-
Notifications
You must be signed in to change notification settings - Fork 205
161 lines (150 loc) · 7.79 KB
/
pr-validation-fork.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
# This was adapted from https://github.com/imjohnbo/ok-to-test/blob/master/.github/workflows/integration.yml
name: Validate Pull Request (fork)
on:
repository_dispatch:
types: [ok-to-test-command]
jobs:
integration-tests-fork:
runs-on: [self-hosted, 1ES.Pool=aso-1es-pool]
if:
github.event_name == 'repository_dispatch' &&
github.event.client_payload.slash_command.args.named.sha != '' &&
contains(github.event.client_payload.pull_request.head.sha, github.event.client_payload.slash_command.args.named.sha)
permissions:
checks: write
packages: read
steps:
# Update check run called "integration-tests" setting status to in_progress
# Note: There is no way to specify which suite the check we create goes into apparently, see:
# https://github.community/t/specify-check-suite-when-creating-a-checkrun/118380
# Also, details_url doesn't currently work when set via a GITHUB_TOKEN which is what we're using, see:
# https://github.community/t/create-a-check-run-details-url-is-not-being-set/166002
# Given the above limitations, we create a new check for the fork integration tests, and then at the end
# of this job we update the "integration-tests" check to be passing as well (so this single job really
# ends up writing the status 2 checks, 1 is "integration-tests" and one is "integration-tests-fork").
- name: set-check-run-in-progress
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # pinned to v7.0.1
id: set-check-run-in-progress
env:
number: ${{ github.event.client_payload.pull_request.number }}
job: ${{ github.job }}
server_url: ${{ github.server_url }}
repo: ${{ github.repository }}
run_id: ${{ github.run_id }}
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const url = `${process.env.server_url}/${process.env.repo}/actions/runs/${process.env.run_id}`
const { data: pull } = await github.rest.pulls.get({
...context.repo,
pull_number: process.env.number
});
const ref = pull.head.sha;
const { data: result } = await github.rest.checks.create({
...context.repo,
name: process.env.job,
head_sha: ref,
status: 'in_progress',
details_url: url,
});
return result;
- name: Fork based /ok-to-test checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pinned to 4.1.7
with:
fetch-depth: 0 # required to access tags
submodules: 'true'
ref: 'refs/pull/${{ github.event.client_payload.pull_request.number }}/merge'
- name: Force docker to SSD
run: sudo scripts/v2/linux-docker-use-ssd.sh --containerd true
- name: check-changes
id: check-changes
run: scripts/v2/check-changes.sh
- name: Log in to GitHub Docker Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # pinned to v3.3.0
with:
registry: docker.pkg.github.com # ghcr.io not yet enabled for Azure org
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
if: steps.check-changes.outputs.code-changed == 'true'
# Note: Changes to this step must also be mirrored into pr-validation.yaml
- name: Build devcontainer image
# We must issue a manual pull before the build so the image gets copied locally, because
# docker.pkg.github.com is not a valid Docker registry and doesn't work with --cache-from,
# however, `docker pull` will fall back to other methods that do work and get the image loaded.
#
# This message comes from "docker pull":
#
# Run docker pull docker.pkg.github.com/azure/azure-service-operator/aso-devcontainer:latest
# WARNING: ⚠️ Failed to pull manifest by the resolved digest. This registry does not
# appear to conform to the distribution registry specification; falling back to
# pull by tag. This fallback is DEPRECATED, and will be removed in a future
# release. Please contact admins of https://docker.pkg.github.com. ⚠️
#
# See: https://github.com/moby/moby/issues/41687#issuecomment-733826074 and related issues
run: |
docker pull docker.pkg.github.com/azure/azure-service-operator/aso-devcontainer:latest
docker build --cache-from docker.pkg.github.com/azure/azure-service-operator/aso-devcontainer:latest --tag devcontainer:latest .devcontainer
env:
DOCKER_BUILDKIT: 1
if: steps.check-changes.outputs.code-changed == 'true'
- name: Run devcontainer image
id: devcontainer
run: |
container_id=$(docker create -w /workspace -v $GITHUB_WORKSPACE:/workspace -v /var/run/docker.sock:/var/run/docker.sock --network=host devcontainer:latest)
docker start "$container_id"
echo "container_id=$container_id" >> $GITHUB_ENV
if: steps.check-changes.outputs.code-changed == 'true'
- name: Run integration tests
run: |
container_id=${{ env.container_id }}
docker exec -e HOSTROOT=$GITHUB_WORKSPACE -e GITHUB_ACTIONS -e AZURE_TENANT_ID -e AZURE_SUBSCRIPTION_ID -e KIND_OIDC_STORAGE_ACCOUNT_RG -e KIND_OIDC_STORAGE_ACCOUNT "$container_id" task controller:ci-integration-tests
env:
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
KIND_OIDC_STORAGE_ACCOUNT_RG: ${{ secrets.KIND_OIDC_STORAGE_ACCOUNT_RG }}
KIND_OIDC_STORAGE_ACCOUNT: ${{ secrets.KIND_OIDC_STORAGE_ACCOUNT }}
if: steps.check-changes.outputs.code-changed == 'true'
# Update check run called "integration-fork"
- name: update-integration-tests-result
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # pinned to v7.0.1
id: update-check-run
if: ${{ always() }}
env:
number: ${{ github.event.client_payload.pull_request.number }}
job: ${{ github.job }}
integration_test_job: 'integration-tests' # This is the name of the job defined in pr-validation.yml
# Conveniently, job.status maps to https://developer.github.com/v3/checks/runs/#update-a-check-run
conclusion: ${{ job.status }}
server_url: ${{ github.server_url }}
repo: ${{ github.repository }}
run_id: ${{ github.run_id }}
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const url = `${process.env.server_url}/${process.env.repo}/actions/runs/${process.env.run_id}`
const { data: pull } = await github.rest.pulls.get({
...context.repo,
pull_number: process.env.number
});
const ref = pull.head.sha;
const { data: checks } = await github.rest.checks.listForRef({
...context.repo,
ref
});
const forkCheck = checks.check_runs.filter(c => c.name === process.env.job);
await github.rest.checks.update({
...context.repo,
check_run_id: forkCheck[0].id,
status: 'completed',
conclusion: process.env.conclusion,
details_url: url,
});
const mainCheck = checks.check_runs.filter(c => c.name === process.env.integration_test_job);
const { data: result } = await github.rest.checks.update({
...context.repo,
check_run_id: mainCheck[0].id,
status: 'completed',
conclusion: process.env.conclusion,
details_url: url,
});
return result;