-
Notifications
You must be signed in to change notification settings - Fork 38
147 lines (122 loc) · 4.69 KB
/
Copy pathintegration-tests.yml
File metadata and controls
147 lines (122 loc) · 4.69 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
name: Integration Tests
on:
pull_request:
types: [opened, synchronize]
merge_group:
jobs:
check-token:
name: Check secrets access
runs-on:
group: databricks-protected-runner-group
labels: linux-ubuntu-latest
permissions:
id-token: write
contents: read
environment: "test-trigger-is"
outputs:
has_token: ${{ steps.set-token-status.outputs.has_token }}
steps:
- name: Check if required secrets are set
id: set-token-status
run: |
if [ -z "${{ secrets.DECO_WORKFLOW_TRIGGER_APP_ID }}" ] || [ -z "${{ secrets.DECO_TEST_APPROVAL_APP_ID }}" ]; then
echo "Required secrets are missing. User has no access to secrets."
echo "has_token=false" >> $GITHUB_OUTPUT
else
echo "All required secrets are set. User has access to secrets."
echo "has_token=true" >> $GITHUB_OUTPUT
fi
create-check:
name: Create Check Run
runs-on:
group: databricks-protected-runner-group
labels: linux-ubuntu-latest
permissions:
id-token: write
contents: read
needs: check-token
if: github.event_name == 'pull_request' && needs.check-token.outputs.has_token == 'true'
environment: "test-trigger-is"
outputs:
check_run_id: ${{ steps.create-check.outputs.check_run_id }}
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
- name: Generate GitHub App Token for Check Updates
id: generate-check-token
uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1.12.0
with:
app-id: ${{ secrets.DECO_TEST_APPROVAL_APP_ID }}
private-key: ${{ secrets.DECO_TEST_APPROVAL_PRIVATE_KEY }}
owner: databricks
- name: Create Check Run
id: create-check
env:
GH_TOKEN: ${{ steps.generate-check-token.outputs.token }}
run: |
response=$(gh api -X POST \
/repos/${{ github.repository }}/check-runs \
-f name="Integration Tests" \
-f head_sha="${{ github.event.pull_request.head.sha }}" \
-f status="queued" \
-f output[title]="Integration Tests" \
-f output[summary]="Tests queued and will be triggered shortly...")
check_run_id=$(echo "$response" | jq -r .id)
echo "check_run_id=$check_run_id" >> $GITHUB_OUTPUT
trigger-tests:
name: Trigger Tests
runs-on:
group: databricks-release-runner-group-emu-access
labels: linux-ubuntu-latest-emu-access
permissions:
id-token: write
contents: read
needs: [check-token, create-check]
if: github.event_name == 'pull_request' && needs.check-token.outputs.has_token == 'true'
environment: "test-trigger-is"
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
- name: Generate GitHub App Token for Workflow Trigger
id: generate-token
uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1.12.0
with:
app-id: ${{ secrets.DECO_WORKFLOW_TRIGGER_APP_ID }}
private-key: ${{ secrets.DECO_WORKFLOW_TRIGGER_PRIVATE_KEY }}
owner: ${{ secrets.ORG_NAME }}
repositories: ${{secrets.REPO_NAME}}
- name: Trigger Workflow in Another Repo
env:
GH_TOKEN: ${{ steps.generate-token.outputs.token }}
run: |
gh workflow run vscode-isolated-pr.yml -R ${{ secrets.ORG_NAME }}/${{secrets.REPO_NAME}} \
--ref main \
-f pull_request_number=${{ github.event.pull_request.number }} \
-f commit_sha=${{ github.event.pull_request.head.sha }} \
-f check_run_id=${{ needs.create-check.outputs.check_run_id }}
# The hash for the merge queue may not be the same as the hash for the PR.
# Auto approve the check for the merge queue to avoid running integration tests twice.
auto-approve:
if: github.event_name == 'merge_group'
runs-on:
group: databricks-protected-runner-group
labels: linux-ubuntu-latest
permissions:
id-token: write
checks: write
contents: read
steps:
- name: Auto-approve Check for Merge Queue
uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
with:
script: |
await github.rest.checks.create({
owner: context.repo.owner,
repo: context.repo.repo,
name: 'Integration Tests',
head_sha: context.sha,
status: 'completed',
conclusion: 'success',
output: {
title: 'Integration Tests',
summary: 'Auto-approved for merge queue (tests already passed on PR)'
}
});