Compare commits

...

10 Commits

Author SHA1 Message Date
Florian Wagner 552493bfa4 adhere to comments and add spelling fixes
Signed-off-by: Florian Wagner <h2floh@github.com>
2022-11-28 05:01:50 +00:00
Florian Wagner 8decd6ca07 add sanity testing workflow and docs
Signed-off-by: Florian Wagner <h2floh@github.com>
2022-11-22 08:18:05 +00:00
Florian Wagner b4b91e9993 Merge pull request #60 from actions/h2floh/ghae_internal_repo
goreleaser / goreleaser (push) Has been cancelled
Pass visibility flag on repository creation
2022-11-04 15:21:02 +09:00
Florian Wagner e30fad8050 adding missing error handling for GET repo
licenced / Licences Check (push) Has been cancelled
Signed-off-by: Florian Wagner <h2floh@github.com>
2022-11-04 06:15:14 +00:00
Florian Wagner d7e1ea845e exclude gocyclo lint in E2E mock API server
Signed-off-by: Florian Wagner <h2floh@github.com>
2022-11-04 04:52:59 +00:00
Florian Wagner 51dff542d6 add e2e test for impersonations and visibility
Signed-off-by: Florian Wagner <h2floh@github.com>
2022-11-04 04:44:35 +00:00
Florian Wagner ef922b8e3b refactor repository retrieval/creation
Signed-off-by: Florian Wagner <h2floh@github.com>
2022-11-04 04:43:03 +00:00
Florian Wagner 6d732db1cf add push flag to indicate target it GHAE
Signed-off-by: Florian Wagner <h2floh@github.com>
2022-11-03 06:56:42 +00:00
Florian Wagner 86c578bdf2 set visibility to internal for GHAE
Signed-off-by: Florian Wagner <h2floh@github.com>
2022-11-03 06:15:23 +00:00
Ajay 621a30f411 Merge pull request #52 from actions/ajaykn/fix-token-error
goreleaser / goreleaser (push) Has been cancelled
Fix the impersonation token error when site_admin scope is missing
2022-09-26 13:58:39 +09:00
8 changed files with 231 additions and 22 deletions
@@ -0,0 +1,34 @@
name: Actions Sync E2E Sanity Test Reusable
on:
workflow_call:
inputs:
runson:
type: string
required: true
secrets:
ghes_url:
required: true
actions_sync_releasedatetime:
required: true
site_admin_token:
required: true
jobs:
execute:
runs-on: ${{ inputs.runson }}
steps:
- uses: actions/checkout@v3
- name: Bootstrap
run: |
.\script\bootstrap-sanity-test.ps1
shell: pwsh
env:
RELEASEDATE: ${{ secrets.actions_sync_releasedatetime }}
- name: Test execution
run: |
.\script\execute-sanity-test.ps1
shell: pwsh
env:
TOKEN: ${{ secrets.site_admin_token }}
TEST_INSTANCE_URL: ${{ secrets.ghes_url }}
@@ -0,0 +1,19 @@
name: Actions Sync E2E Sanity Test
on:
workflow_dispatch:
jobs:
sanity-test:
strategy:
fail-fast: false
matrix:
runson: [ubuntu-latest, macos-latest, windows-latest]
uses: ./.github/workflows/actions-sync-e2e-test-called.yml
with:
runson: ${{ matrix.runson }}
secrets:
ghes_url: ${{ secrets.sanity_test_ghes_url }}
actions_sync_releasedatetime: ${{ secrets.sanity_test_releasedatetime }}
site_admin_token: ${{ secrets.sanity_test_site_admin_token }}
+40
View File
@@ -0,0 +1,40 @@
# Release process
When we want to do a new release, push a git tag with format `v**` and workflow `releases.yml` executes.
This workflow internally uses [go-releaser](https://goreleaser.com/ci/actions/) to push a new release.
Please follow the below detailed steps.
