-
Notifications
You must be signed in to change notification settings - Fork 300
173 lines (159 loc) · 7.56 KB
/
test-internal-prs.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
# Description: This workflow runs test suite against PRs that are not from forks.
#
# Triggered by:
# (1) Opening a pull request
# (2) On every commit to the PR
# (3) Adding run-tests label to the PR
name: Test / Internal PRs
concurrency:
group: test-internal-prs-${{ github.event.pull_request.id }}
cancel-in-progress: true
on:
pull_request:
branches: [main, hotfix]
types: [opened, synchronize, labeled]
jobs:
setup:
runs-on: ubuntu-latest
# We run tests only if
# (1) this pr is not from a fork, and
# (2) it's either 'opened' or 'synchronize' action or 'labeled' action with 'run-tests' label.
if: |
github.event.pull_request.head.repo.full_name == github.repository && (
github.event.action == 'opened' ||
github.event.action == 'synchronize' ||
(github.event.action == 'labeled' && github.event.label.name == 'run-tests')
)
permissions:
pull-requests: write # used to remove label
statuses: write # This is required for running set-status actions
steps:
- name: Remove run-tests label, if applicable
if: github.event.label.name == 'run-tests'
env:
ISSUE_NUMBER: ${{ github.event.pull_request.number }}
REPO_OWNER: ${{ github.repository_owner }}
REPO_NAME: ${{ github.event.repository.name }}
LABEL_NAME: 'run-tests'
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 https://github.com/actions/github-script/commit/60a0d83039c74a4aee543508d2ffcb1c3799cdea
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const { ISSUE_NUMBER, REPO_OWNER, REPO_NAME, LABEL_NAME } = process.env
github.rest.issues.removeLabel({ owner: REPO_OWNER, repo: REPO_NAME, issue_number: ISSUE_NUMBER, name: LABEL_NAME })
- name: Checkout Repository
uses: actions/checkout@b80ff79f1755d06ba70441c368a6fe801f5f3a62 # v4.1.3 https://github.com/actions/checkout/commit/cd7d8d697e10461458bc61a30d094dc601a8b017
- name: Set status to commit sha
uses: ./.github/actions/set-status
with:
sha: ${{ github.event.pull_request.head.sha }}
state: 'pending'
context: 'Run PR checks'
description: 'PR checks are now running'
# URL below is a link to the current workflow run to allow users to see the status of the workflow.
target-url: https://github.com/${{ github.event.repository.owner.login }}/${{ github.event.repository.name }}/actions/runs/${{ github.run_id }}
dependency-review:
runs-on: ubuntu-latest
needs: setup
steps:
- name: 'Checkout Repository'
uses: actions/checkout@b80ff79f1755d06ba70441c368a6fe801f5f3a62 # v4.1.3 https://github.com/actions/checkout/commit/cd7d8d697e10461458bc61a30d094dc601a8b017
- name: 'Dependency Review'
uses: actions/dependency-review-action@0c155c5e8556a497adf53f2c18edabf945ed8e70 # https://github.com/actions/dependency-review-action/commit/[HASH]
with:
config-file: '.github/dependency-review/config.yml'
codeql:
needs: setup
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write # to write security event to the PR
strategy:
fail-fast: false
matrix:
language: [javascript]
steps:
- name: Checkout
uses: actions/checkout@b80ff79f1755d06ba70441c368a6fe801f5f3a62 # v4.1.3 https://github.com/actions/checkout/commit/cd7d8d697e10461458bc61a30d094dc601a8b017
- name: Initialize CodeQL
uses: github/codeql-action/init@423a04bb2cb7cd2643007122588f1387778f14d0 # v3.24.9 https://github.com/github/codeql-action/commit/423a04bb2cb7cd2643007122588f1387778f14d0
