test: Add permissions and roles e2e tests #9333
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build PR Image | |
on: | |
pull_request: | |
types: [opened, synchronize, reopened, closed] | |
paths-ignore: | |
- docs/** | |
branches-ignore: | |
- release-please-* | |
jobs: | |
build-flagsmith: | |
name: Build and push `Flagsmith` | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
contents: read | |
outputs: | |
tags: ${{ steps.meta.outputs.tags }} | |
if: ${{ github.event.action != 'closed' }} | |
steps: | |
- name: Checkout git repo | |
uses: actions/checkout@v4 | |
- name: Set up Depot CLI | |
uses: depot/setup-action@v1 | |
- name: Generate UUID image name | |
id: uuid | |
run: echo "UUID_WORKER=flagsmith-$(uuidgen --time)" >> $GITHUB_ENV | |
- name: Docker metadata | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: registry.uffizzi.com/${{ env.UUID_WORKER }} | |
tags: | | |
type=raw,value=30d | |
- name: Build and Push Image to registry.uffizzi.com - Uffizzi's ephemeral Registry | |
uses: depot/build-push-action@v1 | |
with: | |
context: . | |
file: ./Dockerfile | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
push: true | |
render-compose-file: | |
name: Render Docker Compose File | |
# Pass output of this workflow to another triggered by `workflow_run` event. | |
runs-on: ubuntu-latest | |
needs: | |
- build-flagsmith | |
outputs: | |
compose-file-cache-key: ${{ steps.hash.outputs.hash }} | |
steps: | |
- name: Checkout git repo | |
uses: actions/checkout@v4 | |
- name: Render Compose File | |
run: | | |
FLAGSMITH_IMAGE=${{ needs.build-flagsmith.outputs.tags }} | |
export FLAGSMITH_IMAGE | |
# Render simple template from environment variables. | |
envsubst < docker-compose.uffizzi.yml > docker-compose.rendered.yml | |
cat docker-compose.rendered.yml | |
- name: Upload Rendered Compose File as Artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: preview-spec | |
path: | | |
docker-compose.rendered.yml | |
${{github.event_path}} | |
retention-days: 2 | |
delete-preview: | |
name: Call for Preview Deletion | |
runs-on: ubuntu-latest | |
if: ${{ github.event.action == 'closed' }} | |
steps: | |
# If this PR is closing, we will not render a compose file nor pass it to the next workflow. | |
- name: Upload PR Event as Artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: preview-spec | |
path: ${{github.event_path}} | |
retention-days: 2 |