-
-
Notifications
You must be signed in to change notification settings - Fork 41
304 lines (277 loc) · 10.5 KB
/
test.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
---
name: test
on: pull_request
env:
AQUA_POLICY_CONFIG: ${{ github.workspace }}/aqua/policy.yaml
AQUA_LOG_COLOR: always
permissions: {}
jobs:
path-filter:
# Get changed files to filter jobs
outputs:
update-aqua-checksums: ${{steps.changes.outputs.update-aqua-checksums}}
renovate-config-validator: ${{steps.changes.outputs.renovate-config-validator}}
ghalint: ${{steps.changes.outputs.ghalint}}
runs-on: ubuntu-latest
permissions: {}
steps:
- uses: dorny/paths-filter@v2
id: changes
with:
filters: |
update-aqua-checksums:
- aqua/aqua.yaml
- aqua/imports/*.yaml
- aqua/aqua-checksums.json
- .github/workflows/test.yaml
renovate-config-validator:
- renovate.json5
ghalint:
- .github/workflows/*.yaml
- aqua/imports/ghalint.yaml
go-mod-tidy:
- go.mod
- go.sum
- "**.go"
update-aqua-checksums:
# Update aqua-checksums.json and push a commit
runs-on: ubuntu-latest
needs: path-filter
permissions: {}
if: |
needs.path-filter.outputs.update-aqua-checksums == 'true'
steps:
- name: Checkout
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3
- name: Generate token
id: generate_token
if: "! github.event.pull_request.head.repo.fork"
uses: tibdex/github-app-token@021a2405c7f990db57f5eae5397423dcc554159c # v1
with:
app_id: ${{secrets.APP_ID}}
private_key: ${{secrets.APP_PRIVATE_KEY}}
- uses: aquaproj/aqua-installer@61e2563dfe7674cbf74fe6ec212e444198a3bb00 # v2.0.2
# Install ghcp
with:
aqua_version: v1.38.0
env:
AQUA_GITHUB_TOKEN: ${{github.token}}
- uses: aquaproj/update-checksum-action@2fb7f676d407d4fb8c2c466c19d09d3ddec4f82f # v0.2.2
with:
prune: true
skip_push: ${{github.event.pull_request.head.repo.fork}}
env:
# To trigger GitHub Actions Workflow by pushing a commit, GitHub App token is required.
# github.token doesn't trigger GitHub Actions Workflow.
# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow
# > When you use the repository's GITHUB_TOKEN to perform tasks, events triggered by the GITHUB_TOKEN, with the exception of workflow_dispatch and repository_dispatch, will not create a new workflow run.
GITHUB_TOKEN: ${{steps.generate_token.outputs.token}}
renovate-config-validator:
# Validate Renovate Configuration by renovate-config-validator.
uses: suzuki-shunsuke/renovate-config-validator-workflow/.github/workflows/validate.yaml@1a2fd7b15d99b1c434124b0bd2d8bd55b54ed869 # v0.2.0
needs: path-filter
if: needs.path-filter.outputs.renovate-config-validator == 'true'
permissions:
contents: read
ghalint:
# Validate GitHub Actions Workflows by ghalint.
needs: path-filter
if: needs.path-filter.outputs.ghalint == 'true'
runs-on: ubuntu-latest
permissions: {}
steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3
- uses: aquaproj/aqua-installer@61e2563dfe7674cbf74fe6ec212e444198a3bb00 # v2.0.2
with:
aqua_version: v1.38.0
env:
AQUA_GITHUB_TOKEN: ${{github.token}}
- run: ghalint run
env:
GHALINT_LOG_COLOR: always
enable-automerge:
# Enable automerge to merge pull requests from Renovate automatically.
runs-on: ubuntu-latest
needs:
- status-check
permissions:
contents: write # For enable automerge
pull-requests: write # For enable automerge
# "! failure() && ! cancelled()" is required. success() returns false if dependent jobs are skipped.
# https://github.com/community/community/discussions/45058
# By default success() is used so we have to override success() by "! failure() && ! cancelled()"
if: |
! failure() && ! cancelled() && github.event.pull_request.user.login == 'renovate[bot]' && contains(github.event.pull_request.body, ' **Automerge**: Enabled.')
steps:
- name: Generate token
id: generate_token
uses: tibdex/github-app-token@021a2405c7f990db57f5eae5397423dcc554159c # v1
with:
app_id: ${{secrets.APP_ID}}
private_key: ${{secrets.APP_PRIVATE_KEY}}
- run: gh -R "$GITHUB_REPOSITORY" pr merge --merge --auto --delete-branch "$PR_NUMBER"
env:
GITHUB_TOKEN: ${{steps.generate_token.outputs.token}} # Use GitHub App to trigger GitHub Actions Workflow by merge commit.
