boulder/.github/workflows/boulder-ci.yml

# Boulder CI test suite workflow

name: Boulder CI

# Controls when the action will run. 
on:
  # Triggers the workflow on push or pull request events but only for the main branch
  push:
    branches: 
      - main
      - release-branch-*
  pull_request:
    branches:
      - '**'

  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
  #  Boulder_ci_tests job. This looks like a single job, but the matrix
  #  items will mulitply it. For example every entry in the
  #  BOULDER_TOOLS_TAG list will run with every test. If there were two
  #  tags and 5 tests there would be 10 jobs run.
  boulder_ci_tests:
    # The type of runner that the job will run on
    runs-on: ubuntu-20.04

    strategy:
      # When set to true, GitHub cancels all in-progress jobs if any matrix job fails. Default: true
      fail-fast: false
      # Test matrix.
      matrix:
        # Add additional docker image tags here and all tests will be run with the additional image.
        BOULDER_TOOLS_TAG:
          - go1.16.5_2021-06-11
        # Tests command definitions. Use the entire docker-compose command you want to run.
        tests:
          # Run ./test.sh --help for a description of each of the flags.
          - "docker-compose run --use-aliases boulder ./test.sh --lints --generate --make-artifacts"
          - "docker-compose run --use-aliases boulder ./test.sh --integration"
          # Testing Config Changes:
          # Config changes that have landed in main but not yet been applied to
          # production can be made in `test/config-next/<component>.json`.
          #
          # Testing DB Schema Changes:
          # Database migrations in `sa/_db-next/migrations` are only performed 
          # when `docker-compose` is called using `-f docker-compose.yml -f 
          # docker-compose.next.yml`.
          - "docker-compose -f docker-compose.yml -f docker-compose.next.yml run --use-aliases boulder ./test.sh --integration"
          - "docker-compose run --use-aliases boulder ./test.sh --unit --enable-race-detection"
          - "docker-compose -f docker-compose.yml -f docker-compose.next.yml run --use-aliases boulder ./test.sh --unit --enable-race-detection"
          - "docker-compose run --use-aliases boulder ./test.sh --start-py"
          # gomod-vendor runs with a separate network access definition
          # because it needs to fetch packages from GitHub et. al., which
          # is incompatible with the DNS server override in the boulder
          # container (used for service discovery).
          - "docker-compose run --use-aliases netaccess ./test.sh --gomod-vendor"

    # This sets the docker image tag for the boulder-tools repository to
    # use in tests. It will be set appropriately for each tag in the list
    # defined in the matrix.
    env:
      BOULDER_TOOLS_TAG: ${{ matrix.BOULDER_TOOLS_TAG }}

    # Sequence of tasks that will be executed as part of the job.
    steps:
      # Checks out your repository under $GITHUB_WORKSPACE, so your job can access it
      - uses: actions/checkout@v2

      - name: Docker Login
        # You may pin to the exact commit or the version.
        # uses: docker/login-action@f3364599c6aa293cdc2b8391b1b56d0c30e45c8a
        uses: docker/login-action@v1.8.0
        with:
          # Username used to log against the Docker registry
          username: ${{ secrets.DOCKER_USERNAME}}
          # Password or personal access token used to log against the Docker registry
          password: ${{ secrets.DOCKER_PASSWORD}}
          # Log out from the Docker registry at the end of a job
          logout: true
        continue-on-error: true

      # Print the env variable being used to pull the docker image. For
      # informational use.
      - name: Print BOULDER_TOOLS_TAG
        run: echo "Using BOULDER_TOOLS_TAG ${BOULDER_TOOLS_TAG}"

      # Pre-pull the docker containers before running the tests.
      - name: docker-compose pull
        run: docker-compose pull
      
      # Run the test matrix. This will run
      - name: "Run Test: ${{ matrix.tests }}"
        run: ${{ matrix.tests }}

  # This is a utility build job to detect if the status of any of the
  # above jobs have failed and fail if so. It is needed so there can be
  # one static job name that can be used to determine success of the job
  # in GitHub branch protection.
  boulder_ci_test_matrix_status:
    if: ${{ always() }}
    runs-on: ubuntu-latest
    name: Boulder CI Test Matrix
    needs: boulder_ci_tests
    steps:
      - name: Check boulder ci test matrix status
        if: ${{ needs.boulder_ci_tests.result != 'success' }}
        run: exit 1