rpc,tenantcapabilities: allow cross tenant reads in shared service #24817
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: PR code coverage (generate) | |
on: | |
pull_request: | |
types: [ opened, reopened, synchronize ] | |
branches: [ master ] | |
jobs: | |
code-cover-gen: | |
runs-on: ubuntu-latest | |
env: | |
PR: ${{ github.event.pull_request.number }} | |
HEAD_SHA: ${{ github.event.pull_request.head.sha }} | |
GH_TOKEN: ${{ github.token }} | |
FETCH_DEPTH: 15 | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
# By default, checkout merges the PR into the current master. | |
# Instead, we want to check out the PR as is. | |
ref: ${{ github.event.pull_request.head.sha }} | |
# Fetching the entire history is much slower; we only fetch the last | |
# 15 commits. As such, we don't support PRs with 15 commits or more | |
# (we cannot get to the "base" commit). | |
fetch-depth: ${{ env.FETCH_DEPTH }} | |
- name: Set up Bazel cache | |
uses: actions/cache@v3 | |
with: | |
path: | | |
~/.cache/bazel | |
key: ${{ runner.os }}-bazel-${{ hashFiles('.bazelversion', '.bazelrc', 'WORKSPACE', 'WORKSPACE.bazel', 'MODULE.bazel') }} | |
restore-keys: | | |
${{ runner.os }}-bazel- | |
- name: Get list of changed packages | |
continue-on-error: true | |
shell: bash | |
run: | | |
set -euxo pipefail | |
MAX_CHANGED_PKGS=20 | |
FETCH_DEPTH=${{ env.FETCH_DEPTH }} | |
mkdir -p artifacts | |
skip() { | |
echo "Skipping code coverage on PR #$PR: $1" | |
# Generate the json files with an error (which will show up in Reviewable). | |
msg="$1; see $GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID." | |
jq -n --arg err "$msg" '{error: $err}' > artifacts/cover-${PR}-${HEAD_SHA}.json | |
if [ -n "${BASE_SHA:-}" ]; then | |
jq -n --arg err "$msg" '{error: $err}' > artifacts/cover-${PR}-${BASE_SHA}.json | |
fi | |
echo "SKIP=true" >> "${GITHUB_ENV}" | |
exit 1 | |
} | |
# To get the base commit, we get the number of commits in the PR. | |
# Note that github.event.pull_request.base.sha is not what we want, | |
# that is the tip of master and not necessarily the PR fork point. | |
NUM_COMMITS=$(gh pr view $PR --json commits --jq '.commits | length') | |
# The number of commits bust be below the checkout fetch-depth. | |
if [ ${NUM_COMMITS} -ge ${FETCH_DEPTH} ]; then | |
echo "ERROR=too many commits (${NUM_COMMITS})" >> ${GITHUB_ENV} | |
exit 1 | |
fi | |
BASE_SHA=$(git rev-parse HEAD~${NUM_COMMITS}) | |
CHANGED_PKGS=$(build/ghactions/changed-go-pkgs.sh ${BASE_SHA} ${HEAD_SHA}) | |
NUM_CHANGED_PKGS=$(echo "${CHANGED_PKGS}" | wc -w) | |
if [ ${NUM_CHANGED_PKGS} -gt ${MAX_CHANGED_PKGS} ]; then | |
echo "ERROR=too many changed packages (${NUM_CHANGED_PKGS})" >> ${GITHUB_ENV} | |
exit 1 | |
fi | |
echo "BASE_SHA=${BASE_SHA}" >> "${GITHUB_ENV}" | |
echo "CHANGED_PKGS=${CHANGED_PKGS}" >> "${GITHUB_ENV}" | |
- name: Run "after" test coverage | |
if: env.ERROR == '' | |
continue-on-error: true | |
shell: bash | |
run: | | |
set -euxo pipefail | |
CHANGED_PKGS='${{ env.CHANGED_PKGS }}' | |
# Make a copy of the script so that the "before" run below uses the | |
# same version. | |
cp build/ghactions/pr-codecov-run-tests.sh ${RUNNER_TEMP}/ | |
if ! ${RUNNER_TEMP}/pr-codecov-run-tests.sh artifacts/cover-${PR}-${HEAD_SHA}.json "${CHANGED_PKGS}"; then | |
echo "ERROR=tests failed" >> ${GITHUB_ENV} | |
exit 1 | |
fi | |
- name: Run "before" test coverage | |
if: env.ERROR == '' | |
continue-on-error: true | |
shell: bash | |
run: | | |
set -euxo pipefail | |
BASE_SHA='${{ env.BASE_SHA }}' | |
CHANGED_PKGS='${{ env.CHANGED_PKGS }}' | |
git checkout -f ${BASE_SHA} | |
if ! ${RUNNER_TEMP}/pr-codecov-run-tests.sh artifacts/cover-${PR}-${BASE_SHA}.json "${CHANGED_PKGS}"; then | |
echo "ERROR=tests failed on base branch" >> ${GITHUB_ENV} | |
exit 1 | |
fi | |
- name: Finalize | |
shell: bash | |
run: | | |
ERROR='${{ env.ERROR }}' | |
if [ -n "$ERROR" ]; then | |
# Generate the json files with an error (which will show up in Reviewable). | |
msg="$ERROR; see [run]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID)." | |
jq -n --arg err "$msg" '{error: $err}' > artifacts/cover-${PR}-${HEAD_SHA}.json | |
BASE_SHA=${{ env.BASE_SHA }} | |
if [ -n "$BASE_SHA" ]; then | |
jq -n --arg err "$msg" '{error: $err}' > artifacts/cover-${PR}-${BASE_SHA}.json | |
fi | |
fi | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: cover | |
path: artifacts/cover-*.json |