Google Git
Sign in
flutter / third_party / protobuf / refs/heads/delete-internal-files / . / .github / workflows / test_runner.yml
blob: 64bad17990a54b5a4539ddd592c1391ddb123136 [file] [log] [blame]
Mike Kruskalde903d42023-01-31 18:10:35 -0800[diff] [blame]1name: Tests
2
3# This file implements the protection strategy laid out in
4# go/protobuf-gha-protected-resources. Pull requests from branches within this
5# repository are considered safe and will immediately start running tests on
6# every commit. Pull requests from forked repositories are unsafe, and leave
7# us vulnerable to PWN requests and stolen resources. In these cases, we
8# require a special "safe for tests" tag to be added to the pull request before
9# we start testing. This will be immediately removed, so that further commits
10# require their own stamp to test.
11
12on:
13 # continuous
14 schedule:
Mike Kruskal3d068a22023-10-20 08:34:58 -0700[diff] [blame]15 # Run every hour
16 - cron: "0 * * * *"
Mike Kruskalde903d42023-01-31 18:10:35 -0800[diff] [blame]17
18 # postsubmit
19 push:
20 branches:
21 - main
22 - '[0-9]+.x'
Mike Kruskal649cc302023-02-16 14:18:17 -0800[diff] [blame]23 # The 21.x and 22.x branches still use Kokoro
24 - '!2[12].x'
Mike Kruskalde903d42023-01-31 18:10:35 -0800[diff] [blame]25 # For testing purposes so we can stage this on the `gha` branch.
26 - gha
27
28 # safe presubmit
29 pull_request:
30 branches:
31 - main
32 - '[0-9]+.x'
Mike Kruskal649cc302023-02-16 14:18:17 -0800[diff] [blame]33 # The 21.x and 22.x branches still use Kokoro
34 - '!2[12].x'
Mike Kruskalde903d42023-01-31 18:10:35 -0800[diff] [blame]35 # For testing purposes so we can stage this on the `gha` branch.
36 - gha
37
38 # unsafe presubmit
39 pull_request_target:
40 branches:
41 - main
42 - '[0-9]+.x'
Mike Kruskald5ec1242023-02-10 10:51:27 -0800[diff] [blame]43 # The 21.x branch still use Kokoro
44 - '!21.x'
Mike Kruskalde903d42023-01-31 18:10:35 -0800[diff] [blame]45 # For testing purposes so we can stage this on the `gha` branch.
46 - gha
47 types: [labeled, opened, reopened, synchronize]
48
49 # manual
50 workflow_dispatch:
Deanna Garcia2f9cdd12024-08-14 09:07:29 -0700[diff] [blame]51
Joyce010fde92023-06-05 13:54:01 -0700[diff] [blame]52permissions:
53 contents: read
Mike Kruskalde903d42023-01-31 18:10:35 -0800[diff] [blame]54
Seth Vargo4f23caf2024-05-01 12:40:51 -0700[diff] [blame]55concurrency:
56 group: ${{ github.event_name }}-${{ github.workflow }}-${{ github.head_ref || github.ref }}
57 cancel-in-progress: ${{ contains(fromJSON('["pull_request", "pull_request_target", "workflow_dispatch"]'), github.event_name) }}
58
Mike Kruskalde903d42023-01-31 18:10:35 -0800[diff] [blame]59jobs:
Deanna Garcia2f9cdd12024-08-14 09:07:29 -0700[diff] [blame]60 set-vars:
61 name: Set Variables
Mike Kruskalde903d42023-01-31 18:10:35 -0800[diff] [blame]62
63 # Avoid running tests twice on PR updates. If the PR is coming from our
64 # repository, it's safe and we can use `pull_request`. Otherwise, we should
65 # use `pull_request_target`.
66 if: |
Mike Kruskal4e769522023-02-12 21:49:12 -0800[diff] [blame]67 (github.event_name != 'pull_request' &&
68 github.event_name != 'pull_request_target' &&
Mike Kruskal8282ddf2023-02-06 12:05:27 -0800[diff] [blame]69 github.event.repository.full_name == 'protocolbuffers/protobuf') ||
70 (github.event_name == 'pull_request' &&
71 github.event.pull_request.head.repo.full_name == 'protocolbuffers/protobuf') ||
72 (github.event_name == 'pull_request_target' &&
73 github.event.pull_request.head.repo.full_name != 'protocolbuffers/protobuf')
Mike Kruskalde903d42023-01-31 18:10:35 -0800[diff] [blame]74
75 runs-on: ubuntu-latest
76 outputs:
77 # Store the sha for checkout so we can easily use it later. For safe
78 # events, this will be blank and use the defaults.