with:
languages: ${{ matrix.language }}
config-file: ./.github/codeql/codeql-config.yml
queries: +security-and-quality
- name: Autobuild
uses: github/codeql-action/autobuild@423a04bb2cb7cd2643007122588f1387778f14d0 # v3.24.9 https://github.com/github/codeql-action/commit/423a04bb2cb7cd2643007122588f1387778f14d0
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@423a04bb2cb7cd2643007122588f1387778f14d0 # v3.24.9 https://github.com/github/codeql-action/commit/423a04bb2cb7cd2643007122588f1387778f14d0
with:
category: '/language:${{ matrix.language }}'
setup-cache:
needs: setup
uses: ./.github/workflows/reusable-setup-cache.yml
with:
commit: ${{ github.event.pull_request.head.sha }}
repository: ${{ github.repository }}
unit:
uses: ./.github/workflows/reusable-unit.yml
needs: setup-cache
with:
commit: ${{ github.event.pull_request.head.sha }}
repository: ${{ github.repository }}
e2e:
uses: ./.github/workflows/reusable-e2e.yml
needs: unit
with:
commit: ${{ github.event.pull_request.head.sha }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
permissions:
id-token: write # This is required for requesting the JWT
secrets:
AUTH_E2E_ROLE_ARN: ${{ secrets.AUTH_E2E_ROLE_ARN }}
DATASTORE_E2E_ROLE_ARN: ${{ secrets.DATASTORE_E2E_ROLE_ARN }}
GEO_E2E_ROLE_ARN: ${{ secrets.GEO_E2E_ROLE_ARN }}
STORAGE_E2E_ROLE_ARN: ${{ secrets.STORAGE_E2E_ROLE_ARN }}
LIVENESS_E2E_ROLE_ARN: ${{ secrets.LIVENESS_E2E_ROLE_ARN }}
IN_APP_MESSAGING_E2E_ROLE_ARN: ${{ secrets.IN_APP_MESSAGING_E2E_ROLE_ARN }}
AI_E2E_ROLE_ARN: ${{ secrets.AI_E2E_ROLE_ARN }}
DOMAIN: ${{ secrets.DOMAIN }}
PHONE_NUMBER: ${{ secrets.PHONE_NUMBER }}
USERNAME: ${{ secrets.USERNAME }}
NEW_PASSWORD: ${{ secrets.NEW_PASSWORD }}
VALID_PASSWORD: ${{ secrets.VALID_PASSWORD }}
SITE_URL: ${{ secrets.SITE_URL }}
DOCSEARCH_DOCS_APP_ID: ${{ secrets.DOCSEARCH_DOCS_APP_ID }}
DOCSEARCH_DOCS_API_KEY: ${{ secrets.DOCSEARCH_DOCS_API_KEY }}
DOCSEARCH_DOCS_INDEX_NAME: ${{ secrets.DOCSEARCH_DOCS_INDEX_NAME }}
update-success-status:
if: ${{ success() }}
needs: [setup, e2e, codeql, dependency-review]
runs-on: ubuntu-latest
permissions:
statuses: write # This is required for running set-status actions
steps:
- uses: actions/checkout@b80ff79f1755d06ba70441c368a6fe801f5f3a62 # v4.1.3 https://github.com/actions/checkout/commit/cd7d8d697e10461458bc61a30d094dc601a8b017
- name: Update status when tests are successful
uses: ./.github/actions/set-status
with:
sha: ${{ github.event.pull_request.head.sha }}
state: 'success'
context: 'Run PR checks'
description: 'PR checks have finished running'
target-url: https://github.com/${{ github.event.repository.owner.login }}/${{ github.event.repository.name }}/actions/runs/${{ github.run_id }}
update-failure-status:
if: ${{ failure() }}
needs: [setup, e2e, codeql, dependency-review]
runs-on: ubuntu-latest
permissions:
statuses: write # This is required for running set-status actions
steps:
- uses: actions/checkout@b80ff79f1755d06ba70441c368a6fe801f5f3a62 # v4.1.3 https://github.com/actions/checkout/commit/cd7d8d697e10461458bc61a30d094dc601a8b017
- name: Update status when tests are not successful
uses: ./.github/actions/set-status
with:
sha: ${{ github.event.pull_request.head.sha }}
state: 'failure'
context: 'Run PR checks'
description: 'PR checks have failed'
target-url: https://github.com/${{ github.event.repository.owner.login }}/${{ github.event.repository.name }}/actions/runs/${{ github.run_id }}