-
Notifications
You must be signed in to change notification settings - Fork 1
170 lines (157 loc) · 5.47 KB
/
test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
#
# Copyright (C) 2021 CloudTruth, Inc.
#
# the secret values will be redacted by GitHub Actions
# this contains tests, which is why the secret value we are
# testing against are checked into this file
name: 'build-test'
on:
pull_request:
push:
branches:
- main
- 'release/*'
jobs:
secrets-gate:
runs-on: ubuntu-latest
outputs:
ok: ${{ steps.check-secrets.outputs.ok }}
steps:
- name: check for secrets needed to run demo
id: check-secrets
run: |
if [ ! -z "${{ secrets.CLOUDTRUTH_API_KEY }}" ]; then
echo "ok=true" >>$GITHUB_OUTPUT
fi
codeql:
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
config-file: .github/codeql/codeql-config.yml
languages: 'javascript'
- name: Autobuild
uses: github/codeql-action/autobuild@v3
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
build:
needs:
- secrets-gate
runs-on: "${{ matrix.os }}"
strategy:
fail-fast: false
matrix:
node-version:
- 20.x
os:
- macos-latest
- ubuntu-latest
- windows-latest
steps:
- uses: actions/checkout@v4
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node-version }}
- run: |
npm install
- name: Build
run: |
npm run all
- name: Check for changes in dist
if: ${{ contains(matrix.os, 'ubuntu') }}
run: |
git diff --exit-code
- name: Upload coverage to Codecov
if: ${{ contains(matrix.os, 'ubuntu') && needs.secrets-gate.outputs.ok == 'true' }}
uses: codecov/codecov-action@v3
with:
token: "${{ secrets.CODECOV_TOKEN }}"
test-posix:
# tests against an environment named "staging"
# runs on ubuntu against production, macos against staging
# to detect regressions or breaking changes
needs:
- secrets-gate
if: ${{ needs.secrets-gate.outputs.ok == 'true' }}
runs-on: "${{ matrix.os }}"
strategy:
matrix:
include:
- apikey: CLOUDTRUTH_API_KEY
os: ubuntu-latest
server: "https://api.cloudtruth.io"
- apikey: CLOUDTRUTH_STAGING_API_KEY
os: macos-latest
server: "https://api.staging.cloudtruth.io"
os:
- macos-latest
- ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: save initial state and set expectations
run: |
printenv | grep -v 'GITHUB_' > env_expected_unsorted
echo CTTEST_NOT_A_SECRET=not_a_secret_override >> env_expected_unsorted
echo CTTEST_TOTALLY_A_SECRET=totally_a_secret_override >> env_expected_unsorted
echo CTTEST_HAS_NO_OVERRIDE=has_no_override_default >> env_expected_unsorted
echo cttest.not.posix=not.posix.override >> env_expected_unsorted
cat env_expected_unsorted | sort > env_expected
- name: run action from repository
uses: ./
with:
apikey: "${{ secrets[matrix.apikey] }}"
project: "${{ github.repository }}"
environment: staging
server: "${{ matrix.server }}"
- name: check environment is as expected
run: |
printenv | grep -v 'GITHUB_' | sort > env_after
diff env_after env_expected
- name: dump the environment
run: |
printenv | sort
test-windows:
# tests against an environment named "override"
needs:
- secrets-gate
if: ${{ needs.secrets-gate.outputs.ok == 'true' }}
runs-on: windows-latest
steps:
- uses: actions/checkout@v4
- name: save initial state and set expectations
shell: pwsh
run: |
[Environment]::SetEnvironmentVariable("CTTEST_NOT_A_SECRET", "not_a_secret_override")
[Environment]::SetEnvironmentVariable("CTTEST_TOTALLY_A_SECRET", "totally_a_secret_override")
[Environment]::SetEnvironmentVariable("CTTEST_HAS_NO_OVERRIDE", "has_no_override_default")
[Environment]::SetEnvironmentVariable("cttest.not.posix", "not.posix.override")
Get-ChildItem Env: | Sort-Object -Property Name | Out-File -FilePath .\env_expected
[Environment]::SetEnvironmentVariable("CTTEST_NOT_A_SECRET", $null)
[Environment]::SetEnvironmentVariable("CTTEST_TOTALLY_A_SECRET", $null)
[Environment]::SetEnvironmentVariable("CTTEST_HAS_NO_OVERRIDE", $null)
[Environment]::SetEnvironmentVariable("cttest.not.posix", $null)
- name: run action from repository
uses: ./
with:
apikey: "${{ secrets.CLOUDTRUTH_API_KEY }}"
project: "${{ github.repository }}"
environment: staging
- name: check environment is as expected
shell: pwsh
run: |
Get-ChildItem Env: | Sort-Object -Property Name | Out-File -FilePath .\env_after
Compare-Object -ReferenceObject $(Get-Content .\env_expected) -DifferenceObject $(Get-Content .\env_after)
- name: dump the environment
shell: pwsh
run: |
Get-ChildItem Env: | Sort-Object -Property Name | Format-Table -Wrap -AutoSize