f3f97c9658
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
268 lines
11 KiB
YAML
268 lines
11 KiB
YAML
on:
|
|
workflow_call:
|
|
inputs:
|
|
go-arch:
|
|
description: The execution architecture (arm, amd64, etc.)
|
|
required: true
|
|
type: string
|
|
enterprise:
|
|
description: A flag indicating if this workflow is executing for the enterprise repository.
|
|
required: true
|
|
type: string
|
|
total-runners:
|
|
description: Number of runners to use for executing the tests on.
|
|
required: true
|
|
type: string
|
|
env-vars:
|
|
description: A map of environment variables as JSON.
|
|
required: false
|
|
type: string
|
|
default: '{}'
|
|
extra-flags:
|
|
description: A space-separated list of additional build flags.
|
|
required: false
|
|
type: string
|
|
default: ''
|
|
runs-on:
|
|
description: An expression indicating which kind of runners to use.
|
|
required: false
|
|
type: string
|
|
default: ubuntu-latest
|
|
go-build-tags:
|
|
description: A comma-separated list of additional build tags to consider satisfied during the build.
|
|
required: false
|
|
type: string
|
|
name:
|
|
description: A suffix to append to archived test results
|
|
required: false
|
|
default: ''
|
|
type: string
|
|
go-test-parallelism:
|
|
description: The parallelism parameter for Go tests
|
|
required: false
|
|
default: 20
|
|
type: number
|
|
timeout-minutes:
|
|
description: The maximum number of minutes that this workflow should run
|
|
required: false
|
|
default: 60
|
|
type: number
|
|
|
|
|
|
env: ${{ fromJSON(inputs.env-vars) }}
|
|
|
|
jobs:
|
|
test-generate-test-package-list:
|
|
runs-on: ${{ fromJSON(inputs.runs-on) }}
|
|
name: Verify Test Package Distribution
|
|
permissions:
|
|
id-token: write # Note: this permission is explicitly required for Vault auth
|
|
contents: read
|
|
steps:
|
|
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
|
|
- uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
|
|
with:
|
|
go-version-file: ./.go-version
|
|
cache: true
|
|
- name: Authenticate to Vault
|
|
id: vault-auth
|
|
if: github.repository == 'hashicorp/vault-enterprise'
|
|
run: vault-auth
|
|
- name: Fetch Secrets
|
|
id: secrets
|
|
if: github.repository == 'hashicorp/vault-enterprise'
|
|
uses: hashicorp/vault-action@130d1f5f4fe645bb6c83e4225c04d64cfb62de6e
|
|
with:
|
|
url: ${{ steps.vault-auth.outputs.addr }}
|
|
caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
|
|
token: ${{ steps.vault-auth.outputs.token }}
|
|
secrets: |
|
|
kv/data/github/${{ github.repository }}/github-token username-and-token | github-token;
|
|
- id: setup-git-private
|
|
name: Setup Git configuration (private)
|
|
if: github.repository == 'hashicorp/vault-enterprise'
|
|
run: |
|
|
git config --global url."https://${{ steps.secrets.outputs.github-token }}@github.com".insteadOf https://github.com
|
|
- id: setup-git-public
|
|
name: Setup Git configuration (public)
|
|
if: github.repository != 'hashicorp/vault-enterprise'
|
|
run: |
|
|
git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN}}@github.com".insteadOf https://github.com
|
|
- id: test
|
|
working-directory: .github/scripts
|
|
env:
|
|
GOPRIVATE: github.com/hashicorp/*
|
|
run: |
|
|
ENTERPRISE=${{ inputs.enterprise }} ./test-generate-test-package-lists.sh
|
|
runner-indexes:
