Skip to content
Integration

broker: migrate runtime registration identity to org id #555

Sign in to view logs

broker: migrate runtime registration identity to org id

broker: migrate runtime registration identity to org id #555

Workflow file for this run

.github/workflows/integration.yml at 6933b0c
name: Integration
on:
push:
branches: [main]
pull_request:
branches: [main]
workflow_dispatch:
concurrency:
group: integration-${{ github.event.pull_request.number || github.sha }}
cancel-in-progress: true
jobs:
docs-scope:
runs-on: &default-runner ubuntu-latest
outputs:
docs_only: ${{ steps.check.outputs.docs_only }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Detect docs-only changes
id: check
shell: bash
run: |
set -euo pipefail
if [ "${{ github.event_name }}" = "push" ]; then
BASE="${{ github.event.before }}"
else
BASE="${{ github.event.pull_request.base.sha }}"
fi
CHANGED="$(git diff --name-only "$BASE" HEAD 2>/dev/null || echo "UNKNOWN")"
if [ "$CHANGED" = "UNKNOWN" ] || [ -z "$CHANGED" ]; then
echo "docs_only=false" >> "$GITHUB_OUTPUT"
exit 0
fi
docs_only=true
while IFS= read -r path; do
[ -z "$path" ] && continue
case "$path" in
docs/*|*.md|*.mdx|LICENSE)
continue
;;
*)
docs_only=false
break
;;
esac
done <<< "$CHANGED"
echo "docs_only=$docs_only" >> "$GITHUB_OUTPUT"
integration:
needs: [docs-scope]
if: needs.docs-scope.outputs.docs_only != 'true'
runs-on: *default-runner
strategy:
fail-fast: false
matrix:
include:
- distro: ubuntu
image: ubuntu-24-04-x64
setup_script: bin/ci/setup-ubuntu.sh
- distro: arch
image: "217410218"
setup_script: bin/ci/setup-arch.sh
name: ${{ matrix.distro }}
timeout-minutes: 15
steps:
- uses: actions/checkout@v4
- name: Gate external fork PRs
id: gate
shell: bash
run: |
if [ "${{ github.event_name }}" = "pull_request" ] && [ "${{ github.event.pull_request.head.repo.full_name }}" != "${{ github.repository }}" ]; then
echo "enabled=false" >> "$GITHUB_OUTPUT"
else
echo "enabled=true" >> "$GITHUB_OUTPUT"
fi
- name: Skip integration for external fork PRs
if: steps.gate.outputs.enabled != 'true'
run: |
echo "Skipping droplet integration for external fork pull requests (secrets are unavailable)."
- name: Generate ephemeral SSH key
if: steps.gate.outputs.enabled == 'true'
run: |
mkdir -p ~/.ssh
ssh-keygen -t ed25519 -f ~/.ssh/ci_key -N "" -q
- name: Create droplet
if: steps.gate.outputs.enabled == 'true'
id: droplet
env:
DO_API_TOKEN: ${{ secrets.DO_API_TOKEN }}
run: |
output=$(bash bin/ci/droplet.sh create \
"ci-${{ matrix.distro }}-${{ github.run_id }}" \
"${{ matrix.image }}" \
~/.ssh/ci_key.pub)
echo "$output" >> "$GITHUB_OUTPUT"
echo "$output"
- name: Wait for SSH
if: steps.gate.outputs.enabled == 'true'
env:
DO_API_TOKEN: ${{ secrets.DO_API_TOKEN }}
run: |
bash bin/ci/droplet.sh wait-ssh \
"${{ steps.droplet.outputs.DROPLET_IP }}" \
~/.ssh/ci_key
- name: Upload source
if: steps.gate.outputs.enabled == 'true'
run: |
tar czf /tmp/baudbot-src.tar.gz \
--exclude=node_modules --exclude=.git .
scp -o StrictHostKeyChecking=no -o BatchMode=yes \
-i ~/.ssh/ci_key \
/tmp/baudbot-src.tar.gz \
"root@${{ steps.droplet.outputs.DROPLET_IP }}:/tmp/baudbot-src.tar.gz"
- name: Setup and test
if: steps.gate.outputs.enabled == 'true'
run: |
bash bin/ci/droplet.sh run \
"${{ steps.droplet.outputs.DROPLET_IP }}" \
~/.ssh/ci_key \
"${{ matrix.setup_script }}" \
"CI_ANTHROPIC_API_KEY=${{ secrets.CI_ANTHROPIC_API_KEY }}"
- name: Cleanup
if: always() && steps.gate.outputs.enabled == 'true'
env:
DO_API_TOKEN: ${{ secrets.DO_API_TOKEN }}
run: |
bash bin/ci/droplet.sh destroy \
"${{ steps.droplet.outputs.DROPLET_ID }}" \
"${{ steps.droplet.outputs.SSH_KEY_ID }}" \
"ci-${{ matrix.distro }}-${{ github.run_id }}"