Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

ci: support external read-only cache for untrusted PRs #14570

Merged
merged 1 commit into from
Jul 25, 2024
Merged

ci: support external read-only cache for untrusted PRs #14570

merged 1 commit into from
Jul 25, 2024

Conversation

scotthart
Copy link
Member

@scotthart scotthart commented Jul 25, 2024
edited by coryan
Loading

While sccache is unavailable in a read_only mode, both the bazel-cache and vcpkg-cache can be used without credentials.
Integration tests, since they require credentials, will not be run by workflows started by test-runner-untrusted.yml.

This change is Reviewable

@scotthart scotthart requested a review from a team as a code owner July 25, 2024 19:27
@scotthart scotthart force-pushed the ci-gha-external-read-only branch from f51cf88 to 60534fa Compare July 25, 2024 19:29
@codecov Codecov
Copy link

codecov bot commented Jul 25, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 93.59%. Comparing base (8c496df) to head (60534fa).
Report is 10 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main   #14570   +/-   ##
=======================================
  Coverage   93.59%   93.59%           
=======================================
  Files        2316     2316           
  Lines      206915   206915           
=======================================
+ Hits       193654   193661    +7     
+ Misses      13261    13254    -7

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

coryan
coryan approved these changes Jul 25, 2024
View reviewed changes
Copy link
Contributor

@coryan coryan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You may want somebody more invested in the review. I approve of the intent, and I think it will work. I am not paying a lot of attention to how maintainable this will be.

ci/gha/builds/macos-bazel.sh
io::run bazelisk "${args[@]}" test "${test_args[@]}" "${integration_test_args[@]}" \
//google/cloud/storage/tests/...
}
if [[ "${EXECUTE_INTEGRATION_TESTS}" == "true" ]]; then
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider using getopt and something like --skip-integration-tests=true. Environment variables are global variables in disguise, one should use them sparingly

ci/gha/builds/windows-bazel.sh
--test_env=GRPC_DEFAULT_SSL_ROOTS_FILE_PATH="${HOME}/roots.pem" \
//google/cloud/storage/tests/...
}
if [[ "${EXECUTE_INTEGRATION_TESTS}" == "true" ]]; then
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ditto, consider using an argument to the script.

ci/gha/builds/lib/bazel.sh
@@ -45,7 +45,11 @@ function bazel::test_args() {
)
if [[ -n "${BAZEL_REMOTE_CACHE:-}" ]]; then
args+=("--remote_cache=${BAZEL_REMOTE_CACHE}")
args+=("--google_default_credentials")
if [[ "${BAZEL_REMOTE_CACHE_RW_MODE}" == "READ_WRITE" ]]; then
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also consider something other than enviroment variables for these.

scotthart
scotthart commented Jul 25, 2024
View reviewed changes
Copy link
Member Author

@scotthart scotthart left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 0 of 9 files reviewed, 3 unresolved discussions (waiting on @coryan)

ci/gha/builds/macos-bazel.sh line 53 at r1 (raw file):

Previously, coryan (Carlos O'Ryan) wrote…

Consider using getopt and something like --skip-integration-tests=true. Environment variables are global variables in disguise, one should use them sparingly

created #14572

ci/gha/builds/windows-bazel.sh line 49 at r1 (raw file):

Previously, coryan (Carlos O'Ryan) wrote…

Ditto, consider using an argument to the script.

Ack

ci/gha/builds/lib/bazel.sh line 48 at r1 (raw file):

Previously, coryan (Carlos O'Ryan) wrote…

Also consider something other than enviroment variables for these.

Ack

@scotthart scotthart merged commit e8af3d7 into main Jul 25, 2024
109 of 110 checks passed
@scotthart scotthart deleted the ci-gha-external-read-only branch July 25, 2024 20:34
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@coryan coryan coryan approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@scotthart @coryan