WFL Nightly Test #530
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow runs system tests nightly and can be triggered on demand | |
name: WFL Nightly Test | |
on: | |
schedule: | |
# run every day at 00:00 | |
- cron: '0 0 * * *' | |
workflow_dispatch: | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
services: | |
postgres: | |
image: postgres:11 | |
# Provide the password for postgres | |
env: | |
POSTGRES_PASSWORD: postgres | |
# Set health checks to wait until postgres has started | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
ports: | |
# Maps tcp port 5432 on service container to the host | |
- 5432:5432 | |
env: | |
MODULES: api functions/aou functions/sg | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Setup Java | |
uses: actions/setup-java@v1 | |
with: | |
java-version: '11' | |
- name: Setup Clojure | |
uses: DeLaGuardo/setup-clojure@e73bf2b6435244b2c9c5c226ae5022d91d0ce702 | |
with: | |
cli: '1.10.1.739' | |
- name: Setup Python3 | |
uses: actions/setup-python@v2 | |
with: | |
python-version: '3.8' # Version range or exact version of a Python version to use, using SemVer's version range syntax | |
# Get secret from vault | |
- name: Authenticate to GCloud | |
id: gcloud | |
env: | |
ROLE_ID: ${{ secrets.ROLE_ID }} | |
SECRET_ID: ${{ secrets.SECRET_ID }} | |
VAULT_ADDR: ${{ secrets.VAULT_ADDR }} | |
run: | | |
# get vault token using role-id and secret-id | |
VAULT_TOKEN=$(curl \ | |
--request POST \ | |
--data "{\"role_id\":\"${ROLE_ID}\",\"secret_id\":\"${SECRET_ID}\"}" \ | |
${VAULT_ADDR}/v1/auth/approle/login | jq -r .auth.client_token) | |
if [ -z "${VAULT_TOKEN}" ] ; then | |
echo "Vault authentication failed!" | |
exit 1 | |
fi | |
echo ::add-mask::${VAULT_TOKEN} | |
echo "VAULT_TOKEN=${VAULT_TOKEN}" >> $GITHUB_ENV | |
echo ${VAULT_TOKEN} > ~/.vault-token | |
# use vault token to read secret - service account json | |
curl --silent -H "X-Vault-Token: ${VAULT_TOKEN}" -X GET \ | |
${VAULT_ADDR}/v1/secret/dsde/gotc/dev/wfl/wfl-non-prod-service-account.json \ | |
| jq .data > sa.json | |
if [ ! -s sa.json ] ; then | |
echo "Retrieval of Gcloud SA credentials failed" | |
exit 1 | |
fi | |
# auth as service account | |
gcloud auth activate-service-account --key-file=sa.json | |
if [ $? -ne 0 ] ; then | |
echo "Gcloud auth failed!" | |
exit 1 | |
fi | |
# get bearer token and set it to a specific env var that | |
# subsequent steps expect. bearer token good for 1 hour | |
GOOGLE_OAUTH_ACCESS_TOKEN=$(gcloud auth print-access-token) | |
if [ -z "${GOOGLE_OAUTH_ACCESS_TOKEN}" ] ; then | |
echo "Generating Gcloud access token failed" | |
exit 1 | |
fi | |
echo ::add-mask::${GOOGLE_OAUTH_ACCESS_TOKEN} | |
echo "GOOGLE_OAUTH_ACCESS_TOKEN=${GOOGLE_OAUTH_ACCESS_TOKEN}" >> $GITHUB_ENV | |
echo "GOOGLE_APPLICATION_CREDENTIALS=$(find `pwd` -maxdepth 1 -name sa.json)" >> $GITHUB_ENV | |
- name: Fetch Dependency Cache | |
uses: actions/cache@v2 | |
with: | |
key: ${{ runner.os }}-depedency-cache | |
path: ~/.m2 | |
- name: Pre-Build | |
run: make ${MODULES} TARGET=prebuild | |
- name: Lint | |
run: make ${MODULES} TARGET=lint | |
- name: Build | |
run: make ${MODULES} TARGET=build | |
- name: Nightly Test | |
run: make ${MODULES} TARGET=nightly |