forgejo/.forgejo/workflows/testing.yml
Earl Warren 9128268f29 fix(ci): do not block pull request CI when go-versions lags behind
When a new go version is published, it takes about 24h for
https://github.com/actions/go-versions to be updated (see
https://github.com/actions/go-versions/pull/102 for example).

In the meantime the setup-go action that depends on it will install a
version of go that fails golang.org/x/vuln/cmd/govulncheck.

Move the security check to be the last step of the test job instead of
the first. It will still block the PRs from being merged but it will
allow the PR authors to keep working and look at the test results in
the meantime.

Fixes: https://codeberg.org/forgejo/forgejo/issues/4294
(cherry picked from commit ee7f568aed)
2024-07-03 17:13:54 +00:00

296 lines
9.6 KiB
YAML

name: testing
on:
pull_request:
push:
branches:
- 'forgejo*'
- 'v*/forgejo*'
jobs:
backend-checks:
if: ${{ !startsWith(vars.ROLE, 'forgejo-') }}
runs-on: docker
container:
image: 'docker.io/node:20-bookworm'
steps:
- name: event info
run: |
cat <<'EOF'
${{ toJSON(github) }}
EOF
- uses: https://code.forgejo.org/actions/checkout@v3
- uses: https://code.forgejo.org/actions/setup-go@v4
with:
go-version: "1.22"
check-latest: true
- run: make deps-backend deps-tools
- run: make --always-make -j$(nproc) lint-backend tidy-check swagger-check fmt-check swagger-validate # ensure the "go-licenses" make target runs
frontend-checks:
if: ${{ !startsWith(vars.ROLE, 'forgejo-') }}
runs-on: docker
container:
image: 'docker.io/node:20-bookworm'
steps:
- uses: https://code.forgejo.org/actions/checkout@v3
- run: make deps-frontend
- run: make lint-frontend
- run: make checks-frontend
- run: make test-frontend-coverage
- run: make frontend
test-unit:
if: ${{ !startsWith(vars.ROLE, 'forgejo-') }}
runs-on: docker
needs: [backend-checks, frontend-checks]
container:
image: 'docker.io/node:20-bookworm'
services:
elasticsearch:
image: elasticsearch:7.17.22
env:
discovery.type: single-node
minio:
image: bitnami/minio:2024.3.30
options: >-
--hostname gitea.minio
env:
MINIO_DOMAIN: minio
MINIO_ROOT_USER: 123456
MINIO_ROOT_PASSWORD: 12345678
steps:
- uses: https://code.forgejo.org/actions/checkout@v3
- uses: https://code.forgejo.org/actions/setup-go@v4
with:
go-version: "1.22"
- run: |
git config --add safe.directory '*'
adduser --quiet --comment forgejo --disabled-password forgejo
chown -R forgejo:forgejo .
- name: install git >= 2.42
run: |
export DEBIAN_FRONTEND=noninteractive
echo deb http://deb.debian.org/debian/ testing main > /etc/apt/sources.list.d/testing.list
apt-get update -qq
apt-get -q install -qq -y git
rm /etc/apt/sources.list.d/testing.list
apt-get update -qq
- run: |
su forgejo -c 'make deps-backend'
- run: |
su forgejo -c 'make backend'
env:
TAGS: bindata
- run: |
su forgejo -c 'make test-backend test-check'
timeout-minutes: 50
env:
RACE_ENABLED: 'true'
TAGS: bindata
TEST_ELASTICSEARCH_URL: http://elasticsearch:9200
test-remote-cacher:
if: ${{ !startsWith(vars.ROLE, 'forgejo-') }}
runs-on: docker
needs: [backend-checks, frontend-checks]
container:
image: 'docker.io/node:20-bookworm'
strategy:
matrix:
cacher:
# redis
- image: redis:7.2
port: 6379
# redict
- image: registry.redict.io/redict:7.3.0-scratch
port: 6379
# garnet
- image: ghcr.io/microsoft/garnet-alpine:1.0.14
port: 6379
services:
cacher:
image: ${{ matrix.cacher.image }}
options: ${{ matrix.cacher.options }}
steps:
- uses: https://code.forgejo.org/actions/checkout@v3
- uses: https://code.forgejo.org/actions/setup-go@v4
with:
go-version: "1.22"
- run: |
git config --add safe.directory '*'
adduser --quiet --comment forgejo --disabled-password forgejo
chown -R forgejo:forgejo .
- name: install git >= 2.42
run: |
export DEBIAN_FRONTEND=noninteractive
echo deb http://deb.debian.org/debian/ testing main > /etc/apt/sources.list.d/testing.list
apt-get update -qq
apt-get -q install -qq -y git
rm /etc/apt/sources.list.d/testing.list
apt-get update -qq
- run: |
su forgejo -c 'make deps-backend'
- run: |
su forgejo -c 'make backend'
env:
TAGS: bindata
- run: |
su forgejo -c 'make test-remote-cacher test-check'
timeout-minutes: 50
env:
RACE_ENABLED: 'true'
TAGS: bindata
TEST_REDIS_SERVER: cacher:${{ matrix.cacher.port }}
test-mysql:
if: ${{ !startsWith(vars.ROLE, 'forgejo-') }}
runs-on: docker
needs: [backend-checks, frontend-checks]
container:
image: 'docker.io/node:20-bookworm'
services:
mysql:
image: 'docker.io/mysql:8-debian'
env:
MYSQL_ALLOW_EMPTY_PASSWORD: yes
MYSQL_DATABASE: testgitea
#
# See also https://codeberg.org/forgejo/forgejo/issues/976
#
cmd: ['mysqld', '--innodb-adaptive-flushing=OFF', '--innodb-buffer-pool-size=4G', '--innodb-log-buffer-size=128M', '--innodb-flush-log-at-trx-commit=0', '--innodb-flush-log-at-timeout=30', '--innodb-flush-method=nosync', '--innodb-fsync-threshold=1000000000']
steps:
- uses: https://code.forgejo.org/actions/checkout@v3
- uses: https://code.forgejo.org/actions/setup-go@v4
with:
go-version: "1.22"
- name: install dependencies & git >= 2.42
run: |
export DEBIAN_FRONTEND=noninteractive
echo deb http://deb.debian.org/debian/ testing main > /etc/apt/sources.list.d/testing.list
apt-get update -qq
apt-get install --no-install-recommends -qq -y git git-lfs
rm /etc/apt/sources.list.d/testing.list
apt-get update -qq
- name: setup user and permissions
run: |
git config --add safe.directory '*'
adduser --quiet --comment forgejo --disabled-password forgejo
chown -R forgejo:forgejo .
- run: |
su forgejo -c 'make deps-backend'
- run: |
su forgejo -c 'make backend'
env:
TAGS: bindata
- run: |
su forgejo -c 'make test-mysql-migration test-mysql'
timeout-minutes: 50
env:
TAGS: bindata
USE_REPO_TEST_DIR: 1
test-pgsql:
if: ${{ !startsWith(vars.ROLE, 'forgejo-') }}
runs-on: docker
needs: [backend-checks, frontend-checks]
container:
image: 'docker.io/node:20-bookworm'
services:
minio:
image: bitnami/minio:2024.3.30
env:
MINIO_ROOT_USER: 123456
MINIO_ROOT_PASSWORD: 12345678
ldap:
image: docker.io/gitea/test-openldap:latest
pgsql:
image: 'docker.io/postgres:15'
env:
POSTGRES_DB: test
POSTGRES_PASSWORD: postgres
steps:
- uses: https://code.forgejo.org/actions/checkout@v3
- uses: https://code.forgejo.org/actions/setup-go@v4
with:
go-version: "1.22"
- name: install dependencies & git >= 2.42
run: |
export DEBIAN_FRONTEND=noninteractive
echo deb http://deb.debian.org/debian/ testing main > /etc/apt/sources.list.d/testing.list
apt-get update -qq
apt-get install --no-install-recommends -qq -y git git-lfs
rm /etc/apt/sources.list.d/testing.list
apt-get update -qq
- name: setup user and permissions
run: |
git config --add safe.directory '*'
adduser --quiet --comment forgejo --disabled-password forgejo
chown -R forgejo:forgejo .
- run: |
su forgejo -c 'make deps-backend'
- run: |
su forgejo -c 'make backend'
env:
TAGS: bindata
- run: |
su forgejo -c 'make test-pgsql-migration test-pgsql'
timeout-minutes: 50
env:
TAGS: bindata
RACE_ENABLED: true
USE_REPO_TEST_DIR: 1
TEST_LDAP: 1
test-sqlite:
if: ${{ !startsWith(vars.ROLE, 'forgejo-') }}
runs-on: docker
needs: [backend-checks, frontend-checks]
container:
image: 'docker.io/node:20-bookworm'
steps:
- uses: https://code.forgejo.org/actions/checkout@v3
- uses: https://code.forgejo.org/actions/setup-go@v4
with:
go-version: "1.22"
- name: install dependencies & git >= 2.42
run: |
export DEBIAN_FRONTEND=noninteractive
echo deb http://deb.debian.org/debian/ testing main > /etc/apt/sources.list.d/testing.list
apt-get update -qq
apt-get install --no-install-recommends -qq -y git git-lfs
rm /etc/apt/sources.list.d/testing.list
apt-get update -qq
- name: setup user and permissions
run: |
git config --add safe.directory '*'
adduser --quiet --comment forgejo --disabled-password forgejo
chown -R forgejo:forgejo .
- run: |
su forgejo -c 'make deps-backend'
- run: |
su forgejo -c 'make backend'
env:
TAGS: bindata sqlite sqlite_unlock_notify
- run: |
su forgejo -c 'make test-sqlite-migration test-sqlite'
timeout-minutes: 50
env:
TAGS: bindata sqlite sqlite_unlock_notify
RACE_ENABLED: true
TEST_TAGS: sqlite sqlite_unlock_notify
USE_REPO_TEST_DIR: 1
security-check:
if: ${{ !startsWith(vars.ROLE, 'forgejo-') }}
runs-on: docker
needs:
- test-sqlite
- test-pgsql
- test-mysql
- test-remote-cacher
- test-unit
container:
image: 'docker.io/node:20-bookworm'
steps:
- uses: https://code.forgejo.org/actions/checkout@v3
- uses: https://code.forgejo.org/actions/setup-go@v4
with:
go-version: "1.22"
check-latest: true
- run: make deps-backend deps-tools
- run: make security-check