merge main into identity-providers #4452
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Description: This workflow runs test suite against PRs that are not from forks. | |
# | |
# Triggered by: | |
# (1) Opening a pull request | |
# (2) On every commit to the PR | |
# (3) Adding run-tests label to the PR | |
name: Test / Internal PRs | |
concurrency: | |
group: test-internal-prs-${{ github.event.pull_request.id }} | |
cancel-in-progress: true | |
on: | |
pull_request: | |
branches: [main, hotfix] | |
types: [opened, synchronize, labeled] | |
jobs: | |
setup: | |
runs-on: ubuntu-latest | |
# We run tests only if | |
# (1) this pr is not from a fork, and | |
# (2) it's either 'opened' or 'synchronize' action or 'labeled' action with 'run-tests' label. | |
if: | | |
github.event.pull_request.head.repo.full_name == github.repository && ( | |
github.event.action == 'opened' || | |
github.event.action == 'synchronize' || | |
(github.event.action == 'labeled' && github.event.label.name == 'run-tests') | |
) | |
permissions: | |
pull-requests: write # used to remove label | |
statuses: write # This is required for running set-status actions | |
steps: | |
- name: Remove run-tests label, if applicable | |
if: github.event.label.name == 'run-tests' | |
env: | |
ISSUE_NUMBER: ${{ github.event.pull_request.number }} | |
REPO_OWNER: ${{ github.repository_owner }} | |
REPO_NAME: ${{ github.event.repository.name }} | |
LABEL_NAME: 'run-tests' | |
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 https://github.com/actions/github-script/commit/60a0d83039c74a4aee543508d2ffcb1c3799cdea | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
script: | | |
const { ISSUE_NUMBER, REPO_OWNER, REPO_NAME, LABEL_NAME } = process.env | |
github.rest.issues.removeLabel({ owner: REPO_OWNER, repo: REPO_NAME, issue_number: ISSUE_NUMBER, name: LABEL_NAME }) | |
- name: Checkout Repository | |
uses: actions/checkout@b80ff79f1755d06ba70441c368a6fe801f5f3a62 # v4.1.3 https://github.com/actions/checkout/commit/cd7d8d697e10461458bc61a30d094dc601a8b017 | |
- name: Set status to commit sha | |
uses: ./.github/actions/set-status | |
with: | |
sha: ${{ github.event.pull_request.head.sha }} | |
state: 'pending' | |
context: 'Run PR checks' | |
description: 'PR checks are now running' | |
# URL below is a link to the current workflow run to allow users to see the status of the workflow. | |
target-url: https://github.com/${{ github.event.repository.owner.login }}/${{ github.event.repository.name }}/actions/runs/${{ github.run_id }} | |
dependency-review: | |
runs-on: ubuntu-latest | |
needs: setup | |
steps: | |
- name: 'Checkout Repository' | |
uses: actions/checkout@b80ff79f1755d06ba70441c368a6fe801f5f3a62 # v4.1.3 https://github.com/actions/checkout/commit/cd7d8d697e10461458bc61a30d094dc601a8b017 | |
- name: 'Dependency Review' | |
uses: actions/dependency-review-action@0c155c5e8556a497adf53f2c18edabf945ed8e70 # https://github.com/actions/dependency-review-action/commit/[HASH] | |
with: | |
config-file: '.github/dependency-review/config.yml' | |
codeql: | |
needs: setup | |
runs-on: ubuntu-latest | |
permissions: | |
actions: read | |
contents: read | |
security-events: write # to write security event to the PR | |
strategy: | |
fail-fast: false | |
matrix: | |
language: [javascript] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b80ff79f1755d06ba70441c368a6fe801f5f3a62 # v4.1.3 https://github.com/actions/checkout/commit/cd7d8d697e10461458bc61a30d094dc601a8b017 | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@423a04bb2cb7cd2643007122588f1387778f14d0 # v3.24.9 https://github.com/github/codeql-action/commit/423a04bb2cb7cd2643007122588f1387778f14d0 | |
