feat: add Triglav as end-to-end test orchestrator (#154)

github-actions[bot] · ChristophShyper · web-flow · commit f74cae3b2a3e · 2026-05-24T22:49:57.000+02:00
* feat: add Triglav as end-to-end test orchestrator

* fix: enforce automatic write disable when check mode is enabled

---------

Co-authored-by: ChristophShyper &lt;45788587+ChristophShyper@users.noreply.github.com&gt;
diff --git a/.github/workflows/auto-pull-request-create.yml b/.github/workflows/auto-pull-request-create.yml
@@ -9,9 +9,10 @@ on:
       - dependabot/**
 
 permissions:
-  contents: read
+  contents: write
   packages: write
   pull-requests: write
+  issues: write
 
 jobs:
   call:
diff --git a/.github/workflows/auto-release-create.yml b/.github/workflows/auto-release-create.yml
@@ -21,7 +21,8 @@ on:
 permissions:
   contents: write
   packages: write
-  pull-requests: read
+  pull-requests: write
+  issues: write
 
 jobs:
   call:
diff --git a/.github/workflows/manual-e2e-validate.yml b/.github/workflows/manual-e2e-validate.yml
@@ -0,0 +1,30 @@
+name: (Manual) E2E Validate
+
+on:
+  workflow_dispatch:
+    inputs:
+      mode:
+        description: Validation mode
+        required: false
+        default: image
+        type: choice
+        options:
+          - image
+          - ref
+      image_tag:
+        description: Image tag used when mode=image (for example v1.2.3-test or v1.2.3-rc)
+        required: false
+        default: ""
+        type: string
+
+permissions:
+  contents: read
+  packages: read
+
+jobs:
+  e2e:
+    uses: devops-infra/triglav/.github/workflows/e2e-action-format-hcl.yml@master
+    with:
+      mode: ${{ inputs.mode }}
+      image_tag: ${{ inputs.image_tag }}
+    secrets: inherit
diff --git a/.github/workflows/manual-release-branch-prepare.yml b/.github/workflows/manual-release-branch-prepare.yml
@@ -27,6 +27,7 @@ permissions:
   contents: write
   packages: write
   pull-requests: write
+  issues: write
 
 jobs:
   call:
diff --git a/README.md b/README.md
@@ -89,7 +89,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout
-      uses: actions/checkout@v5
+      uses: actions/checkout@v6
 
     - name: Fail on malformatted files
       uses: devops-infra/action-format-hcl@v1.1.0
@@ -109,7 +109,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout
-      uses: actions/checkout@v5
+      uses: actions/checkout@v6
 
     - name: Format HCL files
       uses: devops-infra/action-format-hcl@v1.1.0
@@ -135,7 +135,7 @@ jobs:
   format-hcl:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
 
       - uses: devops-infra/action-format-hcl@v1.1.0
         id: pin-patch
@@ -162,6 +162,29 @@ If you have any questions or need help, please:
 - 📝 Create an [issue](https://github.com/devops-infra/action-format-hcl/issues)
 - 🌟 Star this repository if you find it useful!
 
+## 🧪 End-to-End Validation
+Use the manual workflow `.github/workflows/manual-e2e-validate.yml` to validate this action against the centralized E2E repository.
+
+- `mode=image` validates a published image tag (recommended for `-test` and `-rc` release checks).
+- `mode=ref` validates ref-oriented E2E paths against stable pinned action refs.
+
+CI/CD automation also runs these E2E checks automatically:
+
+- Pull requests: E2E validation runs through reusable org workflows.
+- Release branch prepare: E2E validation runs against release candidate artifacts (`-rc`).
+- Release create: E2E validation runs against production release artifacts.
+
+Example trigger inputs:
+
+```text
+mode=ref
+```
+
+```text
+mode=image
+image_tag=v1.2.3-test
+```
+
 ## Forking
 To publish images from a fork, set these variables so Task uses your registry identities:
 `DOCKER_USERNAME`, `DOCKER_ORG_NAME`, `GITHUB_USERNAME`, `GITHUB_ORG_NAME`.
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -25,6 +25,11 @@ echo "  check: ${INPUT_CHECK}"
 echo "  recursive: ${INPUT_RECURSIVE}"
 echo "  dir: ${INPUT_DIR}"
 
+if [[ "${INPUT_CHECK}" == "true" && "${INPUT_WRITE}" == "true" ]]; then
+  echo "[INFO] check=true requires write=false; overriding write to false"
+  INPUT_WRITE="false"
+fi
+
 # Remap input variables as parameters for format-hcl
 ARGS=("-list=${INPUT_LIST}" "-write=${INPUT_WRITE}")
 
diff --git a/tests/docker/local-image.yml b/tests/docker/local-image.yml
@@ -18,6 +18,19 @@ commandTests:
       - -lc
       - INPUT_LIST=false INPUT_WRITE=true INPUT_IGNORE='' INPUT_DIFF=false INPUT_CHECK=false INPUT_RECURSIVE=true INPUT_DIR='' /entrypoint.sh >/tmp/entrypoint.log 2>&1 || (cat /tmp/entrypoint.log && exit 1)
 
+  - name: Check mode disables write automatically
+    command: bash
+    args:
+      - -lc
+      - |
+        mkdir -p /tmp/check-write-conflict
+        printf 'locals{a=1}\n' > /tmp/check-write-conflict/main.tf
+        INPUT_LIST=false INPUT_WRITE=true INPUT_IGNORE='' \
+          INPUT_DIFF=false INPUT_CHECK=true INPUT_RECURSIVE=true \
+          INPUT_DIR='/tmp/check-write-conflict' /entrypoint.sh \
+          >/tmp/check-write.log 2>&1 || (cat /tmp/check-write.log && exit 1)
+        grep -q 'check=true requires write=false; overriding write to false' /tmp/check-write.log
+
   - name: Apt cache cleaned
     command: bash
     args:
