From 2b50ee67694c616b8d1fa5dc2a797f11d11dd045 Mon Sep 17 00:00:00 2001 From: Scott Hart Date: Thu, 4 Jun 2026 16:25:15 -0400 Subject: [PATCH] ci: update external account integration test to use bazel --- .../external-account-integration.yml | 64 ++++++------------- ci/gha/builds/external-account.sh | 35 +++------- 2 files changed, 26 insertions(+), 73 deletions(-) diff --git a/.github/workflows/external-account-integration.yml b/.github/workflows/external-account-integration.yml index aab32c345afb2..289629df57900 100644 --- a/.github/workflows/external-account-integration.yml +++ b/.github/workflows/external-account-integration.yml @@ -7,6 +7,9 @@ on: required: true description: "The ref we want to compile" type: string + push: + branches: + - "ci-gha-*" permissions: contents: read @@ -28,56 +31,25 @@ jobs: steps: - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 with: - ref: ${{ inputs.checkout-ref }} - - id: auth - uses: google-github-actions/auth@v2 - with: - create_credentials_file: true - credentials_json: ${{ secrets.BUILD_CACHE_KEY }} - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v2 - - name: vcpkg-version - id: vcpkg-version - run: | - echo "version=$(cat ci/etc/vcpkg-version.txt)" >> "${GITHUB_OUTPUT}" - shell: bash - - name: install ninja and CMake - run: | - rm /usr/local/bin/cmake - sudo apt install ninja-build cmake - - name: download-sccache - working-directory: "${{runner.temp}}" - run: | - curl -fsSL https://github.com/mozilla/sccache/releases/download/v0.7.1/sccache-v0.7.1-x86_64-unknown-linux-musl.tar.gz | \ - tar -zxf - --strip-components=1 && \ - sudo mv sccache /usr/bin/sccache && \ - sudo chmod +x /usr/bin/sccache - - name: download-vcpkg - working-directory: "${{runner.temp}}" - run: | - mkdir -p vcpkg - curl -fsSL "https://github.com/microsoft/vcpkg/archive/${STEPS_VCPKG_VERSION_OUTPUTS_VERSION}.tar.gz" | - tar -C vcpkg --strip-components=1 -zxf - - vcpkg/bootstrap-vcpkg.sh -disableMetrics - env: - STEPS_VCPKG_VERSION_OUTPUTS_VERSION: ${{ steps.vcpkg-version.outputs.version }} - # First compile the code using the identity with access to the build cache - - run: | - env VCPKG_ROOT="${{ runner.temp }}/vcpkg" ci/gha/builds/external-account.sh - # Then switch to the BYOID identity and run the integration test + ref: ${{ inputs.checkout-ref || github.sha }} + # Use BYOID identity and run the integration test - id: byoid-auth if: '!github.event.pull_request.head.repo.fork' name: 'Authenticate to GCP' - uses: 'google-github-actions/auth@v2' + uses: 'google-github-actions/auth@v3' with: create_credentials_file: true workload_identity_provider: 'projects/49427430084/locations/global/workloadIdentityPools/github-wif-pool/providers/github-wif-provider' service_account: 'github-actions@cloud-cpp-identity-federation.iam.gserviceaccount.com' - - run: | - ctest --test-dir cmake-out --output-on-failure -R common_internal_external_account_integration_test - env: - SCCACHE_GCS_BUCKET: cloud-cpp-gha-cache - SCCACHE_GCS_KEY_PREFIX: sccache/ubuntu-22.04/${{ github.job }} - SCCACHE_GCS_RW_MODE: READ_WRITE - SCCACHE_IGNORE_SERVER_IO_ERROR: 1 - VCPKG_BINARY_SOURCES: x-gcs,gs://cloud-cpp-gha-cache/vcpkg-cache/ubuntu-22.04/${{ github.job }},readwrite + - name: Run integration tests + if: '!github.event.pull_request.head.repo.fork' + run: | + bazelisk test \ + --test_output=all \ + --verbose_failures=true \ + --keep_going \ + --experimental_convenience_symlinks=ignore \ + --remote_upload_local_results=false \ + --test_env=GOOGLE_APPLICATION_CREDENTIALS="${GOOGLE_APPLICATION_CREDENTIALS}" \ + --test_env=GOOGLE_CLOUD_CPP_TEST_WIF_BUCKET="cloud-cpp-wif-test-bucket" \ + //google/cloud:internal_external_account_integration_test diff --git a/ci/gha/builds/external-account.sh b/ci/gha/builds/external-account.sh index 41e0e8c6d209b..5a97597de5531 100755 --- a/ci/gha/builds/external-account.sh +++ b/ci/gha/builds/external-account.sh @@ -18,36 +18,17 @@ set -euo pipefail source "$(dirname "$0")/../../lib/init.sh" source module ci/gha/builds/lib/linux.sh -source module ci/gha/builds/lib/cmake.sh -source module ci/gha/builds/lib/ctest.sh +source module ci/gha/builds/lib/bazel.sh +source module ci/lib/io.sh -mapfile -t args < <(cmake::common_args) -mapfile -t vcpkg_args < <(cmake::vcpkg_args) -mapfile -t ctest_args < <(ctest::common_args) +mapfile -t args < <(bazel::common_args) +mapfile -t test_args < <(bazel::test_args) -# This is a build to test External Accounts. This is a feature to use accounts -# from providers other than Google to access Google services. In this case we -# are using "GitHub Actions" as the provider. -# The External Accounts feature is sometimes known as Workload Identity -# Federation, and sometimes BYOID (Bring Your Own ID). -features=( - # Enable the smallest set of libraries libraries that will compile gRPC and - # REST-based authentication components and tests. - storage - iam - bigtable +targets=( + "//google/cloud:internal_external_account_integration_test" ) -enable=$(printf ";%s" "${features[@]}") -enable=${enable:1} -io::log_h1 "Starting Build" -TIMEFORMAT="==> 🕑 CMake configuration done in %R seconds" +io::log_h1 "Building Targets" time { - io::run cmake "${args[@]}" "${vcpkg_args[@]}" -DGOOGLE_CLOUD_CPP_ENABLE="${enable}" -} - -TIMEFORMAT="==> 🕑 CMake build done in %R seconds" -time { - # Compile only the integration test we need for this build - io::run cmake --build cmake-out --target common_internal_external_account_integration_test + io::run bazelisk "${args[@]}" build "${test_args[@]}" "${targets[@]}" }