diff --git a/.github/workflows/trybot.yml b/.github/workflows/trybot.yml index e6c2fa3fb07..1a9743dcfc1 100644 --- a/.github/workflows/trybot.yml +++ b/.github/workflows/trybot.yml @@ -169,28 +169,22 @@ jobs: ((github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/heads/release-branch.')) && (! (contains(github.event.head_commit.message, ' Dispatch-Trailer: {"type":"')))) || (matrix.go-version == '1.21.x' && matrix.runner == 'ubuntu-22.04') run: echo CUE_LONG=true >> $GITHUB_ENV + - name: gcloud auth for end-to-end tests + id: auth + if: (matrix.go-version == '1.21.x' && matrix.runner == 'ubuntu-22.04') + uses: google-github-actions/auth@v1 + with: + credentials_json: ${{ secrets.E2E_GCLOUD_KEY }} - if: (matrix.go-version == '1.21.x' && matrix.runner == 'ubuntu-22.04') - name: Generate - run: go generate ./... - - if: |- - ((github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/heads/release-branch.')) && (! (contains(github.event.head_commit.message, ' - Dispatch-Trailer: {"type":"')))) || !(matrix.go-version == '1.21.x' && matrix.runner == 'ubuntu-22.04') - name: Test - run: go test ./... + name: gcloud setup for end-to-end tests + uses: google-github-actions/setup-gcloud@v1 - if: (matrix.go-version == '1.21.x' && matrix.runner == 'ubuntu-22.04') - name: Test with -race - run: go test -race ./... - env: - GORACE: atexit_sleep_ms=10 - - if: |- - github.repository == 'cue-lang/cue' && ((github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/heads/release-branch.')) && (! (contains(github.event.head_commit.message, ' - Dispatch-Trailer: {"type":"')))) && (matrix.go-version == '1.21.x' && matrix.runner == 'ubuntu-22.04') name: End-to-end test + env: + GITHUB_TOKEN: ${{ secrets.E2E_GITHUB_TOKEN }} run: |- cd internal/e2e go test - env: - GITHUB_TOKEN: ${{ secrets.E2E_GITHUB_TOKEN }} - if: (matrix.go-version == '1.21.x' && matrix.runner == 'ubuntu-22.04') name: Check run: |- diff --git a/.gitignore b/.gitignore index 884db65546a..f47651f5fa3 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,9 @@ cmd/cue/cue # We use test module paths like mod.test or externalmod.test. # Don't exclude those as if they were test binaries. !**/*mod.test + +# Ignore generated credentials from google-github-actions/auth, +# a GitHub Actions step used in CI for the tests in internal/e2e. +# Note that CI requires a clean git repo when it finishes, +# so we don't want it to think the credentials file is untracked. +gha-creds-*.json diff --git a/internal/ci/github/trybot.cue b/internal/ci/github/trybot.cue index a350d18bda1..4c698a48db1 100644 --- a/internal/ci/github/trybot.cue +++ b/internal/ci/github/trybot.cue @@ -68,14 +68,14 @@ workflows: trybot: _repo.bashWorkflow & { if: "\(_repo.isProtectedBranch) || \(_isLatestLinux)" run: "echo CUE_LONG=true >> $GITHUB_ENV" }, - _goGenerate, - _goTest & { - if: "\(_repo.isProtectedBranch) || !\(_isLatestLinux)" - }, - _goTestRace & { - if: _isLatestLinux - }, - _e2eTest, + // _goGenerate, + // _goTest & { + // if: "\(_repo.isProtectedBranch) || !\(_isLatestLinux)" + // }, + // _goTestRace & { + // if: _isLatestLinux + // }, + for v in _e2eTestSteps {v}, _goCheck, _repo.checkGitClean, ] @@ -115,24 +115,39 @@ workflows: trybot: _repo.bashWorkflow & { run: "go test ./..." } - _e2eTest: json.#step & { - name: "End-to-end test" - // The end-to-end tests require a github token secret and are a bit slow, - // so we only run them on pushes to protected branches and on one - // environment in the source repo. - if: "github.repository == '\(_repo.githubRepositoryPath)' && \(_repo.isProtectedBranch) && \(_isLatestLinux)" - - // The secret is the fine-grained access token "cue-lang/cue ci e2e for modules-testing" - // owned by the porcuepine bot account with read+write access to repo administration and code - // on the entire cue-labs-modules-testing org. Note that porcuepine is also an org admin, - // since otherwise the repo admin access to create and delete repos does not work. - env: GITHUB_TOKEN: "${{ secrets.E2E_GITHUB_TOKEN }}" - - run: """ - cd internal/e2e - go test - """ - } + _e2eTestSteps: [...{ + json.#step & { + // The end-to-end tests require a github token secret and are a bit slow, + // so we only run them on pushes to protected branches and on one + // environment in the source repo. + if: "\(_isLatestLinux)" + } + }] & [ + // Two setup steps per the upstream docs: + // https://github.com/google-github-actions/setup-gcloud#service-account-key-json + { + name: "gcloud auth for end-to-end tests" + id: "auth" + uses: "google-github-actions/auth@v1" + with: credentials_json: "${{ secrets.E2E_GCLOUD_KEY }}" + }, + { + name: "gcloud setup for end-to-end tests" + uses: "google-github-actions/setup-gcloud@v1" + }, + { + name: "End-to-end test" + // The secret is the fine-grained access token "cue-lang/cue ci e2e for modules-testing" + // owned by the porcuepine bot account with read+write access to repo administration and code + // on the entire cue-labs-modules-testing org. Note that porcuepine is also an org admin, + // since otherwise the repo admin access to create and delete repos does not work. + env: GITHUB_TOKEN: "${{ secrets.E2E_GITHUB_TOKEN }}" + run: """ + cd internal/e2e + go test + """ + }, + ] _goCheck: json.#step & { // These checks can vary between platforms, as different code can be built