larryh/corso
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
corso/.github/workflows/ci.yml
Keepers 960cb45ca8
write test logs to stdout (#2568) 
stderr logging writes all our logs to the terminal (ie, what shows up in github workflows) instead of the logging file artifact.  On failures with thousands of lines of logs, this makes searching for the error source nearly impossible.  This change ensures we have clean outputs in github workflows, and logs stored in artifact files for extensive review.
2023-02-20 19:49:50 +00:00

651 lines
24 KiB
YAML
Raw Blame History

name: Build/Release Corso
env:
IMAGE_NAME: ghcr.io/alcionai/corso
on:
workflow_dispatch:
pull_request:
push:
branches: [main]
tags: ["v*.*.*"]
repository_dispatch:
types: [ok-to-test-command]
permissions:
# required to retrieve AWS credentials
id-token: write
contents: write
packages: write
pull-requests: read
# cancel currently running jobs if a new version of the branch is pushed
concurrency:
group: ci-${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
# ----------------------------------------------------------------------------------------------------
# --- Prechecks and Checkouts ------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------
Precheck:
uses: alcionai/corso/.github/workflows/_filechange_checker.yml@main
Checkout:
needs: [Precheck]
environment: Testing
runs-on: ubuntu-latest
defaults:
run:
working-directory: src
steps:
- uses: actions/checkout@v3
# single setup and sum cache handling here.
# the results will cascade onto both testing and linting.
- name: Setup Golang with cache
uses: ./.github/actions/go-setup-cache
if: startsWith(github.ref, 'refs/tags/') || github.ref == 'refs/heads/main' || needs.precheck.outputs.websitefileschanged == 'true'
with:
go-version-file: src/go.mod
# SetM365App will decide which M365 app to use for this CI run
SetM365App:
environment: Testing
runs-on: ubuntu-latest
outputs:
client_app_slot: ${{ steps.roundrobin.outputs.CLIENT_APP_SLOT }}
client_id_env: ${{ steps.roundrobin.outputs.CLIENT_ID_ENV }}
client_secret_env: ${{ steps.roundrobin.outputs.CLIENT_SECRET_ENV }}
steps:
- name: Figure out which client id to use
id: roundrobin
run: |
slot=$((GITHUB_RUN_NUMBER % 4))
echo "CLIENT_APP_SLOT=$slot" >> $GITHUB_OUTPUT
case $slot in
0)
echo "CLIENT_ID_ENV=CLIENT_ID" >> $GITHUB_OUTPUT
echo "CLIENT_SECRET_ENV=CLIENT_SECRET" >> $GITHUB_OUTPUT
;;
1)
echo "CLIENT_ID_ENV=CLIENT_ID_2" >> $GITHUB_OUTPUT
echo "CLIENT_SECRET_ENV=CLIENT_SECRET_2" >> $GITHUB_OUTPUT
;;
2)
echo "CLIENT_ID_ENV=CLIENT_ID_3" >> $GITHUB_OUTPUT
echo "CLIENT_SECRET_ENV=CLIENT_SECRET_3" >> $GITHUB_OUTPUT
;;
3)
echo "CLIENT_ID_ENV=CLIENT_ID_4" >> $GITHUB_OUTPUT
echo "CLIENT_SECRET_ENV=CLIENT_SECRET_4" >> $GITHUB_OUTPUT
;;
esac
SetEnv:
environment: Testing
runs-on: ubuntu-latest
outputs:
environment: ${{ steps.environment.outputs.environment }}
version: ${{ steps.version.outputs.version }}
website-bucket: ${{ steps.website-bucket.outputs.website-bucket }}
website-cfid: ${{ steps.website-cfid.outputs.website-cfid }}
steps:
- uses: actions/checkout@v3
- name: Figure out environment
id: environment
run: |
if ${{ startsWith(github.ref, 'refs/tags/') }}; then
echo "set-output name=environment::Production"
echo "::set-output name=environment::Production"
else
echo "set-output name=environment::Testing"
echo "::set-output name=environment::Testing"
fi
- name: Get version string
id: version
run: |
if ${{ startsWith(github.ref, 'refs/tags/') }}; then
echo "set-output name=version::$(git describe --exact-match --tags $(git rev-parse HEAD))"
echo "::set-output name=version::$(git describe --exact-match --tags $(git rev-parse HEAD))"
else
echo "set-output name=version::$(echo unreleased-$(git rev-parse --short HEAD))"
echo "::set-output name=version::$(echo unreleased-$(git rev-parse --short HEAD))"
fi
- name: Get bucket name for website
id: website-bucket
run: |
if ${{ startsWith(github.ref, 'refs/tags/') }}; then
echo "set-output name=website-bucket::corsobackup.io"
echo "::set-output name=website-bucket::corsobackup.io"
else
echo "set-output name=website-bucket::test-corso-docs"
