Skip to content

Integration tests in forks #5856

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 9 commits into from
Sep 8, 2022
Merged

Integration tests in forks #5856

Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
2a477c9
Add self hosted runners guard
jsoref Sep 8, 2022
2da3321
Only sign if key is available
jsoref Sep 8, 2022
4bf9129
Creating a release requires write permissions
jsoref Sep 8, 2022
24d0f4d
Switch to ncipollo/release-action
jsoref Sep 8, 2022
c86622b
Maybe this field should always be a string instead of sometimes an array
jsoref Sep 8, 2022
5c9db84
move fromJSON to runs-on
jsoref Sep 8, 2022
1305b24
Remove quotation marks from configuration.outputs.arm64
mpilgrem Sep 8, 2022
ee14c11
Try with minimal quotation marks in echo
mpilgrem Sep 8, 2022
ba70082
Try with single quotes around strings in echo
mpilgrem Sep 8, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 41 additions & 5 deletions .github/workflows/integration-tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,14 +95,45 @@ jobs:
name: ${{ runner.os }}
path: _release/stack-*

configuration:
name: Check for self-hosted runners
runs-on: ubuntu-latest
env:
CAN_SIGN: ${{ secrets.RELEASE_SIGNING_KEY != '' }}
outputs:
arm64: ${{ steps.runners.outputs.arm64 }}
can-sign: ${{ env.CAN_SIGN }}
steps:
- name: Check for hosted runners
id: runners
shell: bash
env:
SELF_HOSTED_RUNNERS: ${{ secrets.SELF_HOSTED_RUNNERS || (github.repository_owner == 'commercialhaskell' && 'arm64') }}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

GitHub workflows/actions don't have a ?: operator, but they do have || and && operators that work more or less as you'd expect them to in JavaScript.

If a secret doesn't exist, or isn't accessible (because a PR is from a different repository in the fork network), then the secrets.WHATEVER will evaluate to '' which is treated as false for conditional logic.

Thus, if this is running due to a push in a repository (or a pull_request from the same repository) with the secret set, it'll use the secret.

Otherwise, when the left side of the || evaluates to empty it'll use the right side of the ||, which then compares the github.repository_owner which if it's running in this repository should be commercialhaskell, making the left side of the && true, which will result in it picking arm64. Technically if this fails, the resulting value will be "false" (the output of the logic was false, but environment variables are coerced to strings). Since the contains() function calls below compare against "arm64", that's harmless as it won't match.

run: |
echo "::set-output name=runners::$SELF_HOSTED_RUNNERS"
if echo "$SELF_HOSTED_RUNNERS" | grep -q 'arm64'; then
echo "::set-output name=arm64::['self-hosted', 'linux', 'ARM64']"
else
echo '::set-output name=arm64::"ubuntu-latest"'
fi

linux-arm64:
name: Linux ARM64
runs-on: [self-hosted, linux, ARM64]
runs-on: ${{ fromJSON(needs.configuration.outputs.arm64) }}
needs: configuration
steps:
- name: Skipping ARM64
if: needs.configuration.outputs.arm64 == 'ubuntu-latest'
shell: bash
run: |
echo '::notice title=ARM64 skipped::To build ARM64, a self-hosted runner needs to be configured and the SELF_HOSTED_RUNNERS secret must contain arm64'

- name: Clone project
if: needs.configuration.outputs.arm64 != 'ubuntu-latest'
uses: actions/checkout@v3

- name: Build bindist
if: needs.configuration.outputs.arm64 != 'ubuntu-latest'
shell: bash
run: |
set -ex
Expand All @@ -112,13 +143,16 @@ jobs:
docker run --rm -v $(pwd):/src -w /src stack bash -c "/home/stack/release build"

- name: Upload bindist
if: needs.configuration.outputs.arm64 != 'ubuntu-latest'
uses: actions/upload-artifact@v3
with:
name: Linux-ARM64
path: _release/stack-*

github-release:
name: Create GitHub release
permissions:
contents: write
needs:
- integration-tests
- linux-arm64
Expand All @@ -141,11 +175,13 @@ jobs:
name: Windows
path: _release
- name: Download Linux-ARM64 artifact
if: contains(needs.configuration.outputs.runners, 'arm64')
uses: actions/download-artifact@v3
with:
name: Linux-ARM64
path: _release
- name: Hash and sign assets
if: needs.configuration.outputs.can-sign
shell: bash
env:
RELEASE_SIGNING_KEY: ${{ secrets.RELEASE_SIGNING_KEY }}
Expand All @@ -163,11 +199,11 @@ jobs:
echo ::set-output name=SOURCE_TAG::${GITHUB_REF#refs/tags/}
- name: Create GitHub release (final)
if: "!startsWith(github.ref, 'refs/tags/rc/')"
uses: actions/create-release@v1
uses: ncipollo/release-action@v1.10.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.ref }}
tag: ${{ github.ref }}
body: |
See https://haskellstack.org/ for installation and upgrade instructions.

Expand All @@ -182,11 +218,11 @@ jobs:
prerelease: false
- name: Create GitHub release (release candidate)
if: "startsWith(github.ref, 'refs/tags/rc/')"
uses: actions/create-release@v1
uses: ncipollo/release-action@v1.10.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.ref }}
tag: ${{ github.ref }}
body: |
**Changes since v[INSERT PREVIOUS VERSION]:**

Expand Down