Skip to content

feat: Add support for Service Account Impersonation. #713

feat: Add support for Service Account Impersonation.

feat: Add support for Service Account Impersonation. #713

Workflow file for this run

# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: tests
on:
pull_request:
pull_request_target:
types: [labeled]
# Declare default permissions as read only.
permissions: read-all
jobs:
unit:
if: "${{ github.event.action != 'labeled' || github.event.label.name == 'tests: run' }}"
name: unit tests
runs-on: ubuntu-latest
permissions:
issues: write
pull-requests: write
steps:
- name: Remove PR Label
if: "${{ github.event.action == 'labeled' && github.event.label.name == 'tests: run' }}"
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
try {
await github.rest.issues.removeLabel({
name: 'tests: run',
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.payload.pull_request.number
});
} catch (e) {
console.log('Failed to remove label. Another job may have already removed it!');
}
- name: Setup Go
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with:
go-version: '1.20'
- name: Checkout code
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
ref: ${{ github.event.pull_request.head.sha }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- name: Set up build.env with phony secrets.
run: cp build.sample.env build.env
- name: Verify no changes from code generation. If this check has failed, run `make generate` and commit the changes.
run: "make generate \nif ! git diff --exit-code --quiet ; then \n echo\n echo\n git diff --stat \"HEAD\"\n echo\n echo\n echo 'ERROR: Lint tools caused changes to the working dir. '\n exit 1\nfi\n"
- name: make test
run: make test
e2e:
needs: unit
if: "${{ github.event.action == 'labeled' && github.event.label.name == 'tests: run' }}"
name: e2e tests
runs-on: ubuntu-latest
permissions:
contents: 'read'
id-token: 'write'
issues: write
pull-requests: write
steps:
- name: Checkout code
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
ref: ${{ github.event.pull_request.head.sha }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- id: 'auth'
name: Authenticate to Google Cloud
uses: google-github-actions/auth@35b0e87d162680511bf346c299f71c9c5c379033 # v1.1.1
with:
workload_identity_provider: ${{ secrets.PROVIDER_NAME }}
service_account: ${{ secrets.SERVICE_ACCOUNT }}
access_token_lifetime: 600s
project_id: ${{ secrets.GOOGLE_CLOUD_PROJECT }}
create_credentials_file: true
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@e30db14379863a8c79331b04a9969f4c1e225e0b # v1.1.1
- name: 'Setup Go'
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with:
go-version: '1.20'
- name: Set up QEMU
uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2.10.0
- id: 'e2e'
name: 'Run E2E Tests'
run: "./tools/e2e_test_job.sh"
env:
ENVIRONMENT_NAME: "ci-pr"
NODEPOOL_SERVICEACCOUNT_EMAIL: "${{secrets.NODEPOOL_SERVICEACCOUNT_EMAIL}}"
WORKLOAD_ID_SERVICEACCOUNT_EMAIL: "${{secrets.WORKLOAD_ID_SERVICEACCOUNT_EMAIL}}"
TFSTATE_STORAGE_BUCKET: "${{secrets.TFSTATE_STORAGE_BUCKET}}"
E2E_PROJECT_ID: "${{secrets.GOOGLE_CLOUD_PROJECT}}"