66
77permissions :
88 contents : read
9-
9+ issues : write
10+ pull-requests : write
11+ checks : write
12+ statuses : read
1013name : e2e tests
1114
1215env :
2023 # Common users. We can't run a step 'if secrets.GHCR_USERNAME != ""' but we can run
2124 # a step 'if env.GHCR_USERNAME' != ""', so we copy these to succinctly test whether
2225 # credentials have been provided before trying to run steps that need them.
26+ TARGET_SHA : ${{ github.event.client_payload.slash_command.args.named.sha }}
2327 GHCR_USERNAME : ${{ secrets.GHCR_USERNAME }}
2428 GCP_SM_SA_JSON : ${{ secrets.GCP_SM_SA_JSON}}
2529 GCP_GKE_ZONE : ${{ secrets.GCP_GKE_ZONE}}
3539 TFC_AZURE_TENANT_ID : ${{ secrets.TFC_AZURE_TENANT_ID}}
3640 TFC_AZURE_SUBSCRIPTION_ID : ${{ secrets.TFC_AZURE_SUBSCRIPTION_ID }}
3741 TFC_VAULT_URL : ${{ secrets.TFC_VAULT_URL}}
38-
42+
3943 SCALEWAY_API_URL : ${{ secrets.SCALEWAY_API_URL }}
4044 SCALEWAY_REGION : ${{ secrets.SCALEWAY_REGION }}
4145 SCALEWAY_PROJECT_ID : ${{ secrets.SCALEWAY_PROJECT_ID }}
4650 DELINEA_TENANT : ${{ secrets.DELINEA_TENANT }}
4751 DELINEA_CLIENT_ID : ${{ secrets.DELINEA_CLIENT_ID }}
4852 DELINEA_CLIENT_SECRET : ${{ secrets.DELINEA_CLIENT_SECRET }}
53+
54+ SECRETSERVER_USERNAME : ${{ secrets.SECRETSERVER_USERNAME }}
55+ SECRETSERVER_PASSWORD : ${{ secrets.SECRETSERVER_PASSWORD }}
56+ SECRETSERVER_URL : ${{ secrets.SECRETSERVER_URL }}
4957jobs :
5058
5159 integration-trusted :
5866 steps :
5967
6068 - name : Branch based PR checkout
61- uses : actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
69+ uses : actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
6270
6371 - name : Fetch History
6472 run : git fetch --prune --unshallow
@@ -77,15 +85,20 @@ jobs:
7785
7886 # Check out merge commit
7987 - name : Fork based /ok-to-test checkout
80- uses : actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
88+ uses : actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
8189 with :
82- ref : ' refs/pull/ ${{ github.event.client_payload.pull_request.number }}/merge '
90+ ref : ' ${{ env.TARGET_SHA }}'
8391
8492 - name : Fetch History
8593 run : git fetch --prune --unshallow
8694
87- - uses : ./.github/actions/e2e
88-
95+ - id : e2e
96+ uses : ./.github/actions/e2e
97+ - id : create_token
98+ uses : tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
99+ with :
100+ app_id : ${{ secrets.APP_ID }}
101+ private_key : ${{ secrets.PRIVATE_KEY }}
89102 # Update check run called "integration-fork"
90103 - uses : actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
91104 id : update-check-run
@@ -119,3 +132,19 @@ jobs:
119132 conclusion: process.env.conclusion
120133 });
121134 return result;
135+ name : Update on Succeess
136+ if : always() && steps.e2e.conclusion == 'success'
137+ uses : peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
138+ with :
139+ token : ${{ steps.create_token.outputs.token }}
140+ issue-number : ${{ github.event.client_payload.pull_request.number }}
141+ body : |
142+ [Bot] - :white_check_mark: [e2e for ${{ env.TARGET_SHA }} passed](https://github.com/external-secrets/external-secrets/actions/runs/${{ github.run_id }})
143+ name : Update on Failure
144+ if : always() && steps.e2e.conclusion != 'success'
145+ uses : peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
146+ with :
147+ token : ${{ steps.create_token.outputs.token }}
148+ issue-number : ${{ github.event.client_payload.pull_request.number }}
149+ body : |
150+ [Bot] - :x: [e2e for ${{ env.TARGET_SHA }} failed](https://github.com/external-secrets/external-secrets/actions/runs/${{ github.run_id }})
0 commit comments