upstream/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-06-26 17:49:02 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 10
vault/.github/workflows/test-ui.yml
Vault Automation 00281521f0
actions: pin actions to the latest versions 
* actions: pin to latest actions

- actions/checkout@9c091bb21b => v7.0.0
  Adds a guardrail to prevent accidentally checking out fork pull
  request code in privileged GitHub Actions contexts
  (pull_request_target and PR-triggered workflow_run), with an
  explicit opt-in escape hatch for advanced workflows.

- pnpm/action-setup@0ebf47130e => v6.0.9
  Update pnpm to v11.7.0

- Add .github/actions/build-ui to ui changed files group

- Add .github/actions/build-ui to ui/frontend CODEOWNERS

Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
2026-06-23 10:21:26 -06:00

230 lines
8.9 KiB
YAML
Raw Blame History

on:
workflow_call:
inputs:
checkout-ref:
description: The ref to use for checkout.
required: false
default: ${{ github.ref }}
type: string
runs-on:
description: An expression indicating which kind of runners to use Go testing jobs.
required: false
type: string
default: '"ubuntu-latest"'
runs-on-small:
description: An expression indicating which kind of runners to use for small computing jobs.
required: false
type: string
default: '"ubuntu-latest"'
is-ent-repo:
description: A boolean indicating whether the repository is an enterprise repository.
required: false
type: string
default: 'false'
is-ent-branch:
description: A boolean indicating whether the repository is an enterprise branch.
required: false
type: string
default: 'false'
jobs:
test-ui-build-go:
name: Build Vault Binary for UI Tests
permissions:
id-token: write
contents: read
runs-on: ${{ fromJSON(inputs.runs-on) }}
outputs:
ui-go-binary-artifact-id: ${{ steps.upload.outputs.artifact-id }}
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
name: status
with:
ref: ${{ inputs.checkout-ref }}
- uses: ./.github/actions/set-up-go
with:
github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
- if: inputs.is-ent-repo == 'true'
id: vault-auth
name: Authenticate to Vault
run: vault-auth
- if: inputs.is-ent-repo == 'true'
id: secrets
name: Fetch secrets
uses: hashicorp/vault-action@892a26828f195e65540a40b4768ae4571f51ebfc # v4.0.0
with:
url: ${{ steps.vault-auth.outputs.addr }}
caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
token: ${{ steps.vault-auth.outputs.token }}
secrets: |
kv/data/github/hashicorp/vault-enterprise/github-token username-and-token | PRIVATE_REPO_GITHUB_TOKEN;
- if: inputs.is-ent-repo == 'true'
name: Set up Git
run: git config --global url."https://${{ steps.secrets.outputs.PRIVATE_REPO_GITHUB_TOKEN }}@github.com".insteadOf https://github.com
- uses: ./.github/actions/install-tools
- name: build-go-dev
run: |
rm -rf ./pkg
mkdir ./pkg
make prep dev
- name: Upload Vault Binary for UI Tests
id: upload
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
path: ./bin/vault
name: vault-ui-test-binary
retention-days: 1
test-ui-build-js:
name: Build JS for UI Tests
permissions:
id-token: write
contents: read
runs-on: ${{ fromJSON(inputs.runs-on-small) }}
outputs:
ui-js-bundle-artifact-id: ${{ steps.upload.outputs.artifact-id }}
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
name: status
with:
ref: ${{ inputs.checkout-ref }}
- name: Setup pnpm
uses: ./.github/actions/setup-pnpm
- name: Build Ember Test Bundle
working-directory: ./ui
run: pnpm build:jsondiffpatch && pnpm exec ember build --environment=test --output-path=dist
- name: Upload Ember Test Bundle
id: upload
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
path: ./ui/dist
name: vault-ui-test-bundle
retention-days: 1
test-ui:
name: Run UI Tests
needs: [test-ui-build-go, test-ui-build-js]
permissions:
id-token: write
contents: read
runs-on: ${{ fromJSON(inputs.runs-on-small) }}
strategy:
fail-fast: false
matrix:
ci-index: [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14]
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
