forked from maximhq/bifrost
-
Notifications
You must be signed in to change notification settings - Fork 0
163 lines (139 loc) · 6.25 KB
/
pr-tests.yml
File metadata and controls
163 lines (139 loc) · 6.25 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
name: PR Tests (Requires Approval)
on:
# Manual trigger only - requires admin to click "Run workflow" button
workflow_dispatch:
inputs:
pr_number:
description: "PR number to test (leave empty for current branch)"
required: false
type: string
# Prevent concurrent test runs on the same PR
concurrency:
group: pr-tests-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
# Check if pipeline should be skipped based on first line of commit message
check-skip:
runs-on: ubuntu-latest
permissions:
contents: read
outputs:
should-skip: ${{ steps.check.outputs.should-skip }}
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Check if pipeline should be skipped
id: check
run: |
COMMIT_MESSAGE=$(git log -1 --pretty=%B)
FIRST_LINE=$(echo "$COMMIT_MESSAGE" | head -n 1)
if [[ "$FIRST_LINE" == *"--skip-ci"* ]]; then
echo "should-skip=true" >> $GITHUB_OUTPUT
else
echo "should-skip=false" >> $GITHUB_OUTPUT
fi
# This job shows up immediately and waits for approval
run-tests:
needs: [check-skip]
if: needs.check-skip.outputs.should-skip != 'true'
name: Run Tests (Awaiting Approval)
runs-on: ubuntu-latest
# Environment with protection rules - requires admin approval
# Note: You need to configure this environment in repo settings
environment:
name: pr-testing
url: ${{ github.event.pull_request.html_url || github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
permissions:
contents: read
pull-requests: write
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
with:
egress-policy: audit
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ github.event.pull_request.head.sha || github.sha }}
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: "1.26.2"
- name: Set up Node.js
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: "25"
- name: Set up Python
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: "3.11"
- name: Add comment to PR
if: github.event.pull_request.number
env:
GH_TOKEN: ${{ github.token }}
run: |
gh pr comment ${{ github.event.pull_request.number }} --body "🧪 Test run approved and starting...
**Test Suite Includes:**
- 📦 Core Build Validation
- 🔌 MCP Test Servers Build
- 🔧 Core Provider Tests
- 🛡️ Governance Tests
- 🔗 Integration Tests
[View workflow run →](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})"
- name: Make test script executable
run: chmod +x .github/workflows/scripts/run-tests.sh
- name: Run tests
env:
# API Keys for provider tests
MAXIM_API_KEY: ${{ secrets.MAXIM_API_KEY }}
MAXIM_LOGGER_ID: ${{ secrets.MAXIM_LOG_REPO_ID }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_SESSION_TOKEN: ${{ secrets.AWS_SESSION_TOKEN }}
AWS_ARN: ${{ secrets.AWS_ARN }}
BEDROCK_API_KEY: ${{ secrets.BEDROCK_API_KEY }}
AZURE_ENDPOINT: ${{ secrets.AZURE_ENDPOINT }}
AZURE_API_KEY: ${{ secrets.AZURE_API_KEY }}
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
GROQ_API_KEY: ${{ secrets.GROQ_API_KEY }}
MISTRAL_API_KEY: ${{ secrets.MISTRAL_API_KEY }}
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
OPENROUTER_API_KEY: ${{ secrets.OPENROUTER_API_KEY }}
PARASAIL_API_KEY: ${{ secrets.PARASAIL_API_KEY }}
PERPLEXITY_API_KEY: ${{ secrets.PERPLEXITY_API_KEY }}
ELEVENLABS_API_KEY: ${{ secrets.ELEVENLABS_API_KEY }}
SGL_API_KEY: ${{ secrets.SGL_API_KEY }}
CEREBRAS_API_KEY: ${{ secrets.CEREBRAS_API_KEY }}
COHERE_API_KEY: ${{ secrets.COHERE_API_KEY }}
FIREWORKS_API_KEY: ${{ secrets.FIREWORKS_API_KEY }}
VERTEX_CREDENTIALS: ${{ secrets.VERTEX_CREDENTIALS }}
VERTEX_PROJECT_ID: ${{ secrets.VERTEX_PROJECT_ID }}
HUGGING_FACE_API_KEY: ${{ secrets.HUGGING_FACE_API_KEY }}
REPLICATE_API_KEY: ${{ secrets.REPLICATE_API_KEY }}
REPLICATE_OWNER : ${{ secrets.REPLICATE_OWNER }}
RUNWAY_API_KEY : ${{ secrets.RUNWAY_API_KEY }}
run: |
echo "Running tests for PR #${{ github.event.pull_request.number || 'manual run' }}"
./.github/workflows/scripts/run-tests.sh
- name: Report test results
if: always() && github.event.pull_request.number
env:
GH_TOKEN: ${{ github.token }}
run: |
if [ "${{ job.status }}" = "success" ]; then
gh pr comment ${{ github.event.pull_request.number }} --body "✅ **All tests passed successfully!**
All test suites have completed without errors. This PR is ready for review.
[View detailed results →](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})"
else
gh pr comment ${{ github.event.pull_request.number }} --body "❌ **Tests failed**
One or more test suites failed. Please review the failures and update your PR.
[View detailed results →](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})"
fi