Add first pact verification for WDS integration. #1511
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,207 @@ | ||
| name: Verify consumer pacts | ||
| # The purpose of this workflow is to verify ANY consumer contract(s) dependent on workspacemanager provider using Pact | ||
|
There was a problem hiding this comment. Comment adjusted to include |
||
| # framework. | ||
| # | ||
| # The workflow meets the criteria of Pact Broker *Platinum* as described in https://docs.pact.io/pact_nirvana/step_6. | ||
| # The can-i-deploy job has been added to this workflow to gate the merge of PRs into develop branch. | ||
| # | ||
| # This workflow is triggered when | ||
| # | ||
| # 1. Consumer makes a change that results in a new pact published to Pact Broker (will verify ONLY the changed pact and publish the verification results back to the broker) | ||
| # 2. Provider makes a change (runs verification tests against ALL DEPLOYED consumer pact versions and publishes corresponding verification results) | ||
|
There was a problem hiding this comment.
doesn't this require some configuration/integration with beehive or sherlock? Is this already set up? There was a problem hiding this comment. Honestly, I'm not sure...this file is the result of a blatant copypaste. I did check in https://beehive.dsp-devops.broadinstitute.org/charts/workspacemanager/contract-testing and confirmed that for There was a problem hiding this comment. I'll get to exercise some of the provider side again after this merges by integrating another couple pact verifications...hopefully I'll have more of a clue after that process. |
||
| # | ||
| # | ||
| # The workflow requires the following Pact broker credentials: | ||
| # - PACT_BROKER_USERNAME - the Pact Broker username | ||
| # - PACT_BROKER_PASSWORD - the Pact Broker password | ||
| # They are managed by Atlantis and were added to Terraform here: | ||
| # https://github.com/broadinstitute/terraform-ap-deployments/pull/1086 | ||
|
There was a problem hiding this comment. Included link to PR where wsm's creds were introduced. |
||
| env: | ||
| PACT_BROKER_URL: https://pact-broker.dsp-eng-tools.broadinstitute.org | ||
| spring_profiles_active: human-readable-logging | ||
|
There was a problem hiding this comment. Added |
||
| on: | ||
| pull_request: | ||
| branches: | ||
| - develop | ||
| paths-ignore: | ||
| - 'README.md' | ||
| push: | ||
| branches: | ||
| - develop | ||
| paths-ignore: | ||
| - 'README.md' | ||
| workflow_dispatch: | ||
| inputs: | ||
| pb-event-type: | ||
| description: 'the Pact Broker event type that triggers this workflow' | ||
| required: true | ||
| type: string | ||
| consumer-name: | ||
| description: 'the consumer name' | ||
| required: true | ||
| type: string | ||
| consumer-version-number: | ||
| description: 'the version number of the most recent consumer version associated with the pact content' | ||
| required: true | ||
| type: string | ||
| provider-version-number: | ||
| description: 'the provider version number for the verification result' | ||
| required: false | ||
| type: string | ||
| consumer-version-tags: | ||
| description: 'the list of tag names for the most recent consumer version associated with the pact content, separated by ", "' | ||
| required: true | ||
| type: string | ||
| consumer-version-branch: | ||
| description: 'the name of the branch for most recent consumer version associated with the pact content' | ||
| required: true | ||
| type: string | ||
| provider-version-branch: | ||
| description: 'the name of the branch for the provider version associated with the verification result' | ||
| required: false | ||
| type: string | ||
| consumer-labels: | ||
