From cb9726dd46b57e84a7fed5a9bc7807abc0d5ffdc Mon Sep 17 00:00:00 2001 From: Jill Regan Date: Tue, 4 Nov 2025 19:45:01 -0500 Subject: [PATCH 1/8] Add e2e workflow --- .github/workflows/e2e-tests.yml | 28 ++++++++++++++++ .github/workflows/test-e2e.yml | 58 +++++++++++++++++++++++++++++++++ 2 files changed, 86 insertions(+) create mode 100644 .github/workflows/e2e-tests.yml create mode 100644 .github/workflows/test-e2e.yml diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml new file mode 100644 index 00000000..d3356606 --- /dev/null +++ b/.github/workflows/e2e-tests.yml @@ -0,0 +1,28 @@ +name: E2E Tests + +on: + workflow_call: + secrets: + OP_SERVICE_ACCOUNT_TOKEN: + description: "1Password service account token" + required: true + +jobs: + e2e-test: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v5 + + - name: Set up Go + uses: actions/setup-go@v6 + with: + go-version-file: go.mod + + - name: Install dependencies + run: go mod tidy + + - name: Run E2E tests + run: make test-e2e + env: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} diff --git a/.github/workflows/test-e2e.yml b/.github/workflows/test-e2e.yml new file mode 100644 index 00000000..939bc7ba --- /dev/null +++ b/.github/workflows/test-e2e.yml @@ -0,0 +1,58 @@ +name: Test E2E + +on: + push: + branches: [main] + paths-ignore: &ignore_paths + - "docs/**" + - "examples/**" + - "*.md" + - ".gitignore" + - "LICENSE" + + pull_request: + types: [opened, synchronize, reopened] + branches: ["**"] # run for PRs targeting any branch (main and others) + paths-ignore: *ignore_paths + +concurrency: + group: >- + ${{ github.event_name == 'pull_request' && + format('e2e-{0}', github.event.pull_request.head.ref) || + format('e2e-{0}', github.ref) }} + cancel-in-progress: true # cancel previous job runs for the same branch + +jobs: + check-external-pr: + runs-on: ubuntu-latest + outputs: + condition: ${{ steps.check.outputs.condition }} + steps: + - name: Check if PR is from external contributor + id: check + run: | + echo "Event name: ${{ github.event_name }}" + echo "Repository: ${{ github.repository }}" + + if [ "${{ github.event_name }}" == "pull_request" ]; then + # For pull_request events, check if PR is from external fork + echo "PR head repo: ${{ github.event.pull_request.head.repo.full_name }}" + if [ "${{ github.event.pull_request.head.repo.full_name }}" != "${{ github.repository }}" ]; then + echo "condition=skip" >> $GITHUB_OUTPUT + echo "Setting condition=skip (external fork PR creation)" + else + echo "condition=pr-creation-maintainer" >> $GITHUB_OUTPUT + echo "Setting condition=pr-creation-maintainer (internal PR creation)" + fi + else + # Unknown event type + echo "condition=skip" >> $GITHUB_OUTPUT + echo "Setting condition=skip (unknown event type: ${{ github.event_name }})" + fi + + e2e: + needs: check-external-pr + if: needs.check-external-pr.outputs.condition == 'pr-creation-maintainer' + uses: ./.github/workflows/e2e-tests.yml + secrets: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} From c5bb7ebdca7caebbd970180f5c67886e0281577b Mon Sep 17 00:00:00 2001 From: Jill Regan Date: Wed, 5 Nov 2025 09:30:48 -0500 Subject: [PATCH 2/8] Remove comment --- .github/workflows/test-e2e.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-e2e.yml b/.github/workflows/test-e2e.yml index 939bc7ba..af7eec6f 100644 --- a/.github/workflows/test-e2e.yml +++ b/.github/workflows/test-e2e.yml @@ -12,7 +12,7 @@ on: pull_request: types: [opened, synchronize, reopened] - branches: ["**"] # run for PRs targeting any branch (main and others) + branches: ["**"] # run for PRs targeting any branch paths-ignore: *ignore_paths concurrency: @@ -20,7 +20,7 @@ concurrency: ${{ github.event_name == 'pull_request' && format('e2e-{0}', github.event.pull_request.head.ref) || format('e2e-{0}', github.ref) }} - cancel-in-progress: true # cancel previous job runs for the same branch + cancel-in-progress: true jobs: check-external-pr: From a0c7a282eb7d046176de530c4164122cdc53da30 Mon Sep 17 00:00:00 2001 From: Jill Regan Date: Wed, 5 Nov 2025 12:39:58 -0500 Subject: [PATCH 3/8] Install OP CLI --- .github/workflows/e2e-tests.