if [ -f tests_requirements.txt ]; then pip install -r tests_requirements.txt; fi
160- - name : Lint with flake8
161- run : |
162- # stop the build if there are Python syntax errors or undefined names
163- flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
164- # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
165- flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
166- - name : Configure AWS credentials for pytest
110+ - name : Configure AWS credentials
167111 uses : aws-actions/configure-aws-credentials@v4
168112 with :
169113 aws-access-key-id : ${{ secrets.ACCESS_KEY_ID }}
@@ -176,7 +120,7 @@ jobs:
176120 run : |
177121 echo "$GOOGLE_APPLICATION_CREDENTIALS_CONTENTS" > "$RUNNER_PATH/gcp_service.json"
178122 echo "GOOGLE_APPLICATION_CREDENTIALS=$RUNNER_PATH/gcp_service.json" >> "$GITHUB_ENV"
179- - name : 📃 Integration tests with pytest
123+ - name : Integration tests with pytest
180124 env :
181125 BUCKET : ${{ secrets.BUCKET }}
182126 REGION : ${{ secrets.REGION }}
@@ -189,26 +133,26 @@ jobs:
189133 AZURE_ACCOUNT_ID : ${{ secrets.AZURE_ACCOUNT_ID }}
190134 GCP_DATABASE_NAME : ${{ secrets.GCP_DATABASE_NAME }}
191135 GCP_DATABASE_TABLE_NAME : ${{ secrets.GCP_DATABASE_TABLE_NAME }}
192- run : |
193- python -m pytest -v tests/integration
136+ run : python -m pytest -v tests/integration
194137
195138 terraform_destroy :
196139 name : terraform_destroy
197- needs : [ approve, unittest, terraform_apply, integration ]
140+ needs : [terraform_apply, integration]
141+ runs-on : ubuntu-latest
142+ if : (github.event.workflow_run.repository.full_name == github.repository && github.event.workflow_run.head_repository.full_name == github.repository && github.event.workflow_run.conclusion == 'success' && length(github.event.workflow_run.pull_requests) > 0) && (success() || failure())
198143 strategy :
199144 matrix :
200145 python-version : [ '3.13' ]
201- if : success() || failure()
202- runs-on : ubuntu-latest
203146 steps :
204147 - uses : actions/checkout@v4
205148 with :
206- ref : ${{ github.event.pull_request.head.sha }}
149+ ref : ${{ github.event.workflow_run.head_sha }}
150+ persist-credentials : false
207151 - name : Set up Python ${{ matrix.python-version }}
208152 uses : actions/setup-python@v5
209153 with :
210154 python-version : ${{ matrix.python-version }}
211- - name : Configure AWS credentials for pytest
155+ - name : Configure AWS credentials
212156 uses : aws-actions/configure-aws-credentials@v4
213157 with :
214158 aws-access-key-id : ${{ secrets.ACCESS_KEY_ID }}
@@ -238,20 +182,21 @@ jobs:
238182 REGION_NAME : ${{ secrets.TERRAFORM_REGION }}
239183 run : |
240184 cd terraform/aws_instance
241- # terraform destroy/
242185 terragrunt destroy -auto-approve 1> /dev/null
243186
244187 e2e :
245188 name : e2e
246- needs : [ approve, unittest, terraform_apply, integration ]
189+ needs : [terraform_apply, integration]
247190 runs-on : ubuntu-latest
191+ if : github.event.workflow_run.repository.full_name == github.repository && github.event.workflow_run.head_repository.full_name == github.repository && github.event.workflow_run.conclusion == 'success' && length(github.event.workflow_run.pull_requests) > 0
248192 strategy :
249193 matrix :
250194 python-version : [ '3.9', '3.10', '3.11', '3.12', '3.13' ]
251195 steps :
252196 - uses : actions/checkout@v4
253197 with :
254- ref : ${{ github.event.pull_request.head.sha }}
198+ ref : ${{ github.event.workflow_run.head_sha }}
199+ persist-credentials : false
255200 - name : Set up Python ${{ matrix.python-version }}
256201 uses : actions/setup-python@v5
257202 with :
@@ -260,24 +205,18 @@ jobs:
260205 run : |
261206 # ldap requirements
262207 sudo apt update -y
263- sudo apt-get install build-essential python3-dev libldap2-dev libsasl2-dev vim -y
208+ sudo apt-get install -y build-essential python3-dev libldap2-dev libsasl2-dev
264209 python -m pip install --upgrade pip
265- pip install flake8 pytest pytest-cov
210+ pip install pytest pytest-cov
266211 if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
267212 if [ -f tests_requirements.txt ]; then pip install -r tests_requirements.txt; fi
268- - name : Lint with flake8
269- run : |
270- # stop the build if there are Python syntax errors or undefined names
271- flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
272- # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
273- flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
274- - name : Configure AWS credentials for pytest
213+ - name : Configure AWS credentials
275214 uses : aws-actions/configure-aws-credentials@v4
276215 with :
277216 aws-access-key-id : ${{ secrets.ACCESS_KEY_ID }}
278217 aws-secret-access-key : ${{ secrets.SECRET_ACCESS_KEY }}
279218 aws-region : ${{ secrets.REGION }}
280- - name : 📃 E2E test
219+ - name : E2E test
281220 env :
282221 AWS_DEFAULT_REGION : ${{ secrets.REGION }}
283222 policy : ${{ secrets.POLICY }}
0 commit comments