mirror of
https://github.com/external-secrets/external-secrets.git
synced 2024-12-14 11:57:59 +00:00
03254a85e2
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.1 to 4.2.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](eef61447b9...11bd71901b
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
105 lines
3.8 KiB
YAML
105 lines
3.8 KiB
YAML
on:
|
|
repository_dispatch:
|
|
types: [ok-to-test-managed-command]
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
env:
|
|
# Common versions
|
|
GO_VERSION: '1.21'
|
|
GINKGO_VERSION: 'v2.8.0'
|
|
DOCKER_BUILDX_VERSION: 'v0.4.2'
|
|
|
|
# Common users. We can't run a step 'if secrets.GHCR_USERNAME != ""' but we can run
|
|
# a step 'if env.GHCR_USERNAME' != ""', so we copy these to succinctly test whether
|
|
# credentials have been provided before trying to run steps that need them.
|
|
GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}
|
|
GCP_SM_SA_JSON: ${{ secrets.GCP_SM_SA_JSON}}
|
|
GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID}}
|
|
USE_GKE_GCLOUD_AUTH_PLUGIN: true
|
|
TF_VAR_GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID}}
|
|
GCP_SM_SA_GKE_JSON: ${{ secrets.GCP_SM_SA_GKE_JSON}}
|
|
GCP_GKE_CLUSTER: test-cluster
|
|
GCP_GKE_ZONE: ${{ secrets.GCP_GKE_ZONE}}
|
|
GCP_GSA_NAME: ${{ secrets.GCP_GSA_NAME}} # Goolge Service Account
|
|
GCP_KSA_NAME: ${{ secrets.GCP_KSA_NAME}} # Kubernetes Service Account
|
|
TF_VAR_GCP_GSA_NAME: ${{ secrets.GCP_GSA_NAME}} # Goolge Service Account for tf
|
|
TF_VAR_GCP_KSA_NAME: ${{ secrets.GCP_KSA_NAME}} # Kubernetes Service Account for tf
|
|
|
|
AWS_OIDC_ROLE_ARN: ${{ secrets.AWS_OIDC_ROLE_ARN}}
|
|
AWS_SA_NAME: ${{ secrets.AWS_SA_NAME }}
|
|
AWS_SA_NAMESPACE: ${{ secrets.AWS_SA_NAMESPACE }}
|
|
AWS_REGION: "eu-central-1"
|
|
AWS_CLUSTER_NAME: "eso-e2e-managed"
|
|
TF_VAR_AWS_SA_NAME: ${{ secrets.AWS_SA_NAME }}
|
|
TF_VAR_AWS_SA_NAMESPACE: ${{ secrets.AWS_SA_NAMESPACE }}
|
|
TF_VAR_AWS_REGION: "eu-central-1"
|
|
TF_VAR_AWS_CLUSTER_NAME: "eso-e2e-managed"
|
|
|
|
TFC_AZURE_CLIENT_ID: ${{ secrets.TFC_AZURE_CLIENT_ID}}
|
|
TFC_AZURE_CLIENT_SECRET: ${{ secrets.TFC_AZURE_CLIENT_SECRET }}
|
|
TFC_AZURE_TENANT_ID: ${{ secrets.TFC_AZURE_TENANT_ID}}
|
|
TFC_AZURE_SUBSCRIPTION_ID: ${{ secrets.TFC_AZURE_SUBSCRIPTION_ID }}
|
|
TFC_VAULT_URL: ${{ secrets.TFC_VAULT_URL}}
|
|
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
GITHUB_PR_NUMBER: ${{ github.event.client_payload.pull_request.number }}
|
|
CLOUD_PROVIDER: ${{ github.event.client_payload.slash_command.args.named.provider }}
|
|
INFRACOST_API_KEY: ${{ secrets.INFRACOST_API_KEY }}
|
|
GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }}
|
|
|
|
name: managed e2e tests
|
|
|
|
jobs:
|
|
run-e2e-managed:
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
id-token: write
|
|
checks: write
|
|
contents: read
|
|
if: github.event_name == 'repository_dispatch'
|
|
|
|
steps:
|
|
|
|
# Check out merge commit
|
|
- name: Fork based /ok-to-test-managed checkout
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
ref: 'refs/pull/${{ env.GITHUB_PR_NUMBER }}/merge'
|
|
|
|
- name: Fetch History
|
|
run: git fetch --prune --unshallow
|
|
|
|
- uses: ./.github/actions/e2e-managed
|
|
|
|
# set status=completed
|
|
- uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
|
|
if: ${{ always() }}
|
|
env:
|
|
number: ${{ env.GITHUB_PR_NUMBER }}
|
|
provider: ${{ env.CLOUD_PROVIDER }}
|
|
job: ${{ github.job }}
|
|
# Conveniently, job.status maps to https://developer.github.com/v3/checks/runs/#update-a-check-run
|
|
conclusion: ${{ job.status }}
|
|
with:
|
|
github-token: ${{ env.GITHUB_TOKEN }}
|
|
script: |
|
|
const { data: pull } = await github.rest.pulls.get({
|
|
...context.repo,
|
|
pull_number: process.env.number
|
|
});
|
|
const ref = pull.head.sha;
|
|
const { data: checks } = await github.rest.checks.listForRef({
|
|
...context.repo,
|
|
ref
|
|
});
|
|
const job_name = "e2e-managed-" + process.env.provider
|
|
const check = checks.check_runs.filter(c => c.name === job_name);
|
|
const { data: result } = await github.rest.checks.update({
|
|
...context.repo,
|
|
check_run_id: check[0].id,
|
|
status: 'completed',
|
|
conclusion: process.env.conclusion
|
|
});
|
|
return result;
|