-
Notifications
You must be signed in to change notification settings - Fork 205
55 lines (46 loc) · 2.35 KB
/
live-validation.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
name: Live Azure Validation
on:
schedule:
# 5:35 pm every Sunday (UTC)
# to ensure the live validation runs weekly
- cron: "35 17 * * 0"
workflow_dispatch:
jobs:
test-generator:
concurrency: live-resources # only permit one run at a time
runs-on: [self-hosted, 1ES.Pool=aso-1es-pool]
permissions:
contents: read
# Only run this scheduled job on the main repo, it can't work elsewhere
if: ${{ github.repository == 'Azure/azure-service-operator' }}
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pinned to 4.1.7
with:
fetch-depth: 0 # required to access tags
submodules: "true"
- name: Force docker to SSD
run: sudo scripts/v2/linux-docker-use-ssd.sh --containerd true
- name: Build & run devcontainer image
# this always builds a new image from scratch rather than from the build-devcontainer-image workflow output
# so that we pick up the latest versions of everything
# NB: if you update this also update pre-release-tests.yaml, create-release-experimental.yml and create-release-official.yaml
id: devcontainer
run: |
docker build --tag devcontainer:latest .devcontainer
container_id=$(docker create -w /workspace -v $GITHUB_WORKSPACE:/workspace -v /var/run/docker.sock:/var/run/docker.sock --network=host devcontainer:latest)
docker start "$container_id"
echo "container_id=$container_id" >> $GITHUB_ENV
- name: Run CI tasks against live resources
run: docker exec -e HOSTROOT=$GITHUB_WORKSPACE -e GITHUB_ACTIONS -e AZURE_TENANT_ID -e AZURE_SUBSCRIPTION_ID "${{env.container_id }}" task ci-live
env:
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# We explicitly do not upload coverage for live tests as it messes with the diffs for PRs,
# since they will not exercize the authorization codepaths.
- name: Cleanup test resources
if: always()
run: docker exec -e GITHUB_ACTIONS -e AZURE_TENANT_ID -e AZURE_SUBSCRIPTION_ID "${{ env.container_id }}" task cleanup-azure-resources
env:
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}