79 checkout-sha: ${{ steps.safe-checkout.outputs.sha }}
Deanna Garcia2f9cdd12024-08-14 09:07:29 -0700[diff] [blame]80 # Stores a string to be used as a boolean denoting whether this is a
81 # continuous run. An empty string denotes that the run is on presubmit,
82 # otherwise we are in a continuous run. This helps us determine which
83 # tests to block on.
84 continuous-run: ${{ steps.set-test-type-vars.outputs.continuous-run }}
85 # Stores a string that will serve as the prefix for all continuous tests.
86 # Either way we prepend "(Continuous)" but in the case that we are in
87 # a presubmit run, we should also mark them "[SKIPPED]"
88 continuous-prefix: ${{ steps.set-test-type-vars.outputs.continuous-prefix }}
Mike Kruskalde903d42023-01-31 18:10:35 -0800[diff] [blame]89 steps:
90 - name: Check
91 # Trivially pass for safe PRs, and explicitly error for unsafe ones
92 # unless this is specifically an event for adding the safe label.
93 run: >
Mike Kruskal31c57d42023-02-06 23:42:22 -0800[diff] [blame]94 ${{ github.event_name != 'pull_request_target' || github.event.label.name == ':a: safe for tests' }} ||
Adam Cozzette8ca628d2024-02-20 10:42:44 -0800[diff] [blame]95 (echo "This pull request is from an unsafe fork and hasn't been approved to run tests." &&
96 echo "A protobuf team member will need to review the PR and add the 'safe for tests' tag." &&
97 exit 1)
Mike Kruskalde903d42023-01-31 18:10:35 -0800[diff] [blame]98
99 - name: Cache safe commit
100 id: safe-checkout
101 run: >
102 ${{ github.event_name != 'pull_request_target' }} ||
103 echo "sha=${{ github.event.pull_request.head.sha }}" >> $GITHUB_OUTPUT
104
Deanna Garcia2f9cdd12024-08-14 09:07:29 -0700[diff] [blame]105 - name: Set Test Type Variables
106 id: set-test-type-vars
107 run: |
108 if [ "${{ github.event_name }}" == 'pull_request' ] || [ "${{ github.event_name }}" == 'pull_request_target' ]; then
109 echo "continuous-run=" >> "$GITHUB_OUTPUT"
110 echo "continuous-prefix=[SKIPPED] (Continuous)" >> "$GITHUB_OUTPUT"
111 else
112 echo "continuous-run=continuous" >> "$GITHUB_OUTPUT"
113 echo "continuous-prefix=(Continuous)" >> "$GITHUB_OUTPUT"
114 fi
115
Mike Kruskalde903d42023-01-31 18:10:35 -0800[diff] [blame]116 remove-tag:
117 name: Remove safety tag
Deanna Garcia2f9cdd12024-08-14 09:07:29 -0700[diff] [blame]118 needs: [set-vars]
Mike Kruskalde903d42023-01-31 18:10:35 -0800[diff] [blame]119 if: github.event.action == 'labeled'
120 runs-on: ubuntu-latest
Mike Kruskalea514962023-06-26 13:51:39 -0700[diff] [blame]121 permissions:
122 pull-requests: write
Mike Kruskalde903d42023-01-31 18:10:35 -0800[diff] [blame]123 steps:
124 - uses: actions-ecosystem/action-remove-labels@2ce5d41b4b6aa8503e285553f75ed56e0a40bae0 # v1.3.0
125 with:
Mike Kruskalea514962023-06-26 13:51:39 -0700[diff] [blame]126 fail_on_error: true
Mike Kruskal205972b2023-02-10 10:49:56 -0800[diff] [blame]127 labels: ':a: safe for tests'
Mike Kruskalde903d42023-01-31 18:10:35 -0800[diff] [blame]128
Deanna Garcia2f9cdd12024-08-14 09:07:29 -0700[diff] [blame]129 validate-yaml:
130 name: Validate YAML
131 needs: [set-vars]
132 uses: ./.github/workflows/test_yaml.yml
133 with:
134 safe-checkout: ${{ needs.set-vars.outputs.checkout-sha }}
135
Mike Kruskalde903d42023-01-31 18:10:35 -0800[diff] [blame]136 # Note: this pattern of passing the head sha is vulnerable to PWN requests for
137 # pull_request_target events. We carefully limit those workflows to require a
138 # human stamp before continuing.