with: | |
languages: ${{ matrix.language }} | |
config-file: ./.github/codeql/codeql-config.yml | |
queries: +security-and-quality | |
- name: Autobuild | |
uses: github/codeql-action/autobuild@423a04bb2cb7cd2643007122588f1387778f14d0 # v3.24.9 https://github.com/github/codeql-action/commit/423a04bb2cb7cd2643007122588f1387778f14d0 | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@423a04bb2cb7cd2643007122588f1387778f14d0 # v3.24.9 https://github.com/github/codeql-action/commit/423a04bb2cb7cd2643007122588f1387778f14d0 | |
with: | |
category: '/language:${{ matrix.language }}' | |
setup-cache: | |
needs: setup | |
uses: ./.github/workflows/reusable-setup-cache.yml | |
with: | |
commit: ${{ github.event.pull_request.head.sha }} | |
repository: ${{ github.repository }} | |
unit: | |
uses: ./.github/workflows/reusable-unit.yml | |
needs: setup-cache | |
with: | |
commit: ${{ github.event.pull_request.head.sha }} | |
repository: ${{ github.repository }} | |
e2e: | |
uses: ./.github/workflows/reusable-e2e.yml | |
needs: unit | |
with: | |
commit: ${{ github.event.pull_request.head.sha }} | |
repository: ${{ github.event.pull_request.head.repo.full_name }} | |
permissions: | |
id-token: write # This is required for requesting the JWT | |
secrets: | |
AUTH_E2E_ROLE_ARN: ${{ secrets.AUTH_E2E_ROLE_ARN }} | |
DATASTORE_E2E_ROLE_ARN: ${{ secrets.DATASTORE_E2E_ROLE_ARN }} | |
GEO_E2E_ROLE_ARN: ${{ secrets.GEO_E2E_ROLE_ARN }} | |
STORAGE_E2E_ROLE_ARN: ${{ secrets.STORAGE_E2E_ROLE_ARN }} | |
LIVENESS_E2E_ROLE_ARN: ${{ secrets.LIVENESS_E2E_ROLE_ARN }} | |
IN_APP_MESSAGING_E2E_ROLE_ARN: ${{ secrets.IN_APP_MESSAGING_E2E_ROLE_ARN }} | |
DOMAIN: ${{ secrets.DOMAIN }} | |
PHONE_NUMBER: ${{ secrets.PHONE_NUMBER }} | |
USERNAME: ${{ secrets.USERNAME }} | |
NEW_PASSWORD: ${{ secrets.NEW_PASSWORD }} | |
VALID_PASSWORD: ${{ secrets.VALID_PASSWORD }} | |
SITE_URL: ${{ secrets.SITE_URL }} | |
DOCSEARCH_DOCS_APP_ID: ${{ secrets.DOCSEARCH_DOCS_APP_ID }} | |
DOCSEARCH_DOCS_API_KEY: ${{ secrets.DOCSEARCH_DOCS_API_KEY }} | |
DOCSEARCH_DOCS_INDEX_NAME: ${{ secrets.DOCSEARCH_DOCS_INDEX_NAME }} | |
update-success-status: | |
if: ${{ success() }} | |
needs: [setup, e2e, codeql, dependency-review] | |
runs-on: ubuntu-latest | |
permissions: | |
statuses: write # This is required for running set-status actions | |
steps: | |
- uses: actions/checkout@b80ff79f1755d06ba70441c368a6fe801f5f3a62 # v4.1.3 https://github.com/actions/checkout/commit/cd7d8d697e10461458bc61a30d094dc601a8b017 | |
- name: Update status when tests are successful | |
uses: ./.github/actions/set-status | |
with: | |
sha: ${{ github.event.pull_request.head.sha }} | |
state: 'success' | |
context: 'Run PR checks' | |
description: 'PR checks have finished running' | |
target-url: https://github.com/${{ github.event.repository.owner.login }}/${{ github.event.repository.name }}/actions/runs/${{ github.run_id }} | |
update-failure-status: | |
if: ${{ failure() }} | |
needs: [setup, e2e, codeql, dependency-review] | |
runs-on: ubuntu-latest | |
permissions: | |
statuses: write # This is required for running set-status actions | |
steps: | |
- uses: actions/checkout@b80ff79f1755d06ba70441c368a6fe801f5f3a62 # v4.1.3 https://github.com/actions/checkout/commit/cd7d8d697e10461458bc61a30d094dc601a8b017 | |
- name: Update status when tests are not successful | |
uses: ./.github/actions/set-status | |
with: | |
sha: ${{ github.event.pull_request.head.sha }} | |
state: 'failure' | |
context: 'Run PR checks' | |
description: 'PR checks have failed' | |
target-url: https://github.com/${{ github.event.repository.owner.login }}/${{ github.event.repository.name }}/actions/runs/${{ github.run_id }} |