Skip to content

Commit d6f957b

Browse files
author
latdx-mirror-bot
committed
ci: overlay fork CI for upstream PR jongpie#994
Upstream-SHA: b4a6561 Fork-CI-Tree: df239fa
1 parent b4a6561 commit d6f957b

4 files changed

Lines changed: 556 additions & 107 deletions

File tree

.github/actions/latdx-test/action.yml

Lines changed: 139 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,139 @@
1+
name: 'LATdx Apex Tests'
2+
description: >-
3+
Install the LATdx CLI, resolve a license (explicit key via the
4+
LATDX_LICENSE_KEY env var, or a short-lived OSS license minted from the
5+
GitHub Actions OIDC token on public repos), and run the full local Apex
6+
test suite against the job's default Salesforce org.
7+
8+
inputs:
9+
cli-version:
10+
description: "LATdx CLI version to install (semver like '0.31.1') or 'latest'."
11+
required: false
12+
default: 'latest'
13+
14+
runs:
15+
using: composite
16+
steps:
17+
- name: 'Install LATdx CLI'
18+
shell: bash
19+
env:
20+
CLI_VERSION: ${{ inputs.cli-version }}
21+
run: |
22+
set -euo pipefail
23+
if [[ ! "$CLI_VERSION" =~ ^(latest|[0-9]+\.[0-9]+\.[0-9]+)$ ]]; then
24+
echo "::error::Invalid 'cli-version' input. Must be 'latest' or a semver like '0.31.1'."
25+
exit 1
26+
fi
27+
# latdx.com serves the maintained install script, but Cloudflare
28+
# returns 403 to some hosted-runner egress IP ranges; fall back to
29+
# the GitHub raw mirror so the install succeeds from any runner.
30+
script=""
31+
for url in "https://latdx.com/install.sh" "https://raw.githubusercontent.com/nebulity/latdx-cli/main/install.sh"; do
32+
if script="$(curl -fsSL "$url")"; then
33+
break
34+
fi
35+
script=""
36+
done
37+
if [ -z "$script" ]; then
38+
echo "::error::Could not download the LATdx install script from any source."
39+
exit 1
40+
fi
41+
if [ "$CLI_VERSION" = "latest" ]; then
42+
printf '%s' "$script" | bash
43+
else
44+
printf '%s' "$script" | bash -s -- "$CLI_VERSION"
45+
fi
46+
echo "$HOME/.local/bin" >> "$GITHUB_PATH"
47+
48+
- name: 'Verify LATdx CLI'
49+
shell: bash
50+
run: latdx --version
51+
52+
- name: 'Resolve LATdx license'
53+
shell: bash
54+
run: |
55+
# The runner injects -e -o pipefail; this step must never fail the
56+
# job: every problem degrades to the free-tier cap with a warning.
57+
set +e +o pipefail
58+
59+
# Precedence:
60+
# 1. LATDX_LICENSE_KEY already in the environment (repo secret) -> use it.
61+
# 2. GH OIDC token available + repo public -> exchange for an OSS
62+
# auto-license via https://latdx.com/api/oss/license.
63+
# 3. Nothing -> daemon runs free-tier (capped at 100 tests, exit 2).
64+
65+
if [ -n "${LATDX_LICENSE_KEY:-}" ]; then
66+
echo "Using LATdx license from environment."
67+
exit 0
68+
fi
69+
70+
if [ -z "${ACTIONS_ID_TOKEN_REQUEST_TOKEN:-}" ] || [ -z "${ACTIONS_ID_TOKEN_REQUEST_URL:-}" ]; then
71+
echo "::warning title=LATdx OSS license::OIDC token unavailable (missing 'permissions: id-token: write' on the job). Free-tier cap (100 tests/run) applies."
72+
exit 0
73+
fi
74+
75+
