forked from sartography/spiff-arena
-
Notifications
You must be signed in to change notification settings - Fork 0
457 lines (427 loc) · 17.1 KB
/
tests.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
name: Tests
on:
push:
# hitting just main on push suffices to avoid duplicate runs for PRs, since PRs never update main.
# more ideas at https://github.com/orgs/community/discussions/26940 including branches-ignore
branches:
- main
pull_request:
defaults:
run:
working-directory: spiffworkflow-backend
jobs:
tests-backend:
name: ${{ matrix.session }} ${{ matrix.python }} / ${{ matrix.os }} ${{ matrix.database }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
include:
- { python: "3.12", os: "ubuntu-latest", session: "safety" }
- { python: "3.12", os: "ubuntu-latest", session: "mypy" }
- { python: "3.11", os: "ubuntu-latest", session: "safety" }
- { python: "3.11", os: "ubuntu-latest", session: "mypy" }
- { python: "3.10", os: "ubuntu-latest", session: "mypy" }
- {
python: "3.11",
os: "ubuntu-latest",
session: "tests",
database: "mysql",
}
- {
python: "3.12",
os: "ubuntu-latest",
session: "tests",
database: "mysql",
upload_coverage: true,
}
- {
python: "3.11",
os: "ubuntu-latest",
session: "tests",
database: "postgres",
}
- {
python: "3.12",
os: "ubuntu-latest",
session: "tests",
database: "postgres",
}
- {
python: "3.11",
os: "ubuntu-latest",
session: "tests",
database: "sqlite",
}
- {
python: "3.12",
os: "ubuntu-latest",
session: "tests",
database: "sqlite",
}
- {
python: "3.10",
os: "ubuntu-latest",
session: "tests",
database: "sqlite",
}
# FIXME: tests cannot pass on windows and we currently cannot debug
# since none of us have a windows box that can run the python app.
# so ignore windows tests until we can get it fixed.
# - {
# python: "3.10",
# os: "windows-latest",
# session: "tests",
# database: "sqlite",
# }
- {
python: "3.11",
os: "macos-latest",
session: "tests",
database: "sqlite",
}
- {
# typeguard 2.13.3 is broken with TypeDict in 3.11.
# probably the next release fixes it.
# https://github.com/agronholm/typeguard/issues/242
python: "3.11",
os: "ubuntu-latest",
session: "typeguard",
database: "sqlite",
}
- {
# typeguard 2.13.3 is broken with TypeDict in 3.11.
# probably the next release fixes it.
# https://github.com/agronholm/typeguard/issues/242
python: "3.12",
os: "ubuntu-latest",
session: "typeguard",
database: "sqlite",
}
# - { python: "3.11", os: "ubuntu-latest", session: "xdoctest" }
# - { python: "3.11", os: "ubuntu-latest", session: "docs-build" }
env:
FLASK_SESSION_SECRET_KEY: super_secret_key
FORCE_COLOR: "1"
PRE_COMMIT_COLOR: "always"
SPIFFWORKFLOW_BACKEND_DATABASE_PASSWORD: password
SPIFFWORKFLOW_BACKEND_DATABASE_TYPE: ${{ matrix.database }}
SPIFFWORKFLOW_BACKEND_RUNNING_IN_CI: "true"
steps:
- name: Check out the repository
uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python }}
uses: actions/[email protected]
with:
python-version: ${{ matrix.python }}
- name: Install pip and poetry
run: |
pwd
ls -al
pip install --constraint=../.github/workflows/constraints.txt pip poetry
pip --version
poetry --version
- name: Upgrade pip in virtual environments
shell: python
run: |
import os
import pip
with open(os.environ["GITHUB_ENV"], mode="a") as io:
print(f"VIRTUALENV_PIP={pip.__version__}", file=io)
# when we get an imcompatible sqlite migration again and need to combine all migrations into one for the benefit of sqlite
