# Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. name: tests on: push: branches: - 'main' - 'v1' pull_request: pull_request_target: types: [labeled] schedule: - cron: '0 2 * * *' # Declare default permissions as read only. permissions: read-all jobs: compilation: name: FreeBSD and OpenBSD compilation check runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Setup Go uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: "1.22" - name: Verify FreeBSD and OpenBSD Builds run: | CGO_ENABLED=0 GOOS=freebsd go build CGO_ENABLED=0 GOOS=openbsd go build integration: # run job on proper workflow event triggers (skip job for pull_request event from forks and only run pull_request_target for "tests: run" label) if: "${{ (github.event.action != 'labeled' && github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name) || github.event.label.name == 'tests: run' }}" name: integration tests runs-on: ${{ matrix.os }} strategy: matrix: os: [macos-latest, windows-latest, ubuntu-latest] fail-fast: false permissions: contents: 'read' id-token: 'write' issues: write pull-requests: write steps: - name: Remove PR label if: "${{ github.event.action == 'labeled' && github.event.label.name == 'tests: run' }}" uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | try { await github.rest.issues.removeLabel({ name: 'tests: run', owner: context.repo.owner, repo: context.repo.repo, issue_number: context.payload.pull_request.number }); } catch (e) { console.log('Failed to remove label. Another job may have already removed it!'); } - name: Checkout code uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ github.event.pull_request.head.sha }} repository: ${{ github.event.pull_request.head.repo.full_name }} - name: Setup Go uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: "1.22" - id: 'auth' name: Authenticate to Google Cloud uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: workload_identity_provider: ${{ secrets.PROVIDER_NAME }} service_account: ${{ secrets.SERVICE_ACCOUNT }} access_token_lifetime: 600s - name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200 # v2.1.0 - id: 'secrets' name: Get secrets uses: google-github-actions/get-secretmanager-secrets@dc4a1392bad0fd60aee00bb2097e30ef07a1caae # v2.1.3 with: secrets: |- MYSQL_CONNECTION_NAME:${{ secrets.GOOGLE_CLOUD_PROJECT }}/MYSQL_CONNECTION_NAME MYSQL_USER:${{ secrets.GOOGLE_CLOUD_PROJECT }}/MYSQL_USER MYSQL_PASS:${{ secrets.GOOGLE_CLOUD_PROJECT }}/MYSQL_PASS MYSQL_DB:${{ secrets.GOOGLE_CLOUD_PROJECT }}/MYSQL_DB POSTGRES_CONNECTION_NAME:${{ secrets.GOOGLE_CLOUD_PROJECT }}/POSTGRES_CONNECTION_NAME POSTGRES_USER:${{ secrets.GOOGLE_CLOUD_PROJECT }}/POSTGRES_USER POSTGRES_USER_IAM:${{ secrets.GOOGLE_CLOUD_PROJECT }}/POSTGRES_USER_IAM POSTGRES_PASS:${{ secrets.GOOGLE_CLOUD_PROJECT }}/POSTGRES_PASS POSTGRES_DB:${{ secrets.GOOGLE_CLOUD_PROJECT }}/POSTGRES_DB SQLSERVER_CONNECTION_NAME:${{ secrets.GOOGLE_CLOUD_PROJECT }}/SQLSERVER_CONNECTION_NAME SQLSERVER_USER:${{ secrets.GOOGLE_CLOUD_PROJECT }}/SQLSERVER_USER SQLSERVER_PASS:${{ secrets.GOOGLE_CLOUD_PROJECT }}/SQLSERVER_PASS SQLSERVER_DB:${{ secrets.GOOGLE_CLOUD_PROJECT }}/SQLSERVER_DB IMPERSONATED_USER:${{ secrets.GOOGLE_CLOUD_PROJECT }}/IMPERSONATED_USER - name: Enable fuse config (Linux) if: runner.os == 'Linux' run: | sudo sed -i 's/#user_allow_other/user_allow_other/g' /etc/fuse.conf - name: Run tests env: GOOGLE_CLOUD_PROJECT: '${{ secrets.GOOGLE_CLOUD_PROJECT }}' MYSQL_CONNECTION_NAME: '${{ steps.secrets.outputs.MYSQL_CONNECTION_NAME }}' MYSQL_USER: '${{ steps.secrets.outputs.MYSQL_USER }}' MYSQL_PASS: '${{ steps.secrets.outputs.MYSQL_PASS }}' MYSQL_DB: '${{ steps.secrets.outputs.MYSQL_DB }}' POSTGRES_CONNECTION_NAME: '${{ steps.secrets.outputs.POSTGRES_CONNECTION_NAME }}' POSTGRES_USER: '${{ steps.secrets.outputs.POSTGRES_USER }}' POSTGRES_USER_IAM: '${{ steps.secrets.outputs.POSTGRES_USER_IAM }}' POSTGRES_PASS: '${{ steps.secrets.outputs.POSTGRES_PASS }}' POSTGRES_DB: '${{ steps.secrets.outputs.POSTGRES_DB }}' SQLSERVER_CONNECTION_NAME: '${{ steps.secrets.outputs.SQLSERVER_CONNECTION_NAME }}' SQLSERVER_USER: '${{ steps.secrets.outputs.SQLSERVER_USER }}' SQLSERVER_PASS: '${{ steps.secrets.outputs.SQLSERVER_PASS }}' SQLSERVER_DB: '${{ steps.secrets.outputs.SQLSERVER_DB }}' IMPERSONATED_USER: '${{ steps.secrets.outputs.IMPERSONATED_USER }}' TMPDIR: "/tmp" TMP: '${{ runner.temp }}' # specifying bash shell ensures a failure in a piped process isn't lost by using `set -eo pipefail` shell: bash run: | go test -race -v ./... | tee test_results.txt - name: Convert test output to XML if: ${{ (github.event_name == 'schedule' || github.event_name == 'push') && always() }} run: | go install github.com/jstemmer/go-junit-report/v2@latest go-junit-report -in test_results.txt -set-exit-code -out integration_sponge_log.xml - name: FlakyBot (Linux) # only run flakybot on periodic (schedule) and continuous (push) events if: ${{ (github.event_name == 'schedule' || github.event_name == 'push') && runner.os == 'Linux' && always() }} run: | curl https://github.com/googleapis/repo-automation-bots/releases/download/flakybot-1.1.0/flakybot -o flakybot -s -L chmod +x ./flakybot ./flakybot --repo ${{github.repository}} --commit_hash ${{github.sha}} --build_url https://github.com/${{github.repository}}/actions/runs/${{github.run_id}} - name: FlakyBot (Windows) # only run flakybot on periodic (schedule) and continuous (push) events if: ${{ (github.event_name == 'schedule' || github.event_name == 'push') && runner.os == 'Windows' && always() }} run: | curl https://github.com/googleapis/repo-automation-bots/releases/download/flakybot-1.1.0/flakybot.exe -o flakybot.exe -s -L ./flakybot.exe --repo ${{github.repository}} --commit_hash ${{github.sha}} --build_url https://github.com/${{github.repository}}/actions/runs/${{github.run_id}} - name: FlakyBot (macOS) # only run flakybot on periodic (schedule) and continuous (push) events if: ${{ (github.event_name == 'schedule' || github.event_name == 'push') && runner.os == 'macOS' && always() }} run: | curl https://github.com/googleapis/repo-automation-bots/releases/download/flakybot-1.1.0/flakybot-darwin-amd64 -o flakybot -s -L chmod +x ./flakybot ./flakybot --repo ${{github.repository}} --commit_hash ${{github.sha}} --build_url https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}