diff --git a/.github/labels.yml b/.github/labels.yml index b3c48e012e..c0aba7e664 100644 --- a/.github/labels.yml +++ b/.github/labels.yml @@ -69,3 +69,7 @@ - name: 'autorelease: tagged' color: ededed description: Release please has completed a release for this. + +- name: 'tests: run' + color: 3ded97 + description: Label to trigger Github Action tests. diff --git a/.github/trusted-contribution.yml b/.github/trusted-contribution.yml new file mode 100644 index 0000000000..1a2f61205d --- /dev/null +++ b/.github/trusted-contribution.yml @@ -0,0 +1,17 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +annotations: + - type: label + text: "tests: run" diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index e8269ecad7..ee1a2ba594 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -13,11 +13,15 @@ # limitations under the License. name: lint -on: [pull_request] +on: + pull_request: + pull_request_target: + types: [labeled] jobs: - build: - name: lint + lint: + if: "${{ github.event.action != 'labeled' || github.event.label.name == 'tests: run' }}" + name: run lint runs-on: ubuntu-latest steps: - name: Setup Go @@ -28,7 +32,26 @@ jobs: run: go install golang.org/x/tools/cmd/goimports@latest - name: Checkout code uses: actions/checkout@v3 + with: + ref: ${{ github.event.pull_request.head.sha }} + repository: ${{ github.event.pull_request.head.repo.full_name }} - run: goimports -w . - run: go mod tidy - name: Verify no changes from goimports and go mod tidy. If you're reading this and the check has failed, run `goimports -w . && go mod tidy`. run: git diff --exit-code + - name: Remove PR Label + if: "${{ github.event.action == 'labeled' && github.event.label.name == 'tests: run' }}" + uses: actions/github-script@v6 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + try { + await github.rest.issues.removeLabel({ + name: 'tests: run', + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.payload.pull_request.number + }); + } catch (e) { + console.log('Failed to remove label. Another job may have already removed it!'); + } diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index eb063fcb81..3fcf273380 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -18,46 +18,113 @@ on: push: branches: - main + pull_request_target: + types: [labeled] + schedule: + - cron: '0 2 * * *' jobs: integration: - runs-on: [self-hosted, linux, x64] - name: "integration tests (linux)" - steps: - - name: Setup Go - uses: actions/setup-go@v3 - with: - go-version: "1.18" - - name: Checkout code - uses: actions/checkout@v3 - - name: Get Secrets - id: 'secrets' - uses: 'google-github-actions/get-secretmanager-secrets@v0' - with: - secrets: |- - ALLOYDB_CONN_NAME:alloydb-connector-testing/ALLOYDB_CONN_NAME - ALLOYDB_CLUSTER_PASS:alloydb-connector-testing/ALLOYDB_CLUSTER_PASS - - name: Run tests - env: - ALLOYDB_DB: 'postgres' - ALLOYDB_USER: 'postgres' - ALLOYDB_PASS: '${{ steps.secrets.outputs.ALLOYDB_CLUSTER_PASS }}' - ALLOYDB_CONNECTION_NAME: '${{ steps.secrets.outputs.ALLOYDB_CONN_NAME }}' - run: | - go test -v -race -cover ./tests - build: - name: "unit tests" - runs-on: ${{ matrix.os }} - strategy: - matrix: - os: [macos-latest, windows-latest, ubuntu-latest] - steps: - - name: Setup Go - uses: actions/setup-go@v3 - with: - go-version: "1.18" - - name: Checkout code - uses: actions/checkout@v3 - - name: Run tests - run: | - go test -v -race -cover -short ./... + # run job on proper workflow event triggers (skip job for pull_request event from forks and only run pull_request_target for "tests: run" label) + if: "${{ (github.event.action != 'labeled' && github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name) || github.event.label.name == 'tests: run' }}" + runs-on: [self-hosted, linux, x64] + name: "integration tests (linux)" + permissions: + contents: 'read' + id-token: 'write' + steps: + - name: Remove PR label + if: "${{ github.event.action == 'labeled' && github.event.label.name == 'tests: run' }}" + uses: actions/github-script@v6 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + try { + await github.rest.issues.removeLabel({ + name: 'tests: run', + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.payload.pull_request.number + }); + } catch (e) { + console.log('Failed to remove label. Another job may have already removed it!'); + } + + - name: Setup Go + uses: actions/setup-go@v3 + with: + go-version: "1.18" + + - name: Checkout code + uses: actions/checkout@v3 + with: + ref: ${{ github.event.pull_request.head.sha }} + repository: ${{ github.event.pull_request.head.repo.full_name }} + + - id: 'auth' + name: 'Authenticate to Google Cloud' + uses: 'google-github-actions/auth@v0.8.0' + with: + workload_identity_provider: ${{ secrets.PROVIDER_NAME }} + service_account: ${{ secrets.SERVICE_ACCOUNT }} + + - name: 'Set up Cloud SDK' + uses: 'google-github-actions/setup-gcloud@v0.6.0' + + - name: Get Secrets + id: 'secrets' + uses: 'google-github-actions/get-secretmanager-secrets@v0.5.0' + with: + secrets: |- + ALLOYDB_CONN_NAME:${{ secrets.GOOGLE_CLOUD_PROJECT }}/ALLOYDB_CONN_NAME + ALLOYDB_CLUSTER_PASS:${{ secrets.GOOGLE_CLOUD_PROJECT }}/ALLOYDB_CLUSTER_PASS + + - name: Run tests + env: + ALLOYDB_DB: 'postgres' + ALLOYDB_USER: 'postgres' + ALLOYDB_PASS: '${{ steps.secrets.outputs.ALLOYDB_CLUSTER_PASS }}' + ALLOYDB_CONNECTION_NAME: '${{ steps.secrets.outputs.ALLOYDB_CONN_NAME }}' + run: | + go test -v -race -cover ./tests + + unit: + if: "${{ github.event.action != 'labeled' || github.event.label.name == 'tests: run' }}" + name: "unit tests" + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: [macos-latest, windows-latest, ubuntu-latest] + fail-fast: false + steps: + - name: Remove PR label + if: "${{ github.event.action == 'labeled' && github.event.label.name == 'tests: run' }}" + uses: actions/github-script@v6 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + try { + await github.rest.issues.removeLabel({ + name: 'tests: run', + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.payload.pull_request.number + }); + } catch (e) { + console.log('Failed to remove label. Another job may have already removed it!'); + } + + - name: Setup Go + uses: actions/setup-go@v3 + with: + go-version: "1.18" + + - name: Checkout code + uses: actions/checkout@v3 + with: + ref: ${{ github.event.pull_request.head.sha }} + repository: ${{ github.event.pull_request.head.repo.full_name }} + + - name: Run tests + run: | + go test -v -race -cover -short ./...