2
0
mirror of https://github.com/status-im/consul.git synced 2025-01-14 07:44:50 +00:00
hashicorp-tsccr[bot] 1ef5dfcfc6
SEC-090: Automated trusted workflow pinning (2023-07-18) ()
Result of tsccr-helper -log-level=info -pin-all-workflows .

Co-authored-by: hashicorp-tsccr[bot] <hashicorp-tsccr[bot]@users.noreply.github.com>
2023-07-19 16:56:50 -07:00

181 lines
6.1 KiB
YAML

name: reusable-unit-split
on:
workflow_call:
inputs:
directory:
required: true
type: string
runs-on:
description: An expression indicating which kind of runners to use.
required: true
type: string
go-arch:
required: false
type: string
default: ""
uploaded-binary-name:
required: false
type: string
default: "consul-bin"
args:
required: false
type: string
default: ""
runner-count:
required: false
type: number
default: 1
go-test-flags:
required: false
type: string
default: ""
repository-name:
required: true
type: string
go-tags:
required: false
type: string
default: ""
secrets:
elevated-github-token:
required: true
consul-license:
required: true
datadog-api-key:
required: true
env:
TEST_RESULTS: /tmp/test-results
GOTESTSUM_VERSION: "1.10.1"
GOARCH: ${{inputs.go-arch}}
TOTAL_RUNNERS: ${{inputs.runner-count}}
CONSUL_LICENSE: ${{secrets.consul-license}}
GOTAGS: ${{ inputs.go-tags}}
GOPRIVATE: github.com/hashicorp # Required for enterprise deps
DATADOG_API_KEY: ${{secrets.datadog-api-key}}
jobs:
set-test-package-matrix:
runs-on: ubuntu-latest
outputs:
package-matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version-file: 'go.mod'
- id: set-matrix
run: ./.github/scripts/set_test_package_matrix.sh ${{env.TOTAL_RUNNERS}}
go-test:
runs-on: ${{ fromJSON(inputs.runs-on) }}
name: "go-test"
needs:
- set-test-package-matrix
strategy:
fail-fast: false
matrix:
package: ${{ fromJson(needs.set-test-package-matrix.outputs.package-matrix) }}
steps:
- name: ulimit
run: |
echo "Soft limits"
ulimit -Sa
echo "Hard limits"
ulimit -Ha
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
# NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
- name: Setup Git
if: ${{ endsWith(inputs.repository-name, '-enterprise') }}
run: git config --global url."https://${{ secrets.elevated-github-token }}:@github.com".insteadOf "https://github.com"
- uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version-file: 'go.mod'
cache: true
- run: mkdir -p ${{env.TEST_RESULTS}}
- name: go mod download
working-directory: ${{inputs.directory}}
run: go mod download
- name: Download consul
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: ${{inputs.uploaded-binary-name}}
path: ${{inputs.directory}}
- name: Display downloaded file
run: ls -ld consul
working-directory: ${{inputs.directory}}
- run: echo "$GITHUB_WORKSPACE/${{inputs.directory}}" >> $GITHUB_PATH
- name: Make sure consul is executable
run: chmod +x $GITHUB_WORKSPACE/${{inputs.directory}}/consul
- run: go env
- name: Run tests
working-directory: ${{inputs.directory}}
run: |
# separate the list
PACKAGE_NAMES="${{ join(matrix.package, ' ') }}"
# PACKAGE_NAMES="${{ matrix.package }}"
${{inputs.go-test-flags}}
# some tests expect this umask, and arm images have a different default
umask 0022
go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \
--format=short-verbose \
--jsonfile /tmp/jsonfile/go-test.log \
--debug \
--rerun-fails=3 \
--rerun-fails-max-failures=40 \
--rerun-fails-report=/tmp/gotestsum-rerun-fails \
--packages="$PACKAGE_NAMES" \
--junitfile ${{env.TEST_RESULTS}}/gotestsum-report.xml -- \
-tags="${{env.GOTAGS}}" -p 2 \
${GO_TEST_FLAGS-} \
-cover -coverprofile=coverage.txt
# NOTE: ENT specific step as we store secrets in Vault.
- name: Authenticate to Vault
if: ${{ endsWith(github.repository, '-enterprise') }}
id: vault-auth
run: vault-auth
# NOTE: ENT specific step as we store secrets in Vault.
- name: Fetch Secrets
if: ${{ endsWith(github.repository, '-enterprise') }}
id: secrets
uses: hashicorp/vault-action@v2.5.0
with:
url: ${{ steps.vault-auth.outputs.addr }}
caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
token: ${{ steps.vault-auth.outputs.token }}
secrets: |
kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY;
- name: prepare datadog-ci
if: ${{ !endsWith(github.repository, '-enterprise') }}
run: |
curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
chmod +x /usr/local/bin/datadog-ci
- name: upload coverage
# do not run on forks
if: ${{ env.DATADOG_API_KEY}}
env:
DD_ENV: ci
run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" ${{env.TEST_RESULTS}}/gotestsum-report.xml
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with:
name: test-results
path: ${{env.TEST_RESULTS}}
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with:
name: jsonfile
path: /tmp/jsonfile
- name: "Re-run fails report"
run: |
.github/scripts/rerun_fails_report.sh /tmp/gotestsum-rerun-fails
- name: Notify Slack
if: ${{ failure() }}
run: .github/scripts/notify_slack.sh