Skip to content
test-linux

github-action: use ephemeral tokens with the required permissions (#2… #976

Sign in to view logs

github-action: use ephemeral tokens with the required permissions (#2…

github-action: use ephemeral tokens with the required permissions (#2… #976

Workflow file for this run

.github/workflows/test-linux.yml at 9b41c9d
name: test-linux
on:
push:
branches:
- main
paths-ignore:
- '*.md'
- '*.asciidoc'
- 'docs/**'
pull_request:
paths-ignore:
- '*.md'
- '*.asciidoc'
- 'docs/**'
permissions:
contents: read
concurrency:
group: '${{ github.workflow }}-${{ github.ref }}'
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
defaults:
run:
shell: bash
env:
NUGET_PACKAGES: ${{ github.workspace }}/.nuget/packages
# 'pack' & 'tests' are required checks in this workflow.
# To not burn unneeded CI cycles:
# - Our required checks will always succeed if doc only changes are detected.
# - all jobs depend on 'format' to not waste cycles on quickly fixable errors.
jobs:
format:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Bootstrap Action Workspace
uses: ./.github/workflows/bootstrap
- name: Format
run: ./build.sh format
#required step
pack:
runs-on: ubuntu-latest
needs: [ 'format' ]
steps:
- uses: actions/checkout@v4
- name: Bootstrap Action Workspace
uses: ./.github/workflows/bootstrap
with:
rust: 'true'
- name: Package
run: ./build.sh pack
#required step
tests:
runs-on: ubuntu-latest
needs: [ 'format' ]
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
- name: Bootstrap Action Workspace
uses: ./.github/workflows/bootstrap
- name: 'Tests: Unit'
run: ./build.sh test --test-suite unit
azure-tests:
runs-on: ubuntu-latest
needs: [ 'format', 'tests' ]
if: |
github.event_name != 'pull_request'
|| github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == false
env:
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
ARM_USE_OIDC: true
AZURE_RESOURCE_GROUP_PREFIX: ci-dotnet-${{ github.run_id }}
permissions:
contents: read
id-token: write
steps:
- uses: actions/checkout@v4
- name: Bootstrap Action Workspace
uses: ./.github/workflows/bootstrap
with:
azure: 'true'
- name: 'Az CLI login'
uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1
with:
client-id: ${{ secrets.ARM_CLIENT_ID }}
tenant-id: ${{ secrets.ARM_TENANT_ID }}
subscription-id: ${{ secrets.ARM_SUBSCRIPTION_ID }}
- name: 'Tests: Azure'
run: ./build.sh test --test-suite azure
- name: 'Teardown tests infra'
if: ${{ always() }}
run: |
for group in $(az group list --query "[?name | starts_with(@,'${{ env.AZURE_RESOURCE_GROUP_PREFIX }}')]" --out json | jq .[].name --raw-output); do
az group delete --name "${group}" --no-wait --yes
done
integration-tests:
runs-on: ubuntu-latest
needs: [ 'format', 'tests' ]
steps:
- uses: actions/checkout@v4
- name: Bootstrap Action Workspace
uses: ./.github/workflows/bootstrap
- name: 'Tests: Integrations'
run: ./build.sh test --test-suite integrations
startup-hook-tests:
runs-on: ubuntu-latest
needs: [ 'format', 'tests' ]
steps:
- uses: actions/checkout@v4
- name: Bootstrap Action Workspace
uses: ./.github/workflows/bootstrap
- name: 'Tests: StartupHooks'
run: ./build.sh test --test-suite startuphooks
profiler-tests:
runs-on: ubuntu-latest
needs: [ 'format', 'tests' ]
steps:
- uses: actions/checkout@v4
- name: Bootstrap Action Workspace
id: bootstrap
uses: ./.github/workflows/bootstrap
with:
rust: 'true'
- name: 'Tests: Profiler'
run: ./build.sh test --test-suite profiler
- name: Build Profiler Docker Image
run: |
docker build . -t docker.elastic.co/observability/apm-agent-dotnet:${{ steps.bootstrap.outputs.agent-version }} \
--build-arg AGENT_ZIP_FILE=build/output/elastic_apm_profiler_${{ steps.bootstrap.outputs.agent-version }}-linux-x64.zip