- Create a tag in format `v202205240715`
```code
git tag -a `date "+v%Y%m%d%H%M"` -m "Release a new version"
```
- Get the tag name
```code
git tag
```
- Push the newly created tag
```code
git push origin <tag>
```
- Check that workflow [`releases.yml`](https://github.com/actions/actions-sync/actions/workflows/releases.yml) was triggered
- Once completed, [go to repo releases page](https://github.com/actions/actions-sync/releases) and edit the newly created release as `pre-release`, so we can do sanity testing before we officially release
- Recommend to do basic sanity testing (see below) on the new release.
- Once sanity testing is done, we can edit the release and mark it as `Latest version` and edit the release notes.
## Basic Sanity testing
### Prerequisite
1. Access to a GHES test server
1. Create a PAT token with `site-admin` scope in the GHES environment for `ghe-admin`
### Execution
1. Update below Repository level secrets:
- sanity_test_site_admin_token: The PAT generated earlier
- sanity_test_ghes_url: The URL to the GHES instance
- sanity_test_releasedatetime: The tag datetime string for the release to test without the `v` (e.g. `202211070205`)
1. Manually trigger this workflow: https://github.com/actions/actions-sync/actions/workflows/actions-sync-e2e-test-caller.yml
+17
View File
@@ -0,0 +1,17 @@
# Determine file to download based on current OS
if($IsLinux) {
$file_postfix = "linux_amd64"
} elseif ($IsWindows) {
$file_postfix = "windows_amd64"
} elseif ($IsMacOS) {
$file_postfix = "darwin_amd64"
}
# Download release to test
curl -OL "https://github.com/actions/actions-sync/releases/download/v$Env:RELEASEDATE/gh_$Env:RELEASEDATE`_$file_postfix.tar.gz"
# extract
tar -xvzf "gh_$Env:RELEASEDATE`_$file_postfix.tar.gz"
# prepare cache directory
mkdir -p cache
+23
View File
@@ -0,0 +1,23 @@
# Testing Pull Single Repo
echo "`n#########################`n### Testing Pull Single Repo`n#########################"
bin/actions-sync pull --cache-dir "cache" --repo-name "actions/setup-node"
# Testing Sync Single Repo
echo "`n#########################`n### Testing Sync Single Repo`n#########################"
bin/actions-sync sync --cache-dir "cache" --destination-token $Env:TOKEN --destination-url $Env:TEST_INSTANCE_URL --repo-name "actions/setup-node" --actions-admin-user actions-admin
# Testing Pull Multiple Repos
echo "`n#########################`n### Testing Pull Multiple Repos`n#########################"
bin/actions-sync pull --cache-dir "cache" --repo-name-list "actions/setup-node,actions/checkout"
# Testing Push Multiple Existing Repos
echo "`n#########################`n### Testing Push Multiple Existing Repos`n#########################"
bin/actions-sync push --cache-dir "cache" --destination-token $Env:TOKEN --destination-url $Env:TEST_INSTANCE_URL --repo-name-list "actions/setup-node,actions/checkout" --actions-admin-user actions-admin
# Testing Sync Multiple Existing Repos
echo "`n#########################`n### Testing Sync Multiple Existing Repos`n#########################"
bin/actions-sync sync --cache-dir "cache" --destination-token $Env:TOKEN --destination-url $Env:TEST_INSTANCE_URL --repo-name-list "actions/setup-node,actions/checkout" --actions-admin-user actions-admin
# Testing Sync New Single Repo
echo "`n#########################`n### Testing Sync New Single Repo`n#########################"