# see if we can get the sqlite-specific block in the noxfile.py to work instead of this block in the github workflow,
# which annoyingly runs python setup outside of the nox environment (which seems to be flakier on poetry install).
# - name: Checkout Samples
# if: matrix.database == 'sqlite'
# uses: actions/checkout@v4
# with:
# repository: sartography/sample-process-models
# path: sample-process-models
# - name: Poetry Install
# if: matrix.database == 'sqlite'
# run: poetry install
# - name: Setup sqlite
# if: matrix.database == 'sqlite'
# env:
# SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR: "${GITHUB_WORKSPACE}/sample-process-models"
# run: ./bin/recreate_db clean rmall
- name: Setup Mysql
uses: mirromutth/[email protected]
with:
host port: 3306
container port: 3306
mysql version: "8.0"
mysql database: "spiffworkflow_backend_unit_testing"
mysql root password: password
collation server: "utf8mb4_0900_as_cs"
if: matrix.database == 'mysql'
- name: Setup Postgres
run: docker run --name postgres-spiff -p 5432:5432 -e POSTGRES_PASSWORD=spiffworkflow_backend -e POSTGRES_USER=spiffworkflow_backend -e POSTGRES_DB=spiffworkflow_backend_unit_testing -d postgres
if: matrix.database == 'postgres'
- name: Install mysqlclient lib dependencies
if: matrix.os == 'macos-latest'
# mysql 8.3 causes failure in poetry install so pin to 8.0. https://github.com/feast-dev/feast/issues/3916
# 8.0 is keg-only, so we have to force link it in order for pkg-config and everything to find it.
run: |
brew install [email protected] pkg-config && brew link [email protected]
- name: Run Session
run: |
./bin/run_ci_session ${{ matrix.session }}
- name: Upload coverage data
# pin to upload coverage from only one matrix entry, otherwise coverage gets confused later
if: matrix.upload_coverage
uses: "actions/upload-artifact@v4"
# this action doesn't seem to respect working-directory so include working-directory value in path
with:
name: coverage-data
path: "spiffworkflow-backend/.coverage.*"
# - name: Upload documentation
# if: matrix.session == 'docs-build'
# uses: actions/upload-artifact@v4
# with:
# name: docs
# path: docs/_build
#
- name: Upload logs
if: failure() && matrix.session == 'tests'
uses: "actions/upload-artifact@v4"
with:
name: logs-${{matrix.python}}-${{matrix.os}}-${{matrix.database}}
path: "./spiffworkflow-backend/log/*.log"
run_pre_commit_checks:
runs-on: ubuntu-latest
defaults:
run:
working-directory: .
steps:
- name: Check out the repository
uses: actions/checkout@v4
- name: Set up Python
uses: actions/[email protected]
with:
python-version: "3.11"
- name: Install Poetry
run: |
pwd
ls -al
pip --version
pip install --constraint=.github/workflows/constraints.txt pip poetry
poetry --version
- name: Poetry Install
run: poetry install
- name: run_pre_commit
run: ./bin/run_pre_commit_in_ci
check_docker_start_script:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@v4
- name: Checkout Samples
uses: actions/checkout@v4
with:
repository: sartography/sample-process-models
path: sample-process-models
- name: start_backend
run: ./bin/build_and_run_with_docker_compose
timeout-minutes: 20
env:
SPIFFWORKFLOW_BACKEND_RUN_DATA_SETUP: "false"
- name: wait_for_backend
run: ./bin/wait_for_backend_to_be_up 5
coverage:
runs-on: ubuntu-latest
needs: [tests-backend, run_pre_commit_checks, check_docker_start_script]
steps:
- name: Check out the repository
uses: actions/checkout@v4
with:
# Disabling shallow clone is recommended for improving relevancy of reporting in sonarcloud
fetch-depth: 0
- name: Set up Python
uses: actions/[email protected]
with:
python-version: "3.11"
- name: Install pip and poetry
run: |
pwd
ls -al
pip install --constraint=../.github/workflows/constraints.txt pip poetry
pip --version
poetry --version
- name: Upgrade pip in virtual environments
shell: python
run: |
import os
import pip
with open(os.environ["GITHUB_ENV"], mode="a") as io:
print(f"VIRTUALENV_PIP={pip.__version__}", file=io)
- name: Download coverage data
uses: actions/[email protected]
with:
name: coverage-data
# this action doesn't seem to respect working-directory so include working-directory value in path
path: spiffworkflow-backend
- name: Run Coverage
run: |
./bin/run_ci_session coverage
- name: Upload coverage report
uses: codecov/[email protected]
- name: SonarCloud Scan
uses: sonarsource/[email protected]
