fix: enable ssh access out of the box #292
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test | |
on: | |
workflow_dispatch: | |
# Use a manual approval process before PR's are given access to | |
# the secrets which are required to run the integration tests. | |
# The PR code should be manually approved to see if it can be trusted. | |
# When in doubt, do not approve the test run. | |
# Reference: https://dev.to/petrsvihlik/using-environment-protection-rules-to-secure-secrets-when-building-external-forks-with-pullrequesttarget-hci | |
pull_request_target: | |
branches: [ main ] | |
push: | |
branches: [ main ] | |
merge_group: | |
jobs: | |
approve: | |
name: Approve | |
environment: | |
# For security reasons, all pull requests need to be approved first before granting access to secrets | |
# So the environment should be set to have a reviewer/s inspect it before approving it | |
name: ${{ github.event_name == 'pull_request_target' && 'Test Pull Request' || 'Test Auto' }} | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Wait for approval | |
run: echo "Approved" | |
test: | |
name: Test ${{ matrix.job.target }} | |
runs-on: ubuntu-20.04 | |
needs: approve | |
environment: | |
name: Test Auto | |
env: | |
COMPOSE_PROJECT_NAME: ci_${{ matrix.job.target }}_${{github.run_id}}_${{github.run_attempt || '1'}} | |
DEVICE_ID: ci_${{ matrix.job.target }}_${{github.run_id}}_${{github.run_attempt || '1'}} | |
strategy: | |
fail-fast: false | |
matrix: | |
job: | |
- { target: debian-systemd, bootstrap: "script" } | |
- { target: alpine-s6, bootstrap: "none" } | |
- { target: tedge, bootstrap: "container" } | |
- { target: tedge-containermgmt, bootstrap: "container" } | |
steps: | |
# Checkout either the PR or the branch | |
- name: Checkout PR | |
if: ${{ github.event_name == 'pull_request_target' }} | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} # Check out the code of the PR. Only after the manual approval process | |
- name: Checkout | |
uses: actions/checkout@v4 | |
if: ${{ github.event_name != 'pull_request_target' }} | |
- uses: reubenmiller/setup-go-c8y-cli@main | |
- name: install c8y-tedge extension | |
run: c8y extension install thin-edge/c8y-tedge | |
- name: create .env file | |
run: | | |
touch .env | |
echo "DEVICE_ID=$DEVICE_ID" >> .env | |
echo 'C8Y_BASEURL="${{ secrets.C8Y_BASEURL }}"' >> .env | |
C8Y_DOMAIN=$(echo "${{ secrets.C8Y_BASEURL }}" | sed -E 's|^https?://||g') | |
echo "C8Y_DOMAIN=$C8Y_DOMAIN" >> .env | |
echo 'C8Y_USER="${{ secrets.C8Y_USER }}"' >> .env | |
echo 'C8Y_PASSWORD="${{ secrets.C8Y_PASSWORD }}"' >> .env | |
cat .env | |
- name: Detect host architecture | |
run: | | |
arch=$(uname -m) | |
case "$arch" in | |
arm64|aarch64) NORMALIZED_ARCH=arm64; ;; | |
amd64|x86_64) NORMALIZED_ARCH=amd64; ;; | |
*) NORMALIZED_ARCH="$arch"; ;; | |
esac | |
echo "ARCH=$NORMALIZED_ARCH" >> "$GITHUB_ENV" | |
# Support running workflow locally on arm64 systems using act | |
# https://github.com/actions/setup-python/issues/705#issuecomment-1756948951 | |
- if: ${{ env.ARCH == 'arm64' }} | |
uses: deadsnakes/action@v3.1.0 | |
with: | |
python-version: "3.9" | |
- if: ${{ env.ARCH == 'amd64' }} | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.9' | |
cache: 'pip' | |
cache-dependency-path: | | |
tests/requirements.txt | |
- uses: taiki-e/install-action@just | |
- name: Install dependencies | |
run: | | |
just venv | |
- name: Start demo | |
run: | | |
case "${{matrix.job.bootstrap}}" in | |
script) | |
just IMAGE=${{matrix.job.target}} up | |
just IMAGE=${{matrix.job.target}} bootstrap --no-prompt | |
;; | |
container) | |
just IMAGE=${{matrix.job.target}} prepare-up | |
# Wait for container to startup before doing bootstrapping | |
just IMAGE=${{matrix.job.target}} up --build=false >/dev/null 2>&1 & | |
UP_PID=$! | |
sleep 5 | |
just IMAGE=${{matrix.job.target}} bootstrap-container "$DEVICE_ID" </dev/null | |
# Wait until bootstrap is ready | |
wait "$UP_PID" | |
echo "docker compose up is ready" | |
sleep 5 | |
;; | |
*) | |
just IMAGE=${{matrix.job.target}} up | |
echo "Skipping bootstrapping" | |
;; | |
esac | |
- name: Run tests | |
run: just IMAGE=${{matrix.job.target}} test | |
- name: Upload test results | |
uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: reports-${{matrix.job.target}} | |
path: output | |
- name: Stop demo | |
if: always() | |
run: just IMAGE=${{matrix.job.target}} down-all | |
- name: Cleanup Devices | |
if: always() | |
run: | | |
just cleanup "$DEVICE_ID" | |
- name: Send report to commit | |
uses: joonvena/robotframework-reporter-action@v2.3 | |
with: | |
gh_access_token: ${{ secrets.GITHUB_TOKEN }} | |
report_path: 'output' | |
show_passed_tests: 'false' |