Refactor e2e test workflows

2025-10-22 07:28:06 +00:00 · 2025-09-30 21:44:16 -05:00
parent 49bc9cb329
commit 63e3f29be9
3 changed files with 109 additions and 73 deletions
--- a/.github/workflows/e2e-tests.yml
+++ b/.github/workflows/e2e-tests.yml
@@ -0,0 +1,52 @@
 name: E2E Tests
 on:
  workflow_call:
    secrets:
      OP_CONNECT_CREDENTIALS:
        description: '1Password Connect credentials'
        required: true
      OP_CONNECT_TOKEN:
        description: '1Password Connect token'
        required: true
      OP_SERVICE_ACCOUNT_TOKEN:
        description: '1Password service account token'
        required: true
 jobs:
  e2e-test:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v5
      - name: Set up Go
        uses: actions/setup-go@v6
        with:
          go-version-file: go.mod
      - name: Install dependencies
        run: go mod tidy
      - name: Create kind cluster
        uses: helm/kind-action@v1
        with:
          cluster_name: onepassword-operator-test-e2e
      # install cli to interact with item in 1Password to update/read using `testhelper/op` package
      - name: Install 1Password CLI
        uses: 1password/install-cli-action@v2
        with:
          version: 2.32.0
      - name: Create '1password-credentials.json' file
        env:
          OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }}
        run: |
          echo "$OP_CONNECT_CREDENTIALS" > 1password-credentials.json
      - name: Run E2E tests
        run: make test-e2e
        env:
          OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }}
          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
--- a/.github/workflows/test-e2e-fork.yml
+++ b/.github/workflows/test-e2e-fork.yml
@@ -1,4 +1,4 @@
-name: Run Test E2E tests [fork]
+name: E2E tests [fork]
 on:
  repository_dispatch:
@@ -6,15 +6,15 @@ on:
 permissions:
  contents: read
  checks: write
 concurrency:
  group: e2e-fork-${{ github.event.client_payload.pull_request.number || github.run_id }}
  cancel-in-progress: true # cancel previous job runs for the same branch
 jobs:
-  run-e2e-tests:
+  e2e-tests:
-    name: E2E (fork)
+    uses: ./.github/workflows/e2e-tests.yml
    runs-on: ubuntu-latest
    if: |
      github.event_name == 'repository_dispatch' &&
      github.event.client_payload.slash_command.args.named.sha != '' &&
@@ -22,36 +22,35 @@ jobs:
        github.event.client_payload.pull_request.head.sha,
        github.event.client_payload.slash_command.args.named.sha
      )
    secrets:
      OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }}
      OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }}
      OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
  update-check-status:
    needs: e2e-tests
    runs-on: ubuntu-latest
    if: always() && github.event_name == 'repository_dispatch'
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/github-script@v6
      - name: Set up Go
        uses: actions/setup-go@v6
        with:
          go-version-file: go.mod
      - name: Install dependencies
        run: go mod tidy
      - name: Create kind cluster
        uses: helm/kind-action@v1
        with:
          cluster_name: onepassword-operator-test-e2e
      # Install 1Password CLI to support testhelper/op usage
      - name: Install 1Password CLI
        uses: 1password/install-cli-action@v2
        with:
          version: 2.32.0
      - name: Create '1password-credentials.json' file
        env:
-          OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }}
+          ref: ${{ github.event.client_payload.pull_request.head.sha }}
-        run: |
+          conclusion: ${{ needs.e2e-tests.result }}
-          echo "$OP_CONNECT_CREDENTIALS" > 1password-credentials.json
+        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            const { data: checks } = await github.rest.checks.listForRef({
              ...context.repo,
              ref: process.env.ref
            });
-      - name: Run E2E tests
+            const check = checks.check_runs.filter(c => c.name === 'e2e-test');
-        run: make test-e2e
+
-        env:
+            const { data: result } = await github.rest.checks.update({
-          OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }}
+              ...context.repo,
-          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
+              check_run_id: check[0].id,
              status: 'completed',
              conclusion: process.env.conclusion
            });
            return result;
--- a/.github/workflows/test-e2e.yml
+++ b/.github/workflows/test-e2e.yml
@@ -1,8 +1,9 @@
-name: Test E2E
+name: E2E Tests
 on:
-  push:
+  pull_request:
-    branches: [main]
+    types: [opened, synchronize, reopened]
    branches: ['**']   # run for PRs targeting any branch (main and others)
    paths-ignore: &ignore_paths
      - 'docs/**'
      - '*.md'
@@ -10,49 +11,33 @@ on:
      - '.gitignore'
      - '.dockerignore'
      - 'LICENSE'
-  pull_request:
+  push:
-    types: [opened, synchronize, reopened]
+    branches: [main]
    branches: ['**']   # run for PRs targeting any branch (main and others)
    paths-ignore: *ignore_paths
 concurrency:
  group: e2e-${{ github.event.pull_request.head.ref }}
-  cancel-in-progress: true # cancel previous job runs for the same branch
+  cancel-in-progress: true  # cancel previous job runs for the same branch
 jobs:
-  e2e-test:
+  check-external-pr:
    runs-on: ubuntu-latest
    if: github.event_name == 'pull_request'
    steps:
-      - name: Checkout code
+      - name: Check if PR is from external contributor
        uses: actions/checkout@v5
      - name: Set up Go
        uses: actions/setup-go@v6
        with:
          go-version-file: go.mod
      - name: Install dependencies
        run: go mod tidy
      - name: Create kind cluster
        uses: helm/kind-action@v1
        with:
          cluster_name: onepassword-operator-test-e2e
        # install cli to interact with item in 1Password to update/read using `testhelper/op` package
      - name: Install 1Password CLI
        uses: 1password/install-cli-action@v2
        with:
          version: 2.32.0
      - name: Create '1password-credentials.json' file
        env:
          OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }}
        run: |
-          echo "$OP_CONNECT_CREDENTIALS" > 1password-credentials.json
+          if [ "${{ github.event.pull_request.head.repo.full_name }}" != "${{ github.repository }}" ]; then
            echo "❌ External PR detected. This workflow requires approval from a maintainer."
            echo "Please ask a maintainer to run '/ok-to-test' command to trigger the fork workflow."
            exit 1
          fi
          echo "✅ Internal PR detected. Proceeding with tests."
-      - name: Run E2E tests
+  e2e-test:
-        run: make test-e2e
+    needs: check-external-pr
-        env:
+    if: always() && (needs.check-external-pr.result == 'success' || github.event_name != 'pull_request')
-          OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }}
+    uses: ./.github/workflows/e2e-tests.yml
-          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
+    secrets:
      OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }}
      OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }}
      OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}