-
Notifications
You must be signed in to change notification settings - Fork 18
204 lines (190 loc) · 8.04 KB
/
build.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
on:
push:
branches:
- "main"
tags:
- "v*"
- "rc*"
pull_request:
name: Test and publish
permissions:
contents: write
deployments: write
issues: write
packages: write
env:
CC_BINARY_URL: https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64
jobs:
test:
name: Test
runs-on: ubuntu-latest
steps:
- uses: actions/setup-go@v3
with:
go-version: '1.20.3'
- uses: actions/checkout@v3
- name: Run tests
run: |
export GIT_COMMIT_SHA='${{ github.sha }}'
export GIT_BRANCH="$(echo '${{ github.ref }}' | sed -E -e 's/.*\/(.*)/\1/')"
echo "Running tests..."
mkdir unitcoverage
go test -cover $(go list ./... | grep -v integration_test) -args -test.gocoverdir="$PWD/unitcoverage"
- uses: actions/upload-artifact@v3
with:
name: unit-test-coverage
path: ./unitcoverage/
publish:
name: Goreleaser
runs-on: ubuntu-latest
needs: test
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Write .env file
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
touch .env
echo GITHUB_TOKEN="$GITHUB_TOKEN" >> .env
- name: Login to GHCR
uses: docker/login-action@v2
if: "!startsWith(github.ref, 'refs/tags/v')"
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to Docker Hub
uses: docker/login-action@v2
if: startsWith(github.ref, 'refs/tags/v')
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: goreleaser release preview
run: make release-preview
if: "!startsWith(github.ref, 'refs/tags/v')"
- name: Tag Docker images appropriately
run: >
docker tag ghcr.io/ecadlabs/signatory:${{ github.sha }}-amd64 ghcr.io/ecadlabs/signatory:${{ github.head_ref || github.ref_name }}-amd64;
docker tag ghcr.io/ecadlabs/signatory:${{ github.sha }}-arm64 ghcr.io/ecadlabs/signatory:${{ github.head_ref || github.ref_name }}-arm64;
docker tag ghcr.io/ecadlabs/signatory:${{ github.sha }}-armv7 ghcr.io/ecadlabs/signatory:${{ github.head_ref || github.ref_name }}-armv7;
if: "!startsWith(github.ref, 'refs/tags/v')"
- name: Push Signatory preview images to GH Container Registry
run: >
docker push ghcr.io/ecadlabs/signatory:${{ github.head_ref || github.ref_name }}-amd64;
docker push ghcr.io/ecadlabs/signatory:${{ github.head_ref || github.ref_name }}-arm64;
docker push ghcr.io/ecadlabs/signatory:${{ github.head_ref || github.ref_name }}-armv7;
if: "!startsWith(github.ref, 'refs/tags/v')"
- name: goreleaser release
run: make release
if: startsWith(github.ref, 'refs/tags/v')
integration-tests:
if: "!startsWith(github.ref, 'refs/tags/v')"
needs: publish
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
testenvs:
- current
- next
steps:
- uses: actions/checkout@v3
- name: Login to DockerHub
uses: docker/login-action@v2
if: "!startsWith(github.ref, 'refs/tags/v')"
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Run tests
env:
IMAGE: ghcr.io/ecadlabs/signatory:${{ github.head_ref || github.ref_name }}-amd64
VAULT_AWS_USER: ${{ secrets.INTEGRATIONTEST_VAULT_AWS_USER }}
VAULT_AWS_KEY: ${{ secrets.INTEGRATIONTEST_VAULT_AWS_KEY }}
VAULT_AWS_SECRET: ${{ secrets.INTEGRATIONTEST_VAULT_AWS_SECRET }}
VAULT_AWS_REGION: ${{ secrets.INTEGRATIONTEST_VAULT_AWS_REGION }}
VAULT_AWS_TZ2: ${{ secrets.INTEGRATIONTEST_VAULT_AWS_TZ2 }}
