diff --git a/.github/gh-config-template/gh_template.yml b/.github/gh-config-template/gh_template.yml index 5db5bd5a1..008206e4c 100644 --- a/.github/gh-config-template/gh_template.yml +++ b/.github/gh-config-template/gh_template.yml @@ -3,23 +3,32 @@ name: unit-integration-tests on: - pull_request_target: - types: - - labeled + pull_request: + types: [opened, synchronize, reopened, labeled] + branches: + - develop + paths: + - 'src/**' + - 'packages/**' + - 'jobs/**' + - 'config/**' + - 'scripts/**' + - '.github/workflows/**' + - '.github/helpers/**' env: MAPPING: | - build_nats_server=src/code.cloudfoundry.org/vendor/github.com/nats-io/nats-server/v2 + build_nats_server=src/code.cloudfoundry.org/vendor/github.com/nats-io/nats-server/v2 FLAGS: | - --keep-going - --trace - -r - --fail-on-pending - --randomize-all - --nodes=7 - --race - --timeout 30m - --flake-attempts 2 + --keep-going + --trace + -r + --fail-on-pending + --randomize-all + --nodes=7 + --race + --timeout 30m + --flake-attempts 2 RUN_AS: root VERIFICATIONS: | verify_go repo/$DIR @@ -28,22 +37,21 @@ env: verify_govet repo/$DIR verify_staticcheck repo/$DIR FUNCTIONS: "" - DB: "" + DB: "" jobs: repo-clone: - if: github.event.label.name == 'ready-to-run' runs-on: ubuntu-latest steps: - name: cf-networking-release-repo - uses: actions/checkout@v4 + uses: actions/checkout@v4.3.1 with: repository: ${{ github.event.pull_request.head.repo.full_name }} ref: ${{ github.event.pull_request.head.ref }} submodules: recursive path: repo - name: Check out wg-appruntime code - uses: actions/checkout@v4 + uses: actions/checkout@v4.3.1 with: repository: cloudfoundry/wg-app-platform-runtime-ci path: ci @@ -55,47 +63,77 @@ jobs: uses: actions/upload-artifact@v4 with: name: repo - path: | - repo-artifact.tar.gz - ci-artifact.tar.gz + path: | + repo-artifact.tar.gz + ci-artifact.tar.gz + determine-image-tag: + if: contains(github.event.pull_request.labels.*.name, 'ready-to-run') + runs-on: ubuntu-latest + outputs: + go_version: ${{ steps.get-version.outputs.go_version }} + steps: + - name: checkout ci repo + uses: actions/checkout@v4.3.1 + with: + repository: cloudfoundry/wg-app-platform-runtime-ci + sparse-checkout: go-version.json + sparse-checkout-cone-mode: false + - name: get-version + id: get-version + run: | + version=$(jq -r '.releases["cf-networking"] // .default' go-version.json) + echo "go_version=${version}" >> "$GITHUB_OUTPUT" template-tests: runs-on: ubuntu-latest - needs: repo-clone - container: - image: us-central1-docker.pkg.dev/app-runtime-platform-wg/dockerhub-mirror/cloudfoundry/tas-runtime-build - credentials: - username: _json_key - password: ${{ secrets.GCP_SERVICE_ACCOUNT_TAS_RUNTIME_BUILD_IMAGE_READER }} + needs: [repo-clone] + container: cloudfoundry/tas-runtime-build:latest steps: - name: Download artifact uses: actions/download-artifact@v4 with: name: repo - - run: "tar -xzvf repo-artifact.tar.gz\ntar -xzvf ci-artifact.tar.gz\n" + - run: | + tar -xzvf repo-artifact.tar.gz + tar -xzvf ci-artifact.tar.gz - name: template-tests run: | "${GITHUB_WORKSPACE}"/ci/shared/tasks/run-tests-templates/task.bash - test-on-mysql-5-7: + lint-repo: runs-on: ubuntu-latest + needs: [repo-clone] + container: cloudfoundry/tas-runtime-build:latest env: - BUILD_IMAGE: us-central1-docker.pkg.dev/app-runtime-platform-wg/dockerhub-mirror/cloudfoundry/tas-runtime-mysql-5.7 - needs: repo-clone + LINTERS: | + sync-package-specs.bash + sync-submodule-config.bash + match-golang-os-package-versions.bash steps: - name: Download artifact uses: actions/download-artifact@v4 with: - name: repo - - name: Authenticate with GCP - uses: google-github-actions/auth@v2 - with: - credentials_json: '${{ secrets.GCP_SERVICE_ACCOUNT_TAS_RUNTIME_BUILD_IMAGE_READER }}' - - name: Configure Docker to use gcloud + name: repo + - run: | + tar -xzvf repo-artifact.tar.gz + tar -xzvf ci-artifact.tar.gz + - name: lint-repo run: | - gcloud auth configure-docker us-central1-docker.pkg.dev - docker pull "$BUILD_IMAGE" + "${GITHUB_WORKSPACE}"/ci/shared/tasks/lint-repo/task.bash + test-on-mysql-5-7: + if: contains(github.event.pull_request.labels.*.name, 'ready-to-run') + runs-on: ubuntu-latest + needs: [repo-clone, determine-image-tag] + env: + BUILD_IMAGE: cloudfoundry/tas-runtime-mysql-5.7:${{ needs.determine-image-tag.outputs.go_version }} + steps: + - name: Download artifact + uses: actions/download-artifact@v4 + with: + name: repo - run: | - tar -xzvf repo-artifact.tar.gz - tar -xzvf ci-artifact.tar.gz + tar -xzvf repo-artifact.tar.gz + tar -xzvf ci-artifact.tar.gz + - name: pull image + run: docker pull "$BUILD_IMAGE" #@ for package in helpers.packages_with_configure_db(data.values.internal_repos): - name: #@ "{}-mysql".format(package.name) env: @@ -105,27 +143,21 @@ jobs: ./repo/.github/helpers/test.bash ${{ github.workspace }} "$BUILD_IMAGE" #@ end test-repos-withoutdb: + if: contains(github.event.pull_request.labels.*.name, 'ready-to-run') runs-on: ubuntu-latest - needs: repo-clone + needs: [repo-clone, determine-image-tag] env: - BUILD_IMAGE: us-central1-docker.pkg.dev/app-runtime-platform-wg/dockerhub-mirror/cloudfoundry/tas-runtime-build + BUILD_IMAGE: cloudfoundry/tas-runtime-build:${{ needs.determine-image-tag.outputs.go_version }} steps: - name: Download artifact uses: actions/download-artifact@v4 with: - name: repo - - name: Authenticate with GCP - uses: google-github-actions/auth@v2 - with: - credentials_json: '${{ secrets.GCP_SERVICE_ACCOUNT_TAS_RUNTIME_BUILD_IMAGE_READER }}' - - name: Configure Docker to use gcloud - run: | - gcloud auth configure-docker us-central1-docker.pkg.dev - docker pull "$BUILD_IMAGE" - + name: repo - run: | - tar -xzvf repo-artifact.tar.gz - tar -xzvf ci-artifact.tar.gz + tar -xzvf repo-artifact.tar.gz + tar -xzvf ci-artifact.tar.gz + - name: pull image + run: docker pull "$BUILD_IMAGE" #@ for package in helpers.packages_without_configure_db(data.values.internal_repos): - name: #@ package.name env: @@ -135,55 +167,45 @@ jobs: ./repo/.github/helpers/test.bash ${{ github.workspace }} "$BUILD_IMAGE" #@ end test-on-postgres: + if: contains(github.event.pull_request.labels.