on: workflow_call: inputs: go-arch: description: The execution architecture (arm, amd64, etc.) required: true type: string enterprise: description: A flag indicating if this workflow is executing for the enterprise repository. required: true type: string total-runners: description: Number of runners to use for executing the tests on. required: true type: string env-vars: description: A map of environment variables as JSON. required: false type: string default: '{}' extra-flags: description: A space-separated list of additional build flags. required: false type: string default: '' runs-on: description: An expression indicating which kind of runners to use. required: false type: string default: ubuntu-latest go-build-tags: description: A comma-separated list of additional build tags to consider satisfied during the build. required: false type: string env: ${{ fromJSON(inputs.env-vars) }} jobs: test-generate-test-package-list: runs-on: ${{ fromJSON(inputs.runs-on) }} name: Verify Test Package Distribution steps: - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 with: go-version-file: ./.go-version cache: true - id: test working-directory: .github/scripts run: | ENTERPRISE=${{ inputs.enterprise }} ./test-generate-test-package-lists.sh runner-indexes: runs-on: ${{ fromJSON(inputs.runs-on) }} name: Generate runner indexes # # This job generates a JSON Array of integers ranging from 1 to 16. # That array is used in the matrix section of the test-go job below. # outputs: runner-indexes: ${{ steps.generate-index-list.outputs.indexes }} steps: - id: generate-index-list run: | INDEX_LIST="$(seq 1 ${{ inputs.total-runners }})" INDEX_JSON="$(jq --null-input --compact-output '. |= [inputs]' <<< "${INDEX_LIST}")" echo "indexes=${INDEX_JSON}" >> "${GITHUB_OUTPUT}" test-go: permissions: id-token: write # Note: this permission is explicitly required for Vault auth contents: read name: "${{ matrix.runner-index }}" needs: - runner-indexes runs-on: ${{ fromJSON(inputs.runs-on) }} strategy: fail-fast: false matrix: # # Initialize the runner-index key with the JSON array of integers # generated above. # runner-index: ${{ fromJSON(needs.runner-indexes.outputs.runner-indexes) }} env: GOPRIVATE: github.com/hashicorp/* TIMEOUT_IN_MINUTES: 60 steps: - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 with: go-version-file: ./.go-version cache: true - name: Authenticate to Vault id: vault-auth if: github.repository == 'hashicorp/vault-enterprise' run: vault-auth - name: Fetch Secrets id: secrets if: github.repository == 'hashicorp/vault-enterprise' uses: hashicorp/vault-action@130d1f5f4fe645bb6c83e4225c04d64cfb62de6e with: url: ${{ steps.vault-auth.outputs.addr }} caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }} token: ${{ steps.vault-auth.outputs.token }} secrets: | kv/data/github/${{ github.repository }}/datadog-ci DATADOG_API_KEY; kv/data/github/${{ github.repository }}/github-token username-and-token | github-token; kv/data/github/${{ github.repository }}/license license_1 | VAULT_LICENSE_CI; kv/data/github/${{ github.repository }}/license license_2 | VAULT_LICENSE_2; kv/data/github/${{ github.repository }}/hcp-link HCP_API_ADDRESS; kv/data/github/${{ github.repository }}/hcp-link HCP_AUTH_URL; kv/data/github/${{ github.repository }}/hcp-link HCP_CLIENT_ID; kv/data/github/${{ github.repository }}/hcp-link HCP_CLIENT_SECRET; kv/data/github/${{ github.repository }}/hcp-link HCP_RESOURCE_ID; - id: setup-git-private name: Setup Git configuration (private) if: github.repository == 'hashicorp/vault-enterprise' run: | git config --global url."https://${{ steps.secrets.outputs.github-token }}@github.com".insteadOf https://github.com - id: setup-git-public name: Setup Git configuration (public) if: github.repository != 'hashicorp/vault-enterprise' run: | git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN}}@github.com".insteadOf https://github.com - id: go-mod-download if: matrix.runner-index > 16 env: GOPRIVATE: github.com/hashicorp/* run: time go mod download -x - id: build if: matrix.runner-index > 16 env: GOPRIVATE: github.com/hashicorp/* run: time make ci-bootstrap dev - id: run-go-tests name: Run Go tests timeout-minutes: ${{ fromJSON(env.TIMEOUT_IN_MINUTES) }} env: COMMIT_SHA: ${{ github.sha }} run: | set -exo pipefail # # This script creates a Bash array with 16 elements each # containing a space delimited list of package names. The # array element corresponding to this instance's # matrix.runner-index value. # ENTERPRISE=${{ inputs.enterprise }} source .github/scripts/generate-test-package-lists.sh # Build the dynamically generated source files. make prep mkdir -p test-results/go-test # We don't want VAULT_LICENSE set when running Go tests, because that's # not what developers have in their environments and it could break some # tests; it would be like setting VAULT_TOKEN. However some non-Go # CI commands, like the UI tests, shouldn't have to worry about licensing. # So we provide the tests which want an externally supplied license with licenses # via the VAULT_LICENSE_CI and VAULT_LICENSE_2 environment variables, and here we unset it. # shellcheck disable=SC2034 VAULT_LICENSE= # Assign test licenses to relevant variables if they aren't already if [[ ${{ github.repository }} == 'hashicorp/vault' ]]; then export VAULT_LICENSE_CI=${{ secrets.ci_license }} export VAULT_LICENSE_2=${{ secrets.ci_license_2 }} export HCP_API_ADDRESS=${{ secrets.HCP_API_ADDRESS }} export HCP_AUTH_URL=${{ secrets.HCP_AUTH_URL }} export HCP_CLIENT_ID=${{ secrets.HCP_CLIENT_ID }} export HCP_CLIENT_SECRET=${{ secrets.HCP_CLIENT_SECRET }} export HCP_RESOURCE_ID=${{ secrets.HCP_RESOURCE_ID }} # Temporarily removing this variable to cause HCP Link tests # to be skipped. #export HCP_SCADA_ADDRESS=${{ secrets.HCP_SCADA_ADDRESS }} fi if [ -f bin/vault ]; then VAULT_BINARY="$(pwd)/bin/vault" export VAULT_BINARY fi # shellcheck disable=SC2086 # can't quote package list GOARCH=${{ inputs.go-arch }} \ go run gotest.tools/gotestsum --format=short-verbose \ --junitfile test-results/go-test/results.xml \ --jsonfile test-results/go-test/results.json \ -- \ -tags "${{ inputs.go-build-tags }}" \ -timeout=${{ env.TIMEOUT_IN_MINUTES }}m \ -parallel=20 \ ${{ inputs.extra-flags }} \ \ ${test_packages[${{ matrix.runner-index }}]} - name: Prepare datadog-ci if: github.repository == 'hashicorp/vault' && always() continue-on-error: true run: | curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci" chmod +x /usr/local/bin/datadog-ci - name: Upload test results to DataDog continue-on-error: true env: DD_ENV: ci run: | if [[ ${{ github.repository }} == 'hashicorp/vault' ]]; then export DATADOG_API_KEY=${{ secrets.DATADOG_API_KEY }} fi datadog-ci junit upload --service "$GITHUB_REPOSITORY" test-results/go-test/results.xml if: always() - name: Archive test results uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: test-results-${{ matrix.runner-index }} path: test-results/ if: always() - name: Create a summary of tests uses: test-summary/action@62bc5c68de2a6a0d02039763b8c754569df99e3f # TSCCR: no entry for repository "test-summary/action" with: paths: "test-results/go-test/results.xml" show: "fail" if: always()