name: Integration Testing on: workflow_dispatch: # Integration tests are slow, so only run them if relevant files have changed. # This is done at the workflow level and at the job level. # Make sure these triggers stay consistent with the 'changed-files' job. push: branches: - 'main' - 'rc' paths: - ".github/workflows/integration-test.yml" # this file - "docker-compose.yml" # any change to Docker configuration - "package.json" # dependencies - "utils/**" # any change to test fixtures - "src/services/sync.service.ts" # core sync service used by all directory services - "src/services/directory-services/ldap-directory.service*" # LDAP directory service - "src/services/directory-services/gsuite-directory.service*" # Google Workspace directory service # Add directory services here as we add test coverage pull_request: paths: - ".github/workflows/integration-test.yml" # this file - "docker-compose.yml" # any change to Docker configuration - "package.json" # dependencies - "utils/**" # any change to test fixtures - "src/services/sync.service.ts" # core sync service used by all directory services - "src/services/directory-services/ldap-directory.service*" # LDAP directory service - "src/services/directory-services/gsuite-directory.service*" # Google Workspace directory service # Add directory services here as we add test coverage permissions: contents: read checks: write # required by dorny/test-reporter to upload its results id-token: write # required to use OIDC to login to Azure Key Vault jobs: testing: name: Run tests if: ${{ startsWith(github.head_ref, 'version_bump_') == false }} runs-on: ubuntu-22.04 steps: - name: Check out repo uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Get Node version id: retrieve-node-version run: | NODE_NVMRC=$(cat .nvmrc) NODE_VERSION=${NODE_NVMRC/v/''} echo "node_version=$NODE_VERSION" >> "$GITHUB_OUTPUT" - name: Set up Node uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 with: cache: 'npm' cache-dependency-path: '**/package-lock.json' node-version: ${{ steps.retrieve-node-version.outputs.node_version }} - name: Install Node dependencies run: npm ci # Get secrets from Azure Key Vault - name: Azure Login uses: bitwarden/gh-actions/azure-login@main with: subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} tenant_id: ${{ secrets.AZURE_TENANT_ID }} client_id: ${{ secrets.AZURE_CLIENT_ID }} - name: Get KV Secrets id: get-kv-secrets uses: bitwarden/gh-actions/get-keyvault-secrets@main with: keyvault: gh-directory-connector secrets: "GOOGLE-ADMIN-USER,GOOGLE-CLIENT-EMAIL,GOOGLE-DOMAIN,GOOGLE-PRIVATE-KEY" - name: Azure Logout uses: bitwarden/gh-actions/azure-logout@main # Only run relevant tests depending on what files have changed. # This should be kept consistent with the workflow level triggers. # Note: docker-compose.yml is only used for ldap for now - name: Get changed files id: changed-files uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 with: list-files: shell token: ${{ secrets.GITHUB_TOKEN }} # Add directory services here as we add test coverage filters: | common: - '.github/workflows/integration-test.yml' - 'utils/**' - 'package.json' - 'src/services/sync.service.ts' ldap: - 'docker-compose.yml' - 'src/services/directory-services/ldap-directory.service*' google: - 'src/services/directory-services/gsuite-directory.service*' # LDAP - name: Setup LDAP integration tests if: steps.changed-files.outputs.common == 'true' || steps.changed-files.outputs.ldap == 'true' run: | sudo apt-get update sudo apt-get -y install mkcert npm run test:integration:setup - name: Run LDAP integration tests if: steps.changed-files.outputs.common == 'true' || steps.changed-files.outputs.ldap == 'true' env: JEST_JUNIT_UNIQUE_OUTPUT_NAME: "true" # avoids junit outputs from clashing run: npx jest ldap-directory.service.integration.spec.ts --coverage --coverageDirectory=coverage-ldap # Google Workspace - name: Run Google Workspace integration tests if: steps.changed-files.outputs.common == 'true' || steps.changed-files.outputs.google == 'true' env: GOOGLE_DOMAIN: ${{ steps.get-kv-secrets.outputs.GOOGLE-DOMAIN }} GOOGLE_ADMIN_USER: ${{ steps.get-kv-secrets.outputs.GOOGLE-ADMIN-USER }} GOOGLE_CLIENT_EMAIL: ${{ steps.get-kv-secrets.outputs.GOOGLE-CLIENT-EMAIL }} GOOGLE_PRIVATE_KEY: ${{ steps.get-kv-secrets.outputs.GOOGLE-PRIVATE-KEY }} JEST_JUNIT_UNIQUE_OUTPUT_NAME: "true" # avoids junit outputs from clashing run: | npx jest gsuite-directory.service.integration.spec.ts --coverage --coverageDirectory=coverage-google - name: Report test results id: report uses: dorny/test-reporter@dc3a92680fcc15842eef52e8c4606ea7ce6bd3f3 # v2.1.1 # This will skip the job if it's a pull request from a fork, because that won't have permission to upload test results. # PRs from the repository and all other events are OK. if: (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event.pull_request.head.repo.full_name == github.repository) && !cancelled() with: name: Test Results path: "junit.xml*" reporter: jest-junit fail-on-error: true - name: Upload coverage to codecov.io uses: codecov/codecov-action@5a605bd92782ce0810fa3b8acc235c921b497052 # v5.2.0 - name: Upload results to codecov.io uses: codecov/test-results-action@4e79e65778be1cecd5df25e14af1eafb6df80ea9 # v1.0.2