echo "::set-output name=website-bucket::test-corso-docs"
fi
- name: Get cfid for website
id: website-cfid
run: |
if ${{ startsWith(github.ref, 'refs/tags/') }}; then
echo "set-output name=website-cfid::E1W9NGI9YTVZ1A"
echo "::set-output name=website-cfid::E1W9NGI9YTVZ1A"
else
echo "set-output name=website-cfid::ESFTEIYTIP7Y3"
echo "::set-output name=website-cfid::ESFTEIYTIP7Y3"
fi
# ----------------------------------------------------------------------------------------------------
# --- Website Linting -----------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------
Website-Linting:
needs: [Precheck, Checkout, SetEnv]
environment: Testing
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/') || github.ref == 'refs/heads/main' || needs.precheck.outputs.websitefileschanged == 'true' # websitefileschanged also includes srcfileschanged
steps:
- uses: actions/checkout@v3
- name: Lint Website
uses: ./.github/actions/website-linting
with:
version: ${{ needs.SetEnv.outputs.version }}
# ----------------------------------------------------------------------------------------------------
# --- Integration and Unit Testing -------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------
Test-Suite-Trusted:
needs: [Precheck, Checkout, SetM365App]
environment: Testing
runs-on: ubuntu-latest
if: (startsWith(github.ref, 'refs/tags/') || github.ref == 'refs/heads/main') || (needs.precheck.outputs.srcfileschanged == 'true' && github.event.pull_request.head.repo.full_name == github.repository)
defaults:
run:
working-directory: src
env:
# Resolve the name of the secret that contains the Azure client ID/secret
AZURE_CLIENT_ID_NAME: ${{ needs.SetM365App.outputs.client_id_env }}
AZURE_CLIENT_SECRET_NAME: ${{ needs.SetM365App.outputs.client_secret_env }}
CLIENT_APP_SLOT: ${{ needs.SetM365App.outputs.client_app_slot }}
steps:
- uses: actions/checkout@v3
- name: Setup Golang with cache
uses: magnetikonline/action-golang-cache@v3
with:
go-version-file: src/go.mod
- run: mkdir testlog
# Install gotestfmt
- name: Set up gotestfmt
run: go install github.com/gotesttools/gotestfmt/v2/cmd/gotestfmt@latest
# AWS creds
- name: Configure AWS credentials from Test account
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
role-session-name: integration-testing
aws-region: us-east-1
# run the tests
- name: Integration Tests
env:
AZURE_CLIENT_ID: ${{ secrets[env.AZURE_CLIENT_ID_NAME] }}
AZURE_CLIENT_SECRET: ${{ secrets[env.AZURE_CLIENT_SECRET_NAME] }}
AZURE_TENANT_ID: ${{ secrets.TENANT_ID }}
CORSO_CI_TESTS: true
CORSO_M365_TEST_USER_ID: ${{ secrets.CORSO_M365_TEST_USER_ID }}
CORSO_SECONDARY_M365_TEST_USER_ID: ${{ secrets.CORSO_SECONDARY_M365_TEST_USER_ID }}
CORSO_PASSPHRASE: ${{ secrets.INTEGRATION_TEST_CORSO_PASSPHRASE }}
CORSO_LOG_FILE: ./src/testlog/testlogging.log
LOG_GRAPH_REQUESTS: true
run: |
set -euo pipefail
go test \
-tags testing \
-json \
-v \
-failfast \
-p 1 \
./... 2>&1 | tee ./testlog/gotest.log | gotestfmt -hide successful-tests
# Upload the original go test output as an artifact for later review.
- name: Upload test log
if: failure()
uses: actions/upload-artifact@v3
with:
name: test-log
path: src/testlog/*
if-no-files-found: error
retention-days: 14
Test-Suite-Fork:
needs: [Precheck]
environment: Testing
if: (!startsWith(github.ref , 'refs/tags/') && github.ref != 'refs/heads/main') && (needs.precheck.outputs.srcfileschanged == 'true' && github.event.pull_request.head.repo.full_name != github.repository)
runs-on: ubuntu-latest
defaults:
run:
working-directory: src
steps:
- name: Fail check if not repository_dispatch
if: github.event_name != 'repository_dispatch'
run: |
echo "Workflow requires approval from a maintainer to run. It will be automatically rerun on approval."
exit 1
- uses: marocchino/sticky-pull-request-comment@v2
if: github.event.client_payload.slash_command.args.named.sha != '' && contains(github.event.client_payload.pull_request.head.sha, github.event.client_payload.slash_command.args.named.sha)
with:
message: |
Workflow run sha specified via `ok-to-test` is not the latest commit on PR. Run canceled.