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index d3356606..b248931c 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -19,6 +19,11 @@ jobs: with: go-version-file: go.mod + - name: Install 1Password CLI + uses: 1password/install-cli-action@v2 + with: + version: 2.32.0 + - name: Install dependencies run: go mod tidy From c2ae4bcf48ed716ead6163db7eb521265b78a05b Mon Sep 17 00:00:00 2001 From: Jill Regan Date: Wed, 5 Nov 2025 14:42:14 -0500 Subject: [PATCH 4/8] add handeling for push to main --- .github/workflows/test-e2e.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test-e2e.yml b/.github/workflows/test-e2e.yml index af7eec6f..6cc95ae2 100644 --- a/.github/workflows/test-e2e.yml +++ b/.github/workflows/test-e2e.yml @@ -44,6 +44,10 @@ jobs: echo "condition=pr-creation-maintainer" >> $GITHUB_OUTPUT echo "Setting condition=pr-creation-maintainer (internal PR creation)" fi + elif [ "${{ github.event_name }}" == "push" ]; then + # For push events to main branch + echo "condition=push-to-main" >> $GITHUB_OUTPUT + echo "Setting condition=push-to-main (push to main branch)" else # Unknown event type echo "condition=skip" >> $GITHUB_OUTPUT @@ -52,7 +56,9 @@ jobs: e2e: needs: check-external-pr - if: needs.check-external-pr.outputs.condition == 'pr-creation-maintainer' + if: | + needs.check-external-pr.outputs.condition == 'pr-creation-maintainer' || + needs.check-external-pr.outputs.condition == 'push-to-main' uses: ./.github/workflows/e2e-tests.yml secrets: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} From 27483721753a3840947293198b6520add1414dc4 Mon Sep 17 00:00:00 2001 From: Jill Regan Date: Thu, 6 Nov 2025 08:50:14 -0500 Subject: [PATCH 5/8] Add ok to test workflow --- .github/workflows/build.yml | 22 ++++++------- .github/workflows/docs.yml | 2 +- .github/workflows/ok-to-test.yml | 25 +++++++++++++++ .github/workflows/release-pr.yml | 2 +- .github/workflows/release.yml | 16 ++++------ .github/workflows/test-e2e.yml | 54 ++++++++++++++++++++++++++++---- 6 files changed, 92 insertions(+), 29 deletions(-) create mode 100644 .github/workflows/ok-to-test.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a12f98f2..f675187b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -6,17 +6,17 @@ jobs: name: Build runs-on: ubuntu-latest steps: - - name: Set up Go 1.x - uses: actions/setup-go@v5 - with: - go-version: ^1.24 + - name: Set up Go 1.x + uses: actions/setup-go@v5 + with: + go-version: ^1.24 - - name: Check out code into the Go module directory - uses: actions/checkout@v4 + - name: Check out code into the Go module directory + uses: actions/checkout@v5 - - name: Build - run: go build -v ./... + - name: Build + run: go build -v ./... - - name: Test - run: make test - timeout-minutes: 10 + - name: Test + run: make test + timeout-minutes: 10 diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 6812f170..dca45c28 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -17,7 +17,7 @@ jobs: terraform_wrapper: false - name: Check out code into the Go module directory - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Generate docs run: go generate diff --git a/.github/workflows/ok-to-test.yml b/.github/workflows/ok-to-test.yml new file mode 100644 index 00000000..e2f85842 --- /dev/null +++ b/.github/workflows/ok-to-test.yml @@ -0,0 +1,25 @@ +# Write comments "/ok-to-test sha=" on a pull request. This will emit a repository_dispatch event. +name: Ok To Test + +on: + issue_comment: + types: [created] + +jobs: + ok-to-test: + runs-on: ubuntu-latest + permissions: + pull-requests: write # For adding reactions to the pull request comments + contents: write # For executing the repository_dispatch event + # Only run for PRs, not issue comments + if: ${{ github.event.issue.pull_request }} + steps: + - name: Slash Command Dispatch + uses: volodymyrZotov/slash-command-dispatch@7c1b623a2b0eba93f684c34f689a441f0be84cf1 # TODO: use peter-evans/slash-command-dispatch when fix for team permissions is released https://github.com/peter-evans/slash-command-dispatch/pull/424 + with: + token: ${{ secrets.GITHUB_TOKEN }} + reaction-token: ${{ secrets.GITHUB_TOKEN }} + issue-type: pull-request + commands: ok-to-test + # The repository permission level required by the user to dispatch commands. Only allows 1Password collaborators to run this. + permission: write diff --git