Mike Kruskalb28d9d42024-04-19 09:38:13 -0700[diff] [blame]139 bazel:
140 name: Bazel
Deanna Garcia2f9cdd12024-08-14 09:07:29 -0700[diff] [blame]141 needs: [set-vars]
Mike Kruskalb28d9d42024-04-19 09:38:13 -0700[diff] [blame]142 uses: ./.github/workflows/test_bazel.yml
143 with:
Deanna Garcia2f9cdd12024-08-14 09:07:29 -0700[diff] [blame]144 continuous-run: ${{ needs.set-vars.outputs.continuous-run }}
145 safe-checkout: ${{ needs.set-vars.outputs.checkout-sha }}
146 continuous-prefix: ${{ needs.set-vars.outputs.continuous-prefix }}
Mike Kruskalb28d9d42024-04-19 09:38:13 -0700[diff] [blame]147 secrets: inherit
148
Mike Kruskala138e542023-02-01 16:10:43 -0800[diff] [blame]149 cpp:
Mike Kruskalde903d42023-01-31 18:10:35 -0800[diff] [blame]150 name: C++
Deanna Garcia2f9cdd12024-08-14 09:07:29 -0700[diff] [blame]151 needs: [set-vars]
Mike Kruskalde903d42023-01-31 18:10:35 -0800[diff] [blame]152 uses: ./.github/workflows/test_cpp.yml
153 with:
Deanna Garcia2f9cdd12024-08-14 09:07:29 -0700[diff] [blame]154 continuous-run: ${{ needs.set-vars.outputs.continuous-run }}
155 safe-checkout: ${{ needs.set-vars.outputs.checkout-sha }}
156 continuous-prefix: ${{ needs.set-vars.outputs.continuous-prefix }}
Mike Kruskalde903d42023-01-31 18:10:35 -0800[diff] [blame]157 secrets: inherit
158
Mike Kruskal27f4ecd2023-02-02 19:19:10 -0800[diff] [blame]159 java:
160 name: Java
Deanna Garcia2f9cdd12024-08-14 09:07:29 -0700[diff] [blame]161 needs: [set-vars]
Mike Kruskal27f4ecd2023-02-02 19:19:10 -0800[diff] [blame]162 uses: ./.github/workflows/test_java.yml
163 with:
Deanna Garcia2f9cdd12024-08-14 09:07:29 -0700[diff] [blame]164 continuous-run: ${{ needs.set-vars.outputs.continuous-run }}
165 safe-checkout: ${{ needs.set-vars.outputs.checkout-sha }}
166 continuous-prefix: ${{ needs.set-vars.outputs.continuous-prefix }}
Mike Kruskal27f4ecd2023-02-02 19:19:10 -0800[diff] [blame]167 secrets: inherit
168
Mike Kruskala138e542023-02-01 16:10:43 -0800[diff] [blame]169 python:
170 name: Python
Deanna Garcia2f9cdd12024-08-14 09:07:29 -0700[diff] [blame]171 needs: [set-vars]
Mike Kruskala138e542023-02-01 16:10:43 -0800[diff] [blame]172 uses: ./.github/workflows/test_python.yml
173 with:
Deanna Garcia2f9cdd12024-08-14 09:07:29 -0700[diff] [blame]174 continuous-run: ${{ needs.set-vars.outputs.continuous-run }}
175 safe-checkout: ${{ needs.set-vars.outputs.checkout-sha }}
176 continuous-prefix: ${{ needs.set-vars.outputs.continuous-prefix }}
Mike Kruskala138e542023-02-01 16:10:43 -0800[diff] [blame]177 secrets: inherit
178
179 ruby:
180 name: Ruby
Deanna Garcia2f9cdd12024-08-14 09:07:29 -0700[diff] [blame]181 needs: [set-vars]
Mike Kruskala138e542023-02-01 16:10:43 -0800[diff] [blame]182 uses: ./.github/workflows/test_ruby.yml
Mike Kruskalde903d42023-01-31 18:10:35 -0800[diff] [blame]183 with:
