Skip to content

Fix more potential command injection via quoting (#5164) #889

Fix more potential command injection via quoting (#5164)

Fix more potential command injection via quoting (#5164) #889

name: Integration tests
on:
push:
branches:
- master
- it/**
jobs:
start:
name: Start
outputs:
go_version: ${{ steps.go_version.outputs.go_version }}
sha: ${{ steps.sha.outputs.sha }}
runs-on: ubuntu-latest
steps:
- uses: styfle/[email protected]
- uses: actions/checkout@v4
- name: Get GO version
id: go_version
run: |
echo "go_version=$(cat go.mod | grep go | head -1 | awk '{print $2}')" >> "$GITHUB_OUTPUT"
- name: Get commit SHA
id: sha
run: |
echo "sha=$(git log --format=%H -n 1)" >> "$GITHUB_OUTPUT"
- name: Update status
run: |
curl \
--location \
--request POST 'https://api.github.com/repos/SAP/jenkins-library/statuses/${{ steps.sha.outputs.sha }}' \
-H 'Content-Type: application/json' \
--data '{"state": "pending",
"context": "Go / integration-tests",
"target_url": "https://github.com/SAP/jenkins-library/actions/runs/${{ github.run_id }}"}' \
-H 'Authorization: token ${{secrets.INTEGRATION_TEST_VOTING_TOKEN}}'
build_piper:
name: Build Piper
needs:
- start
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
with:
ref: ${{ needs.start.outputs.sha }}
- uses: actions/setup-go@v5
with:
go-version: ${{ needs.start.outputs.go_version }}
- name: Build
# with `-tags release` we ensure that shared test utilities won't end up in the binary
run: CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o piper -tags release
- name: Upload Piper binary
if: success()
uses: actions/upload-artifact@v3
with:
name: piper
path: piper
build_integration_tests:
name: Build integration tests
outputs:
matrix: ${{ steps.matrix.outputs.matrix }}
needs:
- start
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
with:
ref: ${{ needs.start.outputs.sha }}
- uses: actions/setup-go@v5
with:
go-version: ${{ needs.start.outputs.go_version }}
- name: Build
run: CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go test -c -o integration_tests -tags integration ./integration/...
- name: Form integration tests run matrix
if: success()
id: matrix
run: |
echo "matrix=$(go run .github/workflows/parse_integration_test_list.go -file ./integration/github_actions_integration_test_list.yml)" >> "$GITHUB_OUTPUT"
- name: Upload integration tests binary
if: success()
uses: actions/upload-artifact@v3
with:
name: integration_tests
path: integration_tests
run_integration_tests:
name: Run integration tests
needs:
- build_piper
- build_integration_tests
- start
strategy:
fail-fast: true
matrix: ${{ fromJson(needs.build_integration_tests.outputs.matrix) }}
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/checkout@v4
with:
ref: ${{ needs.start.outputs.sha }}
- uses: actions/setup-go@v5
with:
go-version: ${{ needs.start.outputs.go_version }}
- name: Download Piper binary
uses: actions/download-artifact@v3
with:
name: piper
- name: Download integration tests binary
uses: actions/download-artifact@v3
with:
name: integration_tests
path: ./integration/
- name: Run test
env:
PIPER_INTEGRATION_GITHUB_TOKEN: ${{secrets.PIPER_INTEGRATION_GITHUB_TOKEN}}
PIPER_INTEGRATION_SONAR_TOKEN: ${{secrets.PIPER_INTEGRATION_SONAR_TOKEN}}
PIPER_tmsServiceKey: ${{secrets.PIPER_TMSSERVICEKEY}}
run: |
chmod +x piper
cd ./integration
chmod +x integration_tests
./integration_tests -test.v -test.run ${{ matrix.run }}
finish:
name: Finish
if: always() && needs.start.result == 'success'
needs:
- start
- build_piper
- build_integration_tests
- run_integration_tests
runs-on: ubuntu-latest
steps:
- name: Update status
run: |
if [[ "${{ needs.run_integration_tests.result }}" == "success" ]]
then
curl \
--location \
--request POST 'https://api.github.com/repos/SAP/jenkins-library/statuses/${{ needs.start.outputs.sha }}' \
-H 'Content-Type: application/json' \
--data '{"state": "success",
"context": "Go / integration-tests",
"target_url": "https://github.com/SAP/jenkins-library/actions/runs/${{ github.run_id }}"}' \
-H 'Authorization: token ${{secrets.INTEGRATION_TEST_VOTING_TOKEN}}' && \
exit 0
else
curl \
--location \
--request POST 'https://api.github.com/repos/SAP/jenkins-library/statuses/${{ needs.start.outputs.sha }}' \
-H 'Content-Type: application/json' \
--data '{"state": "failure",
"context": "Go / integration-tests",
"target_url": "https://github.com/SAP/jenkins-library/actions/runs/${{ github.run_id }}"}' \
-H 'Authorization: token ${{secrets.INTEGRATION_TEST_VOTING_TOKEN}}' && \
exit 1
fi