Return token when creating API-only users (#19525) #13854
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Go Tests | |
on: | |
push: | |
branches: | |
- main | |
- patch-* | |
- prepare-* | |
paths: | |
- '**.go' | |
- 'go.mod' | |
- 'go.sum' | |
- '.github/workflows/test-go.yaml' | |
- 'server/authz/policy.rego' | |
- 'docker-compose.yml' | |
pull_request: | |
paths: | |
- '**.go' | |
- 'go.mod' | |
- 'go.sum' | |
- '.github/workflows/test-go.yaml' | |
- 'server/authz/policy.rego' | |
- 'docker-compose.yml' | |
workflow_dispatch: # Manual | |
schedule: | |
- cron: '0 4 * * *' | |
# This allows a subsequently queued workflow run to interrupt previous runs | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}} | |
cancel-in-progress: true | |
defaults: | |
run: | |
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference | |
shell: bash | |
permissions: | |
contents: read | |
jobs: | |
test-go: | |
strategy: | |
matrix: | |
os: [ubuntu-latest] | |
go-version: ['${{ vars.GO_VERSION }}'] | |
mysql: ["mysql:5.7.21", "mysql:8.0.28"] | |
runs-on: ${{ matrix.os }} | |
env: | |
RACE_ENABLED: false | |
GO_TEST_TIMEOUT: 20m | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
with: | |
egress-policy: audit | |
- name: Install Go | |
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 | |
with: | |
go-version: ${{ matrix.go-version }} | |
- name: Checkout Code | |
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
# Pre-starting dependencies here means they are ready to go when we need them. | |
- name: Start Infra Dependencies | |
# Use & to background this | |
run: FLEET_MYSQL_IMAGE=${{ matrix.mysql }} docker-compose -f docker-compose.yml -f docker-compose-redis-cluster.yml up -d mysql_test mysql_replica_test redis redis-cluster-1 redis-cluster-2 redis-cluster-3 redis-cluster-4 redis-cluster-5 redis-cluster-6 redis-cluster-setup minio saml_idp mailhog mailpit smtp4dev_test & | |
- name: Add TLS certificate for SMTP Tests | |
run: | | |
sudo cp tools/smtp4dev/fleet.crt /usr/local/share/ca-certificates/ | |
sudo update-ca-certificates | |
# It seems faster not to cache Go dependencies | |
- name: Install Go Dependencies | |
run: make deps-go | |
- name: Install ZSH | |
run: sudo apt update && sudo apt install -y zsh | |
- name: Generate static files | |
run: | | |
export PATH=$PATH:~/go/bin | |
make generate-go | |
- name: Set Go race setting on schedule | |
if: github.event.schedule == '0 4 * * *' | |
run: | | |
echo "RACE_ENABLED=true" >> $GITHUB_ENV | |
echo "GO_TEST_TIMEOUT=1h" >> $GITHUB_ENV | |
- name: Wait for mysql | |
run: | | |
echo "waiting for mysql..." | |
until docker-compose exec -T mysql_test sh -c "mysql -uroot -p\"\${MYSQL_ROOT_PASSWORD}\" -e \"SELECT 1=1\" fleet" &> /dev/null; do | |
echo "." | |
sleep 1 | |
done | |
echo "mysql is ready" | |
echo "waiting for mysql replica..." | |
until docker-compose exec -T mysql_replica_test sh -c "mysql -uroot -p\"\${MYSQL_ROOT_PASSWORD}\" -e \"SELECT 1=1\" fleet" &> /dev/null; do | |
echo "." | |
sleep 1 | |
done | |
echo "mysql replica is ready" | |
- name: Run Go Tests | |
run: | | |
GO_TEST_EXTRA_FLAGS="-v -race=$RACE_ENABLED -timeout=$GO_TEST_TIMEOUT" \ | |
TEST_LOCK_FILE_PATH=$(pwd)/lock \ | |
NETWORK_TEST=1 \ | |
REDIS_TEST=1 \ | |
MYSQL_TEST=1 \ | |
MYSQL_REPLICA_TEST=1 \ | |
MINIO_STORAGE_TEST=1 \ | |
SAML_IDP_TEST=1 \ | |
MAIL_TEST=1 \ | |
NETWORK_TEST_GITHUB_TOKEN=${{ secrets.FLEET_RELEASE_GITHUB_PAT }} \ | |
make test-go 2>&1 | tee /tmp/gotest.log | |
- name: Upload to Codecov | |
uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70 | |
with: | |
files: coverage.txt | |
flags: backend | |
- name: Generate summary of errors | |
if: github.event.schedule == '0 4 * * *' && failure() | |
run: | | |
c1grep() { grep "$@" || test $? = 1; } | |
c1grep -oP 'FAIL: .*$' /tmp/gotest.log > /tmp/summary.txt | |
c1grep 'test timed out after' /tmp/gotest.log >> /tmp/summary.txt | |
c1grep 'fatal error:' /tmp/gotest.log >> /tmp/summary.txt | |
c1grep 'panic: runtime error: ' /tmp/gotest.log >> /tmp/summary.txt | |
c1grep ' FAIL\t' /tmp/gotest.log >> /tmp/summary.txt | |
GO_FAIL_SUMMARY=$(head -n 5 /tmp/summary.txt | sed ':a;N;$!ba;s/\n/\\n/g') | |
echo "GO_FAIL_SUMMARY=$GO_FAIL_SUMMARY" | |
if [[ -z "$GO_FAIL_SUMMARY" ]]; then | |
GO_FAIL_SUMMARY="unknown, please check the build URL" | |
fi | |
GO_FAIL_SUMMARY=$GO_FAIL_SUMMARY envsubst < .github/workflows/config/slack_payload_template.json > ./payload.json | |
- name: Slack Notification | |
if: github.event.schedule == '0 4 * * *' && failure() | |
uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0 | |
with: | |
payload-file-path: ./payload.json | |
env: | |
JOB_STATUS: ${{ job.status }} | |
EVENT_URL: ${{ github.event.pull_request.html_url || github.event.head.html_url }} | |
RUN_URL: https://github.com/fleetdm/fleet/actions/runs/${{ github.run_id }}\n${{ github.event.pull_request.html_url || github.event.head.html_url }} | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_G_HELP_ENGINEERING_WEBHOOK_URL }} | |
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK | |
- name: Upload test log | |
if: always() | |
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v2 | |
with: | |
name: test-log | |
path: /tmp/gotest.log | |
if-no-files-found: error | |
- name: Upload summary test log | |
if: always() | |
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v2 | |
with: | |
name: summary-test-log | |
path: /tmp/summary.txt |