Feature gate permissioned signer #34352
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# These tests ensure that changes to the faucet itself or its code dependencies don't | |
# cause the faucet to stop working with the production (devnet and testnet) networks. | |
# | |
# For tests that prevent the node from breaking compatibility with the faucet, see | |
# faucet-tests-main. | |
# | |
# These tests use node images built from devnet / testnet so we don't need to use | |
# workflow_call to wait for the image build to finish. | |
name: "Faucet Integration Tests: Prod" | |
on: | |
pull_request_target: | |
types: [labeled, opened, synchronize, reopened, auto_merge_enabled] | |
push: | |
branches: | |
- main | |
permissions: | |
contents: read | |
id-token: write # Required for GCP Workload Identity federation which we use to login into Google Artifact Registry | |
jobs: | |
# Note on the job-level `if` conditions: | |
# This workflow is designed such that we run subsequent jobs only when a 'push' | |
# triggered the workflow or on 'pull_request's which have set auto_merge=true | |
# or have the label "CICD:run-e2e-tests". | |
permission-check: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check repository permission for user which triggered workflow | |
uses: sushichop/action-repository-permission@13d208f5ae7a6a3fc0e5a7c2502c214983f0241c | |
with: | |
required-permission: write | |
comment-not-permitted: Sorry, you don't have permission to trigger this workflow. | |
# These tests ensure that the faucet works with the nodes running on devnet. | |
run-tests-devnet: | |
if: contains(github.event.pull_request.labels.*.name, 'CICD:non-required-tests') | |
needs: [permission-check] | |
runs-on: runs-on,cpu=64,family=c7,hdd=500,image=aptos-ubuntu-x64,run-id=${{ github.run_id }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: aptos-labs/aptos-core/.github/actions/docker-setup@main | |
with: | |
GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} | |
GCP_SERVICE_ACCOUNT_EMAIL: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_DOCKER_ARTIFACT_REPO: ${{ secrets.AWS_DOCKER_ARTIFACT_REPO }} | |
GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} | |
- uses: ./.github/actions/run-faucet-tests | |
with: | |
NETWORK: devnet | |
GCP_DOCKER_ARTIFACT_REPO: ${{ vars.GCP_DOCKER_ARTIFACT_REPO }} | |
# These tests ensure that the faucet works with the nodes running on testnet. | |
run-tests-testnet: | |
if: contains(github.event.pull_request.labels.*.name, 'CICD:non-required-tests') | |
needs: [permission-check] | |
runs-on: runs-on,cpu=64,family=c7,hdd=500,image=aptos-ubuntu-x64,run-id=${{ github.run_id }} | |
permissions: | |
contents: read | |
id-token: write | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: aptos-labs/aptos-core/.github/actions/docker-setup@main | |
with: | |
GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} | |
GCP_SERVICE_ACCOUNT_EMAIL: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_DOCKER_ARTIFACT_REPO: ${{ secrets.AWS_DOCKER_ARTIFACT_REPO }} | |
GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} | |
- uses: ./.github/actions/run-faucet-tests | |
with: | |
NETWORK: testnet | |
GCP_DOCKER_ARTIFACT_REPO: ${{ vars.GCP_DOCKER_ARTIFACT_REPO }} |