*.name, 'ready-to-run') runs-on: ubuntu-latest - needs: repo-clone + needs: [repo-clone, determine-image-tag] env: - BUILD_IMAGE: us-central1-docker.pkg.dev/app-runtime-platform-wg/dockerhub-mirror/cloudfoundry/tas-runtime-postgres + BUILD_IMAGE: cloudfoundry/tas-runtime-postgres:${{ needs.determine-image-tag.outputs.go_version }} steps: - name: Download artifact uses: actions/download-artifact@v4 with: - name: repo - - name: Authenticate with GCP - uses: google-github-actions/auth@v2 - with: - credentials_json: '${{ secrets.GCP_SERVICE_ACCOUNT_TAS_RUNTIME_BUILD_IMAGE_READER }}' - - name: Configure Docker to use gcloud - run: | - gcloud auth configure-docker us-central1-docker.pkg.dev - docker pull "$BUILD_IMAGE" + name: repo - run: | - tar -xzvf repo-artifact.tar.gz - tar -xzvf ci-artifact.tar.gz + tar -xzvf repo-artifact.tar.gz + tar -xzvf ci-artifact.tar.gz + - name: pull image + run: docker pull "$BUILD_IMAGE" #@ for package in helpers.packages_with_configure_db(data.values.internal_repos): - - name: #@ "{}-mysql".format(package.name) + - name: #@ "{}-postgres".format(package.name) env: DIR: #@ "src/code.cloudfoundry.org/{}".format(package.name) DB: postgres run: | ./repo/.github/helpers/test.bash ${{ github.workspace }} "$BUILD_IMAGE" - #@ end +#@ end test-on-mysql-8-0: + if: contains(github.event.pull_request.labels.*.name, 'ready-to-run') runs-on: ubuntu-latest - needs: repo-clone + needs: [repo-clone, determine-image-tag] env: - BUILD_IMAGE: us-central1-docker.pkg.dev/app-runtime-platform-wg/dockerhub-mirror/cloudfoundry/tas-runtime-mysql-8.0 + BUILD_IMAGE: cloudfoundry/tas-runtime-mysql-8.0:${{ needs.determine-image-tag.outputs.go_version }} steps: - name: Download artifact uses: actions/download-artifact@v4 with: - name: repo - - name: Authenticate with GCP - uses: google-github-actions/auth@v2 - with: - credentials_json: '${{ secrets.GCP_SERVICE_ACCOUNT_TAS_RUNTIME_BUILD_IMAGE_READER }}' - - name: Configure Docker to use gcloud - run: | - gcloud auth configure-docker us-central1-docker.pkg.dev - docker pull "$BUILD_IMAGE" + name: repo - run: | - tar -xzvf repo-artifact.tar.gz - tar -xzvf ci-artifact.tar.gz + tar -xzvf repo-artifact.tar.gz + tar -xzvf ci-artifact.tar.gz + - name: pull image + run: docker pull "$BUILD_IMAGE" #@ for package in helpers.packages_with_configure_db(data.values.internal_repos): - name: #@ "{}-mysql".format(package.name) env: @@ -191,4 +213,4 @@ jobs: DB: mysql run: | ./repo/.github/helpers/test.bash ${{ github.workspace }} "$BUILD_IMAGE" -#@ end \ No newline at end of file +#@ end diff --git a/.github/workflows/tests-workflow.yml b/.github/workflows/tests-workflow.yml index dcd0e04d6..34b45ad25 100644 --- a/.github/workflows/tests-workflow.yml +++ b/.github/workflows/tests-workflow.yml @@ -1,10 +1,18 @@ name: unit-integration-tests on: - push: - pull_request_target: - types: - - labeled + pull_request: + types: [opened, synchronize, reopened, labeled] + branches: + - develop + paths: + - 'src/**' + - 'packages/**' + - 'jobs/**' + - 'config/**' + - 'scripts/**' + - '.github/workflows/**' + - '.github/helpers/**' env: MAPPING: | build_nats_server=src/code.cloudfoundry.org/vendor/github.com/nats-io/nats-server/v2 @@ -29,18 +37,17 @@ env: DB: "" jobs: repo-clone: - if: github.event.label.name == 'ready-to-run' runs-on: ubuntu-latest steps: - name: cf-networking-release-repo - uses: actions/checkout@v4 + uses: actions/checkout@v4.3.1 with: repository: ${{ github.event.pull_request.head.repo.full_name }} ref: ${{ github.event.pull_request.head.ref }} submodules: recursive path: repo - name: Check out wg-appruntime code - uses: actions/checkout@v4 + uses: actions/checkout@v4.3.1 with: repository: cloudfoundry/wg-app-platform-runtime-ci path: ci @@ -55,14 +62,27 @@ jobs: path: | repo-artifact.tar.gz ci-artifact.tar.gz + determine-image-tag: + if: contains(github.event.pull_request.labels.