Propagate Azure credentials to Fusion #4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Nextflow CI | |
# read more here: https://help.github.com/en/articles/workflow-syntax-for-github-actions#on | |
# Note: We don't use the `on: path` option for docs, | |
# because the Build steps are *required* tests. | |
# Instead, we trigger + skip the tests if the only changes | |
# are in the docs folder. GitHub treats this as passing. | |
on: | |
push: | |
branches: | |
- 'master' | |
- 'test*' | |
- 'dev*' | |
- 'STABLE-*' | |
pull_request: | |
types: [opened, reopened, synchronize] | |
workflow_dispatch: | |
jobs: | |
build: | |
name: Build | |
runs-on: ubuntu-latest | |
timeout-minutes: 90 | |
strategy: | |
fail-fast: false | |
matrix: | |
java_version: [17, 23] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 1 | |
submodules: true | |
- name: Get the commit message | |
id: get_commit_message | |
run: | | |
if [ "${{ github.event_name }}" = "pull_request" ]; then | |
echo "GitHub event=pull_request" | |
COMMIT_SHA=${{ github.event.pull_request.head.sha }} | |
COMMIT_MESSAGE=$(curl -s \ | |
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ | |
https://api.github.com/repos/${{ github.repository }}/commits/$COMMIT_SHA | jq -r '.commit.message') | |
echo "Commit message=$COMMIT_MESSAGE" | head -n 1 | |
echo "commit_message=$COMMIT_MESSAGE" | head -n 1 >> $GITHUB_OUTPUT | |
else | |
echo "GitHub event=${{ github.event_name }}" | |
echo "Commit message=${{ github.event.head_commit.message }}" | head -n 1 | |
echo "commit_message=${{ github.event.head_commit.message }}" | head -n 1 >> $GITHUB_OUTPUT | |
fi | |
- name: Get changed files | |
id: changed-files | |
uses: tj-actions/changed-files@v43 | |
with: | |
files_ignore: docs/** | |
- name: List all changed files | |
env: | |
ALL_CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }} | |
run: | | |
for file in ${ALL_CHANGED_FILES}; do | |
echo "$file was changed" | |
done | |
- name: Setup env | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: | | |
rm -f $HOME/.gitconfig; | |
mkdir -p "$HOME/.nextflow"; | |
echo "providers.github.auth='$NXF_GITHUB_ACCESS_TOKEN'" > "$HOME/.nextflow/scm" | |
env: | |
NXF_GITHUB_ACCESS_TOKEN: ${{ secrets.NXF_GITHUB_ACCESS_TOKEN }} | |
- name: Setup Java ${{ matrix.java_version }} | |
if: steps.changed-files.outputs.any_changed == 'true' | |
uses: actions/setup-java@v4 | |
with: | |
java-version: ${{matrix.java_version}} | |
distribution: 'temurin' | |
architecture: x64 | |
cache: gradle | |
- name: Compile | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: make assemble | |
- name: Test | |
if: steps.changed-files.outputs.any_changed == 'true' | |
run: | | |
env | sort | |
# configure test env | |
if [[ "$GOOGLE_SECRET" ]]; then | |
echo $GOOGLE_SECRET | base64 -d > $PWD/google_credentials.json | |
export GOOGLE_APPLICATION_CREDENTIALS=$PWD/google_credentials.json | |
fi | |
# run tests | |
make test | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
NXF_BITBUCKET_ACCESS_TOKEN: ${{ secrets.NXF_BITBUCKET_ACCESS_TOKEN }} | |
NXF_GITHUB_ACCESS_TOKEN: ${{ secrets.NXF_GITHUB_ACCESS_TOKEN }} | |
NXF_GITLAB_ACCESS_TOKEN: ${{ secrets.NXF_GITLAB_ACCESS_TOKEN }} | |
NXF_AZURE_REPOS_TOKEN: ${{ secrets.NXF_AZURE_REPOS_TOKEN }} | |
GOOGLE_SECRET: ${{ secrets.GOOGLE_SECRET }} | |
AZURE_STORAGE_ACCOUNT_NAME: nfazurestore | |
AZURE_STORAGE_ACCOUNT_KEY: ${{ secrets.AZURE_STORAGE_ACCOUNT_KEY }} | |
AZURE_BATCH_ACCOUNT_NAME: nfbatchtest | |
AZURE_BATCH_ACCOUNT_KEY: ${{ secrets.AZURE_BATCH_ACCOUNT_KEY }} | |
- name: Publish tests report | |
uses: actions/upload-artifact@v4 | |
if: steps.changed-files.outputs.any_changed == 'true' && always() | |
with: | |
name: report-unit-tests-jdk-${{ matrix.java_version }} | |
path: | | |
**/build/reports/tests/test | |
outputs: | |