a/.github/workflows/release-pr.yml b/.github/workflows/release-pr.yml index e3a75310..e1f8722e 100644 --- a/.github/workflows/release-pr.yml +++ b/.github/workflows/release-pr.yml @@ -42,7 +42,7 @@ jobs: name: Create Release Pull Request runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Parse release version id: get_version diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 87505cc1..d0a06b22 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,32 +3,28 @@ name: goreleaser on: push: tags: - - '*' + - "*" jobs: goreleaser: runs-on: ubuntu-latest steps: - - - name: Checkout - uses: actions/checkout@v4 + - name: Checkout + uses: actions/checkout@v5 with: fetch-depth: 0 - - - name: Set up Go + - name: Set up Go uses: actions/setup-go@v5 with: go-version: ^1.24 - - - name: Import GPG key + - name: Import GPG key id: import_gpg uses: crazy-max/ghaction-import-gpg@v6 with: # These secrets will need to be configured for the repository: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} passphrase: ${{ secrets.PASSPHRASE }} - - - name: Run GoReleaser + - name: Run GoReleaser uses: goreleaser/goreleaser-action@v6 with: args: release --clean diff --git a/.github/workflows/test-e2e.yml b/.github/workflows/test-e2e.yml index 6cc95ae2..e3f39fcf 100644 --- a/.github/workflows/test-e2e.yml +++ b/.github/workflows/test-e2e.yml @@ -9,11 +9,12 @@ on: - "*.md" - ".gitignore" - "LICENSE" - pull_request: types: [opened, synchronize, reopened] branches: ["**"] # run for PRs targeting any branch paths-ignore: *ignore_paths + repository_dispatch: + types: [ok-to-test-command] concurrency: group: >- @@ -44,10 +45,22 @@ jobs: echo "condition=pr-creation-maintainer" >> $GITHUB_OUTPUT echo "Setting condition=pr-creation-maintainer (internal PR creation)" fi - elif [ "${{ github.event_name }}" == "push" ]; then - # For push events to main branch - echo "condition=push-to-main" >> $GITHUB_OUTPUT - echo "Setting condition=push-to-main (push to main branch)" + elif [ "${{ github.event_name }}" == "repository_dispatch" ]; then + # For repository_dispatch events (ok-to-test), check if sha matches + SHA_PARAM="${{ github.event.client_payload.slash_command.args.named.sha }}" + PR_HEAD_SHA="${{ github.event.client_payload.pull_request.head.sha }}" + + echo "Checking dispatch event conditions..." + echo "SHA from command: $SHA_PARAM" + echo "PR head SHA: $PR_HEAD_SHA" + + if [ -n "$SHA_PARAM" ] && [[ "$PR_HEAD_SHA" == *"$SHA_PARAM"* ]]; then + echo "condition=dispatch-event" >> $GITHUB_OUTPUT + echo "Setting condition=dispatch-event (sha matches)" + else + echo "condition=skip" >> $GITHUB_OUTPUT + echo "Setting condition=skip (sha does not match or empty)" + fi else # Unknown event type echo "condition=skip" >> $GITHUB_OUTPUT @@ -57,8 +70,37 @@ jobs: e2e: needs: check-external-pr if: | - needs.check-external-pr.outputs.condition == 'pr-creation-maintainer' || + (needs.check-external-pr.outputs.condition == 'pr-creation-maintainer') + || + (needs.check-external-pr.outputs.condition == 'dispatch-event') + || needs.check-external-pr.outputs.condition == 'push-to-main' uses: ./.github/workflows/e2e-tests.yml secrets: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + +comment-pr: + needs: [check-external-pr, e2e] + runs-on: ubuntu-latest + if: always() && needs.check-external-pr.outputs.condition == 'dispatch-event' + permissions: + pull-requests: write + steps: + - name: Create URL to the run output + id: vars + run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> $GITHUB_OUTPUT + + - name: Create comment on PR + uses: peter-evans/create-or-update-comment@v5 + with: + issue-number: ${{ github.event.client_payload.pull_request.number }} + body: | + ${{ + needs.e2e.result == 'success' && '✅ E2E tests passed.' || + needs.e2e.result == 'failure' && '❌ E2E tests failed.' || + '⚠️ E2E tests completed.' + }} + + [View test run output][1] + + [1]: ${{ steps.vars.outputs.run-url }} From c5a0942e7fbfb09d55185100c6987b5eb7d2fbe6 Mon Sep 17 00:00:00 2001 From: Jill Regan Date: Thu, 6 Nov 2025 08:57:01 -0500 Subject: [PATCH 6/8] Add push condition back --- .github/workflows/test-e2e.