| description: 'the list of labels for the consumer associated with the pact content, separated by ", "' | ||
| required: false | ||
| type: string | ||
| provider-labels: | ||
| description: 'the list of labels for the provider associated with the pact content, separated by ", "' | ||
| required: false | ||
| type: string | ||
| pact-url: | ||
| description: 'the "permalink" URL to the newly published pact (the URL specifying the consumer version URL, rather than the "/latest" format' | ||
| required: true | ||
| type: string | ||
|
|
||
| jobs: | ||
| verify-consumer-pact: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: 'read' | ||
| id-token: 'write' | ||
| outputs: | ||
| provider-sha: ${{ steps.verification-test.outputs.provider-sha }} | ||
|
|
||
| steps: | ||
| - name: Checkout current code | ||
| uses: actions/checkout@v3 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| - name: Extract branch | ||
| id: extract-branch | ||
| run: | | ||
| GITHUB_EVENT_NAME=${{ github.event_name }} | ||
| if [[ "$GITHUB_EVENT_NAME" == "push" || "$GITHUB_EVENT_NAME" == "workflow_dispatch"]]; then | ||
| GITHUB_REF=${{ github.ref }} # The Git Ref that this workflow runs on | ||
| GITHUB_SHA=${{ github.sha }} # The Git Sha that this workflow runs on | ||
| elif [[ "$GITHUB_EVENT_NAME" == "pull_request" ]]; then | ||
| GITHUB_REF=refs/heads/${{ github.head_ref }} | ||
| GITHUB_SHA=${{ github.event.pull_request.head.sha }} | ||
| else | ||
| echo "Failed to extract branch information" | ||
| exit 1 | ||
| fi | ||
| echo "CURRENT_BRANCH=${GITHUB_REF/refs\/heads\//""}" >> $GITHUB_ENV | ||
| echo "CURRENT_SHA=$GITHUB_SHA" >> $GITHUB_ENV | ||
| - name: "This step will only run when this workflow is triggered by a Pact Broker webhook event" | ||
| if: ${{ inputs.pb-event-type != '' }} | ||
| run: | | ||
| echo "pb-event-type=${{ inputs.pb-event-type }}" | ||
| echo "consumer-name=${{ inputs.consumer-name }}" | ||
| echo "consumer-version-branch/consumer-version-number=${{ inputs.consumer-version-branch }}/${{ inputs.consumer-version-number }}" | ||
| echo "provider-version-branch/provider-version-number=${{ inputs.provider-version-branch }}/${{ inputs.provider-version-number }}" | ||
| # The consumer-version-branch/consumer-version-number is practically sufficient. | ||
| # The pact-url is included here in case future pact4s client supports it. | ||
| echo "pact-url=${{ inputs.pact-url }}" | ||
| if [[ ! -z "${{ inputs.provider-version-branch }}" ]]; then | ||
| echo "PROVIDER_BRANCH=${{ inputs.provider-version-branch }}" >> $GITHUB_ENV | ||
| echo "CHECKOUT_BRANCH=${{ inputs.provider-version-branch }}" >> $GITHUB_ENV | ||
| fi | ||
| if [[ ! -z "${{ inputs.provider-version-number }}" ]]; then | ||
| echo "PROVIDER_SHA=${{ inputs.provider-version-number }}" >> $GITHUB_ENV | ||
| echo "CHECKOUT_SHA=${{ inputs.provider-version-number }}" >> $GITHUB_ENV | ||
| fi | ||
| echo "CONSUMER_NAME=${{ inputs.consumer-name }}" >> $GITHUB_ENV | ||
| echo "CONSUMER_BRANCH=${{ inputs.consumer-version-branch }}" >> $GITHUB_ENV | ||
| echo "CONSUMER_SHA=${{ inputs.consumer-version-number }}" >> $GITHUB_ENV | ||
| - name: Switch to appropriate branch | ||
| run: | | ||
| if [[ -z "${{ env.PROVIDER_BRANCH }}" ]]; then | ||
| echo "PROVIDER_BRANCH=${{ env.CURRENT_BRANCH }}" >> $GITHUB_ENV | ||
| fi | ||
| if [[ -z "${{ env.PROVIDER_SHA }}" ]]; then | ||
| echo "PROVIDER_SHA=${{ env.CURRENT_SHA }}" >> $GITHUB_ENV | ||
| fi | ||
| git fetch | ||
| if [[ ! -z "${{ env.CHECKOUT_BRANCH }}" ]] && [[ ! -z "${{ env.CHECKOUT_SHA }}" ]]; then | ||
| echo "git checkout -b ${{ env.CHECKOUT_BRANCH }} ${{ env.CHECKOUT_SHA }}" | ||
| git checkout -b ${{ env.CHECKOUT_BRANCH }} ${{ env.CHECKOUT_SHA }} || echo "already in ${{ env.CHECKOUT_BRANCH }}" | ||