*.name, 'ready-to-run') + runs-on: ubuntu-latest + outputs: + go_version: ${{ steps.get-version.outputs.go_version }} + steps: + - name: checkout ci repo + uses: actions/checkout@v4.3.1 + with: + repository: cloudfoundry/wg-app-platform-runtime-ci + sparse-checkout: go-version.json + sparse-checkout-cone-mode: false + - name: get-version + id: get-version + run: | + version=$(jq -r '.releases["cf-networking"] // .default' go-version.json) + echo "go_version=${version}" >> "$GITHUB_OUTPUT" template-tests: runs-on: ubuntu-latest - needs: repo-clone - container: - image: us-central1-docker.pkg.dev/app-runtime-platform-wg/dockerhub-mirror/cloudfoundry/tas-runtime-build - credentials: - username: _json_key - password: ${{ secrets.GCP_SERVICE_ACCOUNT_TAS_RUNTIME_BUILD_IMAGE_READER }} + needs: [repo-clone] + container: cloudfoundry/tas-runtime-build:latest steps: - name: Download artifact uses: actions/download-artifact@v4 @@ -74,25 +94,42 @@ jobs: - name: template-tests run: | "${GITHUB_WORKSPACE}"/ci/shared/tasks/run-tests-templates/task.bash - test-on-mysql-5-7: + lint-repo: runs-on: ubuntu-latest + needs: [repo-clone] + container: cloudfoundry/tas-runtime-build:latest env: - BUILD_IMAGE: us-central1-docker.pkg.dev/app-runtime-platform-wg/dockerhub-mirror/cloudfoundry/tas-runtime-mysql-5.7 - needs: repo-clone + LINTERS: | + sync-package-specs.bash + sync-submodule-config.bash + match-golang-os-package-versions.bash steps: - name: Download artifact uses: actions/download-artifact@v4 with: name: repo - - name: Authenticate with GCP - uses: google-github-actions/auth@v2 - with: - credentials_json: ${{ secrets.GCP_SERVICE_ACCOUNT_TAS_RUNTIME_BUILD_IMAGE_READER }} - - name: Configure Docker to use gcloud + - run: | + tar -xzvf repo-artifact.tar.gz + tar -xzvf ci-artifact.tar.gz + - name: lint-repo run: | - gcloud auth configure-docker us-central1-docker.pkg.dev - docker pull "$BUILD_IMAGE" - - run: "tar -xzvf repo-artifact.tar.gz\ntar -xzvf ci-artifact.tar.gz \n" + "${GITHUB_WORKSPACE}"/ci/shared/tasks/lint-repo/task.bash + test-on-mysql-5-7: + if: contains(github.event.pull_request.labels.*.name, 'ready-to-run') + runs-on: ubuntu-latest + needs: [repo-clone, determine-image-tag] + env: + BUILD_IMAGE: cloudfoundry/tas-runtime-mysql-5.7:${{ needs.determine-image-tag.outputs.go_version }} + steps: + - name: Download artifact + uses: actions/download-artifact@v4 + with: + name: repo + - run: | + tar -xzvf repo-artifact.tar.gz + tar -xzvf ci-artifact.tar.gz + - name: pull image + run: docker pull "$BUILD_IMAGE" - name: policy-server-mysql env: DIR: src/code.cloudfoundry.org/policy-server @@ -100,24 +137,21 @@ jobs: run: | ./repo/.github/helpers/test.bash ${{ github.workspace }} "$BUILD_IMAGE" test-repos-withoutdb: + if: contains(github.event.pull_request.labels.