chore: only run unit tests once (#205)

sethvargo · web-flow · commit f28c984cc734 · 2022-02-09T12:48:34.000-06:00
Right now, unit tests are run twice, once during unit and once during integration. This fixes that.
diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml
@@ -152,35 +152,3 @@ jobs:
 
     - name: 'Get output'
       run: 'echo "${{ steps.upload.outputs.uploaded }}"'
-
-  mocha:
-    if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name && github.actor != 'dependabot[bot]' }}
-    name: 'mocha'
-    runs-on: '${{ matrix.os }}'
-    strategy:
-      fail-fast: false
-      matrix:
-        os:
-        - 'ubuntu-latest'
-        - 'windows-latest'
-        - 'macos-latest'
-
-    steps:
-    - uses: 'actions/checkout@v2'
-
-    - uses: 'actions/setup-node@v2'
-      with:
-        node-version: '12.x'
-
-    - name: 'npm build'
-      run: 'npm ci && npm run build'
-
-    - uses: 'google-github-actions/auth@main'
-      with:
-        credentials_json: '${{ secrets.UPLOAD_CLOUD_STORAGE_GCP_SA_KEY_JSON }}'
-
-    - name: 'npm test'
-      run: 'npm run test'
-      env:
-        UPLOAD_CLOUD_STORAGE_TEST_BUCKET: '${{ secrets.UPLOAD_CLOUD_STORAGE_TEST_BUCKET }}'
-        UPLOAD_CLOUD_STORAGE_TEST_PROJECT: '${{ secrets.UPLOAD_CLOUD_STORAGE_PROJECT }}'
diff --git a/.github/workflows/unit.yml b/.github/workflows/unit.yml
@@ -17,6 +17,11 @@ jobs:
   unit:
     name: 'unit'
     runs-on: '${{ matrix.os }}'
+
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+
     strategy:
       fail-fast: false
       matrix:
@@ -38,8 +43,20 @@ jobs:
     - name: 'npm lint'
       # There's no need to run the linter for each operating system, since it
       # will find the same thing 3x and clog up the PR review.
-      if: ${{matrix.os == 'ubuntu-latest'}}
+      if: ${{ matrix.os == 'ubuntu-latest' }}
       run: 'npm run lint'
 
+    # Only authenticate if this is a full CI run.
+    - uses: 'google-github-actions/auth@main'
+      with:
+        workload_identity_provider: '${{ secrets.WIF_PROVIDER_NAME }}'
+        service_account: '${{ secrets.UPLOAD_CLOUD_STORAGE_GCP_SA_EMAIL }}'
+      if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name && github.actor != 'dependabot[bot]' }}
+
+    # The secrets will only be injected in pushes to main or from maintainers.
+    # If they aren't present, the associated steps are skipped.
     - name: 'npm test'
       run: 'npm run test'
+      env:
+        UPLOAD_CLOUD_STORAGE_TEST_BUCKET: '${{ secrets.UPLOAD_CLOUD_STORAGE_TEST_BUCKET }}'
+        UPLOAD_CLOUD_STORAGE_TEST_PROJECT: '${{ secrets.UPLOAD_CLOUD_STORAGE_PROJECT }}'