| echo "git branch" | ||
| git branch | ||
| else | ||
| if [[ "${{ github.event_name }}" == "push" ]] || [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then | ||
| echo "git checkout ${{ env.CURRENT_BRANCH }}" | ||
| git checkout ${{ env.CURRENT_BRANCH }} | ||
| else | ||
| echo "git checkout -b ${{ env.CURRENT_BRANCH }} ${{ env.CURRENT_SHA }}" | ||
| git checkout -b ${{ env.CURRENT_BRANCH }} ${{ env.CURRENT_SHA }} | ||
| fi | ||
| fi | ||
| echo "git rev-parse HEAD" | ||
| git rev-parse HEAD | ||
| - name: Set up JDK 17 | ||
| uses: actions/setup-java@v2 | ||
| with: | ||
| java-version: '17' | ||
| distribution: 'temurin' | ||
|
|
||
| - name: Gradle cache | ||
| uses: actions/cache@v2 | ||
| with: | ||
| path: | | ||
| ~/.gradle/caches | ||
| ~/.gradle/wrapper | ||
| key: v1-${{ runner.os }}-gradle-${{ github.ref }}-${{ github.sha }} | ||
| restore-keys: v1-${{ runner.os }}-gradle-${{ github.ref }} | ||
|
|
||
| - name: Verify consumer pacts and publish verification status to Pact Broker | ||
| id: verification-test | ||
| env: | ||
| PACT_PROVIDER_COMMIT: ${{ env.PROVIDER_SHA }} | ||
| PACT_PROVIDER_BRANCH: ${{ env.PROVIDER_BRANCH }} | ||
| PACT_BROKER_USERNAME: ${{ secrets.PACT_BROKER_USERNAME }} | ||
| PACT_BROKER_PASSWORD: ${{ secrets.PACT_BROKER_PASSWORD }} | ||
| run: | | ||
| echo "provider-sha=${{ env.PROVIDER_SHA }}" >> $GITHUB_OUTPUT | ||
| echo "env.CHECKOUT_BRANCH=${{ env.CHECKOUT_BRANCH }} # If not empty, this reflects the branch being checked out (generated by Pact Broker)" | ||
| echo "env.CHECKOUT_SHA=${{ env.CHECKOUT_SHA }} # If not empty, this reflects the git commit hash of the branch being checked out (generated by Pact Broker)" | ||
| echo "env.CURRENT_BRANCH=${{ env.CURRENT_BRANCH }} # This reflects the branch being checked out if CHECKOUT_BRANCH is empty" | ||
| echo "env.CURRENT_SHA=${{ env.CURRENT_SHA }} # This reflects the git commit hash of the branch being checked out if CHECKOUT_BRANCH is empty" | ||
| echo "env.PROVIDER_BRANCH=${{ env.PROVIDER_BRANCH }} # This reflects the provider branch for pact verification" | ||
| echo "env.PROVIDER_SHA=${{ env.PROVIDER_SHA }} # This reflects the provider version for pact verification" | ||
| echo "env.CONSUMER_BRANCH=${{ env.CONSUMER_BRANCH }} # This reflects the consumer branch for pact verification (generated by Pact Broker)" | ||
| echo "env.CONSUMER_SHA=${{ env.CONSUMER_SHA }} # This reflects the consumer version for pact verification (generated by Pact Broker)" | ||
| ./gradlew --build-cache verifyPacts --scan | ||
| - name: Upload Test Reports | ||
| if: always() | ||
| uses: actions/upload-artifact@v1 | ||
| with: | ||
| name: Test Reports | ||
| path: service/build/reports | ||
|
|
||
| can-i-deploy: | ||
| # The can-i-deploy job will run as a result of a workspace manager PR. | ||
| # It reports the pact verification statuses on all deployed environments. | ||
| runs-on: ubuntu-latest | ||
| if: ${{ inputs.pb-event-type == '' }} | ||
| needs: [ verify-consumer-pact ] | ||
| steps: | ||
| - name: Dispatch to terra-github-workflows | ||
| uses: broadinstitute/workflow-dispatch@v3 | ||
| with: | ||
| workflow: .github/workflows/can-i-deploy.yaml | ||
| repo: broadinstitute/terra-github-workflows | ||
| ref: refs/heads/main | ||
| token: ${{ secrets.BROADBOT_TOKEN }} # github token for access to kick off a job in the private repo | ||
| inputs: '{ "pacticipant": "workspacemanager", "version": "${{ needs.verify-consumer-pact.outputs.provider-sha }}" }' | ||
|
There was a problem hiding this comment. Adjusted pacticipant name to |
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This file is copied from DataBiosphere/jade-data-repo#1528, I'll annotate the lines which are WSM-specific.