Deanna Garcia2f9cdd12024-08-14 09:07:29 -0700[diff] [blame]184 continuous-run: ${{ needs.set-vars.outputs.continuous-run }}
185 safe-checkout: ${{ needs.set-vars.outputs.checkout-sha }}
186 continuous-prefix: ${{ needs.set-vars.outputs.continuous-prefix }}
Mike Kruskalde903d42023-01-31 18:10:35 -0800[diff] [blame]187 secrets: inherit
188
Mike Kruskal2b4e4262023-02-01 11:32:39 -0800[diff] [blame]189 php:
190 name: PHP
Deanna Garcia2f9cdd12024-08-14 09:07:29 -0700[diff] [blame]191 needs: [set-vars]
Mike Kruskal2b4e4262023-02-01 11:32:39 -0800[diff] [blame]192 uses: ./.github/workflows/test_php.yml
193 with:
Deanna Garcia2f9cdd12024-08-14 09:07:29 -0700[diff] [blame]194 continuous-run: ${{ needs.set-vars.outputs.continuous-run }}
195 safe-checkout: ${{ needs.set-vars.outputs.checkout-sha }}
196 continuous-prefix: ${{ needs.set-vars.outputs.continuous-prefix }}
Mike Kruskal2b4e4262023-02-01 11:32:39 -0800[diff] [blame]197 secrets: inherit
198
Mike Kruskalde903d42023-01-31 18:10:35 -0800[diff] [blame]199 php-ext:
200 name: PHP Extension
Deanna Garcia2f9cdd12024-08-14 09:07:29 -0700[diff] [blame]201 needs: [set-vars]
Mike Kruskalde903d42023-01-31 18:10:35 -0800[diff] [blame]202 uses: ./.github/workflows/test_php_ext.yml
203 with:
Deanna Garcia2f9cdd12024-08-14 09:07:29 -0700[diff] [blame]204 continuous-run: ${{ needs.set-vars.outputs.continuous-run }}
205 safe-checkout: ${{ needs.set-vars.outputs.checkout-sha }}
206 continuous-prefix: ${{ needs.set-vars.outputs.continuous-prefix }}
Mike Kruskalde903d42023-01-31 18:10:35 -0800[diff] [blame]207 secrets: inherit
Mike Kruskalf0ef44d2023-02-02 15:53:04 -0800[diff] [blame]208
Mike Kruskalf1e746c2023-02-02 17:42:30 -0800[diff] [blame]209 csharp:
210 name: C#
Deanna Garcia2f9cdd12024-08-14 09:07:29 -0700[diff] [blame]211 needs: [set-vars]
Mike Kruskalf1e746c2023-02-02 17:42:30 -0800[diff] [blame]212 uses: ./.github/workflows/test_csharp.yml
213 with:
Deanna Garcia2f9cdd12024-08-14 09:07:29 -0700[diff] [blame]214 safe-checkout: ${{ needs.set-vars.outputs.checkout-sha }}
Mike Kruskalf1e746c2023-02-02 17:42:30 -0800[diff] [blame]215 secrets: inherit
216
Mike Kruskalf0ef44d2023-02-02 15:53:04 -0800[diff] [blame]217 objectivec:
Protobuf Team Bot4c681aa2023-02-08 12:43:34 -0800[diff] [blame]218 name: Objective-C
Deanna Garcia2f9cdd12024-08-14 09:07:29 -0700[diff] [blame]219 needs: [set-vars]
Mike Kruskalf0ef44d2023-02-02 15:53:04 -0800[diff] [blame]220 uses: ./.github/workflows/test_objectivec.yml
221 with:
Deanna Garcia2f9cdd12024-08-14 09:07:29 -0700[diff] [blame]222 continuous-run: ${{ needs.set-vars.outputs.continuous-run }}
223 safe-checkout: ${{ needs.set-vars.outputs.checkout-sha }}
224 continuous-prefix: ${{ needs.set-vars.outputs.continuous-prefix }}
Mike Kruskalf0ef44d2023-02-02 15:53:04 -0800[diff] [blame]225 secrets: inherit
