open-vault/.github/workflows/test-go.yml

176 lines
7 KiB
YAML
Raw Normal View History

on:
workflow_call:
inputs:
name:
description: A suffix to be added to the matrix job names.
required: true
type: string
go-arch:
description: The execution architecture (arm, amd64, etc.)
required: true
type: string
extra-flags:
description: A space-separated list of additional build flags.
required: false
type: string
runs-on:
description: An expression indicating which kind of runners to use.
required: false
type: string
default: ubuntu-latest
enterprise:
description: A flag indicating if this workflow is executing for the enterprise repository.
required: true
type: string
go-build-tags:
description: A comma-separated list of additional build tags to consider satisfied during the build.
required: false
type: string
env:
total-runners: 16
jobs:
test-generate-test-package-list:
runs-on: ${{ fromJSON(inputs.runs-on) }}
name: Verify Test Package Distribution
steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
- id: test
working-directory: .github/scripts
run: |
ENTERPRISE=${{ inputs.enterprise }} ./test-generate-test-package-lists.sh
runner-indexes:
runs-on: ${{ fromJSON(inputs.runs-on) }}
name: Generate runner indexes
#
# This job generates a JSON Array of integers ranging from 1 to 16.
# That array is used in the matrix section of the test-go job below.
#
outputs:
runner-indexes: ${{ steps.generate-index-list.outputs.indexes }}
steps:
- id: generate-index-list
run: |
INDEX_LIST=$(seq 1 ${{ env.total-runners }})
INDEX_JSON=$(jq --null-input --compact-output '. |= [inputs]' <<< ${INDEX_LIST})
echo "indexes=${INDEX_JSON}" >> ${GITHUB_OUTPUT}
test-go:
permissions:
id-token: write # Note: this permission is explicitly required for Vault auth
contents: read
name: "${{ matrix.runner-index }} ${{ inputs.name }}"
needs:
- runner-indexes
runs-on: ${{ fromJSON(inputs.runs-on) }}
strategy:
fail-fast: false
matrix:
#
# Initialize the runner-index key with the JSON array of integers
# generated above.
#
runner-index: ${{ fromJSON(needs.runner-indexes.outputs.runner-indexes) }}
env:
GOPRIVATE: github.com/hashicorp/*
TIMEOUT_IN_MINUTES: 60
steps:
- id: setup-git
name: Setup Git configuration
run: |
git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}@github.com".insteadOf https://github.com
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
- uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613
with:
go-version-file: ./.go-version
cache: true
- name: Authenticate to Vault
id: vault-auth
if: github.repository == 'hashicorp/vault-enterprise'
run: vault-auth
- name: Fetch Secrets
id: secrets
if: github.repository == 'hashicorp/vault-enterprise'
uses: hashicorp/vault-action@130d1f5f4fe645bb6c83e4225c04d64cfb62de6e
with:
url: ${{ steps.vault-auth.outputs.addr }}
caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
token: ${{ steps.vault-auth.outputs.token }}
secrets: |
kv/data/github/${{ github.repository }}/license license_1 | VAULT_LICENSE_CI;
kv/data/github/${{ github.repository }}/license license_2 | VAULT_LICENSE_2;
kv/data/github/${{ github.repository }}/hcp-link HCP_API_ADDRESS;
kv/data/github/${{ github.repository }}/hcp-link HCP_AUTH_URL;
kv/data/github/${{ github.repository }}/hcp-link HCP_CLIENT_ID;
kv/data/github/${{ github.repository }}/hcp-link HCP_CLIENT_SECRET;
kv/data/github/${{ github.repository }}/hcp-link HCP_RESOURCE_ID;
- id: run-go-tests
name: Run Go tests
timeout-minutes: ${{ fromJSON(env.TIMEOUT_IN_MINUTES) }}
run: |
set -exo pipefail
#
# This script creates a Bash array with 16 elements each
# containing a space delimited list of package names. The
# array element corresponding to this instance's
# matrix.runner-index value.
#
ENTERPRISE=${{ inputs.enterprise }} source .github/scripts/generate-test-package-lists.sh
# If data race detection is enabled, export a relevant environment variable for use in tests
if [[ "${{ inputs.extra-flags }}" =~ "-race" ]]; then
export VAULT_CI_GO_TEST_RACE=1
fi
# Build the dynamically generated source files.
make prep
mkdir -p test-results/go-test
# We don't want VAULT_LICENSE set when running Go tests, because that's
# not what developers have in their environments and it could break some
# tests; it would be like setting VAULT_TOKEN. However some non-Go
# CI commands, like the UI tests, shouldn't have to worry about licensing.
# So we provide the tests which want an externally supplied license with licenses
# via the VAULT_LICENSE_CI and VAULT_LICENSE_2 environment variables, and here we unset it.
VAULT_LICENSE=
# Assign test licenses to relevant variables if they aren't already
if [[ ${{ github.repository }} == 'hashicorp/vault' ]]; then
export VAULT_LICENSE_CI=${{ secrets.ci_license }}
export VAULT_LICENSE_2=${{ secrets.ci_license_2 }}
export HCP_API_ADDRESS=${{ secrets.HCP_API_ADDRESS }}
export HCP_AUTH_URL=${{ secrets.HCP_AUTH_URL }}
export HCP_CLIENT_ID=${{ secrets.HCP_CLIENT_ID }}
export HCP_CLIENT_SECRET=${{ secrets.HCP_CLIENT_SECRET }}
export HCP_RESOURCE_ID=${{ secrets.HCP_RESOURCE_ID }}
# Temporarily removing this variable to cause HCP Link tests
# to be skipped.
#export HCP_SCADA_ADDRESS=${{ secrets.HCP_SCADA_ADDRESS }}
fi
GOARCH=${{ inputs.go-arch }} \
go run gotest.tools/gotestsum --format=short-verbose \
--junitfile test-results/go-test/results.xml \
--jsonfile test-results/go-test/results.json \
-- \
-tags "${{ inputs.go-build-tags }}" \
-timeout=${{ env.TIMEOUT_IN_MINUTES }}m \
-parallel=20 \
${{ inputs.extra-flags }} \
\
${test_packages[${{ matrix.runner-index }}]}
- name: Archive test results
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
with:
name: test-results-${{ matrix.runner-index }}
path: test-results/
if: always()
- name: Create a summary of tests
uses: test-summary/action@62bc5c68de2a6a0d02039763b8c754569df99e3f
with:
paths: "test-results/go-test/results.xml"
show: "fail"
if: always()