name: status
with:
ref: ${{ inputs.checkout-ref }}
- if: inputs.is-ent-repo == 'true'
id: vault-auth
name: Authenticate to Vault
run: vault-auth
- if: inputs.is-ent-repo == 'true'
id: secrets
name: Fetch secrets
uses: hashicorp/vault-action@892a26828f195e65540a40b4768ae4571f51ebfc # v4.0.0
with:
url: ${{ steps.vault-auth.outputs.addr }}
caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
token: ${{ steps.vault-auth.outputs.token }}
secrets: |
kv/data/github/hashicorp/vault-enterprise/github-token username-and-token | PRIVATE_REPO_GITHUB_TOKEN;
kv/data/github/hashicorp/vault-enterprise/license license_1 | VAULT_LICENSE;
kv/data/github/${{ github.repository }}/datadog-ci DATADOG_API_KEY;
- name: Install Chrome
uses: browser-actions/setup-chrome@2e1d749697dd1612b833dba4a722266286fbefcd # v2.1.2
with:
chrome-version: stable
- name: Setup pnpm
uses: ./.github/actions/setup-pnpm
- name: Download Ember Test Bundle
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
path: ./ui/dist
artifact-ids: ${{ needs.test-ui-build-js.outputs.ui-js-bundle-artifact-id }}
- name: Download Vault Binary
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
path: ./bin
artifact-ids: ${{ needs.test-ui-build-go.outputs.ui-go-binary-artifact-id }}
- name: Make Vault Binary Executable
run: chmod +x ./bin/vault
- name: Set Parallel Count
# hardcoding this to 1 for now because multiple parallelism in UI tests with a vault server casuses test failures due to the shared backend
run: echo "PARALLEL_COUNT=1" >> "$GITHUB_ENV"
- name: Create test-results directory
run: mkdir -p ui/test-results/qunit
- name: Run UI Lint Checks
if: strategy.job-index == 0
working-directory: ./ui
run: pnpm lint
- name: Run UI Tests
if: strategy.job-index != 0
env:
VAULT_LICENSE: ${{ steps.secrets.outputs.VAULT_LICENSE }}
working-directory: ./ui
# NOTE: We subtract 1 from the total number of jobs because job-index 0 is the lint job
run: |
pnpm test${{ inputs.is-ent-branch == 'false' && ':oss' || '' }} \
--load-balance \
--split=$((${{ strategy.job-total }} - 1)) \
--partition=${{ strategy.job-index }} \
--parallel="$PARALLEL_COUNT" \
--path=dist
- if: always() && strategy.job-index != 0
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: test-results-ui-${{ strategy.job-index }}
path: ui/test-results
- name: Prepare datadog-ci
if: always() && startsWith(github.repository, 'hashicorp/vault') && strategy.job-index != 0
continue-on-error: true
run: |
if type datadog-ci > /dev/null 2>&1; then
exit 0
fi
# Curl does not always exit 1 if things go wrong. To determine if this is successful
# we'll silence all non-error output and check the results to determine success.
if ! out="$(curl -sSL --fail https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64 --output /usr/local/bin/datadog-ci 2>&1)"; then
printf "failed to download datadog-ci: %s" "$out"
fi
if [[ -n "$out" ]]; then
printf "failed to download datadog-ci: %s" "$out"
fi
chmod +x /usr/local/bin/datadog-ci
- name: Upload test results to DataDog
if: (success() || failure()) && strategy.job-index != 0
continue-on-error: true
env:
DD_ENV: ci
run: |
if [[ ${{ github.repository }} == 'hashicorp/vault' ]]; then
export DATADOG_API_KEY=${{ secrets.DATADOG_API_KEY }}
fi
datadog-ci junit upload --service "$GITHUB_REPOSITORY" 'ui/test-results/qunit/results.xml'
- if: always() && strategy.job-index != 0
uses: test-summary/action@37b508cfee6d4d080eedd00b5bb240a6a784a6a5 # v2.6
with:
paths: "ui/test-results/qunit/results.xml"
show: "fail"
test-ui-complete:
runs-on: ${{ fromJSON(inputs.runs-on-small) }}
needs: [test-ui-build-go, test-ui-build-js, test-ui]
steps:
- id: status
name: Determine status
run: |
results=$(tr -d '\n' <<< '${{ toJSON(needs.*.result) }}')
if ! grep -q -v -E '(failure|cancelled)' <<< "$results"; then
result="failed"
else
result="success"
fi
{
echo "result=${result}"
echo "results=${results}"
} | tee -a "$GITHUB_OUTPUT"
Reference in a new issue View git blame Copy permalink