PR_NUMBER: ${{github.event.pull_request.number}}
status-check:
# This job is used for main branch's branch protection rule's status check.
# If all dependent jobs succeed or are skipped this job succeeds.
runs-on: ubuntu-latest
needs:
- update-aqua-checksums
- renovate-config-validator
- ghalint
- test
- integration-test
permissions: {}
if: failure()
steps:
- run: exit 1
test:
runs-on: ubuntu-latest
permissions: {}
steps:
- name: Checkout
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3
- uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
with:
go-version: 1.20.2
cache: true
- run: go build -o /usr/local/bin/aqua ./cmd/aqua
- run: echo "${XDG_DATA_HOME:-$HOME/.local/share}/aquaproj-aqua/bin" >> "$GITHUB_PATH"
- run: aqua i -l
env:
AQUA_GITHUB_TOKEN: ${{github.token}}
- run: golangci-lint run --timeout 120s
env:
AQUA_GITHUB_TOKEN: ${{github.token}}
- run: go test -v ./... -race -covermode=atomic
go-mod-tidy:
uses: suzuki-shunsuke/go-mod-tidy-workflow/.github/workflows/go-mod-tidy.yaml@8facac38f5b2008648c14e31c632c3a709439b9c # v0.1.1
with:
go-version: 1.20.2
aqua_version: v1.38.0
secrets:
gh_app_id: ${{secrets.APP_ID}}
gh_app_private_key: ${{secrets.APP_PRIVATE_KEY}}
permissions:
contents: read
integration-test:
runs-on: ubuntu-latest
env:
GITHUB_TOKEN: ${{github.token}}
AQUA_LOG_LEVEL: debug
AQUA_GLOBAL_CONFIG: ${{ github.workspace }}/tests/main/aqua-global.yaml:${{ github.workspace }}/tests/main/aqua-global-2.yaml
steps:
- uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
- uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
with:
go-version: 1.20.2
cache: true
- run: go install ./cmd/aqua
- run: echo "${XDG_DATA_HOME:-$HOME/.local/share}/aquaproj-aqua/bin" >> "$GITHUB_PATH"
- run: echo "standard,kubernetes-sigs/kind" | aqua g -f -
- run: echo "x-motemen/ghq" | aqua g -f -
- run: echo "local,aquaproj/aqua-installer" | aqua -c tests/main/aqua-global.yaml g -f -
- run: aqua g x-motemen/ghq aquaproj/aqua-installer
- run: echo cli/cli | aqua g -f - x-motemen/ghq aquaproj/aqua-installer suzuki-shunsuke/[email protected]
- name: Test -pin
run: aqua g --pin cli/cli suzuki-shunsuke/[email protected]
- name: Test version_prefix
run: aqua -c aqua-global.yaml g -i local,kubernetes-sigs/kustomize/version_prefix
working-directory: tests/main
- run: aqua list
- run: aqua update-checksum
working-directory: tests/main
- run: aqua update-checksum -prune
working-directory: tests/main
- run: aqua i -l -a
working-directory: tests/main
- run: aqua i
working-directory: tests/main
- run: aqua which go
- run: kind version
working-directory: tests/main
- run: kind version
- run: restic version
env:
AQUA_PROGRESS_BAR: "true"
- run: migrate -version
- run: ghq -version
- run: gh version
- run: tfenv --version
- run: aqua -c tests/main/aqua-global.yaml g local,kubernetes-sigs/kustomize
- run: bats -v
- run: helm version
- run: github-compare -v
- run: terrafmt version
- name: test cosign
run: aqua i
working-directory: tests/cosign
- name: test SLSA
run: aqua i
working-directory: tests/slsa
- name: output bash completion
run: aqua completion bash
- name: output zsh completion
run: aqua completion zsh
- run: aqua g -i suzuki-shunsuke/tfcmt
working-directory: tests/main
- name: add duplicated package
run: aqua g -i suzuki-shunsuke/tfcmt
working-directory: tests/main
- run: git diff aqua.yaml
working-directory: tests/main
- name: "Test generate-registry"
run: aqua gr cli/cli
- name: "Test generate-registry (emoji)"
run: aqua gr hmarr/codeowners
- name: "Test generate-registry (rust)"
run: aqua gr XAMPPRocky/tokei
- name: Test generate-registry (specify version)
run: aqua gr suzuki-shunsuke/[email protected]
- name: test aqua cp
run: aqua cp actionlint
- name: test aqua cp
run: dist/actionlint -version
- name: test aqua cp
run: aqua cp
- name: test aqua cp -a
run: aqua cp -a
- name: test tags
run: aqua i
working-directory: tests/tag
- name: test tags
run: aqua i -t test
working-directory: tests/tag
- name: test tags
run: aqua i -t foo,bar
working-directory: tests/tag
- name: test tags
run: aqua i --exclude-tags test
working-directory: tests/tag
- name: test tags
run: aqua i --exclude-tags test -t foo
working-directory: tests/tag
- name: test tags
run: aqua cp
working-directory: tests/tag
- name: test tags
run: aqua cp -t test
working-directory: tests/tag
- name: test tags
run: aqua cp -t foo,bar
working-directory: tests/tag
- name: test tags
run: aqua cp --exclude-tags test
working-directory: tests/tag
- name: test tags
run: aqua cp --exclude-tags test -t foo
working-directory: tests/tag
- run: aqua update-checksum -a
# Test if global configuration files are read in `aqua list` and `aqua g`
- run: aqua list
working-directory: /tmp
- name: Test update-aqua
run: aqua update-aqua
- run: aqua-installer -v v0.8.1 -i /tmp/aqua