Skip to content
Integration Test

[Fix] README status badge #53

Sign in to view logs

[Fix] README status badge

[Fix] README status badge #53

Workflow file for this run

.github/workflows/integration-test.yaml at 0073028
name: Integration Test
on:
pull_request:
types: [opened, reopened, synchronize]
paths:
# Trigger on any change in `./src` except for changes in Markdown files.
- 'src/**'
- '!src/**.md'
# Trigger on any change to the unit tests.
- 'tests/**/*.py'
# Trigger on any change to dependencies.
- 'pyproject.toml'
- 'requirements**.txt'
# Trigger on any change to the (building of the) container image.
- 'Dockerfile'
- '.dockerignore'
# Trigger on any change to the GitHub Actions workflows.
- '.github/workflows/**.yaml'
# Allow this workflow to be called from other workflows.
workflow_call:
# To allow this re-usable workflow to read secrets from the correct GitHub environment when called from another
# workflow, use a `workflow_call.inputs`-based approach for the setting the GitHub environment.
inputs:
GITHUB_ENVIRONMENT:
description: 'The GitHub environment to use'
type: string
required: true
default: ''
concurrency:
group: 'integration-${{ github.workflow }}-${{ github.ref || github.run_id }}'
cancel-in-progress: true
defaults:
run:
shell: bash
jobs:
# Run the CodeQL Analysis workflow.
codeql-analysis:
name: CodeQL Analysis
uses: ./.github/workflows/codeql-analysis.yaml
permissions:
actions: read
contents: read
security-events: write
# Build and push a container image to the GCP Artifact Registry.
build-and-push-image:
name: Build and Push Image
uses: ./.github/workflows/build-and-push-image.yaml
secrets: inherit
permissions:
contents: read
id-token: write
# Secrets set in a GitHub Environment do not trickle down to re-used workflows as desired. This is a workaround to
# make the required secrets available to the `build-and-push-image` job when calling it from here.
with:
GITHUB_ENVIRONMENT: ${{ startsWith(github.ref, 'refs/tags') && 'prod' || 'dev' }}
integration-test:
name: Integration Test
needs: [build-and-push-image]
runs-on: ubuntu-latest
# If this workflow is called from another workflow, use the `GITHUB_ENVIRONMENT` input variable. Otherwise, set the
# GitHub Environment to "dev". This catches PRs that do not have `main` as the target branch.
environment: ${{ inputs.GITHUB_ENVIRONMENT != '' && inputs.GITHUB_ENVIRONMENT || 'dev' }}
env:
ARTIFACT_REGISTRY_HOSTNAME: "${{ secrets.GCP_LOCATION }}-docker.pkg.dev"
ARTIFACT_REGISTRY_URL: "${{ secrets.GCP_PROJECT_ID }}/${{ secrets.GCP_ARTIFACT_REGISTRY_NAME }}"
CI_SERVICE_ACCOUNT_EMAIL: "${{ secrets.GCP_CI_SERVICE_ACCOUNT_NAME }}@${{ secrets.GCP_PROJECT_ID }}.iam.gserviceaccount.com"
RUNTIME_SERVICE_ACCOUNT_EMAIL: "${{ secrets.GCP_RUNTIME_SERVICE_ACCOUNT_NAME }}@${{ secrets.GCP_PROJECT_ID }}.iam.gserviceaccount.com"
# The `gcp-auth` step requires these permissions to read and pass tokens.
permissions:
contents: read
id-token: write
steps:
- name: Checkout Repository
uses: actions/checkout@v4
with:
fetch-depth: 0
# Authenticate to Google Cloud via Workload Identity Federation (WIF).
- name: Authenticate to Google Cloud
id: gcp-auth
uses: google-github-actions/auth@v2
with:
service_account: ${{ env.CI_SERVICE_ACCOUNT_EMAIL }}
workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
token_format: access_token
# Create a Cloud Run job. Make sure to `--wait` for the job to finish.
- name: Run Cloud Run Job
run: |-
gcloud run jobs deploy "${{ github.event.repository.name }}-integration-test" \
--image "${{ env.ARTIFACT_REGISTRY_HOSTNAME }}/${{ env.ARTIFACT_REGISTRY_URL }}/${{ github.event.repository.name }}:sha-${{ github.sha }}" \
--service-account "${{ env.RUNTIME_SERVICE_ACCOUNT_EMAIL }}" \
--max-retries 3 \
--task-timeout 5m \
--parallelism 1 \
--region "${{ secrets.GCP_LOCATION }}" \
--args="--log-level,debug,200" \
--execute-now \
--wait