Skip to content

oci_pull: add setting for disabling token retrieval in rules_oci #1645

oci_pull: add setting for disabling token retrieval in rules_oci

oci_pull: add setting for disabling token retrieval in rules_oci #1645

Workflow file for this run

name: CI
# Controls when the action will run.
on:
# Triggers the workflow on push or pull request events but only for the main branch
push:
branches: [main]
pull_request:
branches: [main, \d.x]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
concurrency:
# Cancel previous actions from the same PR or branch except 'main' branch.
# See https://docs.github.com/en/actions/using-jobs/using-concurrency and https://docs.github.com/en/actions/learn-github-actions/contexts for more info.
group: concurrency-group::${{ github.workflow }}::${{ github.event.pull_request.number > 0 && format('pr-{0}', github.event.pull_request.number) || github.ref_name }}${{ github.ref_name == 'main' && format('::{0}', github.run_id) || ''}}
cancel-in-progress: ${{ github.ref_name != 'main' }}
jobs:
matrix-prep-bazelversion:
# Prepares the 'bazelversion' axis of the test matrix
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- id: bazel_7
run: echo "bazelversion=$(head -n 1 .bazelversion)" >> $GITHUB_OUTPUT
- id: bazel_6
run: echo "bazelversion=6.4.0" >> $GITHUB_OUTPUT
outputs:
# Will look like ["<version from .bazelversion>", "6.4.0"]
bazelversions: ${{ toJSON(steps.*.outputs.bazelversion) }}
matrix-prep-os:
# Prepares the 'os' axis of the test matrix
runs-on: ubuntu-latest
env:
TC_CLOUD_TOKEN: ${{ secrets.TC_CLOUD_TOKEN }}
steps:
- id: linux
run: echo "os=ubuntu-latest" >> $GITHUB_OUTPUT
- id: macos
run: echo "os=macos-13" >> $GITHUB_OUTPUT
# Don't run MacOS if there is no TestContainers API token which is the case on forks. We need it for container tests.
if: ${{ env.TC_CLOUD_TOKEN != '' }}
outputs:
# Will look like ["ubuntu-latest", "macos-13"]
os: ${{ toJSON(steps.*.outputs.os) }}
test:
# The type of runner that the job will run on
runs-on: ${{ matrix.os }}
needs:
- matrix-prep-bazelversion
- matrix-prep-os
strategy:
fail-fast: false
matrix:
os: ${{ fromJSON(needs.matrix-prep-os.outputs.os) }}
bazelversion: ${{ fromJSON(needs.matrix-prep-bazelversion.outputs.bazelversions) }}
folder:
- .
- e2e/wasm
- e2e/smoke
- e2e/assertion
bzlmodEnabled: [true, false]
exclude:
# macos is expensive (billed at 10X) so don't test these
- os: macos-13
folder: e2e/wasm
- os: macos-13
folder: e2e/assertion
- os: macos-13
bazelversion: 6.4.0
# e2e/assertion is bzlmod only but it has test for both cases.
- folder: e2e/assertion
bzlmodEnabled: false
# TODO: fix
- folder: e2e/wasm
bzlmodEnabled: true
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v4
- name: Mount bazel caches
uses: actions/cache@v3
with:
path: |
~/.cache/bazel-repo
key: bazel-cache-${{ matrix.os }}-${{ matrix.folder }}-${{ matrix.bazelversion }}-${{ hashFiles('**/BUILD.bazel', '**/*.bzl', 'WORKSPACE', 'WORKSPACE.bzlmod','MODULE.bzl') }}
restore-keys: |
bazel-cache-${{ matrix.os }}-${{ matrix.folder }}-${{ matrix.bazelversion }}
bazel-cache-${{ matrix.os }}-${{ matrix.folder }}
bazel-cache-${{ matrix.os }}
bazel-cache-
- name: Set bzlmod flag
# Store the --enable_bzlmod flag that we add to the test command below
# only when we're running bzlmod in our test matrix.
id: set_bzlmod_flag
if: matrix.bzlmodEnabled
run: echo "bzlmod_flag=--enable_bzlmod" >> $GITHUB_OUTPUT
- name: Set credential helpers flag
# Add --config needs_credential_helpers to add additional credential helpers
# to fetch from registries with HTTP headers set by credential helpers.
id: set_credential_helper_flag
if: matrix.bazelversion == '6.4.0' && matrix.folder == '.'
run: echo "credential_helper_flag=--config=needs_credential_helpers" >> $GITHUB_OUTPUT
- name: Setup crane for credential helpers to use
uses: imjasonh/[email protected]
if: matrix.bazelversion == '6.4.0' && matrix.folder == '.'
with:
version: "v0.19.1"
- name: Configure Bazel version
working-directory: ${{ matrix.folder }}
run: echo "${{ matrix.bazelversion }}" > .bazelversion
- name: Configure TestContainers cloud
if: ${{ matrix.os == 'macos-13' }}
uses: atomicjar/testcontainers-cloud-setup-action@main
with:
wait: true
token: ${{ secrets.TC_CLOUD_TOKEN }}
- run: man xargs
- name: Configure Remote Docker Host
if: ${{ matrix.os == 'macos-13' }}
run: |
echo "DOCKER_HOST=$(grep 'tc.host' ~/.testcontainers.properties | cut -d '=' -f2 | xargs)" >> $GITHUB_ENV
curl -fsSL https://download.docker.com/mac/static/stable/x86_64/docker-23.0.0.tgz | tar -xOvf - docker/docker > /usr/local/bin/docker
chmod +x /usr/local/bin/docker
- name: bazel test //...
working-directory: ${{ matrix.folder }}
run: |
bazel \
--bazelrc=$GITHUB_WORKSPACE/.github/workflows/ci.bazelrc \
--bazelrc=.bazelrc \
test //... \
${{ steps.set_bzlmod_flag.outputs.bzlmod_flag }} \
${{ steps.set_credential_helper_flag.outputs.credential_helper_flag }}