bin/actions-sync sync --cache-dir "cache" --destination-token $Env:TOKEN --destination-url $Env:TEST_INSTANCE_URL --repo-name-list "actions/actions-sync" --actions-admin-user actions-admin
+21
View File
@@ -123,6 +123,16 @@ function test_push() {
push "pushing to authenticated user's account"
assert_dest_sha "monalisa/new-repo" "heads/main" "e9009d51dd6da2c363d1d14779c53dd27fcb0c52" "updating monalisa/new-repo"
# Push to GHAE with impersonation
setup_cache "org-already-exists/ghae-repo:heads/main:e9009d51dd6da2c363d1d14779c53dd27fcb0c52"
setup_dest "org-already-exists/ghae-repo:heads/main:a5984bb887dd2fcdc2892cd906d6f004844d1142"
push_impersonation "ghae-admin" "pushing to GHAE repo"
# Push to GHES with impersonation
setup_cache "org-already-exists/ghes-repo:heads/main:e9009d51dd6da2c363d1d14779c53dd27fcb0c52"
setup_dest "org-already-exists/ghes-repo:heads/main:a5984bb887dd2fcdc2892cd906d6f004844d1142"
push_impersonation "ghes-admin" "pushing to GHES repo"
echo "all push tests passed successfully"
}
@@ -313,6 +323,17 @@ function push2args() {
fail $3
}
function push_impersonation() {
bin/actions-sync push \
--cache-dir "test/tmp/cache" \
--disable-push-git-auth \
--destination-token "token" \
--destination-url "http://localhost:$DEST_API_PORT" \
--actions-admin-user $1 \
&> $OUTPUT ||
fail "$2"
}
function sync() {
bin/actions-sync sync \
--cache-dir "test/tmp/cache" \
+31 -15
View File
@@ -179,21 +179,16 @@ func PushWithGitImpl(ctx context.Context, flags *PushFlags, repoName string, ghC
}
func getOrCreateGitHubRepo(ctx context.Context, client *github.Client, repoName, ownerName string) (*github.Repository, error) {
repo := &github.Repository{
Name: github.String(repoName),
HasIssues: github.Bool(false),
HasWiki: github.Bool(false),
HasPages: github.Bool(false),
HasProjects: github.Bool(false),
}
currentUser, _, err := client.Users.Get(ctx, "")
// retrieve user associated to authentication credentials provided
currentUser, userResponse, err := client.Users.Get(ctx, "")
if err != nil {
return nil, errors.Wrap(err, "error retrieving authenticated user")
}
if currentUser == nil || currentUser.Login == nil {
return nil, errors.New("error retrieving authenticated user's login name")
}
// checking if we talk to GHAE
isAE := userResponse.Header.Get(enterpriseVersionHeaderKey) == enterpriseAegisVersionHeaderValue
// check if the owner refers to the authenticated user or an organization.
var createRepoOrgName string
@@ -209,15 +204,36 @@ func getOrCreateGitHubRepo(ctx context.Context, client *github.Client, repoName,
}
}
ghRepo, resp, err := client.Repositories.Create(ctx, createRepoOrgName, repo)
// check if repository already exists
ghRepo, resp, err := client.Repositories.Get(ctx, ownerName, repoName)
if err == nil {
fmt.Printf("Created repo `%s/%s`\n", ownerName, repoName)
} else if resp != nil && resp.StatusCode == 422 {
ghRepo, _, err = client.Repositories.Get(ctx, ownerName, repoName)
}
if err != nil {
fmt.Printf("Existing repo `%s/%s`\n", ownerName, repoName)
} else if resp != nil && resp.StatusCode == 404 {
// repo not existing yet - try to create
visibility := github.String("public")
if isAE {
visibility = github.String("internal")
}
repo := &github.Repository{
Name: github.String(repoName),
HasIssues: github.Bool(false),
HasWiki: github.Bool(false),
HasPages: github.Bool(false),
HasProjects: github.Bool(false),
Visibility: visibility,
}
ghRepo, _, err = client.Repositories.Create(ctx, createRepoOrgName, repo)
if err == nil {