- name: Fail check if not head of PR
if: github.event.client_payload.slash_command.args.named.sha != '' && contains(github.event.client_payload.pull_request.head.sha, github.event.client_payload.slash_command.args.named.sha)
run: |
echo "Workflow run sha specified is not the latest commit on PR. Exiting."
exit 1
# add comment to PR with link to workflow run
- uses: marocchino/sticky-pull-request-comment@v2
with:
message: |
Test suite run will be available at https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID
# Check out merge commit
- name: Fork based /ok-to-test checkout
uses: actions/checkout@v2
with:
ref: "refs/pull/${{ github.event.client_payload.pull_request.number }}/merge"
- name: Setup Golang with cache
uses: magnetikonline/action-golang-cache@v3
with:
go-version-file: src/go.mod
- run: mkdir testlog
# Install gotestfmt
- name: Set up gotestfmt
run: go install github.com/gotesttools/gotestfmt/v2/cmd/gotestfmt@latest
# AWS creds
- name: Configure AWS credentials from Test account
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
role-session-name: integration-testing
aws-region: us-east-1
# run the tests
- name: Integration Tests
env:
AZURE_CLIENT_ID: ${{ secrets.CLIENT_ID }}
AZURE_CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}
AZURE_TENANT_ID: ${{ secrets.TENANT_ID }}
CORSO_CI_TESTS: true
CORSO_M365_TEST_USER_ID: ${{ secrets.CORSO_M365_TEST_USER_ID }}
CORSO_PASSPHRASE: ${{ secrets.INTEGRATION_TEST_CORSO_PASSPHRASE }}
CORSO_LOG_FILE: ./src/testlog/testlogging.log
run: |
set -euo pipefail
go test \
-json \
-v \
./... 2>&1 | tee ./testlog/gotest.log | gotestfmt -hide successful-tests
# Upload the original go test log as an artifact for later review.
- name: Upload test log
if: failure()
uses: actions/upload-artifact@v3
with:
name: test-log
path: src/testlog/*
if-no-files-found: error
retention-days: 14
# Update check run called "Test-Suite-Fork"
- uses: actions/github-script@v6
id: update-check-run
if: ${{ always() }}
env:
number: ${{ github.event.client_payload.pull_request.number }}
job: ${{ github.job }}
# Conveniently, job.status maps to https://developer.github.com/v3/checks/runs/#update-a-check-run
conclusion: ${{ job.status }}
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const { data: pull } = await github.rest.pulls.get({
...context.repo,
pull_number: process.env.number
});
const ref = pull.head.sha;
const { data: checks } = await github.rest.checks.listForRef({
...context.repo,
ref
});
const check = checks.check_runs.filter(c => c.name === process.env.job);
const { data: result } = await github.rest.checks.update({
...context.repo,
check_run_id: check[0].id,
status: 'completed',
conclusion: process.env.conclusion
});
return result;
# ----------------------------------------------------------------------------------------------------
# --- Source Code Linting ----------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------
Linting:
needs: [Precheck, Checkout]
environment: Testing
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/') || github.ref == 'refs/heads/main' || needs.precheck.outputs.srcfileschanged == 'true'
defaults:
run:
working-directory: src
steps:
- uses: actions/checkout@v3
- name: Setup Golang with cache
uses: magnetikonline/action-golang-cache@v3
with:
go-version-file: src/go.mod
- name: Go Lint
uses: golangci/golangci-lint-action@v3
with:
