Skip to content

feat: iac updates and GovCloud setup #12

feat: iac updates and GovCloud setup

feat: iac updates and GovCloud setup #12

Workflow file for this run

# Given: I want to use Merge Queue
# Given: I don't want to have to run tests twice (default behavior is to require passing tests before adding to the merge queue, then run them again in the merge queue)
# Given: I always want tests to run and pass before the PR is merged to main, unless I explicitly grant an exemption
# Given: I want to grant an exemption to allow tests to be skipped if the PR consists of only changes to files with extension ".md"
# Given: I want to run the tests if I use the "/test" chatops command in a PR
# When: Events with name "pull_request" happen
# Then: Immediately report success
# When: Events with name "merge_group" happen
# And: The PR meets the criteria for granting an exemption
# Then: Immediately report success
# When: Events with name "merge_group" happen
# And: The PR does not meet the criteria for granting an exemption
# Then: Run the tests
# When: I comment "/test all" in a PR
# Then: Run all tests
# When: I comment "/test <testname>" in a PR
# Then: Run just that test
name: trigger-tests
on:
pull_request:
merge_group:
issue_comment:
types: [created]
permissions:
id-token: write
contents: read
defaults:
run:
# We need -e -o pipefail for consistency with GitHub Actions' default behavior
shell: bash -e -o pipefail {0}
jobs:
skip-tests-if-pull-request-event:
if: github.event_name == 'pull_request'
runs-on: ubuntu-latest
steps:
- name: skip-tests-if-pull-request-event
# noinspection YAMLSchemaValidation
uses: defenseunicorns/delivery-github-actions-workflows/.github/actions/report-status-context@main
with:
application_id: ${{ secrets.NARWHAL_BOT_APP_ID }}
application_private_key: ${{ secrets.NARWHAL_BOT_SECRET }}
status-check: test / e2e-all
status: success
description: "Tests skipped because this is a pull_request event"
test-exemption:
if: github.event_name == 'merge_group'
runs-on: ubuntu-latest
outputs:
# return 'true' if any files in the PR are not exempt
not-exempt: ${{ steps.changed-files.outputs.not-exempt_any_modified }}
steps:
- name: checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: changed-files
id: changed-files
uses: tj-actions/changed-files@v41
with:
base_sha: ${{ github.event.merge_group.base_sha }}
sha: ${{ github.event.merge_group.head_sha }}
fail_on_initial_diff_error: true
fail_on_submodule_diff_error: true
files_yaml: |
not-exempt:
- '**'
- '!**/*.md'
- name: Show output
run: |
echo '${{ toJSON(steps.changed-files.outputs) }}'
skip-tests-if-merge-group-event-and-exemption-criteria-met:
needs: test-exemption
if: github.event_name == 'merge_group' && needs.test-exemption.outputs.not-exempt != 'true'
runs-on: ubuntu-latest
steps:
- name: skip-tests-if-merge-group-event-and-exemption-criteria-met
# noinspection YAMLSchemaValidation
uses: defenseunicorns/delivery-github-actions-workflows/.github/actions/report-status-context@main
with:
application_id: ${{ secrets.NARWHAL_BOT_APP_ID }}
application_private_key: ${{ secrets.NARWHAL_BOT_SECRET }}
status-check: test / e2e-all
status: success
description: "Tests skipped because this is a merge_group event and the PR meets the criteria for granting an exemption"
test-e2e-all:
needs: test-exemption
if: github.event_name == 'merge_group' && needs.test-exemption.outputs.not-exempt == 'true'
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v4
with:
repository: ${{ github.event.client_payload.pull_request.head.repo.full_name || github.event.pull_request.head.repo.full_name || github.repository }}
ref: ${{ github.event.client_payload.pull_request.head.ref || github.event.pull_request.head.ref || github.ref_name }}
- name: cache
uses: ./.github/actions/cache
with:
action: restore
- name: Run E2E Tests
uses: ./.github/actions/e2e
with:
application_id: ${{ secrets.NARWHAL_BOT_APP_ID }}
application_private_key: ${{ secrets.NARWHAL_BOT_SECRET }}
role-to-assume: ${{ secrets.AWS_COMMERCIAL_ROLE_TO_ASSUME }}
region: us-east-1
github-context: test / e2e-all
target-to-run: "_test-all"
slash-command-dispatch-test:
if: github.event_name == 'issue_comment' && github.event.issue.pull_request && contains(github.event.comment.body, '/test')
runs-on: ubuntu-latest
steps:
- name: Get token
id: get_workflow_token
uses: peter-murray/workflow-application-token-action@v2
with:
application_id: ${{ secrets.NARWHAL_BOT_APP_ID }}
application_private_key: ${{ secrets.NARWHAL_BOT_SECRET }}
- name: Slash Command Dispatch
uses: peter-evans/slash-command-dispatch@v3
with:
token: ${{ steps.get_workflow_token.outputs.token }}
reaction-token: ${{ steps.get_workflow_token.outputs.token }}
commands: test
permission: write
issue-type: pull-request