Jakob Buchgraberef536132023-03-23 12:29:51 -0700[diff] [blame]226
227 rust:
228 name: Rust
Deanna Garcia2f9cdd12024-08-14 09:07:29 -0700[diff] [blame]229 needs: [set-vars]
Jakob Buchgraberef536132023-03-23 12:29:51 -0700[diff] [blame]230 uses: ./.github/workflows/test_rust.yml
231 with:
Deanna Garcia2f9cdd12024-08-14 09:07:29 -0700[diff] [blame]232 safe-checkout: ${{ needs.set-vars.outputs.checkout-sha }}
Jakob Buchgraberef536132023-03-23 12:29:51 -0700[diff] [blame]233 secrets: inherit
Mike Kruskal0b9b5da2023-06-05 12:36:01 -0700[diff] [blame]234
Adam Cozzette8059da22023-08-16 07:57:14 -0700[diff] [blame]235 upb:
236 name: μpb
Deanna Garcia2f9cdd12024-08-14 09:07:29 -0700[diff] [blame]237 needs: [set-vars]
Adam Cozzette8059da22023-08-16 07:57:14 -0700[diff] [blame]238 uses: ./.github/workflows/test_upb.yml
239 with:
Deanna Garcia2f9cdd12024-08-14 09:07:29 -0700[diff] [blame]240 continuous-run: ${{ needs.set-vars.outputs.continuous-run }}
241 safe-checkout: ${{ needs.set-vars.outputs.checkout-sha }}
242 continuous-prefix: ${{ needs.set-vars.outputs.continuous-prefix }}
Adam Cozzette8059da22023-08-16 07:57:14 -0700[diff] [blame]243 secrets: inherit
244
Mike Kruskal0b9b5da2023-06-05 12:36:01 -0700[diff] [blame]245 staleness:
246 name: Staleness
Deanna Garcia2f9cdd12024-08-14 09:07:29 -0700[diff] [blame]247 needs: [set-vars]
Mike Kruskal0b9b5da2023-06-05 12:36:01 -0700[diff] [blame]248 uses: ./.github/workflows/staleness_check.yml
Mike Kruskal93b59052023-07-01 07:38:18 -0700[diff] [blame]249 # Staleness tests have scheduled runs during off-hours to avoid race conditions.
250 if: ${{ github.event_name != 'schedule' }}
Mike Kruskal0b9b5da2023-06-05 12:36:01 -0700[diff] [blame]251 with:
Deanna Garcia2f9cdd12024-08-14 09:07:29 -0700[diff] [blame]252 continuous-run: ${{ needs.set-vars.outputs.continuous-run }}
253 safe-checkout: ${{ needs.set-vars.outputs.checkout-sha }}
Mike Kruskal0b9b5da2023-06-05 12:36:01 -0700[diff] [blame]254 secrets: inherit
Deanna Garcia2f9cdd12024-08-14 09:07:29 -0700[diff] [blame]255
256 # This test depends on all blocking tests and indicates whether they all suceeded.
257 all-blocking-tests:
Deanna Garciac4942ce2024-08-14 11:51:06 -0700[diff] [blame]258 name: All Blocking Tests${{ github.event_name == 'pull_request_target' && ' (fork)' || ''}}
Deanna Garcia2f9cdd12024-08-14 09:07:29 -0700[diff] [blame]259 needs: [set-vars, validate-yaml, bazel, cpp, java, python, ruby, php, php-ext, csharp, objectivec, rust, upb, staleness]
260 runs-on: ubuntu-latest
261 steps:
262 - name: Check test results
263 run: "${{ !contains(join(needs.*.result, ' '), 'failure') && !contains(join(needs.*.result, ' '), 'cancelled') }}"
264 # This workflow must run even if one or more of the dependent workflows
265 # failed.
Deanna Garciaf355d992024-08-14 13:28:33 -0700[diff] [blame]266 if: always()