VAULT_AWS_TZ3: ${{ secrets.INTEGRATIONTEST_VAULT_AWS_TZ3 }}
VAULT_AWS_TZ3_PK: ${{ secrets.INTEGRATIONTEST_VAULT_AWS_TZ3_PK }}
VAULT_AZ_CLIENTCERTTHUMB: ${{ secrets.INTEGRATIONTEST_VAULT_AZ_CLIENTCERTTHUMB }}
VAULT_AZ_CLIENTID: ${{ secrets.INTEGRATIONTEST_VAULT_AZ_CLIENTID }}
VAULT_AZ_RESGROUP: ${{ secrets.INTEGRATIONTEST_VAULT_AZ_RESGROUP }}
VAULT_AZ_SP_KEY: ${{ secrets.INTEGRATIONTEST_VAULT_AZ_SP_KEY }}
VAULT_AZ_SUBID: ${{ secrets.INTEGRATIONTEST_VAULT_AZ_SUBID }}
VAULT_AZ_TENANTID: ${{ secrets.INTEGRATIONTEST_VAULT_AZ_TENANTID }}
VAULT_AZ_VAULT: ${{ secrets.INTEGRATIONTEST_VAULT_AZ_VAULT }}
VAULT_AZ_TZ2: ${{ secrets.INTEGRATIONTEST_VAULT_AZ_TZ2 }}
VAULT_AZ_TZ3: ${{ secrets.INTEGRATIONTEST_VAULT_AZ_TZ3 }}
VAULT_AZ_TZ3_PK: ${{ secrets.INTEGRATIONTEST_VAULT_AZ_TZ3_PK }}
VAULT_GCP_PROJECTID: ${{ secrets.INTEGRATIONTEST_VAULT_GCP_PROJECTID }}
VAULT_GCP_PRIVATEKEYID: ${{ secrets.INTEGRATIONTEST_VAULT_GCP_PRIVATEKEYID }}
VAULT_GCP_PRIVATEKEY: ${{ secrets.INTEGRATIONTEST_VAULT_GCP_PRIVATEKEY }}
VAULT_GCP_CLIENTEMAIL: ${{ secrets.INTEGRATIONTEST_VAULT_GCP_CLIENTEMAIL }}
VAULT_GCP_CLIENTID: ${{ secrets.INTEGRATIONTEST_VAULT_GCP_CLIENTID }}
VAULT_GCP_X509_URL: ${{ secrets.INTEGRATIONTEST_VAULT_GCP_X509_URL }}
VAULT_GCP_KEYRING: ${{ secrets.INTEGRATIONTEST_VAULT_GCP_KEYRING }}
VAULT_GCP_LOCATION: ${{ secrets.INTEGRATIONTEST_VAULT_GCP_LOCATION }}
VAULT_GCP_TZ3: ${{ secrets.INTEGRATIONTEST_VAULT_GCP_TZ3 }}
VAULT_GCP_TZ3_PK: ${{ secrets.INTEGRATIONTEST_VAULT_GCP_TZ3_PK }}
run: >
cd integration_test;
export ARCH=amd64;
. ./.env.${{ matrix.testenvs }};
envsubst < gcp-token-template.json > gcp-token.json;
echo $VAULT_AZ_SP_KEY |base64 -d >service-principal.key;
docker compose up -d --wait --pull always;
docker exec octez sudo chown -R tezos /home/tezos/.tezos-client;
go test ./...;
docker compose kill;
rm -f gcp-token.json;
rm -f service-principal.key;
- uses: actions/upload-artifact@v3
with:
name: integration-test-coverage-env${{ matrix.testenvs }}
path: ./integration_test/coverage/
report-coverage:
needs: integration-tests
runs-on: ubuntu-latest
strategy:
fail-fast: false
steps:
- uses: actions/checkout@v3
- name: Setup Code Climate test-reporter
run: |
curl -L "$CC_BINARY_URL" > ./cc-test-reporter
chmod +x ./cc-test-reporter
- uses: actions/download-artifact@v3
with:
name: unit-test-coverage
path: unit-test-coverage
- uses: actions/download-artifact@v3
with:
name: integration-test-coverage-envcurrent
path: integration-test-coverage-envcurrent
- uses: actions/download-artifact@v3
with:
name: integration-test-coverage-envnext
path: integration-test-coverage-envnext
- name: Report Coverage
run: |
export CC_TEST_REPORTER_ID='${{ secrets.CC_TEST_REPORTER_ID }}'
if [[ ! -z "$CC_TEST_REPORTER_ID" ]]; then
echo "Generating coverage report..."
export GIT_COMMIT_SHA='${{ github.sha }}'
export GIT_BRANCH="$(echo '${{ github.ref }}' | sed -E -e 's/.*\/(.*)/\1/')"
./cc-test-reporter before-build
go tool covdata textfmt -i=./unit-test-coverage,./integration-test-coverage-envcurrent,./integration-test-coverage-envnext -o ./c.out
rm -rf ./unit-test-coverage
rm -rf ./integration-test-coverage-envcurrent
rm -rf ./integration-test-coverage-envnext
sed -i 's/\/go\/src\/github.com/github.com/g' ./c.out
mod="$(cat go.mod | awk '/^module/ {print $2}')"
./cc-test-reporter after-build -p "${mod}/" -t gocov
fi