# Keep pinned to a verson as sometimes updates will add new lint
# failures in unchanged code.
version: v1.50.1
working-directory: src
skip-pkg-cache: true
skip-build-cache: true
# check licenses
- name: Get go-licenses
run: go install github.com/google/go-licenses@latest
- name: Run go-licenses
run: go-licenses check github.com/alcionai/corso/src --ignore github.com/alcionai/corso/src
- name: Run staticcheck
uses: dominikh/staticcheck-action@v1.3.0
with:
install-go: false
working-directory: src
# ----------------------------------------------------------------------------------------------------
# --- Publish steps ----------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------
Publish-Binary:
needs: [Test-Suite-Trusted, Linting, Website-Linting, SetEnv]
environment: ${{ needs.SetEnv.outputs.environment }}
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/') || github.ref == 'refs/heads/main'
defaults:
run:
working-directory: src
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0 # needed to pull changelog
- name: Setup Golang with cache
uses: magnetikonline/action-golang-cache@v3
with:
go-version-file: src/go.mod
- name: Decide goreleaser release mode
shell: bash
run: |
if test '${{ github.ref }}' = "refs/heads/main"; then
echo "grflags=--snapshot" >> $GITHUB_ENV
else
echo "grflags=" >> $GITHUB_ENV
fi
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v4
with:
version: latest
args: release --rm-dist --timeout 500m --parallelism 1 ${{ env.grflags }}
workdir: src
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
RUDDERSTACK_CORSO_WRITE_KEY: ${{ secrets.RUDDERSTACK_CORSO_WRITE_KEY }}
RUDDERSTACK_CORSO_DATA_PLANE_URL: ${{ secrets.RUDDERSTACK_CORSO_DATA_PLANE_URL }}
CORSO_VERSION: ${{ needs.SetEnv.outputs.version }}
- name: Upload darwin arm64
uses: actions/upload-artifact@v3
with:
name: corso_Darwin_arm64
path: src/dist/corso_darwin_arm64/corso
- name: Upload linux arm64
uses: actions/upload-artifact@v3
with:
name: corso_Linux_arm64
path: src/dist/corso_linux_arm64/corso
- name: Upload darwin amd64
uses: actions/upload-artifact@v3
with:
name: corso_Darwin_amd64
path: src/dist/corso_darwin_amd64_v1/corso
- name: Upload linux amd64
uses: actions/upload-artifact@v3
with:
name: corso_Linux_amd64
path: src/dist/corso_linux_amd64_v1/corso
- name: Upload windows amd64
uses: actions/upload-artifact@v3
with:
name: corso_Windows_amd64
path: src/dist/corso_windows_amd64_v1/corso.exe
Publish-Image:
needs: [Test-Suite-Trusted, Linting, Website-Linting, SetEnv]
environment: ${{ needs.SetEnv.outputs.environment }}
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/') || github.ref == 'refs/heads/main'
defaults:
run:
working-directory: build
env:
PLATFORMS: linux/amd64,linux/arm64
steps:
- uses: actions/checkout@v3
# Setup buildx
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
# retrieve credentials for ghcr.io
- name: Login to Github Packages
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v4
with:
images: ${{ env.IMAGE_NAME }}
tags: |
type=ref,event=tag
type=sha,format=short,prefix=
type=raw,value=nightly
# deploy the image
- name: Build image and push to GitHub Container Registry
uses: docker/build-push-action@v3
with:
context: .
file: ./build/Dockerfile
platforms: ${{ env.PLATFORMS }}
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
CORSO_BUILD_LDFLAGS=-X 'github.com/alcionai/corso/src/internal/events.RudderStackWriteKey=${{ secrets.RUDDERSTACK_CORSO_WRITE_KEY }}' -X 'github.com/alcionai/corso/src/internal/events.RudderStackDataPlaneURL=${{ secrets.RUDDERSTACK_CORSO_DATA_PLANE_URL }}' -X 'github.com/alcionai/corso/src/internal/version.Version=${{ needs.SetEnv.outputs.version }}'
# use the github cache
cache-from: type=gha
cache-to: type=gha,mode=max
Validate-Linux-Artifacts:
needs: [Publish-Binary, Publish-Image, SetEnv]
environment: Testing
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/')
env:
CORSO_VERSION: ${{ needs.SetEnv.outputs.version }}
steps:
- name: Validate x86_64 binary artifacts
run: |
set -ex
curl -L https://github.com/alcionai/corso/releases/download/${{ env.CORSO_VERSION }}/corso_${{ env.CORSO_VERSION }}_Linux_x86_64.tar.gz > corso.tar.gz
tar -xf corso.tar.gz