OIDC_RESPONSE="$(curl -sS -f -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
76+
"${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=https%3A%2F%2Flatdx.com" 2>/dev/null)"
77+
CURL_RC=$?
78+
if [ "$CURL_RC" -ne 0 ]; then
79+
echo "::warning title=LATdx OSS license::OIDC token mint failed (curl rc=${CURL_RC}); falling back to free-tier cap."
80+
exit 0
81+
fi
82+
OIDC_TOKEN="$(printf '%s' "$OIDC_RESPONSE" | jq -r '.value // empty' 2>/dev/null)"
83+
if [ -z "$OIDC_TOKEN" ]; then
84+
echo "::warning title=LATdx OSS license::OIDC response not parseable (length ${#OIDC_RESPONSE}); falling back to free-tier cap."
85+
exit 0
86+
fi
87+
echo "Minted GitHub OIDC token (length ${#OIDC_TOKEN})."
88+
89+
EXCHANGE_BODY="$(mktemp)"
90+
trap 'rm -f "$EXCHANGE_BODY"' EXIT
91+
HTTP_CODE="$(curl -sS -o "$EXCHANGE_BODY" -w "%{http_code}" \
92+
-X POST https://latdx.com/api/oss/license \
93+
-H "Authorization: Bearer $OIDC_TOKEN" \
94+
-H "Content-Type: application/json" \
95+
--max-time 15)"
96+
if [ $? -ne 0 ]; then
97+
HTTP_CODE="000"
98+
fi
99+
echo "OSS license exchange returned HTTP ${HTTP_CODE}."
100+
101+
case "$HTTP_CODE" in
102+
200)
103+
LATDX_JWT="$(jq -r '.license // empty' < "$EXCHANGE_BODY" 2>/dev/null)"
104+
if [ -z "$LATDX_JWT" ]; then
105+
echo "::warning title=LATdx OSS license::Exchange returned 200 without a license; falling back to free-tier cap."
106+
exit 0
107+
fi
108+
echo "::add-mask::$LATDX_JWT"
109+
echo "LATDX_LICENSE_KEY=$LATDX_JWT" >> "$GITHUB_ENV"
110+
USED="$(jq -r '.monthly_used // "?"' < "$EXCHANGE_BODY" 2>/dev/null)"
111+
CAP="$(jq -r '.monthly_cap // "?"' < "$EXCHANGE_BODY" 2>/dev/null)"
112+
echo "OSS auto-license active (monthly_used=$USED, monthly_cap=$CAP) - free-tier cap lifted for this run."
113+
;;
114+
403)
115+
REASON="$(jq -r '.reason // "denied"' < "$EXCHANGE_BODY" 2>/dev/null)"
116+
ERROR="$(jq -r '.error // "OSS license denied."' < "$EXCHANGE_BODY" 2>/dev/null)"
117+
echo "::warning title=LATdx OSS license::${ERROR} (reason=${REASON}). Free-tier cap (100 tests/run) applies."
118+
;;
119+
429)
120+
USED="$(jq -r '.monthly_used // "?"' < "$EXCHANGE_BODY" 2>/dev/null)"
121+
CAP="$(jq -r '.monthly_cap // "?"' < "$EXCHANGE_BODY" 2>/dev/null)"
122+
RESET="$(jq -r '.reset_at // "next UTC month"' < "$EXCHANGE_BODY" 2>/dev/null)"
123+
echo "::warning title=LATdx OSS license::Monthly cap reached (${USED}/${CAP}); resets ${RESET}. Free-tier cap applies for this run."
124+
;;
125+
503)
126+
echo "::warning title=LATdx OSS license::OSS path temporarily unavailable. Free-tier cap applies for this run."
127+
;;
128+
000)
129+
echo "::warning title=LATdx OSS license::Could not reach the LATdx site. Free-tier cap applies for this run."
130+
;;
131+
*)
132+
ERROR="$(jq -r '.error // ""' < "$EXCHANGE_BODY" 2>/dev/null)"
133+
echo "::warning title=LATdx OSS license::Unexpected response ${HTTP_CODE} from /api/oss/license (${ERROR}). Free-tier cap applies."
134+
;;
135+
esac
136+
137+
- name: 'Run Apex tests with LATdx'
138+
shell: bash
139+
run: latdx test run

0 commit comments

Comments
 (0)