# thought about just skipping dependabot
# if: ${{ github.actor != 'dependabot[bot]' }}
# but figured all pull requests seems better, since none of them will have access to sonarcloud.
# however, with just skipping pull requests, the build associated with "Triggered via push" is also associated with the pull request and also fails hitting sonarcloud
# if: ${{ github.event_name != 'pull_request' }}
# so just skip everything but main
if: github.ref_name == 'main'
with:
projectBaseDir: spiffworkflow-backend
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
# part about saving PR number and then using it from auto-merge-dependabot-prs from:
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_run
- name: Write PR number to spiffworkflow-backend/pr dir
if: ${{ github.event_name == 'pull_request' }}
env:
PR_NUMBER: ${{ github.event.number }}
run: |
mkdir -p ./pr
echo "$PR_NUMBER" > ./pr/pr_number
- name: Upload PR number as artifact
uses: actions/upload-artifact@v4
if: ${{ github.event_name == 'pull_request' }}
with:
name: pr_number
# at https://github.com/sartography/spiff-arena/actions/runs/7757308061/job/21156982087, for example,
# it said: "Warning: No files were found with the provided path: pr", so assuming this is running
# from spiff-arena root rather than the default working-directory we specified, and therefore
# trying to explicitly add spiffworkflow-backend to path
path: spiffworkflow-backend/pr/
if-no-files-found: error
tests-frontend:
runs-on: ubuntu-latest
needs: [tests-backend, run_pre_commit_checks, check_docker_start_script]
defaults:
run:
working-directory: spiffworkflow-frontend
steps:
- name: Development Code
uses: actions/checkout@v4
with:
# Disabling shallow clone is recommended for improving relevancy of reporting in sonarcloud
fetch-depth: 0
ref: ${{ github.event.workflow_run.head_sha }}
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: 18.x
- run: npm install
- run: npm run lint
- run: npm test
- run: npm run build --if-present
- name: SonarCloud Scan
# thought about just skipping dependabot
# if: ${{ github.actor != 'dependabot[bot]' }}
# but figured all pull requests seems better, since none of them will have access to sonarcloud.
# however, with just skipping pull requests, the build associated with "Triggered via push" is also associated with the pull request and also fails hitting sonarcloud
# if: ${{ github.event_name != 'pull_request' }}
# so just skip everything but main
if: github.ref_name == 'main'
uses: sonarsource/[email protected]
with:
projectBaseDir: spiffworkflow-frontend
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
cypress-run:
runs-on: ubuntu-latest
needs: [tests-backend, run_pre_commit_checks, check_docker_start_script]
defaults:
run:
working-directory: spiffworkflow-frontend
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event.workflow_run.head_sha }}
- name: Checkout Samples
uses: actions/checkout@v4
with:
repository: sartography/sample-process-models
path: sample-process-models
- name: start_keycloak
working-directory: ./spiffworkflow-backend
run: ./keycloak/bin/start_keycloak
- name: start_backend
working-directory: ./spiffworkflow-backend
run: ./bin/build_and_run_with_docker_compose
timeout-minutes: 20
env:
SPIFFWORKFLOW_BACKEND_LOAD_FIXTURE_DATA: "true"
SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME: "acceptance_tests.yml"
- name: start_frontend
# working-directory: ./spiffworkflow-frontend
run: ./bin/build_and_run_with_docker_compose
- name: wait_for_backend
working-directory: ./spiffworkflow-backend
run: ./bin/wait_for_backend_to_be_up 5
- name: wait_for_frontend
# working-directory: ./spiffworkflow-frontend
run: ./bin/wait_for_frontend_to_be_up 5
- name: wait_for_keycloak
working-directory: ./spiffworkflow-backend
run: ./keycloak/bin/wait_for_keycloak 5
- name: Dump GitHub context
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
run: |
echo "$GITHUB_CONTEXT"
- name: Cypress run
uses: cypress-io/github-action@v6
with:
working-directory: ./spiffworkflow-frontend
browser: chrome
# only record on push, not pull_request, since we do not have secrets for PRs,
# so the required CYPRESS_RECORD_KEY will not be available.
# we have limited runs in cypress cloud, so only record main builds
# the direct check for github.event_name == 'push' is for if we want to go back to triggering this workflow
# directly, rather than when Backend Tests complete.
# note that github.event.workflow_run is referring to the Backend Tests workflow and another option
# for github.event.workflow_run.event is 'pull_request', which we want to ignore.
record: ${{ github.ref_name == 'main' && ((github.event_name == 'workflow_run' && github.event.workflow_run.event == 'push') || (github.event_name == 'push')) }}
env:
# pass the Dashboard record key as an environment variable
CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }}
# pass GitHub token to allow accurately detecting a build vs a re-run build
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CYPRESS_SPIFFWORKFLOW_FRONTEND_AUTH_WITH_KEYCLOAK: "true"
- name: get_backend_logs_from_docker_compose
if: failure()
working-directory: ./spiffworkflow-backend
run: ./bin/get_logs_from_docker_compose >./log/docker_compose.log
- name: Upload logs
if: failure()
uses: "actions/upload-artifact@v4"
with:
name: spiffworkflow-backend-logs
path: "./spiffworkflow-backend/log/*.log"
# https://github.com/cypress-io/github-action#artifacts
- name: upload_screenshots
uses: actions/upload-artifact@v4
if: failure()
with:
name: cypress-screenshots
path: ./spiffworkflow-frontend/cypress/screenshots
# Test run video was always captured, so this action uses "always()" condition
- name: upload_videos
uses: actions/upload-artifact@v4
if: failure()
with:
name: cypress-videos
path: ./spiffworkflow-frontend/cypress/videos