mirror of
https://github.com/bartvdbraak/keyweave.git
synced 2025-10-31 00:19:11 +00:00
104 lines
3.3 KiB
YAML
104 lines
3.3 KiB
YAML
name: Tests
|
|
|
|
permissions:
|
|
id-token: write
|
|
contents: write
|
|
|
|
on:
|
|
push:
|
|
branches: [ main ]
|
|
pull_request:
|
|
branches: [ main ]
|
|
|
|
jobs:
|
|
bicep-pre-check:
|
|
name: Bicep Pre-check
|
|
environment: bicep
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
deployed_tag_exists: ${{ steps.check_tag.outputs.DEPLOYED_TAG_EXISTS }}
|
|
no_changes: ${{ steps.check_changes.outputs.NO_CHANGES }}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Fetch complete history
|
|
run: |
|
|
git fetch --prune --unshallow --tags
|
|
- name: Check for deployed tag
|
|
id: check_tag
|
|
run: |
|
|
if git rev-parse --verify deployed >/dev/null 2>&1; then
|
|
echo "DEPLOYED_TAG_EXISTS=true" >> $GITHUB_OUTPUT
|
|
echo "LAST_DEPLOYED_COMMIT=$(git rev-list -n 1 deployed)" >> $GITHUB_OUTPUT
|
|
else
|
|
echo "DEPLOYED_TAG_EXISTS=false" >> $GITHUB_OUTPUT
|
|
fi
|
|
- name: Check for changes in bicep folder
|
|
id: check_changes
|
|
if: steps.check_tag.outputs.DEPLOYED_TAG_EXISTS == 'true'
|
|
run: |
|
|
if git diff --quiet ${{ steps.check_tag.outputs.LAST_DEPLOYED_COMMIT }} HEAD -- bicep/ ; then
|
|
echo "NO_CHANGES=true" >> $GITHUB_OUTPUT
|
|
else
|
|
echo "NO_CHANGES=false" >> $GITHUB_OUTPUT
|
|
fi
|
|
bicep:
|
|
name: Deploy Azure resources
|
|
needs: bicep-pre-check
|
|
if: needs.bicep-pre-check.outputs.deployed_tag_exists == 'false' || needs.bicep-pre-check.outputs.no_changes == 'false'
|
|
environment: bicep
|
|
runs-on: ubuntu-latest
|
|
concurrency:
|
|
group: bicep
|
|
env:
|
|
LOCATION: eastus
|
|
DEPLOYMENT_NAME: keyweave-${{ github.run_id }}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: azure/login@v2
|
|
with:
|
|
client-id: ${{ secrets.AZURE_CLIENT_ID_BICEP }}
|
|
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
|
|
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
|
|
|
- name: Deploy Bicep template
|
|
uses: azure/arm-deploy@v2
|
|
with:
|
|
scope: subscription
|
|
region: ${{ env.LOCATION }}
|
|
template: bicep/main.bicep
|
|
deploymentName: ${{ env.DEPLOYMENT_NAME }}
|
|
- name: Tag Deployment
|
|
run: |
|
|
git config --global user.name "github-actions[bot]"
|
|
git config --global user.email "github-actions[bot]@users.noreply.github.com"
|
|
git tag -fa deployed -m "Deployed to Azure"
|
|
git push origin --tags --force
|
|
|
|
tests:
|
|
name: Run End-to-End Tests
|
|
needs: bicep
|
|
if: always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled')
|
|
strategy:
|
|
matrix:
|
|
include:
|
|
- filter: no_access
|
|
client-id-ref: AZURE_CLIENT_ID_NO_ACCESS
|
|
- filter: only_get
|
|
client-id-ref: AZURE_CLIENT_ID_GET
|
|
- filter: only_list
|
|
client-id-ref: AZURE_CLIENT_ID_LIST
|
|
- filter: get_and_list_access
|
|
client-id-ref: AZURE_CLIENT_ID_GET_LIST
|
|
runs-on: ubuntu-latest
|
|
environment: test
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: dtolnay/rust-toolchain@stable
|
|
- name: Azure Login
|
|
uses: azure/login@v2
|
|
with:
|
|
client-id: ${{ secrets[matrix.client-id-ref] }}
|
|
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
|
|
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
|
- name: Run ${{ matrix.filter }} tests
|
|
run: cargo test ${{ matrix.filter }}
|