Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
workflow_call: | |
inputs: | |
go-arch: | |
description: The execution architecture (arm, amd64, etc.) | |
required: true | |
type: string | |
enterprise: | |
description: A flag indicating if this workflow is executing for the enterprise repository. | |
required: true | |
type: string | |
total-runners: | |
description: Number of runners to use for executing the tests on. | |
required: true | |
type: string | |
env-vars: | |
description: A map of environment variables as JSON. | |
required: false | |
type: string | |
default: '{}' | |
extra-flags: | |
description: A space-separated list of additional build flags. | |
required: false | |
type: string | |
default: '' | |
runs-on: | |
description: An expression indicating which kind of runners to use. | |
required: false | |
type: string | |
default: ubuntu-latest | |
go-build-tags: | |
description: A comma-separated list of additional build tags to consider satisfied during the build. | |
required: false | |
type: string | |
name: | |
description: A suffix to append to archived test results | |
required: false | |
default: '' | |
type: string | |
go-test-parallelism: | |
description: The parallelism parameter for Go tests | |
required: false | |
default: 20 | |
type: number | |
timeout-minutes: | |
description: The maximum number of minutes that this workflow should run | |
required: false | |
default: 60 | |
type: number | |
env: ${{ fromJSON(inputs.env-vars) }} | |
jobs: | |
test-generate-test-package-list: | |
runs-on: ${{ fromJSON(inputs.runs-on) }} | |
name: Verify Test Package Distribution | |
permissions: | |
id-token: write # Note: this permission is explicitly required for Vault auth | |
contents: read | |
steps: | |
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
- uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 | |
with: | |
go-version-file: ./.go-version | |
cache: true | |
- name: Authenticate to Vault | |
id: vault-auth | |
if: github.repository == 'hashicorp/vault-enterprise' | |
run: vault-auth | |
- name: Fetch Secrets | |
id: secrets | |
if: github.repository == 'hashicorp/vault-enterprise' | |
uses: hashicorp/vault-action@130d1f5f4fe645bb6c83e4225c04d64cfb62de6e | |
with: | |
url: ${{ steps.vault-auth.outputs.addr }} | |
caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }} | |
token: ${{ steps.vault-auth.outputs.token }} | |
secrets: | | |
kv/data/github/${{ github.repository }}/github-token username-and-token | github-token; | |
- id: setup-git-private | |
name: Setup Git configuration (private) | |
if: github.repository == 'hashicorp/vault-enterprise' | |
run: | | |
git config --global url."https://${{ steps.secrets.outputs.github-token }}@github.com".insteadOf https://github.com | |
- id: setup-git-public | |
name: Setup Git configuration (public) | |
if: github.repository != 'hashicorp/vault-enterprise' | |
run: | | |
git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN}}@github.com".insteadOf https://github.com | |
- id: test | |
working-directory: .github/scripts | |
env: | |
GOPRIVATE: github.com/hashicorp/* | |
run: | | |
ENTERPRISE=${{ inputs.enterprise }} ./test-generate-test-package-lists.sh | |
runner-indexes: | |
runs-on: ${{ fromJSON(inputs.runs-on) }} | |
name: Generate runner indexes | |
# | |
# This job generates a JSON Array of integers ranging from 1 to 16. | |
# That array is used in the matrix section of the test-go job below. | |
# | |
outputs: | |
runner-indexes: ${{ steps.generate-index-list.outputs.indexes }} | |
steps: | |
- id: generate-index-list | |
run: | | |
