-
Notifications
You must be signed in to change notification settings - Fork 2
188 lines (162 loc) · 5.76 KB
/
validate.yaml
File metadata and controls
188 lines (162 loc) · 5.76 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
# Copyright (c) 2025 ADBC Drivers Contributors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This is a common workflow for running the validation suite.
name: Run Validation Suite
on:
workflow_call:
inputs:
driver:
required: true
type: string
subdir:
required: false
type: string
# XXX(https://github.com/actions/runner/issues/1490): the caller of a
# reusable workflow can't use an environment. Instead, it has to pass us
# the environment to use. It then has to explicitly pass us the secrets
# a second time.
environment:
required: false
type: string
default: null
# Set this to enable logging in to AWS.
aws_region:
required: false
type: string
default: ""
gcloud:
required: false
default: false
type: boolean
secrets:
# Extra env vars that will be sourced (presumably, these come from an
# environment and are used to implement workflows requiring approval)
environment:
required: false
# For workflows using AWS resources, the AWS role to assume
aws_role:
required: false
aws_role_session_name:
required: false
# For workflows using Google Cloud resources
gcloud_service_account:
required: false
gcloud_workload_identity_provider:
required: false
concurrency:
group: ${{ github.repository }}-${{ github.ref }}-${{ github.workflow }}-validate
cancel-in-progress: true
defaults:
run:
shell: bash
permissions:
contents: read
jobs:
build:
name: "Run Validation Suite ${{ inputs.driver }}/${{ matrix.os }} ${{ matrix.arch }}"
runs-on: ${{ matrix.runner }}
strategy:
fail-fast: true
matrix:
include:
# I think we only need to test one platform, but we can change that later
- { os: Linux, arch: amd64, runner: ubuntu-latest }
environment: ${{ inputs.environment }}
# XXX: required for AWS auth. Unfortunately, we can't use templating to
# dynamically set id-token based on the inputs, so we have to request
# broader permissions than strictly needed.
permissions:
contents: read
id-token: write
steps:
- uses: actions/checkout@v5
with:
fetch-depth: 0
persist-credentials: false
- uses: actions/setup-go@v6
with:
cache-dependency-path: ${{ inputs.driver }}/go.sum
check-latest: true
go-version-file: ${{ inputs.subdir || inputs.driver }}/go.mod
- uses: prefix-dev/setup-pixi@28eb668aafebd9dede9d97c4ba1cd9989a4d0004 # v0.9.2
with:
pixi-version: v0.50.2
run-install: false
- name: Install dev tools
working-directory: ${{ inputs.subdir || inputs.driver }}
run: |
pixi install
- name: AWS Login
if: inputs.aws_region != ''
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
role-to-assume: ${{ secrets.aws_role }}
role-session-name: ${{ secrets.aws_role_session_name }}
aws-region: ${{ inputs.aws_region }}
- name: Google Cloud Login
if: inputs.gcloud
uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0
with:
service_account: ${{ secrets.gcloud_service_account }}
workload_identity_provider: ${{ secrets.gcloud_workload_identity_provider }}
- name: Build Library
working-directory: ${{ inputs.subdir || inputs.driver }}
run: |
pixi run adbc-make build DEBUG=true VERBOSE=true DRIVER=${{ inputs.driver }}
- name: Start Test Dependencies
# Can't use Docker on macOS AArch64 runners, and Windows containers
# work but often the container doesn't support Windows
if: runner.os == 'Linux'
working-directory: ${{ inputs.subdir || inputs.driver }}
run: |
if [[ -f compose.yaml ]]; then
if ! docker compose up --detach --wait test-service; then
echo "Service failed to start"
echo "Logs:"
docker compose logs test-service
exit 1
fi
fi
- name: Validate
working-directory: ${{ inputs.subdir || inputs.driver }}
run: |
set -a
if [[ -f .env ]]; then
echo "Loading .env"
source ".env"
fi
if [[ -f .env.ci ]]; then
echo "Loading .env.ci"
source ".env.ci"
fi
set +a
if [[ -n "${{ secrets.environment }}" ]]; then
echo "Loading secret environment variables"
eval "${{ secrets.environment }}"
fi
if [[ -f ci/scripts/pre-test.sh ]]; then
echo "Loading pre-test"
./ci/scripts/pre-test.sh
fi
docker ps
pixi run validate
- name: Generate docs
working-directory: ${{ inputs.subdir || inputs.driver }}
run: |
pixi run gendocs --output generated
- uses: actions/upload-artifact@v5
with:
name: docs
path: "${{ inputs.subdir || inputs.driver }}/generated/${{ inputs.driver }}.md"
retention-days: 2