-
Notifications
You must be signed in to change notification settings - Fork 84
96 lines (84 loc) · 3.78 KB
/
integration.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
---
name: Integration Test
permissions:
pull-requests: read
contents: read
statuses: write
# Running testing farm needs TF_API_KEY secret available inside the forked repo.
# So the pull_request_target trigger has to be used in this case. To protect the
# secrets this workflow has a PR sender permission checking at first job. Only
# collaborator with repo write or admin permission can run this workflow.
on:
pull_request_target:
types: [opened, synchronize, reopened]
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
env:
AWS_REGION: us-west-2
jobs:
pr-info:
runs-on: ubuntu-latest
steps:
- name: Query author repository permissions
uses: octokit/request-action@v2.x
id: user_permission
with:
route: GET /repos/${{ github.repository }}/collaborators/${{ github.event.sender.login }}/permission
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# restrict running of tests to users with admin or write permission for the repository
# see https://docs.github.com/en/rest/collaborators/collaborators?apiVersion=2022-11-28#get-repository-permissions-for-a-user
- name: Check if user does have correct permissions
if: contains('admin write', fromJson(steps.user_permission.outputs.data).permission)
id: check_user_perm
run: |
echo "User '${{ github.event.sender.login }}' has permission '${{ fromJson(steps.user_permission.outputs.data).permission }}' allowed values: 'admin', 'write'"
echo "allowed_user=true" >> $GITHUB_OUTPUT
- name: Get information for pull request
uses: octokit/request-action@v2.x
id: pr-api
with:
route: GET /repos/${{ github.repository }}/pulls/${{ github.event.number }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
outputs:
allowed_user: ${{ steps.check_user_perm.outputs.allowed_user }}
sha: ${{ fromJson(steps.pr-api.outputs.data).head.sha }}
ref: ${{ fromJson(steps.pr-api.outputs.data).head.ref }}
repo_url: ${{ fromJson(steps.pr-api.outputs.data).head.repo.html_url }}
integration:
needs: pr-info
if: ${{ needs.pr-info.outputs.allowed_user == 'true' && !contains(github.event.pull_request.labels.*.name, 'control/skip-ci') }}
continue-on-error: true
strategy:
matrix:
arch: [x86_64, aarch64]
distro: [rhel-9-5, centos-stream-9, fedora-40]
exclude:
- arch: x86_64
distro: centos-stream-9
- arch: aarch64
distro: fedora-40
runs-on: ubuntu-latest
steps:
- name: Clone repository
uses: actions/checkout@v4
with:
ref: ${{ needs.pr-info.outputs.sha }}
fetch-depth: 0
- name: Run the tests
uses: sclorg/testing-farm-as-github-action@v2
with:
compose: Fedora-40
api_key: ${{ secrets.TF_API_KEY }}
git_url: ${{ needs.pr-info.outputs.repo_url }}
git_ref: ${{ needs.pr-info.outputs.ref }}
arch: ${{ matrix.arch }}
update_pull_request_status: true
pull_request_status_name: "bootc-${{ matrix.distro }}-${{ matrix.arch }}"
tmt_context: "arch=${{ matrix.arch }}"
tmt_plan_regex: "/install-upgrade/"
tf_scope: private
secrets: "QUAY_USERNAME=${{ secrets.QUAY_USERNAME }};QUAY_PASSWORD=${{ secrets.QUAY_PASSWORD }};QUAY_SECRET=${{ secrets.QUAY_SECRET }};RHEL_REGISTRY_URL=${{ secrets.RHEL_REGISTRY_URL }};DOWNLOAD_NODE=${{ secrets.DOWNLOAD_NODE }};AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }};AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }}"
variables: "TEST_OS=${{ matrix.distro }};ARCH=${{ matrix.arch }};AWS_REGION=${{ env.AWS_REGION }}"