build: migrate auth to GH Actions (GoogleCloudPlatform#2543)

sofisl · web-flow · commit 29252393519e · 2022-02-24T13:27:59.000-05:00
* build: migrate auth to GH Actions
diff --git a/.github/workflows/auth.yaml b/.github/workflows/auth.yaml
@@ -0,0 +1,67 @@
+name: auth
+on:
+  push:
+    branches:
+    - main
+    paths:
+    - 'auth/**'
+  pull_request:
+    paths:
+    - 'auth/**'
+  pull_request_target:
+    types: [labeled]
+  schedule:
+  - cron:  '0 2 * * *'
+jobs:
+  test:
+    if: ${{ github.event.action != 'labeled' || github.event.label.name == 'actions:force-run' }}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: 'write'
+      pull-requests: 'write'
+      id-token: 'write'
+    steps:
+    - uses: 'google-github-actions/auth@v0.3.1'
+      with:
+        workload_identity_provider: 'projects/1046198160504/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-provider'
+        service_account: 'kokoro-system-test@long-door-651.iam.gserviceaccount.com'
+        create_credentials_file: 'true'
+        credentials_json: '${{ secrets.GOOGLE_CREDENTIALS }}'
+        access_token_lifetime: 600s
+    - uses: actions/checkout@v2
+      with:
+        ref: ${{github.event.pull_request.head.ref}}
+        repository: ${{github.event.pull_request.head.repo.full_name}}
+    - uses: actions/setup-node@v2
+      with:
+        node-version: 14
+    - run: npm install
+      working-directory: auth
+    - run: npm test
+      working-directory: auth
+      env:
+        MOCHA_REPORTER_SUITENAME: auth
+        MOCHA_REPORTER_OUTPUT: auth_sponge_log.xml
+        MOCHA_REPORTER: xunit
+    - if: ${{ github.event.action == 'labeled' && github.event.label.name == 'actions:force-run' }}
+      uses: actions/github-script@v5
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        script: |
+          try {
+            await github.rest.issues.removeLabel({
+              name: 'actions:force-run',
+              owner: 'GoogleCloudPlatform',
+              repo: 'nodejs-docs-samples',
+              issue_number: context.payload.pull_request.number
+            });
+          } catch (e) {
+            if (!e.message.includes('Label does not exist')) {
+              throw e;
+            }
+          }
+    - if: ${{ github.event_name == 'schedule'}}
+      run: |
+        curl https://github.com/googleapis/repo-automation-bots/releases/download/flakybot-1.1.0/flakybot -o flakybot -s -L
+        chmod +x ./flakybot
+        ./flakybot --repo GoogleCloudPlatform/nodejs-docs-samples --commit_hash ${{github.sha}} --build_url https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}
diff --git a/.github/workflows/workflows.json b/.github/workflows/workflows.json
@@ -13,6 +13,7 @@
   "appengine/static-files",
   "appengine/storage/flexible",
   "appengine/storage/standard",
+  "auth",
   "appengine/typescript",
   "appengine/websockets",
   "appengine/twilio",
@@ -40,6 +41,5 @@
   "monitoring/prometheus",
   "datacatalog/cloud-client",
   "datacatalog/quickstart",
-  "datastore/functions",
-  "run/jobs"
+  "datastore/functions"
 ]
diff --git a/.kokoro/auth.cfg b/.kokoro/auth.cfg
diff --git a/auth/system-test/auth.test.js b/auth/system-test/auth.test.js
@@ -14,34 +14,24 @@
 
 'use strict';
 
-const path = require('path');
 const assert = require('assert');
+const path = require('path');
 const {execSync} = require('child_process');
 
 const cwd = path.join(__dirname, '..');
 const cmd = 'node auth.js';
 
-const {BUCKET_NAME} = process.env;
-
-before(() => {
-  assert(
-    process.env.GOOGLE_CLOUD_PROJECT,
-    'Must set GOOGLE_CLOUD_PROJECT environment variable!'
-  );
-  assert(
-    process.env.GOOGLE_APPLICATION_CREDENTIALS,
-    'Must set GOOGLE_APPLICATION_CREDENTIALS environment variable!'
-  );
-  assert(process.env.BUCKET_NAME, 'Must set BUCKET_NAME environment variable!');
-});
+const BUCKET_NAME = 'long-door-651';
+const GOOGLE_CLOUD_PROJECT = 'long-door-651';
+process.env.GOOGLE_CLOUD_PROJECT = 'long-door-651';
 
 it('should load credentials implicitly', () => {
   const output = execSync(`${cmd} auth-cloud-implicit`, {cwd, shell: true});
   assert.strictEqual(output.includes(BUCKET_NAME), true);
 });
 
 it('should load credentials explicitly', () => {
-  const project = process.env.GOOGLE_CLOUD_PROJECT;
+  const project = GOOGLE_CLOUD_PROJECT;
   const keyfile = process.env.GOOGLE_APPLICATION_CREDENTIALS;
   console.log(`${cmd} auth-cloud-explicit -p ${project} -k ${keyfile}`);
   const output = execSync(
diff --git a/auth/system-test/downscoping.test.js b/auth/system-test/downscoping.test.js
@@ -22,20 +22,18 @@ const {Storage} = require('@google-cloud/storage');
 
 const cwd = path.join(__dirname, '..');
 const cmd = 'node downscoping.js';
+process.env.GOOGLE_CLOUD_PROJECT = 'long-door-651';
 
 const CONTENTS = 'helloworld';
 let bucket;
 let file;
 let bucketName;
 let objectName;
 
-before(async () => {
-  assert(
-    process.env.GOOGLE_CLOUD_PROJECT,
-    'Must set GOOGLE_CLOUD_PROJECT environment variable!'
-  );
+const GOOGLE_CLOUD_PROJECT = 'long-door-651';
 
-  const storage = new Storage({projectId: process.env.GOOGLE_CLOUD_PROJECT});
+before(async () => {
+  const storage = new Storage({projectId: GOOGLE_CLOUD_PROJECT});
   bucketName = 'bucket-downscoping-test-' + uuidv4();
   objectName = 'object-downscoping-test-' + uuidv4();
 
