From b66bd9544c96346052fdc1814d577a88bc835c9a Mon Sep 17 00:00:00 2001
From: Dustin Decker <dustin@trufflesec.com>
Date: Thu, 21 Sep 2023 10:32:40 -0700
Subject: [PATCH] aggregate detector tests daily (#1800)

* aggregate detector tests daily

* add manual dispatch

* fix test
---
 .github/workflows/detector-tests.yml |  51 +++++++++++
 .github/workflows/test.yml           | 121 +++++++++++----------------
 2 files changed, 99 insertions(+), 73 deletions(-)
 create mode 100644 .github/workflows/detector-tests.yml

diff --git a/.github/workflows/detector-tests.yml b/.github/workflows/detector-tests.yml
new file mode 100644
index 000000000000..c08ce26275eb
--- /dev/null
+++ b/.github/workflows/detector-tests.yml
@@ -0,0 +1,51 @@
+name: detector test aggregation
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 8 * * *"
+
+jobs:
+  test-detectors:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: "read"
+      contents: "read"
+      id-token: "write"
+    steps:
+      - name: Install Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: "1.21"
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - id: "auth"
+        uses: "google-github-actions/auth@v1"
+        with:
+          workload_identity_provider: "projects/811013774421/locations/global/workloadIdentityPools/github-pool/providers/github-provider"
+          service_account: "github-ci-external@trufflehog-testing.iam.gserviceaccount.com"
+      - name: Test
+        run: make test-integration
+      - name: Set up gotestsum
+        run: |
+          go install gotest.tools/gotestsum@latest
+          mkdir -p tmp/test-results
+      - name: Test
+        run: |
+          CGO_ENABLED=1 gotestsum --junitfile tmp/test-results/test.xml --raw-command -- go test -json -tags=detectors -timeout=15m $(go list ./... | pkg/detectors)
+      - name: Upload test results to BuildPulse for flaky test detection
+        if: ${{ !cancelled() }} # Run this step even when the tests fail. Skip if the workflow is cancelled.
+        uses: buildpulse/buildpulse-action@main
+        with:
+          account: 79229934
+          repository: 694446374
+          path: |
+            tmp/test-results/*.xml
+          key: ${{ secrets.BUILDPULSE_DETECTORS_ACCESS_KEY_ID }}
+          secret: ${{ secrets.BUILDPULSE_DETECTORS_SECRET_ACCESS_KEY }}
+          tags: detectors
+      - name: Annotate test results
+        uses: mikepenz/action-junit-report@v3
+        if: success() || failure() # always run even if the previous step fails
+        with:
+          report_paths: "tmp/test-results/*.xml"
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 7cf5760587bf..64b81f96f991 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -1,4 +1,3 @@
-
 name: Test
 
