Try to get TARGET_BRANCH from PR's title #24220
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Testing the test | |
on: | |
workflow_dispatch: {} | |
pull_request: | |
branches: | |
- '**' | |
types: | |
- opened | |
- synchronize | |
- labeled | |
- unlabeled | |
push: | |
branches: | |
- main | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
lint: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Run lints | |
uses: ./.github/actions/lint_code | |
test_the_test: | |
name: Test the test | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install runner | |
uses: ./.github/actions/install_runner | |
# force /bin/bash in order to test against bash 3.2 on macOS | |
- name: Test the test (direct) | |
run: /bin/bash run.sh TEST_THE_TEST | |
- name: Test group parsing | |
run: | | |
/bin/bash run.sh ++dry APPSEC_SCENARIOS | |
/bin/bash run.sh ++dry TRACER_RELEASE_SCENARIOS | |
scenarios: | |
name: Get scenarios and groups | |
uses: ./.github/workflows/compute-scenarios.yml | |
impacted_libraries: | |
name: Get impacted libraries | |
uses: ./.github/workflows/compute-impacted-libraries.yml | |
get_dev_artifacts: | |
needs: | |
- impacted_libraries | |
strategy: | |
matrix: | |
library: ${{ fromJson(needs.impacted_libraries.outputs.impacted_libraries) }} | |
fail-fast: false | |
runs-on: ubuntu-latest | |
outputs: | |
target-branch: ${{ steps.get-target-branch.outputs.target-branch }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Get target branch | |
uses: ./.github/actions/get_target_branch | |
id: get-target-branch | |
with: | |
text: ${{ github.event.pull_request.title }} | |
- name: Get library artifact | |
run: ./utils/scripts/load-binary.sh ${{ matrix.library }} | |
env: | |
TARGET_BRANCH: "${{ steps.get-target-branch.outputs.target-branch }}" | |
- name: Get agent artifact | |
run: ./utils/scripts/load-binary.sh agent | |
# ### appsec-event-rules is now a private repo. The GH_TOKEN provided can't read private repos. | |
# ### skipping this, waiting for a proper solution | |
# - name: Load WAF rules | |
# if: matrix.version == 'dev' | |
# run: ./utils/scripts/load-binary.sh waf_rule_set | |
# env: | |
# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Upload artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: binaries_dev_${{ matrix.library }} | |
path: binaries/ | |
fail-if-target-branch: | |
name: Fail if target branch is specified | |
needs: | |
- get_dev_artifacts | |
if: needs.get_dev_artifacts.outputs.target-branch != '' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Fail if PR title contains a target branch | |
run: | | |
echo "This PR can't be merged, due to the title specifying a target branch" | |
exit 1 | |
system_tests: | |
name: System Tests ${{ needs.get_dev_artifacts.outputs.target-branch != '' && format('({0} branch)', needs.get_dev_artifacts.outputs.target-branch) || '' }} | |
needs: | |
- lint | |
- test_the_test | |
- scenarios | |
- impacted_libraries | |
- get_dev_artifacts | |
strategy: | |
matrix: | |
library: ${{ fromJson(needs.impacted_libraries.outputs.impacted_libraries) }} | |
version: | |
- prod | |
- dev | |
fail-fast: false | |
uses: ./.github/workflows/system-tests.yml | |
permissions: | |
contents: read | |
packages: write | |
secrets: inherit | |
with: | |
library: ${{ matrix.library }} | |
scenarios: ${{ needs.scenarios.outputs.scenarios }} | |
scenarios_groups: ${{ needs.scenarios.outputs.scenarios_groups }} | |
binaries_artifact: ${{ matrix.version == 'dev' && format('binaries_dev_{0}', matrix.library) || '' }} | |
ci_environment: ${{ matrix.version }} | |
build_python_base_images: ${{ contains(github.event.pull_request.labels.*.name, 'build-python-base-images') }} | |
build_buddies_images: ${{ contains(github.event.pull_request.labels.*.name, 'build-buddies-images') }} | |
build_proxy_image: ${{ contains(github.event.pull_request.labels.*.name, 'build-proxy-image') }} | |
build_lib_injection_app_images: ${{ contains(github.event.pull_request.labels.*.name, 'build-lib-injection-app-images') }} | |
_experimental_parametric_job_count: ${{ matrix.version == 'dev' && 2 || 1 }} # test both use cases | |
skip_empty_scenarios: true | |
system_tests_docker_mode: | |
name: Ruby Docker Mode | |
needs: | |
- lint | |
- test_the_test | |
- impacted_libraries | |
- get_dev_artifacts # non official set-up, this needs put this job in last | |
if: contains(needs.impacted_libraries.outputs.impacted_libraries, 'ruby') | |
uses: ./.github/workflows/run-docker-mode.yml | |
permissions: | |
packages: write | |
secrets: inherit | |
exotics: | |
name: Exotics scenarios | |
if: contains(github.event.pull_request.labels.*.name, 'run-all-scenarios') | |
uses: ./.github/workflows/run-exotics.yml | |
secrets: inherit | |
fancy-report: | |
runs-on: ubuntu-latest | |
needs: | |
- system_tests | |
if: always() | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.11' | |
- run: pip install requests | |
- run: python utils/scripts/get-workflow-summary.py ${{ github.run_id }} >> $GITHUB_STEP_SUMMARY | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
update-CI-visibility: | |
name: Update CI Visibility Dashboard | |
runs-on: ubuntu-latest | |
needs: | |
- system_tests | |
if: always() && github.ref == 'refs/heads/main' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Update CI Dashboard | |
run: ./utils/scripts/update_dashboard_CI_visibility.sh system-tests ${{ github.run_id }}-${{ github.run_attempt }} | |
env: | |
DD_API_KEY: ${{ secrets.DD_CI_API_KEY }} | |
DD_APP_KEY: ${{ secrets.DD_CI_APP_KEY }} |