|
|
runs-on: ${{ fromJSON(inputs.runs-on) }}
|
|
name: Generate runner indexes
|
|
#
|
|
# This job generates a JSON Array of integers ranging from 1 to 16.
|
|
# That array is used in the matrix section of the test-go job below.
|
|
#
|
|
outputs:
|
|
runner-indexes: ${{ steps.generate-index-list.outputs.indexes }}
|
|
steps:
|
|
- id: generate-index-list
|
|
run: |
|
|
INDEX_LIST="$(seq 1 ${{ inputs.total-runners }})"
|
|
INDEX_JSON="$(jq --null-input --compact-output '. |= [inputs]' <<< "${INDEX_LIST}")"
|
|
echo "indexes=${INDEX_JSON}" >> "${GITHUB_OUTPUT}"
|
|
test-go:
|
|
permissions:
|
|
id-token: write # Note: this permission is explicitly required for Vault auth
|
|
contents: read
|
|
name: "${{ matrix.runner-index }}"
|
|
needs:
|
|
- runner-indexes
|
|
runs-on: ${{ fromJSON(inputs.runs-on) }}
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
#
|
|
# Initialize the runner-index key with the JSON array of integers
|
|
# generated above.
|
|
#
|
|
runner-index: ${{ fromJSON(needs.runner-indexes.outputs.runner-indexes) }}
|
|
env:
|
|
GOPRIVATE: github.com/hashicorp/*
|
|
TIMEOUT_IN_MINUTES: ${{ inputs.timeout-minutes }}
|
|
steps:
|
|
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
|
|
- uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
|
|
with:
|
|
go-version-file: ./.go-version
|
|
cache: true
|
|
- name: Authenticate to Vault
|
|
id: vault-auth
|
|
if: github.repository == 'hashicorp/vault-enterprise'
|
|
run: vault-auth
|
|
- name: Fetch Secrets
|
|
id: secrets
|
|
if: github.repository == 'hashicorp/vault-enterprise'
|
|
uses: hashicorp/vault-action@130d1f5f4fe645bb6c83e4225c04d64cfb62de6e
|
|
with:
|
|
url: ${{ steps.vault-auth.outputs.addr }}
|
|
caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
|
|
token: ${{ steps.vault-auth.outputs.token }}
|
|
secrets: |
|
|
kv/data/github/${{ github.repository }}/datadog-ci DATADOG_API_KEY;
|
|
kv/data/github/${{ github.repository }}/github-token username-and-token | github-token;
|
|
kv/data/github/${{ github.repository }}/license license_1 | VAULT_LICENSE_CI;
|
|
kv/data/github/${{ github.repository }}/license license_2 | VAULT_LICENSE_2;
|
|
kv/data/github/${{ github.repository }}/hcp-link HCP_API_ADDRESS;
|
|
kv/data/github/${{ github.repository }}/hcp-link HCP_AUTH_URL;
|
|
kv/data/github/${{ github.repository }}/hcp-link HCP_CLIENT_ID;
|
|
kv/data/github/${{ github.repository }}/hcp-link HCP_CLIENT_SECRET;
|
|
kv/data/github/${{ github.repository }}/hcp-link HCP_RESOURCE_ID;
|
|
- id: setup-git-private
|
|
name: Setup Git configuration (private)
|
|
if: github.repository == 'hashicorp/vault-enterprise'
|
|
run: |
|
|
git config --global url."https://${{ steps.secrets.outputs.github-token }}@github.com".insteadOf https://github.com
|
|
- id: setup-git-public
|
|
name: Setup Git configuration (public)
|
|
if: github.repository != 'hashicorp/vault-enterprise'
|
|
run: |
|
|
git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN}}@github.com".insteadOf https://github.com
|
|
- id: go-mod-download
|
|
if: matrix.runner-index > 16
|
|
env:
|
|
GOPRIVATE: github.com/hashicorp/*
|
|
run: time go mod download -x
|
|
- id: build
|
|
if: matrix.runner-index > 16
|
|
env:
|
|
GOPRIVATE: github.com/hashicorp/*
|
|
run: time make ci-bootstrap dev
|
|
- id: run-go-tests
|
|
name: Run Go tests
|
|
timeout-minutes: ${{ fromJSON(env.TIMEOUT_IN_MINUTES) }}
|
|
env:
|
|
COMMIT_SHA: ${{ github.sha }}
|
|
run: |
|
|
set -exo pipefail
|
|
|
|
#
|
|
# This script creates a Bash array with 16 elements each
|
|
# containing a space delimited list of package names. The
|
|
# array element corresponding to this instance's
|
|
# matrix.runner-index value.
|
|
#
|
|
ENTERPRISE=${{ inputs.enterprise }} source .github/scripts/generate-test-package-lists.sh
|
|
|
|
# Build the dynamically generated source files.
|
|
make prep
|
|
|
|
mkdir -p test-results/go-test
|
|
|
|
# We don't want VAULT_LICENSE set when running Go tests, because that's
|
|
# not what developers have in their environments and it could break some
|
|
# tests; it would be like setting VAULT_TOKEN. However some non-Go
|
|
# CI commands, like the UI tests, shouldn't have to worry about licensing.
|
|
# So we provide the tests which want an externally supplied license with licenses
|
|
# via the VAULT_LICENSE_CI and VAULT_LICENSE_2 environment variables, and here we unset it.
|
|
# shellcheck disable=SC2034
|
|
VAULT_LICENSE=
|
|
|
|
# Assign test licenses to relevant variables if they aren't already
|
|
if [[ ${{ github.repository }} == 'hashicorp/vault' ]]; then
|
|
export VAULT_LICENSE_CI=${{ secrets.ci_license }}
|
|
export VAULT_LICENSE_2=${{ secrets.ci_license_2 }}
|
|
export HCP_API_ADDRESS=${{ secrets.HCP_API_ADDRESS }}
|
|
export HCP_AUTH_URL=${{ secrets.HCP_AUTH_URL }}
|
|
export HCP_CLIENT_ID=${{ secrets.HCP_CLIENT_ID }}
|
|
export HCP_CLIENT_SECRET=${{ secrets.HCP_CLIENT_SECRET }}
|
|
export HCP_RESOURCE_ID=${{ secrets.HCP_RESOURCE_ID }}
|
|
# Temporarily removing this variable to cause HCP Link tests
|
|
# to be skipped.
|
|
#export HCP_SCADA_ADDRESS=${{ secrets.HCP_SCADA_ADDRESS }}
|
|
fi
|
|
|
|
if [ -f bin/vault ]; then
|
|
VAULT_BINARY="$(pwd)/bin/vault"
|
|
export VAULT_BINARY
|
|
fi
|
|
|
|
# shellcheck disable=SC2086 # can't quote package list
|
|
GOARCH=${{ inputs.go-arch }} \
|
|
go run gotest.tools/gotestsum --format=short-verbose \
|
|
--junitfile test-results/go-test/results-${{ matrix.runner-index }}.xml \
|
|
--jsonfile test-results/go-test/results-${{ matrix.runner-index }}.json \
|
|
-- \
|
|
-tags "${{ inputs.go-build-tags }}" \
|
|
-timeout=${{ env.TIMEOUT_IN_MINUTES }}m \
|
|
-parallel=${{ inputs.go-test-parallelism }} \
|
|
${{ inputs.extra-flags }} \
|
|
\
|
|
${test_packages[${{ matrix.runner-index }}]}
|
|
- name: Prepare datadog-ci
|
|
if: github.repository == 'hashicorp/vault' && (success() || failure())
|
|
continue-on-error: true
|
|
run: |
|
|
curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
|
|
chmod +x /usr/local/bin/datadog-ci
|
|
- name: Upload test results to DataDog
|
|
continue-on-error: true
|
|
env:
|
|
DD_ENV: ci
|
|
run: |
|
|
if [[ ${{ github.repository }} == 'hashicorp/vault' ]]; then
|
|
export DATADOG_API_KEY=${{ secrets.DATADOG_API_KEY }}
|
|
fi
|
|
datadog-ci junit upload --service "$GITHUB_REPOSITORY" test-results/go-test/results-${{ matrix.runner-index }}.xml
|
|
if: success() || failure()
|
|
- name: Archive test results
|
|
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
|
with:
|
|
name: test-results${{ inputs.name }}
|
|
path: test-results/
|
|
if: success() || failure()
|
|
- name: Create a summary of tests
|
|
uses: test-summary/action@62bc5c68de2a6a0d02039763b8c754569df99e3f # TSCCR: no entry for repository "test-summary/action"
|
|
with:
|
|
paths: "test-results/go-test/results-${{ matrix.runner-index }}.xml"
|
|
show: "fail"
|
|
if: success() || failure()
|