./corso --help
./corso --version 2>&1 | grep -E "version: ${{ env.CORSO_VERSION }}$"
- name: Validate arm64 binary artifacts
uses: uraimo/run-on-arch-action@v2
with:
arch: armv7
distro: ubuntu18.04
install: |
apt-get -y update && apt-get -y install curl
run: |
set -ex
sudo apt-get update && sudo apt-get install curl
curl -L https://github.com/alcionai/corso/releases/download/${{ env.CORSO_VERSION }}/corso_${{ env.CORSO_VERSION }}_Linux_arm64.tar.gz > corso.tar.gz
tar -xf corso.tar.gz
./corso --help
./corso --version 2>&1 | grep -E "version: ${{ env.CORSO_VERSION }}$"
Validate-Docker-Artifacts:
needs: [Publish-Binary, Publish-Image, SetEnv]
environment: Testing
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/')
env:
CORSO_VERSION: ${{ needs.SetEnv.outputs.version }}
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Validate amd64 container images
run: |
docker run --platform linux/amd64 ${{ env.IMAGE_NAME }}:${{ env.CORSO_VERSION }} --help
docker run --platform linux/amd64 ${{ env.IMAGE_NAME }}:${{ env.CORSO_VERSION }} --version | grep -E "version: ${{ env.CORSO_VERSION }}$"
- name: Validate arm64 container images
run: |
docker run --platform linux/arm64 ${{ env.IMAGE_NAME }}:${{ env.CORSO_VERSION }} --help
docker run --platform linux/amd64 ${{ env.IMAGE_NAME }}:${{ env.CORSO_VERSION }} --version | grep -E "version: ${{ env.CORSO_VERSION }}$"
Validate-MacOS-Artifacts:
needs: [Publish-Binary, Publish-Image, SetEnv]
environment: Testing
runs-on: macos-latest
if: startsWith(github.ref, 'refs/tags/')
env:
CORSO_VERSION: ${{ needs.SetEnv.outputs.version }}
steps:
- name: Validate x86_64 binary artifacts
run: |
set -ex
curl -L https://github.com/alcionai/corso/releases/download/${{ env.CORSO_VERSION }}/corso_${{ env.CORSO_VERSION }}_Darwin_x86_64.tar.gz > corso.tar.gz
tar -xf corso.tar.gz
./corso --help
./corso --version 2>&1 | grep -E "version: ${{ env.CORSO_VERSION }}$"
- name: Validate arm64 binary artifacts
run: |
set -ex
curl -L https://github.com/alcionai/corso/releases/download/${{ env.CORSO_VERSION }}/corso_${{ env.CORSO_VERSION }}_Darwin_arm64.tar.gz > corso.tar.gz
tar -xf corso.tar.gz
# TODO: test/validate arm64 executable once we have arm64 CI
Validate-Windows-Artifacts:
needs: [Publish-Binary, Publish-Image, SetEnv]
environment: Testing
runs-on: windows-latest
if: startsWith(github.ref, 'refs/tags/')
env:
CORSO_VERSION: ${{ needs.SetEnv.outputs.version }}
steps:
- name: Validate x86_64 binary artifacts
run: |
curl -L https://github.com/alcionai/corso/releases/download/${{ env.CORSO_VERSION }}/corso_${{ env.CORSO_VERSION }}_Windows_x86_64.zip -o corso.zip
7z x corso.zip
./corso.exe --help
./corso.exe --version 2>&1 | grep -E "version: ${{ env.CORSO_VERSION }}$"
Publish-Website-Test:
needs: [Test-Suite-Trusted, Linting, Website-Linting, SetEnv]
environment: ${{ needs.SetEnv.outputs.environment }}
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v3 # need to checkout to make the action available
- name: Publish website
uses: ./.github/actions/publish-website
with:
aws-iam-role: ${{ secrets.AWS_IAM_ROLE }}
bucket: ${{ needs.SetEnv.outputs.website-bucket }}
cfid: ${{ needs.SetEnv.outputs.website-cfid }}
Publish-Website-Prod:
needs: [SetEnv, Validate-Linux-Artifacts, Validate-MacOS-Artifacts, Validate-Docker-Artifacts, Validate-Windows-Artifacts]
environment: ${{ needs.SetEnv.outputs.environment }}
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/')
steps:
- uses: actions/checkout@v3 # need to checkout to make the action available
- name: Publish website
uses: ./.github/actions/publish-website
with:
aws-iam-role: ${{ secrets.AWS_IAM_ROLE }}
bucket: ${{ needs.SetEnv.outputs.website-bucket }}
cfid: ${{ needs.SetEnv.outputs.website-cfid }}
Validate-Website-Artifacts:
needs: [Publish-Website-Prod, SetEnv]
environment: Testing
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/')
env:
CORSO_VERSION: ${{ needs.SetEnv.outputs.version }}
steps:
- name: Validate docs
run: |
curl https://corsobackup.io/docs/quickstart/ | grep https://github.com/alcionai/corso/releases/download/${{ env.CORSO_VERSION }}/corso_${{ env.CORSO_VERSION }}_Linux_x86_64.tar.gz
Reference in New Issue View Git Blame Copy Permalink