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/test-e2e.yml b/.github/workflows/test-e2e.yml index e3f39fcf..8b7f8faf 100644 --- a/.github/workflows/test-e2e.yml +++ b/.github/workflows/test-e2e.yml @@ -61,6 +61,9 @@ jobs: echo "condition=skip" >> $GITHUB_OUTPUT echo "Setting condition=skip (sha does not match or empty)" fi + elif [ "${{ github.event_name }}" == "push" ]; then + echo "condition=push-to-main" >> $GITHUB_OUTPUT + echo "Setting condition=push-to-main (push to main)" else # Unknown event type echo "condition=skip" >> $GITHUB_OUTPUT From a04d379bf03a02357945ca681e7406bc52d9b858 Mon Sep 17 00:00:00 2001 From: Jill Regan Date: Thu, 6 Nov 2025 09:34:24 -0500 Subject: [PATCH 7/8] Fix syntax error --- .github/workflows/test-e2e.yml | 44 +++++++++++++++++----------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/.github/workflows/test-e2e.yml b/.github/workflows/test-e2e.yml index 8b7f8faf..879d9ce2 100644 --- a/.github/workflows/test-e2e.yml +++ b/.github/workflows/test-e2e.yml @@ -82,28 +82,28 @@ jobs: secrets: OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} -comment-pr: - needs: [check-external-pr, e2e] - runs-on: ubuntu-latest - if: always() && needs.check-external-pr.outputs.condition == 'dispatch-event' - permissions: - pull-requests: write - steps: - - name: Create URL to the run output - id: vars - run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> $GITHUB_OUTPUT + comment-pr: + needs: [check-external-pr, e2e] + runs-on: ubuntu-latest + if: always() && needs.check-external-pr.outputs.condition == 'dispatch-event' + permissions: + pull-requests: write + steps: + - name: Create URL to the run output + id: vars + run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> $GITHUB_OUTPUT - - name: Create comment on PR - uses: peter-evans/create-or-update-comment@v5 - with: - issue-number: ${{ github.event.client_payload.pull_request.number }} - body: | - ${{ - needs.e2e.result == 'success' && '✅ E2E tests passed.' || - needs.e2e.result == 'failure' && '❌ E2E tests failed.' || - '⚠️ E2E tests completed.' - }} + - name: Create comment on PR + uses: peter-evans/create-or-update-comment@v5 + with: + issue-number: ${{ github.event.client_payload.pull_request.number }} + body: | + ${{ + needs.e2e.result == 'success' && '✅ E2E tests passed.' || + needs.e2e.result == 'failure' && '❌ E2E tests failed.' || + '⚠️ E2E tests completed.' + }} - [View test run output][1] + [View test run output][1] - [1]: ${{ steps.vars.outputs.run-url }} + [1]: ${{ steps.vars.outputs.run-url }} From 98bf371fb2a6bd78118890b08a115eb5dd2f36bb Mon Sep 17 00:00:00 2001 From: Jill Regan Date: Thu, 6 Nov 2025 15:40:57 -0500 Subject: [PATCH 8/8] Update to ensure branch is main --- .github/workflows/build.yml | 2 +- .github/workflows/docs.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/test-e2e.yml | 3 ++- 4 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f675187b..00e5ea5a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -7,7 +7,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Set up Go 1.x - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: ^1.24 diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index dca45c28..1290f3e9 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -7,7 +7,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Set up Go 1.x - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: ^1.24 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d0a06b22..9fb1e832 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,7 +14,7 @@ jobs: with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: ^1.24 - name: Import GPG key diff --git a/.github/workflows/test-e2e.yml b/.github/workflows/test-e2e.yml index 879d9ce2..ab425f6f 100644 --- a/.github/workflows/test-e2e.yml +++ b/.github/workflows/test-e2e.yml @@ -9,6 +9,7 @@ on: - "*.md" - ".gitignore" - "LICENSE" + - "scripts/**" pull_request: types: [opened, synchronize, reopened] branches: ["**"] # run for PRs targeting any branch @@ -61,7 +62,7 @@ jobs: echo "condition=skip" >> $GITHUB_OUTPUT echo "Setting condition=skip (sha does not match or empty)" fi - elif [ "${{ github.event_name }}" == "push" ]; then + elif [ "${{ github.event_name }}" == "push" ] && [ "${{ github.ref_name }}" == "main" ]; then echo "condition=push-to-main" >> $GITHUB_OUTPUT echo "Setting condition=push-to-main (push to main)" else