 on:
@@ -14,81 +13,57 @@ jobs:
     if: ${{ ! github.event.pull_request.head.repo.fork }}
     runs-on: ubuntu-latest
     permissions:
-      actions: 'read'
-      contents: 'read'
-      id-token: 'write'
-    steps:
-    - name: Install Go
-      uses: actions/setup-go@v4
-      with:
-        go-version: '1.21'
-    - name: Checkout code
-      uses: actions/checkout@v3
-    - id: 'auth'
-      uses: 'google-github-actions/auth@v1'
-      with:
-        workload_identity_provider: 'projects/811013774421/locations/global/workloadIdentityPools/github-pool/providers/github-provider'
-        service_account: 'github-ci-external@trufflehog-testing.iam.gserviceaccount.com'
-    - name: Test
-      run: make test-integration
-    - name: Set up gotestsum
-      run: |
-        go install gotest.tools/gotestsum@latest
-        mkdir -p tmp/test-results
-    - name: Test 
-      run: |
-        CGO_ENABLED=1 gotestsum --junitfile tmp/test-results/test.xml --raw-command -- go test -json -tags=sources $(go list ./... | grep -v /vendor/ | grep -v pkg/detectors)
-      if: ${{ success() || failure() }} # always run this step, even if there were previous errors
-    - name: Upload test results to BuildPulse for flaky test detection
-      if: '!cancelled()' # Run this step even when the tests fail. Skip if the workflow is cancelled.
-      uses: buildpulse/buildpulse-action@main
-      with:
-        account: 79229934
-        repository: 77726177
-        path: |
-          tmp/test-results/*.xml
-        key: ${{ secrets.BUILDPULSE_ACCESS_KEY_ID }}
-        secret: ${{ secrets.BUILDPULSE_SECRET_ACCESS_KEY }}
-        tags: integration
-    - name: Annotate test results
-      uses: mikepenz/action-junit-report@v3
-      if: success() || failure() # always run even if the previous step fails
-      with:
-        report_paths: 'tmp/test-results/*.xml'
-  test-detectors:
-    if: ${{ ! github.event.pull_request.head.repo.fork }}
-    runs-on: ubuntu-latest
-    permissions:
-      actions: 'read'
-      contents: 'read'
-      id-token: 'write'
+      actions: "read"
+      contents: "read"
+      id-token: "write"
     steps:
-    - name: Install Go
-      uses: actions/setup-go@v4
-      with:
-        go-version: '1.21'
-    - name: Checkout code
-      uses: actions/checkout@v3
-    - id: 'auth'
-      uses: 'google-github-actions/auth@v1'
-      with:
-        workload_identity_provider: 'projects/811013774421/locations/global/workloadIdentityPools/github-pool/providers/github-provider'
-        service_account: 'github-ci-external@trufflehog-testing.iam.gserviceaccount.com'
-    - name: Test
-      run: make test-detectors
-      continue-on-error: true
+      - name: Install Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: "1.21"
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - id: "auth"
+        uses: "google-github-actions/auth@v1"
+        with:
+          workload_identity_provider: "projects/811013774421/locations/global/workloadIdentityPools/github-pool/providers/github-provider"
+          service_account: "github-ci-external@trufflehog-testing.iam.gserviceaccount.com"
+      - name: Set up gotestsum
+        run: |
+          go install gotest.tools/gotestsum@latest
+          mkdir -p tmp/test-results
+      - name: Test
+        run: |
+          CGO_ENABLED=1 gotestsum --junitfile tmp/test-results/test.xml --raw-command -- go test -json -tags=sources $(go list ./... | grep -v /vendor/ | grep -v pkg/detectors)
+        if: ${{ success() || failure() }} # always run this step, even if there were previous errors
+      - name: Upload test results to BuildPulse for flaky test detection
+        if: ${{ !cancelled() }} # Run this step even when the tests fail. Skip if the workflow is cancelled.
+        uses: buildpulse/buildpulse-action@main
+        with:
+          account: 79229934
+          repository: 77726177
+          path: |
+            tmp/test-results/*.xml
+          key: ${{ secrets.BUILDPULSE_ACCESS_KEY_ID }}
+          secret: ${{ secrets.BUILDPULSE_SECRET_ACCESS_KEY }}
+          tags: integration
+      - name: Annotate test results
+        uses: mikepenz/action-junit-report@v3
+        if: success() || failure() # always run even if the previous step fails
+        with:
+          report_paths: "tmp/test-results/*.xml"
   test-community:
     if: ${{ github.event.pull_request.head.repo.fork }}
     runs-on: ubuntu-latest
     permissions:
-      actions: 'read'
-      contents: 'read'
+      actions: "read"
+      contents: "read"
     steps:
-    - name: Install Go
-      uses: actions/setup-go@v4
-      with:
-        go-version: '1.21'
-    - name: Checkout code
-      uses: actions/checkout@v3
-    - name: Test
-      run: make test-community
+      - name: Install Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: "1.21"
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Test
+        run: make test-community