diff --git a/.github/labels.yml b/.github/labels.yml index 382ce424..b93429cb 100644 --- a/.github/labels.yml +++ b/.github/labels.yml @@ -16,74 +16,72 @@ color: ededed description: "" -- name: 'type: bug' +- name: "type: bug" color: db4437 - description: Error or flaw in code with unintended results or allowing sub-optimal + description: + Error or flaw in code with unintended results or allowing sub-optimal usage patterns. -- name: 'type: cleanup' +- name: "type: cleanup" color: c5def5 description: An internal cleanup or hygiene concern. -- name: 'type: docs' +- name: "type: docs" color: 0000A0 description: Improvement to the documentation for an API. -- name: 'type: feature request' +- name: "type: feature request" color: c5def5 description: ‘Nice-to-have’ improvement, new feature or different behavior or design. -- name: 'type: process' +- name: "type: process" color: c5def5 description: A process-related concern. May include testing, release, or the like. -- name: 'type: question' +- name: "type: question" color: c5def5 description: Request for information or clarification. -- name: 'priority: p0' +- name: "priority: p0" color: b60205 description: Highest priority. Critical issue. P0 implies highest priority. -- name: 'priority: p1' +- name: "priority: p1" color: ffa03e - description: Important issue which blocks shipping the next release. Will be fixed + description: + Important issue which blocks shipping the next release. Will be fixed prior to next release. -- name: 'priority: p2' +- name: "priority: p2" color: fef2c0 description: Moderately-important priority. Fix may not be included in next release. -- name: 'priority: p3' +- name: "priority: p3" color: ffffc7 description: Desirable enhancement or fix. May not be included in next release. - name: automerge color: 00ff00 description: Merge the pull request once unit tests and other checks pass. -- name: 'automerge: exact' +- name: "automerge: exact" color: 8dd517 - description: Summon MOG for automerging, but approvals need to be against the latest + description: + Summon MOG for automerging, but approvals need to be against the latest commit - name: do not merge color: d93f0b - description: Indicates a pull request not ready for merge, due to either quality - or timing. + description: Indicates a pull request not ready for merge, due to either quality or timing. -- name: 'autorelease: pending' +- name: "autorelease: pending" color: ededed description: Release please needs to do its work on this. -- name: 'autorelease: tagged' +- name: "autorelease: tagged" color: ededed description: Release please has completed a release for this. -- name: 'autorelease: triggered' +- name: "autorelease: triggered" color: ededed description: Release please has triggered a release for this. -- name: 'tests: run' - color: 3DED97 - description: Label to trigger Github Action tests. - -- name: 'flakybot: flaky' +- name: "flakybot: flaky" color: 86d9d7 description: Tells the Flaky Bot not to close or comment on this issue. -- name: 'flakybot: quiet' +- name: "flakybot: quiet" color: 86d9d7 description: Tells the Flaky Bot to comment less. -- name: 'flakybot: issue' +- name: "flakybot: issue" color: a9f9f7 description: An issue filed by the Flaky Bot. Should not be added manually. diff --git a/.github/trusted-contribution.yml b/.github/trusted-contribution.yml deleted file mode 100644 index 0c42519c..00000000 --- a/.github/trusted-contribution.yml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright 2023 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -annotations: - - type: label - text: "tests: run" - -trustedContributors: ['renovate-bot', 'gcf-merge-on-green[bot]'] diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index ff5124b4..f02d5d94 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -16,24 +16,18 @@ name: "CodeQL" on: push: - branches: [ "main" ] + branches: ["main"] pull_request: - branches: [ "main" ] + branches: ["main"] paths-ignore: - - '**/*.md' - - '**/*.txt' - pull_request_target: - types: [labeled] - paths-ignore: - - '**/*.md' - - '**/*.txt' + - "**/*.md" + - "**/*.txt" # Declare default permissions as read only. permissions: read-all jobs: analyze: - if: "${{ github.event.action != 'labeled' || github.event.label.name == 'tests: run' }}" name: Analyze runs-on: ubuntu-latest permissions: @@ -44,27 +38,24 @@ jobs: strategy: fail-fast: false matrix: - language: [ 'javascript' ] + language: ["javascript"] steps: - - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - ref: ${{ github.event.pull_request.head.sha }} - repository: ${{ github.event.pull_request.head.repo.full_name }} - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 - with: - languages: ${{ matrix.language }} - - # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). - # If this step fails, then you should remove it and run the build manually - - name: Autobuild - uses: github/codeql-action/autobuild@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 - with: - category: "/language:${{matrix.language}}" + - name: Checkout repository + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + with: + languages: ${{ matrix.language }} + + # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). + # If this step fails, then you should remove it and run the build manually + - name: Autobuild + uses: github/codeql-action/autobuild@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 39524766..7f6682f3 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -15,37 +15,14 @@ name: Code Coverage on: pull_request: - pull_request_target: - types: [labeled] # Declare default permissions as read only. permissions: read-all jobs: coverage: - if: "${{ github.event.action != 'labeled' || github.event.label.name == 'tests: run' }}" runs-on: ubuntu-latest - permissions: - issues: write - pull-requests: write steps: - - name: Remove PR Label - if: "${{ github.event.action == 'labeled' && github.event.label.name == 'tests: run' }}" - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - try { - await github.rest.issues.removeLabel({ - name: 'tests: run', - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: context.payload.pull_request.number - }); - } catch (e) { - console.log('Failed to remove label. Another job may have already removed it!'); - } - - name: Checkout base branch uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 90e39cf2..01096e03 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -16,24 +16,17 @@ name: Lint on: pull_request: - pull_request_target: - types: [labeled] # Declare default permissions as read only. permissions: read-all jobs: lint: - # run job on proper workflow event triggers (skip job for pull_request event from forks and only run pull_request_target for "tests: run" label) - if: "${{ (github.event.action != 'labeled' && github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name) || github.event.label.name == 'tests: run' }}" name: Lint runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - ref: ${{ github.event.pull_request.head.sha }} - repository: ${{ github.event.pull_request.head.repo.full_name }} - name: Use Nodejs v18.x uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 @@ -45,5 +38,3 @@ jobs: - name: Run Lint run: npm run lint - - diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index c801f686..523821e9 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -19,18 +19,14 @@ on: push: branches: - main - pull_request_target: - types: [labeled] schedule: - - cron: '0 2 * * *' + - cron: "0 2 * * *" # Declare default permissions as read only. permissions: read-all jobs: unit-tests: - # run job on proper workflow event triggers (skip job for pull_request event from forks and only run pull_request_target for "tests: run" label) - if: "${{ (github.event.action != 'labeled' && github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name) || github.event.label.name == 'tests: run' }}" name: Unit tests strategy: matrix: @@ -52,41 +48,21 @@ jobs: pull-requests: write steps: - - name: Remove PR label - if: "${{ github.event.action == 'labeled' && github.event.label.name == 'tests: run' }}" - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - try { - await github.rest.issues.removeLabel({ - name: 'tests: run', - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: context.payload.pull_request.number - }); - } catch (e) { - console.log('Failed to remove label. Another job may have already removed it!'); - } - - name: Checkout code uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - ref: ${{ github.event.pull_request.head.sha }} - repository: ${{ github.event.pull_request.head.repo.full_name }} - name: Use Nodejs ${{ matrix.node-version }} uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 with: node-version: ${{ matrix.node-version }} - - id: 'auth' + - id: auth name: Authenticate to Google Cloud if: ${{ github.event_name == 'schedule' || github.event_name == 'push' }} uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: - workload_identity_provider: ${{ secrets.PROVIDER_NAME }} - service_account: ${{ secrets.SERVICE_ACCOUNT }} + workload_identity_provider: ${{ vars.PROVIDER_NAME }} + service_account: ${{ vars.SERVICE_ACCOUNT }} access_token_lifetime: 600s - name: Install dependencies @@ -142,8 +118,6 @@ jobs: ./flakybot --repo ${{github.repository}} --commit_hash ${{github.sha}} --build_url https://github.com/${{github.repository}}/actions/runs/${{github.run_id}} system-tests: - # run job on proper workflow event triggers (skip