Skip to content

Add HTTPS/certificate authentication support to file transfer service #3070

Add HTTPS/certificate authentication support to file transfer service

Add HTTPS/certificate authentication support to file transfer service #3070

name: integration-tests
on:
# Use a manual approval process before PR's are given access to
# the secrets which are required to run the integration tests.
# The PR code should be manually approved to see if it can be trusted.
# When in doubt, do not approve the test run.
# Reference: https://dev.to/petrsvihlik/using-environment-protection-rules-to-secure-secrets-when-building-external-forks-with-pullrequesttarget-hci
pull_request_target:
branches: [ main ]
push:
branches: [ main ]
workflow_dispatch:
inputs:
environment:
description: Test Environment
type: string
required: false
default: Test Pull Request
include:
description: Only run tests matching tests with the given tags
type: string
required: false
default: ""
processes:
description: Number of processes to run tests
type: string
required: false
default: "10"
skip_build:
description: Don't build thin-edge.io binaries
type: boolean
required: false
default: false
workflow_call:
inputs:
environment:
description: Test Environment
type: string
required: false
default: Test Pull Request
include:
description: Only run tests matching tests with the given tags
type: string
required: false
default: ""
processes:
description: Number of processes to run tests
type: string
required: false
default: "10"
skip_build:
description: Don't build thin-edge.io binaries
type: boolean
required: false
default: false
jobs:
build:
name: Build ${{ matrix.job.arch }}
if: ${{ !inputs.skip_build }}
runs-on: ubuntu-20.04
strategy:
matrix:
job:
- { arch: x86_64, target: x86_64-unknown-linux-musl, output: target/packages }
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }} # Check out the code of the PR. Only after the manual approval process
fetch-depth: 0
# Install nfpm used to for linux packaging
- uses: actions/setup-go@v4
with:
go-version: 'stable'
cache: false
- run: go install github.com/goreleaser/nfpm/v2/cmd/nfpm@latest
- name: Retrieve MSRV from workspace Cargo.toml
id: rust_version
uses: SebRollen/toml-action@v1.0.2
with:
file: Cargo.toml
field: "workspace.package.rust-version"
- name: Enable toolchain via github action
uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ steps.rust_version.outputs.value }}
targets: ${{ matrix.job.target }}
- name: Enable cache
# https://github.com/marketplace/actions/rust-cache
uses: Swatinem/rust-cache@v2
- name: Build packages for ${{ matrix.job.arch }}
run: |
bash -x ./ci/build_scripts/build.sh "${{ matrix.job.target }}"
cp "target/${{ matrix.job.target }}/packages/"*.deb tests/images/debian-systemd/files/packages/
- name: Upload artifacts as zip
# https://github.com/marketplace/actions/upload-a-build-artifact
uses: actions/upload-artifact@v3
with:
name: packages-${{ matrix.job.target }}
path: target/${{ matrix.job.target }}/packages/*.deb
test:
name: Test ${{ matrix.job.arch }}
needs: [build]
environment:
# For security reasons, all pull requests need to be approved first before granting access to secrets
# So the environment should be set to have a reviewer/s inspect it before approving it
name: ${{ inputs.environment || 'Test Pull Request' }}
runs-on: ubuntu-20.04
strategy:
matrix:
job:
- { arch: x86_64, target: x86_64-unknown-linux-musl, output: target/packages }
steps:
# Checkout either the PR or the branch
- name: Checkout PR
if: ${{ github.event.pull_request.head.sha || '' }}
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }} # Check out the code of the PR. Only after the manual approval process
fetch-depth: 0
- name: Checkout
if: ${{ !github.event.pull_request.head.sha }}
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Download release artifacts
uses: actions/download-artifact@v3
with:
name: packages-${{ matrix.job.target }}
path: tests/images/debian-systemd/files/packages/
- name: create .env file
working-directory: tests/RobotFramework
run: |
touch .env
echo 'C8Y_BASEURL="${{ secrets.C8Y_BASEURL }}"' >> .env
echo 'C8Y_TENANT="${{ secrets.C8Y_TENANT }}"' >> .env
echo 'C8Y_USER="${{ secrets.C8Y_USER }}"' >> .env
echo 'C8Y_PASSWORD="${{ secrets.C8Y_PASSWORD }}"' >> .env
- uses: actions/setup-python@v4
with:
python-version: '3.9'
cache: 'pip'
cache-dependency-path: |
**/requirements/requirements*.txt
- name: Install dependencies
run: |
./bin/setup.sh
working-directory: tests/RobotFramework
- name: Build images
working-directory: tests/RobotFramework
run: |
source .venv/bin/activate
invoke build
- name: Run tests
working-directory: tests/RobotFramework
run: |
source .venv/bin/activate
invoke test \
--processes "${{ inputs.processes || '' }}" \
--include "${{ inputs.include || '' }}" \
--exclude "test:on_demand OR theme:benchmarks" \
--outputdir output
- name: Upload test results
uses: actions/upload-artifact@v3
if: always()
with:
name: reports
path: tests/RobotFramework/output
generate_report:
name: Publish report
if: always()
needs: [test]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Download reports
uses: actions/download-artifact@v3
with:
name: reports
path: reports
- name: Create summary
uses: joonvena/robotframework-reporter-action@v2.3
with:
gh_access_token: ${{ secrets.GITHUB_TOKEN }}
show_passed_tests: 'false'