any_changed: ${{ steps.changed-files.outputs.any_changed }} | |
commit_message: ${{ steps.get_commit_message.outputs.commit_message }} | |
test: | |
if: ${{ !contains(needs.build.outputs.commit_message, '[ci fast]') && needs.build.outputs.any_changed == 'true' }} | |
needs: build | |
runs-on: ubuntu-latest | |
timeout-minutes: 90 | |
strategy: | |
fail-fast: false | |
matrix: | |
java_version: [17, 23] | |
test_mode: ["test_integration", "test_docs", "test_aws", "test_azure", "test_google", "test_wave"] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 1 | |
submodules: true | |
- name: Setup env | |
run: | | |
rm -f $HOME/.gitconfig; | |
mkdir -p "$HOME/.nextflow"; | |
echo "providers.github.auth='$NXF_GITHUB_ACCESS_TOKEN'" > "$HOME/.nextflow/scm" | |
env: | |
NXF_GITHUB_ACCESS_TOKEN: ${{ secrets.NXF_GITHUB_ACCESS_TOKEN }} | |
- name: Setup Java ${{ matrix.java_version }} | |
uses: actions/setup-java@v4 | |
with: | |
java-version: ${{matrix.java_version}} | |
distribution: 'temurin' | |
architecture: x64 | |
cache: gradle | |
- name: Run tests | |
run: | | |
env | sort | |
# configure test env | |
if [[ "$GOOGLE_SECRET" ]]; then | |
echo $GOOGLE_SECRET | base64 -d > $PWD/google_credentials.json | |
export GOOGLE_APPLICATION_CREDENTIALS=$PWD/google_credentials.json | |
fi | |
cat $HOME/.nextflow/scm | |
make clean assemble install | |
bash test-ci.sh | |
env: | |
TEST_JDK: ${{ matrix.java_version }} | |
TEST_MODE: ${{ matrix.test_mode }} | |
GRADLE_OPTS: '-Dorg.gradle.daemon=false' | |
TOWER_ACCESS_TOKEN: ${{ secrets.TOWER_ACCESS_TOKEN }} | |
AWS_DEFAULT_REGION: eu-west-1 | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
NXF_BITBUCKET_ACCESS_TOKEN: ${{ secrets.NXF_BITBUCKET_ACCESS_TOKEN }} | |
NXF_GITHUB_ACCESS_TOKEN: ${{ secrets.NXF_GITHUB_ACCESS_TOKEN }} | |
NXF_GITLAB_ACCESS_TOKEN: ${{ secrets.NXF_GITLAB_ACCESS_TOKEN }} | |
NXF_AZURE_REPOS_TOKEN: ${{ secrets.NXF_AZURE_REPOS_TOKEN }} | |
GOOGLE_SECRET: ${{ secrets.GOOGLE_SECRET }} | |
AZURE_STORAGE_ACCOUNT_NAME: nfazurestore | |
AZURE_STORAGE_ACCOUNT_KEY: ${{ secrets.AZURE_STORAGE_ACCOUNT_KEY }} | |
AZURE_BATCH_ACCOUNT_NAME: nfbatchtest | |
AZURE_BATCH_ACCOUNT_KEY: ${{ secrets.AZURE_BATCH_ACCOUNT_KEY }} | |
- name: Tar integration tests | |
if: always() | |
run: tar -cvf integration-tests.tar tests/checks | |
- name: Publish tests report | |
uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: report-${{ matrix.test_mode }}-jdk-${{ matrix.java_version }} | |
path: | | |
validation/**/* | |
validation/**/.* | |
integration-tests.tar | |
test-e2e: | |
if: ${{ contains(needs.build.outputs.commit_message,'[e2e stage]') || contains(needs.build.outputs.commit_message,'[e2e prod]') }} | |
needs: build | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
permissions: | |
actions: write # Allow writing to actions | |
contents: write # Allow writing to repository contents | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 1 | |
submodules: true | |
- name: Setup Java 17 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: 17 | |
distribution: 'temurin' | |
architecture: x64 | |
cache: gradle | |
- name: Setup env | |
run: | | |
wget -q -O wave https://github.com/seqeralabs/wave-cli/releases/download/v1.4.1/wave-1.4.1-linux-x86_64 | |
chmod +x wave | |
mv wave /usr/local/bin/ | |
echo "COMMIT_MESSAGE=\"${{ needs.build.outputs.commit_message }}\"" >> $GITHUB_ENV | |
- name : Docker Login to Seqera public CR | |
uses : docker/login-action@v3 | |
with : | |
registry : "public.cr.seqera.io" | |
username : "public-cr-admin" | |
password : ${{ secrets.SEQERA_PUBLIC_CR_PASSWORD }} | |
- name: Launch tests | |
run: | | |
cd test-e2e | |
bash run.sh | |
env: | |
GITHUB_TOKEN: ${{ secrets.AUTOMATION_GITHUB_TOKEN }} | |
GRADLE_OPTS: '-Dorg.gradle.daemon=false' |