job for pull_request event from forks and only run pull_request_target for "tests: run" label) - if: "${{ (github.event.action != 'labeled' && github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name) || github.event.label.name == 'tests: run' }}" name: System tests strategy: matrix: @@ -156,36 +130,16 @@ jobs: node-version: "v14.x" fail-fast: false permissions: - contents: 'read' - id-token: 'write' + contents: "read" + id-token: "write" issues: write pull-requests: write runs-on: ${{ matrix.os }} steps: - - name: Remove PR label - if: "${{ github.event.action == 'labeled' && github.event.label.name == 'tests: run' }}" - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - try { - await github.rest.issues.removeLabel({ - name: 'tests: run', - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: context.payload.pull_request.number - }); - } catch (e) { - console.log('Failed to remove label. Another job may have already removed it!'); - } - - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - ref: ${{ github.event.pull_request.head.sha }} - repository: ${{ github.event.pull_request.head.repo.full_name }} - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 @@ -198,35 +152,35 @@ jobs: - name: Transpile TypeScript run: npm run prepare - - id: 'auth' + - id: auth name: Authenticate to Google Cloud uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: - workload_identity_provider: ${{ secrets.PROVIDER_NAME }} - service_account: ${{ secrets.SERVICE_ACCOUNT }} + workload_identity_provider: ${{ vars.PROVIDER_NAME }} + service_account: ${{ vars.SERVICE_ACCOUNT }} access_token_lifetime: 600s - - id: 'secrets' + - id: secrets name: Get secrets uses: google-github-actions/get-secretmanager-secrets@dc4a1392bad0fd60aee00bb2097e30ef07a1caae # v2.1.3 with: secrets: |- - MYSQL_CONNECTION_NAME:${{ secrets.GOOGLE_CLOUD_PROJECT }}/MYSQL_CONNECTION_NAME - MYSQL_IAM_CONNECTION_NAME:${{ secrets.GOOGLE_CLOUD_PROJECT }}/MYSQL_IAM_CONNECTION_NAME - MYSQL_USER:${{ secrets.GOOGLE_CLOUD_PROJECT }}/MYSQL_USER - MYSQL_IAM_USER:${{ secrets.GOOGLE_CLOUD_PROJECT }}/MYSQL_USER_IAM_NODE - MYSQL_PASS:${{ secrets.GOOGLE_CLOUD_PROJECT }}/MYSQL_PASS - MYSQL_DB:${{ secrets.GOOGLE_CLOUD_PROJECT }}/MYSQL_DB - POSTGRES_CONNECTION_NAME:${{ secrets.GOOGLE_CLOUD_PROJECT }}/POSTGRES_CONNECTION_NAME - POSTGRES_IAM_CONNECTION_NAME:${{ secrets.GOOGLE_CLOUD_PROJECT }}/POSTGRES_IAM_CONNECTION_NAME - POSTGRES_USER:${{ secrets.GOOGLE_CLOUD_PROJECT }}/POSTGRES_USER - POSTGRES_IAM_USER:${{ secrets.GOOGLE_CLOUD_PROJECT }}/POSTGRES_USER_IAM_NODE - POSTGRES_PASS:${{ secrets.GOOGLE_CLOUD_PROJECT }}/POSTGRES_PASS - POSTGRES_DB:${{ secrets.GOOGLE_CLOUD_PROJECT }}/POSTGRES_DB - SQLSERVER_CONNECTION_NAME:${{ secrets.GOOGLE_CLOUD_PROJECT }}/SQLSERVER_CONNECTION_NAME - SQLSERVER_USER:${{ secrets.GOOGLE_CLOUD_PROJECT }}/SQLSERVER_USER - SQLSERVER_PASS:${{ secrets.GOOGLE_CLOUD_PROJECT }}/SQLSERVER_PASS - SQLSERVER_DB:${{ secrets.GOOGLE_CLOUD_PROJECT }}/SQLSERVER_DB + MYSQL_CONNECTION_NAME:${{ vars.GOOGLE_CLOUD_PROJECT }}/MYSQL_CONNECTION_NAME + MYSQL_IAM_CONNECTION_NAME:${{ vars.GOOGLE_CLOUD_PROJECT }}/MYSQL_IAM_CONNECTION_NAME + MYSQL_USER:${{ vars.GOOGLE_CLOUD_PROJECT }}/MYSQL_USER + MYSQL_IAM_USER:${{ vars.GOOGLE_CLOUD_PROJECT }}/MYSQL_USER_IAM_NODE + MYSQL_PASS:${{ vars.GOOGLE_CLOUD_PROJECT }}/MYSQL_PASS + MYSQL_DB:${{ vars.GOOGLE_CLOUD_PROJECT }}/MYSQL_DB + POSTGRES_CONNECTION_NAME:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_CONNECTION_NAME + POSTGRES_IAM_CONNECTION_NAME:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_IAM_CONNECTION_NAME + POSTGRES_USER:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_USER + POSTGRES_IAM_USER:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_USER_IAM_NODE + POSTGRES_PASS:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_PASS + POSTGRES_DB:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_DB + SQLSERVER_CONNECTION_NAME:${{ vars.GOOGLE_CLOUD_PROJECT }}/SQLSERVER_CONNECTION_NAME + SQLSERVER_USER:${{ vars.GOOGLE_CLOUD_PROJECT }}/SQLSERVER_USER + SQLSERVER_PASS:${{ vars.GOOGLE_CLOUD_PROJECT }}/SQLSERVER_PASS + SQLSERVER_DB:${{ vars.GOOGLE_CLOUD_PROJECT }}/SQLSERVER_DB # the following steps are node14-only and can be safely removed # once node@14 is no longer supported @@ -242,48 +196,48 @@ jobs: - name: Run System Tests v14.x env: - MYSQL_CONNECTION_NAME: '${{ steps.secrets.outputs.MYSQL_CONNECTION_NAME }}' - MYSQL_IAM_CONNECTION_NAME: '${{ steps.secrets.outputs.MYSQL_IAM_CONNECTION_NAME }}' - MYSQL_USER: '${{ steps.secrets.outputs.MYSQL_USER }}' - MYSQL_IAM_USER: '${{ steps.secrets.outputs.MYSQL_IAM_USER }}' - MYSQL_PASS: '${{ steps.secrets.outputs.MYSQL_PASS }}' - MYSQL_DB: '${{ steps.secrets.outputs.MYSQL_DB }}' - POSTGRES_CONNECTION_NAME: '${{ steps.secrets.outputs.POSTGRES_CONNECTION_NAME }}' - POSTGRES_IAM_CONNECTION_NAME: '${{ steps.secrets.outputs.POSTGRES_IAM_CONNECTION_NAME }}' - POSTGRES_USER: '${{ steps.secrets.outputs.POSTGRES_USER }}' - POSTGRES_IAM_USER: '${{ steps.secrets.outputs.POSTGRES_IAM_USER }}' - POSTGRES_PASS: '${{ steps.secrets.outputs.POSTGRES_PASS }}' - POSTGRES_DB: '${{ steps.secrets.outputs.POSTGRES_DB }}' - SQLSERVER_CONNECTION_NAME: '${{ steps.secrets.outputs.SQLSERVER_CONNECTION_NAME }}' - SQLSERVER_USER: '${{ steps.secrets.outputs.SQLSERVER_USER }}' - SQLSERVER_PASS: '${{ steps.secrets.outputs.SQLSERVER_PASS }}' - SQLSERVER_DB: '${{ steps.secrets.outputs.SQLSERVER_DB }}' + MYSQL_CONNECTION_NAME: "${{ steps.secrets.outputs.MYSQL_CONNECTION_NAME }}" + MYSQL_IAM_CONNECTION_NAME: "${{ steps.secrets.outputs.MYSQL_IAM_CONNECTION_NAME }}" + MYSQL_USER: "${{ steps.secrets.outputs.MYSQL_USER }}" + MYSQL_IAM_USER: "${{ steps.secrets.outputs.MYSQL_IAM_USER }}" + MYSQL_PASS: "${{ steps.secrets.outputs.MYSQL_PASS }}" + MYSQL_DB: "${{ steps.secrets.outputs.MYSQL_DB }}" + POSTGRES_CONNECTION_NAME: "${{ steps.secrets.outputs.POSTGRES_CONNECTION_NAME }}" + POSTGRES_IAM_CONNECTION_NAME: "${{ steps.secrets.outputs.POSTGRES_IAM_CONNECTION_NAME }}" + POSTGRES_USER: "${{ steps.secrets.outputs.POSTGRES_USER }}" + POSTGRES_IAM_USER: "${{ steps.secrets.outputs.POSTGRES_IAM_USER }}" + POSTGRES_PASS: "${{ steps.secrets.outputs.POSTGRES_PASS }}" + POSTGRES_DB: "${{ steps.secrets.outputs.POSTGRES_DB }}" + SQLSERVER_CONNECTION_NAME: "${{ steps.secrets.outputs.SQLSERVER_CONNECTION_NAME }}" + SQLSERVER_USER: "${{ steps.secrets.outputs.SQLSERVER_USER }}" + SQLSERVER_PASS: "${{ steps.secrets.outputs.SQLSERVER_PASS }}" + SQLSERVER_DB: "${{ steps.secrets.outputs.SQLSERVER_DB }}" if: "${{ matrix.node-version == 'v14.x' }}" run: npx tap -c -t0 --no-coverage --no-ts --node-arg="--require" --node-arg="./scripts/tap16-adapter.js" --node-arg="--no-warnings" --node-arg="--loader" --node-arg="ts-node/esm" system-test -o test_results.tap timeout-minutes: 5 - name: Run System Tests env: - MYSQL_CONNECTION_NAME: '${{ steps.secrets.outputs.MYSQL_CONNECTION_NAME }}' - MYSQL_IAM_CONNECTION_NAME: '${{ steps.secrets.outputs.MYSQL_IAM_CONNECTION_NAME }}' - MYSQL_USER: '${{ steps.secrets.outputs.MYSQL_USER }}' - MYSQL_IAM_USER: '${{ steps.secrets.outputs.MYSQL_IAM_USER }}' - MYSQL_PASS: '${{ steps.secrets.outputs.MYSQL_PASS }}' - MYSQL_DB: '${{ steps.secrets.outputs.MYSQL_DB }}' - POSTGRES_CONNECTION_NAME: '${{ steps.secrets.outputs.POSTGRES_CONNECTION_NAME }}' - POSTGRES_IAM_CONNECTION_NAME: '${{ steps.secrets.outputs.POSTGRES_IAM_CONNECTION_NAME }}' - POSTGRES_USER: '${{ steps.secrets.outputs.POSTGRES_USER }}' - POSTGRES_IAM_USER: '${{ steps.secrets.outputs.POSTGRES_IAM_USER }}' - POSTGRES_PASS: '${{ steps.secrets.outputs.POSTGRES_PASS }}' - POSTGRES_DB: '${{ steps.secrets.outputs.POSTGRES_DB }}' - SQLSERVER_CONNECTION_NAME: '${{ steps.secrets.outputs.SQLSERVER_CONNECTION_NAME }}' - SQLSERVER_USER: '${{ steps.secrets.outputs.SQLSERVER_USER }}' - SQLSERVER_PASS: '${{ steps.secrets.outputs.SQLSERVER_PASS }}' - SQLSERVER_DB: '${{ steps.secrets.outputs.SQLSERVER_DB }}' + MYSQL_CONNECTION_NAME: "${{ steps.secrets.outputs.MYSQL_CONNECTION_NAME }}" + MYSQL_IAM_CONNECTION_NAME: "${{ steps.secrets.outputs.MYSQL_IAM_CONNECTION_NAME }}" + MYSQL_USER: "${{ steps.secrets.outputs.MYSQL_USER }}" + MYSQL_IAM_USER: "${{ steps.secrets.outputs.MYSQL_IAM_USER }}" + MYSQL_PASS: "${{ steps.secrets.outputs.MYSQL_PASS }}" + MYSQL_DB: "${{ steps.secrets.outputs.MYSQL_DB }}" + POSTGRES_CONNECTION_NAME: "${{ steps.secrets.outputs.POSTGRES_CONNECTION_NAME }}" + POSTGRES_IAM_CONNECTION_NAME: "${{ steps.secrets.outputs.POSTGRES_IAM_CONNECTION_NAME }}" + POSTGRES_USER: "${{ steps.secrets.outputs.POSTGRES_USER }}" + POSTGRES_IAM_USER: "${{ steps.secrets.outputs.POSTGRES_IAM_USER }}" + POSTGRES_PASS: "${{ steps.secrets.outputs.POSTGRES_PASS }}" + POSTGRES_DB: "${{ steps.secrets.outputs.POSTGRES_DB }}" + SQLSERVER_CONNECTION_NAME: "${{ steps.secrets.outputs.SQLSERVER_CONNECTION_NAME }}" + SQLSERVER_USER: "${{ steps.secrets.outputs.SQLSERVER_USER }}" + SQLSERVER_PASS: "${{ steps.secrets.outputs.SQLSERVER_PASS }}" + SQLSERVER_DB: "${{ steps.secrets.outputs.SQLSERVER_DB }}" if: "${{ matrix.node-version != 'v14.x' }}" run: npx tap -c -t0 --disable-coverage --allow-empty-coverage system-test -o test_results.tap timeout-minutes: 5 - + - name: Convert test output to XML if: ${{ matrix.node-version != 'v14.x' && (github.event_name == 'schedule' || github.event_name == 'push') && always() }} run: cat test_results.tap | npx tap - --reporter=junit > sponge_log.xml @@ -310,22 +264,15 @@ jobs: ./flakybot --repo ${{github.repository}} --commit_hash ${{github.sha}} --build_url