ci: Safer Actions setup with opt. e2e tests (#214)

fabriziodemaria · web-flow · commit cfdb0ff5bcc6 · 2025-07-01T21:59:05.000+02:00
ci: Safer Actions setup with opt. it tests
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -1,7 +1,7 @@
 name: CI
 
 on:
-  pull_request_target:
+  pull_request:
     branches:
       - 'main'
   push:
@@ -18,41 +18,37 @@ jobs:
     - name: install sourcekitten
       run: brew install sourcekitten
     - uses: actions/checkout@v3
-      with:
-        ref: ${{ github.event.pull_request.head.ref }}
-        repository: ${{ github.event.pull_request.head.repo.full_name }}
     - name: Run public API diff
       run: scripts/api_diff.sh ${{ matrix.module }}
 
-  Tests:
+  Unit-Tests:
     runs-on: macOS-latest
     steps:
-    - uses: actions/checkout@v3
-      with:
-        ref: ${{ github.event.pull_request.head.ref }}
-        repository: ${{ github.event.pull_request.head.repo.full_name }}
-    - name: Build and Test
-      env:
-        CLIENT_TOKEN: ${{ secrets.CONFIDENCE_CLIENT_TOKEN }}
-      run: scripts/run_tests.sh $CLIENT_TOKEN
+      - uses: actions/checkout@v3
+      - name: Build and Run Unit Tests
+        run: scripts/run_tests.sh
+
+  Integration-Tests:
+    runs-on: macOS-latest
+    if: ${{ secrets.CONFIDENCE_CLIENT_TOKEN != '' }}
+    steps:
+      - uses: actions/checkout@v3
+      - name: Build and Run Integration Tests
+        env:
+          CLIENT_TOKEN: ${{ secrets.CONFIDENCE_CLIENT_TOKEN }}
+        run: scripts/run_integration_tests.sh $CLIENT_TOKEN
 
   DemoApp:
     runs-on: macOS-latest
     steps:
     - uses: actions/checkout@v3
-      with:
-        ref: ${{ github.event.pull_request.head.ref }}
-        repository: ${{ github.event.pull_request.head.repo.full_name }}
     - name: Build Demo App
       run: ConfidenceDemoApp/scripts/build.sh
 
   SwiftLint:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
-      with:
-        ref: ${{ github.event.pull_request.head.ref }}
-        repository: ${{ github.event.pull_request.head.repo.full_name }}
     - name: GitHub Action for SwiftLint
       uses: norio-nomura/action-swiftlint@3.2.1
       with:
diff --git a/scripts/run_integration_tests.sh b/scripts/run_integration_tests.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+set -e
+
+script_dir=$(dirname $0)
+root_dir="$script_dir/../"
+
+test_runner_client_token=$1
+if [[ -z "${test_runner_client_token// }" ]]; then
+    test_runner_client_token=$(security find-generic-password -w -s 'swift-provider-e2e' -a 'confidence-test')
+fi
+
+(cd $root_dir && \
+    TEST_RUNNER_CLIENT_TOKEN=$test_runner_client_token TEST_RUNNER_TEST_FLAG_NAME=$2 xcodebuild \
+        -quiet \
+        -scheme Confidence-Package \
+        -destination 'platform=iOS Simulator,name=iPhone 15,OS=17.2' \
+        -only-testing:ConfidenceTests/ConfidenceIntegrationTests \
+        test) 
diff --git a/scripts/run_tests.sh b/scripts/run_tests.sh
@@ -5,17 +5,10 @@ set -e
 script_dir=$(dirname $0)
 root_dir="$script_dir/../"
 
-# Set the client token in your local keychain using the following command:
-# security add-generic-password -s 'swift-provider-e2e'  -a 'confidence-test' -w 'TOKEN'
-# You can then run the script with no arguments - you will need to allow access the first time only.
-test_runner_client_token=$1
-if [[ -z "${test_runner_client_token// }" ]]; then
-    test_runner_client_token=$(security find-generic-password -w -s 'swift-provider-e2e' -a 'confidence-test')
-fi
-
-(cd $root_dir &&
-    TEST_RUNNER_CLIENT_TOKEN=$test_runner_client_token TEST_RUNNER_TEST_FLAG_NAME=$2 xcodebuild \
+(cd $root_dir && \
+    xcodebuild \
         -quiet \
         -scheme Confidence-Package \
         -destination 'platform=iOS Simulator,name=iPhone 15,OS=17.2' \
+        -skip-testing:ConfidenceTests/ConfidenceIntegrationTests \
         test)
