attestation: enable Constellation for Azure TDX #8074
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Unit Tests | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- main | |
- "release/**" | |
paths: | |
- "**.go" | |
- "**/go.mod" | |
- "**/go.sum" | |
- "**/testdata/**" | |
- ".github/workflows/test-unittest.yml" | |
pull_request: | |
paths: | |
- "internal/constellation/helm/**" | |
- "**.go" | |
- "**/go.mod" | |
- "**/go.sum" | |
- "**/testdata/**" | |
- ".github/workflows/test-unittest.yml" | |
jobs: | |
test-unittest: | |
runs-on: [arc-runner-set] | |
permissions: | |
id-token: write | |
contents: read | |
pull-requests: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} | |
fetch-depth: 0 | |
- name: Setup bazel | |
uses: ./.github/actions/setup_bazel_nix | |
with: | |
useCache: "rbe" | |
rbePlatform: "ubuntu-22.04" | |
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }} | |
- name: Install AWS cli | |
run: | | |
curl -fsSL "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" | |
unzip awscliv2.zip | |
sudo ./aws/install | |
rm -rf awscliv2.zip aws | |
- name: Login to AWS (IAM role) | |
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 | |
with: | |
role-to-assume: arn:aws:iam::795746500882:role/GithubActionGocoverage | |
aws-region: eu-central-1 | |
- name: Unit Tests | |
env: | |
TMPDIR: ${{ runner.temp }} | |
run: bazel test //... --test_output=errors --config=nostamp --remote_download_minimal | |
- name: Coverage | |
id: coverage | |
run: | | |
bazel run //bazel/ci:gocoverage_diff --config=nostamp | |
lines=$(wc -l < coverage_diff.md) | |
uploadable=$([[ ${lines} -gt 3 ]] && echo "true" || echo "false") | |
echo "uploadable=$uploadable" | tee -a "$GITHUB_OUTPUT" | |
- name: Comment coverage | |
if: steps.coverage.outputs.uploadable == 'true' && github.event_name == 'pull_request' | |
uses: marocchino/sticky-pull-request-comment@efaaab3fd41a9c3de579aba759d2552635e590fd # v2.8.0 | |
with: | |
header: coverage | |
path: coverage_diff.md | |
recreate: true | |
- name: Upload coverage | |
if: github.ref_name == 'main' | |
run: | | |
cat coverage_result.json | |
aws s3 cp coverage_result.json s3://constellation-ci/gocoverage/coverage_main.json | |
echo "coverage uploaded to s3://constellation-ci/gocoverage/coverage_main.json" |