https://github.com/${{github.repository}}/actions/runs/${{github.run_id}} sample-tests: - # run job on proper workflow event triggers (skip job for pull_request event from forks and only run pull_request_target for "tests: run" label) - if: "${{ (github.event.action != 'labeled' && github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name) || github.event.label.name == 'tests: run' }}" name: Sample tests permissions: - contents: 'read' - id-token: 'write' - + contents: read + id-token: write runs-on: ubuntu-latest steps: - - name: Checkout Repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - ref: ${{ github.event.pull_request.head.sha }} - repository: ${{ github.event.pull_request.head.repo.full_name }} - name: Setup Node.js uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 @@ -338,7 +285,7 @@ jobs: - name: Install Prisma on node v16.x and up if: "${{ matrix.node-version != 'v14.x' }}" run: npm install prisma - + - name: Setup self-direct dependency run: npm link @@ -348,53 +295,53 @@ jobs: - name: Transpile TypeScript run: npm run prepare - - id: 'auth' + - id: auth name: Authenticate to Google Cloud uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: - workload_identity_provider: ${{ secrets.PROVIDER_NAME }} - service_account: ${{ secrets.SERVICE_ACCOUNT }} + workload_identity_provider: ${{ vars.PROVIDER_NAME }} + service_account: ${{ vars.SERVICE_ACCOUNT }} access_token_lifetime: 600s - - id: 'secrets' + - id: secrets name: Get secrets uses: google-github-actions/get-secretmanager-secrets@dc4a1392bad0fd60aee00bb2097e30ef07a1caae # v2.1.3 with: secrets: |- - MYSQL_CONNECTION_NAME:${{ secrets.GOOGLE_CLOUD_PROJECT }}/MYSQL_CONNECTION_NAME - MYSQL_IAM_CONNECTION_NAME:${{ secrets.GOOGLE_CLOUD_PROJECT }}/MYSQL_IAM_CONNECTION_NAME - MYSQL_USER:${{ secrets.GOOGLE_CLOUD_PROJECT }}/MYSQL_USER - MYSQL_IAM_USER:${{ secrets.GOOGLE_CLOUD_PROJECT }}/MYSQL_USER_IAM_NODE - MYSQL_PASS:${{ secrets.GOOGLE_CLOUD_PROJECT }}/MYSQL_PASS - MYSQL_DB:${{ secrets.GOOGLE_CLOUD_PROJECT }}/MYSQL_DB - POSTGRES_CONNECTION_NAME:${{ secrets.GOOGLE_CLOUD_PROJECT }}/POSTGRES_CONNECTION_NAME - POSTGRES_IAM_CONNECTION_NAME:${{ secrets.GOOGLE_CLOUD_PROJECT }}/POSTGRES_IAM_CONNECTION_NAME - POSTGRES_USER:${{ secrets.GOOGLE_CLOUD_PROJECT }}/POSTGRES_USER - POSTGRES_IAM_USER:${{ secrets.GOOGLE_CLOUD_PROJECT }}/POSTGRES_USER_IAM_NODE - POSTGRES_PASS:${{ secrets.GOOGLE_CLOUD_PROJECT }}/POSTGRES_PASS - POSTGRES_DB:${{ secrets.GOOGLE_CLOUD_PROJECT }}/POSTGRES_DB - SQLSERVER_CONNECTION_NAME:${{ secrets.GOOGLE_CLOUD_PROJECT }}/SQLSERVER_CONNECTION_NAME - SQLSERVER_USER:${{ secrets.GOOGLE_CLOUD_PROJECT }}/SQLSERVER_USER - SQLSERVER_PASS:${{ secrets.GOOGLE_CLOUD_PROJECT }}/SQLSERVER_PASS - SQLSERVER_DB:${{ secrets.GOOGLE_CLOUD_PROJECT }}/SQLSERVER_DB + MYSQL_CONNECTION_NAME:${{ vars.GOOGLE_CLOUD_PROJECT }}/MYSQL_CONNECTION_NAME + MYSQL_IAM_CONNECTION_NAME:${{ vars.GOOGLE_CLOUD_PROJECT }}/MYSQL_IAM_CONNECTION_NAME + MYSQL_USER:${{ vars.GOOGLE_CLOUD_PROJECT }}/MYSQL_USER + MYSQL_IAM_USER:${{ vars.GOOGLE_CLOUD_PROJECT }}/MYSQL_USER_IAM_NODE + MYSQL_PASS:${{ vars.GOOGLE_CLOUD_PROJECT }}/MYSQL_PASS + MYSQL_DB:${{ vars.GOOGLE_CLOUD_PROJECT }}/MYSQL_DB + POSTGRES_CONNECTION_NAME:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_CONNECTION_NAME + POSTGRES_IAM_CONNECTION_NAME:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_IAM_CONNECTION_NAME + POSTGRES_USER:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_USER + POSTGRES_IAM_USER:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_USER_IAM_NODE + POSTGRES_PASS:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_PASS + POSTGRES_DB:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_DB + SQLSERVER_CONNECTION_NAME:${{ vars.GOOGLE_CLOUD_PROJECT }}/SQLSERVER_CONNECTION_NAME + SQLSERVER_USER:${{ vars.GOOGLE_CLOUD_PROJECT }}/SQLSERVER_USER + SQLSERVER_PASS:${{ vars.GOOGLE_CLOUD_PROJECT }}/SQLSERVER_PASS + SQLSERVER_DB:${{ vars.GOOGLE_CLOUD_PROJECT }}/SQLSERVER_DB - name: Run Sample Tests env: - MYSQL_CONNECTION_NAME: '${{ steps.secrets.outputs.MYSQL_CONNECTION_NAME }}' - MYSQL_IAM_CONNECTION_NAME: '${{ steps.secrets.outputs.MYSQL_IAM_CONNECTION_NAME }}' - MYSQL_USER: '${{ steps.secrets.outputs.MYSQL_USER }}' - MYSQL_IAM_USER: '${{ steps.secrets.outputs.MYSQL_IAM_USER }}' - MYSQL_PASS: '${{ steps.secrets.outputs.MYSQL_PASS }}' - MYSQL_DB: '${{ steps.secrets.outputs.MYSQL_DB }}' - POSTGRES_CONNECTION_NAME: '${{ steps.secrets.outputs.POSTGRES_CONNECTION_NAME }}' - POSTGRES_IAM_CONNECTION_NAME: '${{ steps.secrets.outputs.POSTGRES_IAM_CONNECTION_NAME }}' - POSTGRES_USER: '${{ steps.secrets.outputs.POSTGRES_USER }}' - POSTGRES_IAM_USER: '${{ steps.secrets.outputs.POSTGRES_IAM_USER }}' - POSTGRES_PASS: '${{ steps.secrets.outputs.POSTGRES_PASS }}' - POSTGRES_DB: '${{ steps.secrets.outputs.POSTGRES_DB }}' - SQLSERVER_CONNECTION_NAME: '${{ steps.secrets.outputs.SQLSERVER_CONNECTION_NAME }}' - SQLSERVER_USER: '${{ steps.secrets.outputs.SQLSERVER_USER }}' - SQLSERVER_PASS: '${{ steps.secrets.outputs.SQLSERVER_PASS }}' - SQLSERVER_DB: '${{ steps.secrets.outputs.SQLSERVER_DB }}' + MYSQL_CONNECTION_NAME: "${{ steps.secrets.outputs.MYSQL_CONNECTION_NAME }}" + MYSQL_IAM_CONNECTION_NAME: "${{ steps.secrets.outputs.MYSQL_IAM_CONNECTION_NAME }}" + MYSQL_USER: "${{ steps.secrets.outputs.MYSQL_USER }}" + MYSQL_IAM_USER: "${{ steps.secrets.outputs.MYSQL_IAM_USER }}" + MYSQL_PASS: "${{ steps.secrets.outputs.MYSQL_PASS }}" + MYSQL_DB: "${{ steps.secrets.outputs.MYSQL_DB }}" + POSTGRES_CONNECTION_NAME: "${{ steps.secrets.outputs.POSTGRES_CONNECTION_NAME }}" + POSTGRES_IAM_CONNECTION_NAME: "${{ steps.secrets.outputs.POSTGRES_IAM_CONNECTION_NAME }}" + POSTGRES_USER: "${{ steps.secrets.outputs.POSTGRES_USER }}" + POSTGRES_IAM_USER: "${{ steps.secrets.outputs.POSTGRES_IAM_USER }}" + POSTGRES_PASS: "${{ steps.secrets.outputs.POSTGRES_PASS }}" + POSTGRES_DB: "${{ steps.secrets.outputs.POSTGRES_DB }}" + SQLSERVER_CONNECTION_NAME: "${{ steps.secrets.outputs.SQLSERVER_CONNECTION_NAME }}" + SQLSERVER_USER: "${{ steps.secrets.outputs.SQLSERVER_USER }}" + SQLSERVER_PASS: "${{ steps.secrets.outputs.SQLSERVER_PASS }}" + SQLSERVER_DB: "${{ steps.secrets.outputs.SQLSERVER_DB }}" run: npx tap -c -t0 --disable-coverage --allow-empty-coverage examples/*/*/test/*{.cjs,.mjs,.ts} -o test_results.tap timeout-minutes: 5