Skip to content

Bump actions/upload-artifact in the action-dependencies group (#929) #656

Bump actions/upload-artifact in the action-dependencies group (#929)

Bump actions/upload-artifact in the action-dependencies group (#929) #656

Workflow file for this run

name: Run KMS tests
on:
push:
workflow_dispatch:
permissions: {}
jobs:
test-kms:
runs-on: ubuntu-latest
if: github.repository_owner == 'secure-systems-lab' # only run upstream
permissions:
id-token: 'write' # for OIDC auth for GCP authentication
issues: 'write' # for filing an issue on failure
steps:
- name: Checkout securesystemslib
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Set up Python
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b
with:
python-version: '3.x'
cache: 'pip'
cache-dependency-path: 'requirements*.txt'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install --upgrade tox
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f
with:
token_format: access_token
workload_identity_provider: projects/843741030650/locations/global/workloadIdentityPools/securesystemslib-tests/providers/securesystemslib-tests
service_account: [email protected]
- run: tox -e kms
- name: File an issue on failure
if: ${{ failure() }}
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
with:
script: |
const repo = context.repo.owner + "/" + context.repo.repo
const issues = await github.rest.search.issuesAndPullRequests({
q: "KMS+tests+failed+in:title+state:open+type:issue+repo:" + repo,
})
if (issues.data.total_count > 0) {
console.log("Issue open already, not creating.")
} else {
await github.rest.issues.create({
owner: context.repo.owner,
repo: context.repo.repo,
title: "KMS tests failed",
body: "Hey, it seems KMS tests have failed, please see - [workflow run](" +
"https://github.com/" + repo + "/actions/runs/" + context.runId + ")"
})
console.log("New issue created.")
}