Copy integration test workflow from earthaccess #152
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Integration test" | |
| # NOTE: We're just running the tests that require earthdata login here; we | |
| # don't distinguish between unit and integration tests yet. | |
| on: | |
| pull_request: | |
| branches: | |
| - "main" # Release PRs | |
| - "development" # Feature PRs | |
| pull_request_target: | |
| branches: | |
| - "main" # Release PRs | |
| - "development" # Feature PRs | |
| push: | |
| branches: | |
| - "main" # Releases | |
| - "development" # Feature PR merges | |
| # When this workflow is queued, automatically cancel any previous running | |
| # or pending jobs from the same branch | |
| concurrency: | |
| group: "integration-tests-${{ github.ref }}" | |
| cancel-in-progress: true | |
| jobs: | |
| test: | |
| name: "Integration test" | |
| # This condition prevents DUPLICATE attempts to run integration tests for | |
| # PRs originating from forks. | |
| # | |
| # When a PR originates from a fork, both a pull_request and a | |
| # pull_request_target event are triggered. This means that without a | |
| # condition, GitHub will attempt to run integration tests TWICE, once for | |
| # each event. | |
| # | |
| # To prevent this, this condition ensures that integration tests are run | |
| # in only ONE of the following cases: | |
| # | |
| # 1. The event is NOT a pull_request. This covers the case when the event | |
| # is a pull_request_target (i.e., a PR from a fork), as well as all | |
| # other cases listed in the "on" block at the top of this file. | |
| # 2. The event IS a pull_request AND the base repo and head repo are the | |
| # same (i.e., the PR is NOT from a fork). | |
| if: github.event_name != 'pull_request' || github.event.pull_request.base.repo.full_name == github.event.pull_request.head.repo.full_name | |
| runs-on: "ubuntu-latest" | |
| steps: | |
| - name: "Fetch user permission" | |
| id: "permission" | |
| uses: "actions-cool/check-user-permission@v2" | |
| with: | |
| require: "write" | |
| username: "${{ github.triggering_actor }}" | |
| - name: "Check user permission" | |
| if: "${{ steps.permission.outputs.require-result == 'false' }}" | |
| # If the triggering actor does not have write permission (i.e., this is a | |
| # PR from a fork), then we exit, otherwise most of the integration tests will | |
| # fail because they require access to secrets. In this case, a maintainer | |
| # will need to make sure the PR looks safe, and if so, manually re-run the | |
| # failed pull_request_target jobs. | |
| run: | | |
| echo "User **${{ github.triggering_actor }}** does not have permission to run integration tests." >> $GITHUB_STEP_SUMMARY | |
| echo "A maintainer must perform a security review and re-run this build, if the code is safe." >> $GITHUB_STEP_SUMMARY | |
| echo "See [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/resources/github-actions-preventing-pwn-requests)." >> $GITHUB_STEP_SUMMARY | |
| exit 1 | |
| - name: "Checkout source" | |
| uses: "actions/checkout@v4" | |
| - uses: "./.github/actions/install-icepyx" | |
| with: | |
| python-version: "3.12" | |
| - name: "Run tests" | |
| env: | |
| EARTHDATA_PASSWORD: "${{ secrets.EARTHDATA_PASSWORD }}" | |
| NSIDC_LOGIN: "${{ secrets.EARTHDATA_PASSWORD }}" | |
| run: | | |
| pytest icepyx/tests/integration --verbose --cov app | |
| - name: "Upload coverage report" | |
| uses: "codecov/[email protected]" | |
| with: | |
| token: "${{ secrets.CODECOV_TOKEN }}" |