fluent-bit/.github/workflows/pr-integration-test.yaml at master · fluent/fluent-bit · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
name: Build and run integration tests for PR
on:
  # We need write token for upload to GHCR and we are protecting with labels too.
  pull_request_target:
    branches:
      - master
    types:
      - labeled
      - opened
      - reopened
      - synchronize

permissions:
  contents: read

jobs:
  pr-integration-test-build:
    name: PR - integration build
    # Only maintainers can create same-repo branches; do not run privileged
    # integration jobs against fork-controlled code.
    if: contains(github.event.pull_request.labels.*.name, 'ok-to-test') && github.event.pull_request.head.repo.full_name == github.repository
    permissions:
      contents: read
      packages: write
    uses: ./.github/workflows/call-integration-image-build.yaml
    with:
      ref: ${{ github.event.pull_request.head.sha }}
      registry: ghcr.io
      username: ${{ github.actor }}
      image: ${{ github.repository }}/pr-${{ github.event.number }}
      image-tag: ${{ github.sha }}
      environment: integration
    secrets:
      token: ${{ secrets.GITHUB_TOKEN }}

  pr-integration-test-build-complete:
    name: PR - integration build complete
    runs-on: ubuntu-latest
    needs:
      - pr-integration-test-build
    permissions:
      pull-requests: write
    steps:
      - uses: actions-ecosystem/action-add-labels@18f1af5e3544586314bbe15c0273249c770b2daf
        name: Label the PR
        with:
          labels: ci/integration-docker-ok
          github_token: ${{ secrets.GITHUB_TOKEN }}
          number: ${{ github.event.pull_request.number }}

  pr-integration-test-run-integration:
    name: PR - K8S integration test
    needs:
      - pr-integration-test-build
    if: needs.pr-integration-test-build.result == 'success'
    permissions:
      contents: read
      packages: read
    uses: ./.github/workflows/call-run-integration-test.yaml
    with:
      image_name: ghcr.io/${{ github.repository }}/pr-${{ github.event.pull_request.number }}
      image_tag: ${{ github.sha }}
    secrets:
      opensearch_aws_access_id: ${{ secrets.OPENSEARCH_AWS_ACCESS_ID }}
      opensearch_aws_secret_key: ${{ secrets.OPENSEARCH_AWS_SECRET_KEY }}
      opensearch_admin_password: ${{ secrets.OPENSEARCH_ADMIN_PASSWORD }}
      terraform_api_token: ${{ secrets.TF_API_TOKEN }}
      gcp-service-account-key: ${{ secrets.GCP_SA_KEY }}

  pr-integration-test-run-integration-post-label:
    name: PR - integration test complete
    runs-on: ubuntu-latest
    needs:
      - pr-integration-test-run-integration
    if: needs.pr-integration-test-run-integration.result == 'success'
    permissions:
      pull-requests: write
    steps:
      - uses: actions-ecosystem/action-add-labels@18f1af5e3544586314bbe15c0273249c770b2daf
        name: Label the PR
        with:
          labels: ci/integration-test-ok
          github_token: ${{ secrets.GITHUB_TOKEN }}
          number: ${{ github.event.pull_request.number }}
          repo: fluent/fluent-bit