From 63e3f29be95ead4ee850ae0c48eb8b0f196bc568 Mon Sep 17 00:00:00 2001 From: Volodymyr Zotov Date: Tue, 30 Sep 2025 21:44:16 -0500 Subject: [PATCH] Refactor e2e test workflows --- .github/workflows/e2e-tests.yml | 52 ++++++++++++++++++++++ .github/workflows/test-e2e-fork.yml | 67 ++++++++++++++--------------- .github/workflows/test-e2e.yml | 63 +++++++++++---------------- 3 files changed, 109 insertions(+), 73 deletions(-) create mode 100644 .github/workflows/e2e-tests.yml diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml new file mode 100644 index 0000000..c36e254 --- /dev/null +++ b/.github/workflows/e2e-tests.yml @@ -0,0 +1,52 @@ +name: E2E Tests + +on: + workflow_call: + secrets: + OP_CONNECT_CREDENTIALS: + description: '1Password Connect credentials' + required: true + OP_CONNECT_TOKEN: + description: '1Password Connect token' + required: true + OP_SERVICE_ACCOUNT_TOKEN: + description: '1Password service account token' + required: true + +jobs: + e2e-test: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v5 + + - name: Set up Go + uses: actions/setup-go@v6 + with: + go-version-file: go.mod + + - name: Install dependencies + run: go mod tidy + + - name: Create kind cluster + uses: helm/kind-action@v1 + with: + cluster_name: onepassword-operator-test-e2e + + # install cli to interact with item in 1Password to update/read using `testhelper/op` package + - name: Install 1Password CLI + uses: 1password/install-cli-action@v2 + with: + version: 2.32.0 + + - name: Create '1password-credentials.json' file + env: + OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }} + run: | + echo "$OP_CONNECT_CREDENTIALS" > 1password-credentials.json + + - name: Run E2E tests + run: make test-e2e + env: + OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }} + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/test-e2e-fork.yml b/.github/workflows/test-e2e-fork.yml index bbbe874..e0ceb08 100644 --- a/.github/workflows/test-e2e-fork.yml +++ b/.github/workflows/test-e2e-fork.yml @@ -1,4 +1,4 @@ -name: Run Test E2E tests [fork] +name: E2E tests [fork] on: repository_dispatch: @@ -6,15 +6,15 @@ on: permissions: contents: read + checks: write concurrency: group: e2e-fork-${{ github.event.client_payload.pull_request.number || github.run_id }} cancel-in-progress: true # cancel previous job runs for the same branch jobs: - run-e2e-tests: - name: E2E (fork) - runs-on: ubuntu-latest + e2e-tests: + uses: ./.github/workflows/e2e-tests.yml if: | github.event_name == 'repository_dispatch' && github.event.client_payload.slash_command.args.named.sha != '' && @@ -22,36 +22,35 @@ jobs: github.event.client_payload.pull_request.head.sha, github.event.client_payload.slash_command.args.named.sha ) + secrets: + OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }} + OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }} + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + + update-check-status: + needs: e2e-tests + runs-on: ubuntu-latest + if: always() && github.event_name == 'repository_dispatch' steps: - - uses: actions/checkout@v5 - - - name: Set up Go - uses: actions/setup-go@v6 - with: - go-version-file: go.mod - - - name: Install dependencies - run: go mod tidy - - - name: Create kind cluster - uses: helm/kind-action@v1 - with: - cluster_name: onepassword-operator-test-e2e - - # Install 1Password CLI to support testhelper/op usage - - name: Install 1Password CLI - uses: 1password/install-cli-action@v2 - with: - version: 2.32.0 - - - name: Create '1password-credentials.json' file + - uses: actions/github-script@v6 env: - OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }} - run: | - echo "$OP_CONNECT_CREDENTIALS" > 1password-credentials.json + ref: ${{ github.event.client_payload.pull_request.head.sha }} + conclusion: ${{ needs.e2e-tests.result }} + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const { data: checks } = await github.rest.checks.listForRef({ + ...context.repo, + ref: process.env.ref + }); - - name: Run E2E tests - run: make test-e2e - env: - OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }} - OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + const check = checks.check_runs.filter(c => c.name === 'e2e-test'); + + const { data: result } = await github.rest.checks.update({ + ...context.repo, + check_run_id: check[0].id, + status: 'completed', + conclusion: process.env.conclusion + }); + + return result; diff --git a/.github/workflows/test-e2e.yml b/.github/workflows/test-e2e.yml index fa849cd..cc5897f 100644 --- a/.github/workflows/test-e2e.yml +++ b/.github/workflows/test-e2e.yml @@ -1,8 +1,9 @@ -name: Test E2E +name: E2E Tests on: - push: - branches: [main] + pull_request: + types: [opened, synchronize, reopened] + branches: ['**'] # run for PRs targeting any branch (main and others) paths-ignore: &ignore_paths - 'docs/**' - '*.md' @@ -10,49 +11,33 @@ on: - '.gitignore' - '.dockerignore' - 'LICENSE' - pull_request: - types: [opened, synchronize, reopened] - branches: ['**'] # run for PRs targeting any branch (main and others) + push: + branches: [main] paths-ignore: *ignore_paths concurrency: group: e2e-${{ github.event.pull_request.head.ref }} - cancel-in-progress: true # cancel previous job runs for the same branch + cancel-in-progress: true # cancel previous job runs for the same branch jobs: - e2e-test: + check-external-pr: runs-on: ubuntu-latest + if: github.event_name == 'pull_request' steps: - - name: Checkout code - uses: actions/checkout@v5 - - - name: Set up Go - uses: actions/setup-go@v6 - with: - go-version-file: go.mod - - - name: Install dependencies - run: go mod tidy - - - name: Create kind cluster - uses: helm/kind-action@v1 - with: - cluster_name: onepassword-operator-test-e2e - - # install cli to interact with item in 1Password to update/read using `testhelper/op` package - - name: Install 1Password CLI - uses: 1password/install-cli-action@v2 - with: - version: 2.32.0 - - - name: Create '1password-credentials.json' file - env: - OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }} + - name: Check if PR is from external contributor run: | - echo "$OP_CONNECT_CREDENTIALS" > 1password-credentials.json + if [ "${{ github.event.pull_request.head.repo.full_name }}" != "${{ github.repository }}" ]; then + echo "❌ External PR detected. This workflow requires approval from a maintainer." + echo "Please ask a maintainer to run '/ok-to-test' command to trigger the fork workflow." + exit 1 + fi + echo "✅ Internal PR detected. Proceeding with tests." - - name: Run E2E tests - run: make test-e2e - env: - OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }} - OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + e2e-test: + needs: check-external-pr + if: always() && (needs.check-external-pr.result == 'success' || github.event_name != 'pull_request') + uses: ./.github/workflows/e2e-tests.yml + secrets: + OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }} + OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }} + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}