*.name, 'ready-to-run') runs-on: ubuntu-latest - needs: repo-clone + needs: [repo-clone, determine-image-tag] env: - BUILD_IMAGE: us-central1-docker.pkg.dev/app-runtime-platform-wg/dockerhub-mirror/cloudfoundry/tas-runtime-build + BUILD_IMAGE: cloudfoundry/tas-runtime-build:${{ needs.determine-image-tag.outputs.go_version }} steps: - name: Download artifact uses: actions/download-artifact@v4 with: name: repo - - name: Authenticate with GCP - uses: google-github-actions/auth@v2 - with: - credentials_json: ${{ secrets.GCP_SERVICE_ACCOUNT_TAS_RUNTIME_BUILD_IMAGE_READER }} - - name: Configure Docker to use gcloud - run: "gcloud auth configure-docker us-central1-docker.pkg.dev\ndocker pull \"$BUILD_IMAGE\" \n" - run: | tar -xzvf repo-artifact.tar.gz tar -xzvf ci-artifact.tar.gz + - name: pull image + run: docker pull "$BUILD_IMAGE" - name: bosh-dns-adapter env: DIR: src/code.cloudfoundry.org/bosh-dns-adapter @@ -149,51 +183,43 @@ jobs: export DIR=$DIR ./repo/.github/helpers/test.bash ${{ github.workspace }} "$BUILD_IMAGE" test-on-postgres: + if: contains(github.event.pull_request.labels.*.name, 'ready-to-run') runs-on: ubuntu-latest - needs: repo-clone + needs: [repo-clone, determine-image-tag] env: - BUILD_IMAGE: us-central1-docker.pkg.dev/app-runtime-platform-wg/dockerhub-mirror/cloudfoundry/tas-runtime-postgres + BUILD_IMAGE: cloudfoundry/tas-runtime-postgres:${{ needs.determine-image-tag.outputs.go_version }} steps: - name: Download artifact uses: actions/download-artifact@v4 with: name: repo - - name: Authenticate with GCP - uses: google-github-actions/auth@v2 - with: - credentials_json: ${{ secrets.GCP_SERVICE_ACCOUNT_TAS_RUNTIME_BUILD_IMAGE_READER }} - - name: Configure Docker to use gcloud - run: "gcloud auth configure-docker us-central1-docker.pkg.dev\ndocker pull \"$BUILD_IMAGE\" \n" - run: | tar -xzvf repo-artifact.tar.gz tar -xzvf ci-artifact.tar.gz - - name: policy-server-mysql + - name: pull image + run: docker pull "$BUILD_IMAGE" + - name: policy-server-postgres env: DIR: src/code.cloudfoundry.org/policy-server DB: postgres run: | ./repo/.github/helpers/test.bash ${{ github.workspace }} "$BUILD_IMAGE" test-on-mysql-8-0: + if: contains(github.event.pull_request.labels.*.name, 'ready-to-run') runs-on: ubuntu-latest - needs: repo-clone + needs: [repo-clone, determine-image-tag] env: - BUILD_IMAGE: us-central1-docker.pkg.dev/app-runtime-platform-wg/dockerhub-mirror/cloudfoundry/tas-runtime-mysql-8.0 + BUILD_IMAGE: cloudfoundry/tas-runtime-mysql-8.0:${{ needs.determine-image-tag.outputs.go_version }} steps: - name: Download artifact uses: actions/download-artifact@v4 with: name: repo - - name: Authenticate with GCP - uses: google-github-actions/auth@v2 - with: - credentials_json: ${{ secrets.GCP_SERVICE_ACCOUNT_TAS_RUNTIME_BUILD_IMAGE_READER }} - - name: Configure Docker to use gcloud - run: | - gcloud auth configure-docker us-central1-docker.pkg.dev - docker pull "$BUILD_IMAGE" - run: | tar -xzvf repo-artifact.tar.gz tar -xzvf ci-artifact.tar.gz + - name: pull image + run: docker pull "$BUILD_IMAGE" - name: policy-server-mysql env: DIR: src/code.cloudfoundry.org/policy-server