fmt.Printf("Created repo `%s/%s`\n", ownerName, repoName)
} else {
return nil, errors.Wrapf(err, "error creating repository %s/%s", ownerName, repoName)
}
} else if err != nil {
return nil, errors.Wrapf(err, "error creating repository %s/%s", ownerName, repoName)
}
if ghRepo == nil {
return nil, errors.New("error repository is nil")
}
+46 -7
View File
@@ -8,15 +8,20 @@ import (
"io/ioutil"
"net/http"
"path"
"strings"
"github.com/google/go-github/v43/github"
"github.com/gorilla/mux"
)
var authenticatedLogin string = "monalisa"
var existingOrg string = "org-already-exists"
var existingRepo string = "repo-already-exists"
const existingOrg string = "org-already-exists"
const existingRepo string = "repo-already-exists"
const ghaeRepo string = "ghae-repo"
const xOAuthScopesHeader = "X-OAuth-Scopes"
//nolint:gocyclo
func main() {
var port, gitDaemonURL string
flag.StringVar(&port, "p", "", "")
@@ -28,9 +33,14 @@ func main() {
r.HandleFunc("/api/v3", func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("x-github-enterprise-version", "GitHub AE")
w.Header().Set(xOAuthScopesHeader, "site_admin")
})
r.HandleFunc("/api/v3/user", func(w http.ResponseWriter, r *http.Request) {
token := r.Header.Get("Authorization")
if strings.Contains(token, "ghaetoken") {
w.Header().Set("x-github-enterprise-version", "GitHub AE")
}
currentUser := github.User{Login: &authenticatedLogin}
b, _ := json.Marshal(currentUser)
_, err := w.Write(b)
@@ -39,8 +49,7 @@ func main() {
}
})
r.HandleFunc("/api/v3/admin/users/actions-admin/authorizations", func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("x-github-enterprise-version", "GitHub AE")
r.HandleFunc("/api/v3/admin/users/ghes-admin/authorizations", func(w http.ResponseWriter, r *http.Request) {
token := "token"
auth := github.Authorization{Token: &token}
b, _ := json.Marshal(auth)
@@ -50,6 +59,17 @@ func main() {
}
}).Methods("POST")
r.HandleFunc("/api/v3/admin/users/ghae-admin/authorizations", func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("x-github-enterprise-version", "GitHub AE")
token := "ghaetoken"
auth := github.Authorization{Token: &token}
b, _ := json.Marshal(auth)
_, err := w.Write(b)
if err != nil {
panic(err)
}
}).Methods("POST")
r.HandleFunc("/api/v3/admin/organizations", func(w http.ResponseWriter, r *http.Request) {
b, err := ioutil.ReadAll(r.Body)
if err != nil {
@@ -114,16 +134,35 @@ func main() {
panic(err)
}
var repoReq struct {
Name string `json:"name,omitempty"`
Name string `json:"name,omitempty"`
Visibility string `json:"visibility,omitempty"`
}
err = json.Unmarshal(b, &repoReq)
if err != nil {
panic(err)
}
if repoReq.Name == "repo-already-exists" {
var errString string = ""
// check visibility requirements
if repoReq.Name == ghaeRepo {
if repoReq.Visibility != "internal" {
errString = fmt.Sprintf("Provided repo visibility %s for GHAE must be internal", repoReq.Visibility)
}
} else {
if repoReq.Visibility != "public" {
errString = fmt.Sprintf("Provided repo visibility %s for GHES must be public", repoReq.Visibility)
}
}
// check if we are testing existing Repo
if repoReq.Name == existingRepo {
errString = fmt.Sprintf("Repo %s already exists", html.EscapeString(repoReq.Name))
}
// if there is an error throw it back
if errString != "" {
w.WriteHeader(http.StatusUnprocessableEntity)
_, err := w.Write([]byte(fmt.Sprintf("Repo %s already exists", html.EscapeString(repoReq.Name))))
_, err := w.Write([]byte(errString))
if err != nil {
panic(err)
}