-
Notifications
You must be signed in to change notification settings - Fork 3
85 lines (74 loc) · 3.23 KB
/
bootc.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
---
name: Integration Test
permissions:
pull-requests: read
contents: read
statuses: write
# Running testing farm needs TF_API_KEY secret available inside the forked repo.
# So the pull_request_target trigger has to be used in this case. To protect the
# secrets this workflow has a PR sender permission checking at first job. Only
# collaborator with repo write or admin permission can run this workflow.
on:
pull_request_target:
types: [opened, synchronize, reopened]
env:
AWS_REGION: us-east-1
jobs:
pr-info:
runs-on: ubuntu-latest
steps:
- name: Query author repository permissions
uses: octokit/[email protected]
id: user_permission
with:
route: GET /repos/${{ github.repository }}/collaborators/${{ github.event.sender.login }}/permission
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# restrict running of tests to users with admin or write permission for the repository
# see https://docs.github.com/en/rest/collaborators/collaborators?apiVersion=2022-11-28#get-repository-permissions-for-a-user
- name: Check if user does have correct permissions
if: contains('admin write', fromJson(steps.user_permission.outputs.data).permission)
id: check_user_perm
run: |
echo "User '${{ github.event.sender.login }}' has permission '${{ fromJson(steps.user_permission.outputs.data).permission }}' allowed values: 'admin', 'write'"
echo "allowed_user=true" >> $GITHUB_OUTPUT
- name: Get information for pull request
uses: octokit/[email protected]
id: pr-api
with:
route: GET /repos/${{ github.repository }}/pulls/${{ github.event.number }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
outputs:
allowed_user: ${{ steps.check_user_perm.outputs.allowed_user }}
sha: ${{ fromJson(steps.pr-api.outputs.data).head.sha }}
ref: ${{ fromJson(steps.pr-api.outputs.data).head.ref }}
repo_url: ${{ fromJson(steps.pr-api.outputs.data).head.repo.html_url }}
cs9-dev-integration:
needs: pr-info
if: ${{ needs.pr-info.outputs.allowed_user == 'true' }}
continue-on-error: true
strategy:
matrix:
arch: [x86_64, aarch64]
platform: [aws]
runs-on: ubuntu-latest
steps:
- name: Clone repository
uses: actions/checkout@v4
with:
ref: ${{ needs.pr-info.outputs.sha }}
fetch-depth: 0
- name: Run the tests
uses: sclorg/testing-farm-as-github-action@v2
with:
compose: CentOS-Stream-9
api_key: ${{ secrets.TF_API_KEY }}
git_url: https://github.com/containers/bootc.git
git_ref: main
arch: ${{ matrix.arch }}
tmt_context: "arch=${{ matrix.arch }}"
tmt_plan_regex: "${{ matrix.platform }}"
tf_scope: private
secrets: "QUAY_USERNAME=${{ secrets.QUAY_USERNAME }};QUAY_PASSWORD=${{ secrets.QUAY_PASSWORD }};QUAY_SECRET=${{ secrets.QUAY_SECRET }};AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }};AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }}"
variables: "TEST_OS=centos-stream-9;PLATFORM=${{ matrix.platform }};ARCH=${{ matrix.arch }};AWS_REGION=${{ env.AWS_REGION }}"