Allow maintainer to re-run integration tests for PRs from forks #551
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Integration Tests | |
| on: | |
| pull_request: | |
| pull_request_target: | |
| types: | |
| - opened | |
| - synchronize | |
| - reopened | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - earthaccess/** | |
| - tests/** | |
| - docs/** | |
| - binder/** | |
| # When this workflow is queued, automatically cancel any previous running | |
| # or pending jobs from the same branch | |
| concurrency: | |
| group: integration-tests-${{ github.ref }} | |
| cancel-in-progress: true | |
| defaults: | |
| run: | |
| shell: bash -l {0} | |
| jobs: | |
| integration-tests: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| python-version: ["3.9", "3.10", "3.11", "3.12"] | |
| fail-fast: false | |
| steps: | |
| - name: Checkout source | |
| if: ${{ github.event_name != 'pull_request_target' }} | |
| uses: actions/checkout@v4 | |
| - name: Fetch user permission | |
| if: ${{ github.event_name == 'pull_request_target' }} | |
| id: permission | |
| uses: actions-cool/check-user-permission@v2 | |
| with: | |
| require: write | |
| username: ${{ github.triggering_actor }} | |
| - name: Check user permission | |
| if: ${{ github.event_name == 'pull_request_target' && steps.permission.outputs.require-result == 'false' }} | |
| # If the triggering actor does not have write permission (i.e., this is a | |
| # PR from a fork), then we exit, otherwise most of the integration tests will | |
| # fail because they require access to secrets. In this case, a maintainer | |
| # will need to make sure the PR looks safe, and if so, manually re-run the | |
| # failed jobs. | |
| run: | | |
| echo "User ${{ github.triggering_actor }} does not have permission to run integration tests." | |
| echo "A maintainer must perform a security review and re-run this build, if the code is safe." | |
| exit 1 | |
| - name: Checkout source | |
| if: ${{ github.event_name == 'pull_request_target' }} | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Get full python version | |
| id: full-python-version | |
| run: echo version=$(python -c "import sys; print('-'.join(str(v) for v in sys.version_info))") >> $GITHUB_OUTPUT | |
| - name: Install poetry | |
| uses: abatilo/actions-poetry@v3 | |
| - name: Configure poetry | |
| run: | | |
| poetry config virtualenvs.create true --local | |
| poetry config virtualenvs.in-project true --local | |
| poetry self add setuptools | |
| - name: Set up cache | |
| uses: actions/cache@v4 | |
| id: cache | |
| with: | |
| path: .venv | |
| key: venv-${{ runner.os }}-${{ steps.full-python-version.outputs.version }}-${{ hashFiles('poetry.lock') }} | |
| - name: Ensure cache is healthy | |
| if: steps.cache.outputs.cache-hit == 'true' | |
| run: poetry run pip --version >/dev/null 2>&1 || rm -rf .venv | |
| - name: Install Dependencies | |
| if: ${{ !env.ACT }} | |
| run: poetry install | |
| - name: Install Dependencies | |
| if: ${{ env.ACT }} | |
| # When using `act` to run the workflow locally, the `poetry install` command | |
| # may fail due to network issues when running multiple Docker containers. | |
| run: poetry install || poetry install || poetry install | |
| - name: Test | |
| env: | |
| EARTHDATA_USERNAME: ${{ secrets.EDL_USERNAME }} | |
| EARTHDATA_PASSWORD: ${{ secrets.EDL_PASSWORD }} | |
| EARTHACCESS_TEST_USERNAME: ${{ secrets.EDL_USERNAME }} | |
| EARTHACCESS_TEST_PASSWORD: ${{ secrets.EDL_PASSWORD }} | |
| run: poetry run bash scripts/integration-test.sh | |
| - name: Upload coverage | |
| # Don't upload coverage when using the `act` tool to run the workflow locally | |
| if: ${{ !env.ACT }} | |
| uses: codecov/codecov-action@v4 |