INDEX_LIST="$(seq 1 ${{ inputs.total-runners }})" | |
INDEX_JSON="$(jq --null-input --compact-output '. |= [inputs]' <<< "${INDEX_LIST}")" | |
echo "indexes=${INDEX_JSON}" >> "${GITHUB_OUTPUT}" | |
test-go: | |
permissions: | |
id-token: write # Note: this permission is explicitly required for Vault auth | |
contents: read | |
name: "${{ matrix.runner-index }}" | |
needs: | |
- runner-indexes | |
runs-on: ${{ fromJSON(inputs.runs-on) }} | |
strategy: | |
fail-fast: false | |
matrix: | |
# | |
# Initialize the runner-index key with the JSON array of integers | |
# generated above. | |
# | |
runner-index: ${{ fromJSON(needs.runner-indexes.outputs.runner-indexes) }} | |
env: | |
GOPRIVATE: github.com/hashicorp/* | |
TIMEOUT_IN_MINUTES: ${{ inputs.timeout-minutes }} | |
steps: | |
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
- uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 | |
with: | |
go-version-file: ./.go-version | |
cache: true | |
- name: Authenticate to Vault | |
id: vault-auth | |
if: github.repository == 'hashicorp/vault-enterprise' | |
run: vault-auth | |
- name: Fetch Secrets | |
id: secrets | |
if: github.repository == 'hashicorp/vault-enterprise' | |
uses: hashicorp/vault-action@130d1f5f4fe645bb6c83e4225c04d64cfb62de6e | |
with: | |
url: ${{ steps.vault-auth.outputs.addr }} | |
caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }} | |
token: ${{ steps.vault-auth.outputs.token }} | |
secrets: | | |
kv/data/github/${{ github.repository }}/datadog-ci DATADOG_API_KEY; | |
kv/data/github/${{ github.repository }}/github-token username-and-token | github-token; | |
kv/data/github/${{ github.repository }}/license license_1 | VAULT_LICENSE_CI; | |
kv/data/github/${{ github.repository }}/license license_2 | VAULT_LICENSE_2; | |
kv/data/github/${{ github.repository }}/hcp-link HCP_API_ADDRESS; | |
kv/data/github/${{ github.repository }}/hcp-link HCP_AUTH_URL; | |
kv/data/github/${{ github.repository }}/hcp-link HCP_CLIENT_ID; | |
kv/data/github/${{ github.repository }}/hcp-link HCP_CLIENT_SECRET; | |
kv/data/github/${{ github.repository }}/hcp-link HCP_RESOURCE_ID; | |
- id: setup-git-private | |
name: Setup Git configuration (private) | |
if: github.repository == 'hashicorp/vault-enterprise' | |
run: | | |
git config --global url."https://${{ steps.secrets.outputs.github-token }}@github.com".insteadOf https://github.com | |
- id: setup-git-public | |
name: Setup Git configuration (public) | |
if: github.repository != 'hashicorp/vault-enterprise' | |
run: | | |
git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN}}@github.com".insteadOf https://github.com | |
- id: go-mod-download | |
if: matrix.runner-index > 16 | |
env: | |
GOPRIVATE: github.com/hashicorp/* | |
run: time go mod download -x | |
- id: build | |
if: matrix.runner-index > 16 | |
env: | |
GOPRIVATE: github.com/hashicorp/* | |
run: time make ci-bootstrap dev | |
- id: run-go-tests | |
name: Run Go tests | |
timeout-minutes: ${{ fromJSON(env.TIMEOUT_IN_MINUTES) }} | |
env: | |
COMMIT_SHA: ${{ github.sha }} | |
run: | | |
set -exo pipefail | |
# | |
# This script creates a Bash array with 16 elements each | |
# containing a space delimited list of package names. The | |
# array element corresponding to this instance's | |
# matrix.runner-index value. | |
# | |
ENTERPRISE=${{ inputs.enterprise }} source .github/scripts/generate-test-package-lists.sh | |
# Build the dynamically generated source files. | |
make prep | |
mkdir -p test-results/go-test | |
