From 2a7902ff7e4a6e63909c9531a3d4b85fc5cc1d5e Mon Sep 17 00:00:00 2001 From: Bill Berry Date: Wed, 27 May 2026 14:02:30 -0700 Subject: [PATCH] ci: enable Go contract test gate via reusable workflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - .github/workflows/go-tests.yml: new reusable workflow installing Go (via go-version-file), terraform-docs, and az-cli/bicep, then running 'npm run go-test' for the full-single-node-cluster blueprint contract tests - .github/workflows/matrix-folder-check.yml: surface changesInGoContractTests output from the Detect-Folder-Changes detector to gate the new job - .github/workflows/pr-validation.yml: add go-tests job calling the reusable workflow (gated on detector output for PRs, always on for non-PR events) and include it in the required-checks aggregation Closes #569 Relates to #562 🔒 - Generated by Copilot --- .github/workflows/go-tests.yml | 36 +++++++++++++++++++++++ .github/workflows/matrix-folder-check.yml | 16 ++++++++++ .github/workflows/pr-validation.yml | 11 +++++++ 3 files changed, 63 insertions(+) create mode 100644 .github/workflows/go-tests.yml diff --git a/.github/workflows/go-tests.yml b/.github/workflows/go-tests.yml new file mode 100644 index 000000000..f83161084 --- /dev/null +++ b/.github/workflows/go-tests.yml @@ -0,0 +1,36 @@ +--- +name: Go Tests + +on: + workflow_call: + +permissions: {} + +jobs: + go-tests: + name: Go Static Contract Tests + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - name: Checkout repository + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + + - name: Set up Go + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 + with: + go-version-file: blueprints/full-single-node-cluster/tests/go.mod + cache-dependency-path: blueprints/full-single-node-cluster/tests/go.sum + + - name: Install terraform-docs + shell: bash + run: ./scripts/install-terraform-docs.sh + + - name: Install Azure CLI and Bicep + shell: bash + run: | + curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash + az bicep install + + - name: Run Go static contract tests + run: npm run go-test diff --git a/.github/workflows/matrix-folder-check.yml b/.github/workflows/matrix-folder-check.yml index 8b80900ea..c645aea9f 100644 --- a/.github/workflows/matrix-folder-check.yml +++ b/.github/workflows/matrix-folder-check.yml @@ -29,6 +29,7 @@ # - changesInApplications: true/false indicating if any Application folders have changed (when includeApplications=true) # - changedApplicationFolders: JSON object with Application folder details for matrix strategy (when includeApplications=true) # - changesInRust: true/false indicating if any Rust-related files have changed (gates the rust-tests workflow) +# - changesInGoContractTests: true/false indicating if static Go contract-test files have changed (gates the go-tests workflow) # # Usage Examples: # ```yaml @@ -150,6 +151,9 @@ on: # yamllint disable-line rule:truthy changesInRust: description: 'Whether any Rust-relevant files have changed (gates rust-tests)' value: ${{ jobs.map-outputs.outputs.changesInRust }} + changesInGoContractTests: + description: 'Whether any static Go contract-test relevant files have changed (gates go-tests)' + value: ${{ jobs.map-outputs.outputs.changesInGoContractTests }} permissions: {} @@ -174,6 +178,7 @@ jobs: changesInFuzzJs: ${{ steps.detect.outputs.changesInFuzzJs }} changedFuzzJsFolders: ${{ steps.detect.outputs.changedFuzzJsFolders }} changesInRust: ${{ steps.detect.outputs.changesInRust }} + changesInGoContractTests: ${{ steps.detect.outputs.changesInGoContractTests }} steps: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -233,6 +238,11 @@ jobs: 'changedFuzzJsFolders={"folderName":[]}' >> $env:GITHUB_OUTPUT } "changesInRust=$($jsonData.rust.has_changes)" >> $env:GITHUB_OUTPUT + if ($jsonData.PSObject.Properties.Name -contains 'goContractTests') { + "changesInGoContractTests=$($jsonData.goContractTests.has_changes.ToString().ToLower())" >> $env:GITHUB_OUTPUT + } else { + "changesInGoContractTests=false" >> $env:GITHUB_OUTPUT + } # Display results for debugging Write-Host "Detection results:" @@ -250,6 +260,11 @@ jobs: Write-Host "Fuzz JS changes: $($jsonData.fuzz.js.has_changes)" } Write-Host "Rust changes: $($jsonData.rust.has_changes)" + if ($jsonData.PSObject.Properties.Name -contains 'goContractTests') { + Write-Host "Go contract test changes: $($jsonData.goContractTests.has_changes)" + } else { + Write-Host "Go contract test changes: false" + } # Map outputs from the detection job to maintain backward compatibility map-outputs: @@ -272,6 +287,7 @@ jobs: changesInFuzzJs: ${{ needs.detect-changes.outputs.changesInFuzzJs }} changedFuzzJsFolders: ${{ needs.detect-changes.outputs.changedFuzzJsFolders }} changesInRust: ${{ needs.detect-changes.outputs.changesInRust }} + changesInGoContractTests: ${{ needs.detect-changes.outputs.changesInGoContractTests }} steps: - name: Map outputs for backward compatibility run: echo "Mapping outputs from detection job for backward compatibility" diff --git a/.github/workflows/pr-validation.yml b/.github/workflows/pr-validation.yml index 1c5269dbe..48d525f47 100644 --- a/.github/workflows/pr-validation.yml +++ b/.github/workflows/pr-validation.yml @@ -251,6 +251,16 @@ jobs: uses: ./.github/workflows/rust-tests.yml secrets: inherit + # Static Go contract tests for full-single-node-cluster blueprint outputs + go-tests: + name: Go Tests + needs: [matrix-changes] + if: github.event_name != 'pull_request' || needs.matrix-changes.outputs.changesInGoContractTests == 'true' + permissions: + contents: read + uses: ./.github/workflows/go-tests.yml + secrets: inherit + # Dependency advisory audit (cargo-audit + govulncheck) for PRs dep-audit: name: Dependency Audit @@ -406,6 +416,7 @@ jobs: - aio-version-check - rust-clippy - rust-tests + - go-tests - dep-audit - fuzz - matrix-changes