# We don't want VAULT_LICENSE set when running Go tests, because that's | |
# not what developers have in their environments and it could break some | |
# tests; it would be like setting VAULT_TOKEN. However some non-Go | |
# CI commands, like the UI tests, shouldn't have to worry about licensing. | |
# So we provide the tests which want an externally supplied license with licenses | |
# via the VAULT_LICENSE_CI and VAULT_LICENSE_2 environment variables, and here we unset it. | |
# shellcheck disable=SC2034 | |
VAULT_LICENSE= | |
# Assign test licenses to relevant variables if they aren't already | |
if [[ ${{ github.repository }} == 'hashicorp/vault' ]]; then | |
export VAULT_LICENSE_CI=${{ secrets.ci_license }} | |
export VAULT_LICENSE_2=${{ secrets.ci_license_2 }} | |
export HCP_API_ADDRESS=${{ secrets.HCP_API_ADDRESS }} | |
export HCP_AUTH_URL=${{ secrets.HCP_AUTH_URL }} | |
export HCP_CLIENT_ID=${{ secrets.HCP_CLIENT_ID }} | |
export HCP_CLIENT_SECRET=${{ secrets.HCP_CLIENT_SECRET }} | |
export HCP_RESOURCE_ID=${{ secrets.HCP_RESOURCE_ID }} | |
# Temporarily removing this variable to cause HCP Link tests | |
# to be skipped. | |
#export HCP_SCADA_ADDRESS=${{ secrets.HCP_SCADA_ADDRESS }} | |
fi | |
if [ -f bin/vault ]; then | |
VAULT_BINARY="$(pwd)/bin/vault" | |
export VAULT_BINARY | |
fi | |
# shellcheck disable=SC2086 # can't quote package list | |
GOARCH=${{ inputs.go-arch }} \ | |
go run gotest.tools/gotestsum --format=short-verbose \ | |
--junitfile test-results/go-test/results-${{ matrix.runner-index }}.xml \ | |
--jsonfile test-results/go-test/results-${{ matrix.runner-index }}.json \ | |
--jsonfile-timing-events failure-summary-${{ matrix.runner-index }}-${{inputs.name}}.json \ | |
-- \ | |
-tags "${{ inputs.go-build-tags }}" \ | |
-timeout=${{ env.TIMEOUT_IN_MINUTES }}m \ | |
-parallel=${{ inputs.go-test-parallelism }} \ | |
${{ inputs.extra-flags }} \ | |
\ | |
${test_packages[${{ matrix.runner-index }}]} | |
- name: Prepare datadog-ci | |
if: github.repository == 'hashicorp/vault' && (success() || failure()) | |
continue-on-error: true | |
run: | | |
curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci" | |
chmod +x /usr/local/bin/datadog-ci | |
- name: Upload test results to DataDog | |
continue-on-error: true | |
env: | |
DD_ENV: ci | |
run: | | |
if [[ ${{ github.repository }} == 'hashicorp/vault' ]]; then | |
export DATADOG_API_KEY=${{ secrets.DATADOG_API_KEY }} | |
fi | |
datadog-ci junit upload --service "$GITHUB_REPOSITORY" test-results/go-test/results-${{ matrix.runner-index }}.xml | |
if: success() || failure() | |
- name: Archive test results | |
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
with: | |
name: test-results-${{ inputs.name }} | |
path: test-results/ | |
if: success() || failure() | |
- name: Prepare failure summary | |
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
if: success() || failure() | |
run: | | |
jq -r -n 'inputs | select(.Action == "fail") | "| \(.Package) | \(.Test // "-") | \(.Elapsed) | | [see logs](${{server_url}}/${{github.repository}}/actions/runs/${{github.run_id}}/jobs/${{github.job}}) |"' failure-summary-${{ matrix.runner-index }}-${{inputs.name}}.json | |
jq -r -n 'inputs | select(.Action == "fail") | "| \(.Package) | \(.Test // "-") | ${{inputs.name}} | \(.Elapsed) | ${{ matrix.runner-index }} | [see logs](${{server_url}}/${{github.repository}}/actions/runs/${{github.run_id}}/jobs/${{github.job}}) |"' failure-summary-${{ matrix.runner-index }}-${{inputs.name}}.json | |
- name: Upload failure summary | |
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
if: success() || failure() | |
with: | |
name: failure-summary | |
path: failure-summary-${{ matrix.runner-index }}-${{inputs.name}}.json |