Skip to content

Commit

Permalink
Add workaround for CircleCI's problems filtering from forks
Browse files Browse the repository at this point in the history 
CircleCI's branch filtering does not work properly with pull requests
from forks. The CIRCLE_BRANCH variable contains something like freedomofpress/pull/3
in this case. This means that docs and i18n PRs from forks are not
being tested as we wish; the translation tests are not run for i18n
PRs, and the app tests are being run for docs PRs.

A CircleCI feature request [1] to improve this was closed without
explanation, so I'm incorporating a workaround suggested in the
CircleCI forums: using the GitHub API to obtain the real branch name
for PRs from forks, and skipping tests if it doesn't match. Not all
steps of the relevant jobs are skipped, but the most expensive ones
are.

Also, stop skipping static-analysis-and-no-known-cves, as it doesn't
take that long, and might prevent problems from sneaking in on
branches with inaccurate names.

[1] https://discuss.circleci.com/t/only-build-pull-requests-targetting-specific-branch/6082/6
  • Loading branch information
@rmol
rmol committed Jun 5, 2019
1 parent 5d5ba25 commit 5fa2e0e
Showing 1 changed file with 52 additions and 16 deletions.
68 changes: 52 additions & 16 deletions .circleci/config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,11 @@ jobs:
name: Run tests
no_output_timeout: 20m
command: |
CIRCLE_PR_BRANCH=$([[ -n ${CIRCLE_PR_NUMBER} ]] && (curl -s https://api.github.com/repos/${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME}/pulls/${CIRCLE_PR_NUMBER} | jq -r '.head.ref') || "")
echo "CIRCLE_PR_BRANCH: ${CIRCLE_PR_BRANCH}"
if [[ $CIRCLE_BRANCH =~ ^i18n || $CIRCLE_PR_BRANCH =~ ^i18n ]]; then echo "Skipping: i18n branch"; exit 0; fi
if [[ $CIRCLE_BRANCH =~ ^docs || $CIRCLE_PR_BRANCH =~ ^docs ]]; then echo "Skipping: docs branch"; exit 0; fi
if [[ $CIRCLE_BRANCH =~ ^update-builder || $CIRCLE_PR_BRANCH =~ ^update-builder ]]; then echo "Skipping: update-builder branch"; exit 0; fi
export TESTFILES=$(cd securedrop; circleci tests glob 'tests/test*py' 'tests/**/test*py' |circleci tests split --split-by=timings |xargs echo)
docker rm -f securedrop-test-xenial-py2 || true
fromtag=$(docker images |grep securedrop-test-xenial-py2 |head -n1 |awk '{print $2}')
Expand Down Expand Up @@ -155,6 +160,11 @@ jobs:
- run:
name: Run tests
command: |
CIRCLE_PR_BRANCH=$([[ -n ${CIRCLE_PR_NUMBER} ]] && (curl -s https://api.github.com/repos/${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME}/pulls/${CIRCLE_PR_NUMBER} | jq -r '.head.ref') || "")
echo "CIRCLE_PR_BRANCH: ${CIRCLE_PR_BRANCH}"
if [[ $CIRCLE_BRANCH =~ ^i18n || $CIRCLE_PR_BRANCH =~ ^i18n ]]; then echo "Skipping: i18n branch"; exit 0; fi
if [[ $CIRCLE_BRANCH =~ ^docs || $CIRCLE_PR_BRANCH =~ ^docs ]]; then echo "Skipping: docs branch"; exit 0; fi
if [[ $CIRCLE_BRANCH =~ ^update-builder || $CIRCLE_PR_BRANCH =~ ^update-builder ]]; then echo "Skipping: update-builder branch"; exit 0; fi
export TESTFILES=$(cd securedrop; circleci tests glob 'tests/test*py' 'tests/**/test*py' |circleci tests split --split-by=timings |xargs echo)
docker rm -f securedrop-test-xenial-py3 || true
fromtag=$(docker images |grep securedrop-test-xenial-py3 |head -n1 |awk '{print $2}')
Expand Down Expand Up @@ -190,6 +200,9 @@ jobs:
- run:
name: Run tests
command: |
CIRCLE_PR_BRANCH=$([[ -n ${CIRCLE_PR_NUMBER} ]] && (curl -s https://api.github.com/repos/${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME}/pulls/${CIRCLE_PR_NUMBER} | jq -r '.head.ref') || "")
echo "CIRCLE_PR_BRANCH: ${CIRCLE_PR_BRANCH}"
if ! [[ $CIRCLE_BRANCH =~ ^i18n || $CIRCLE_PR_BRANCH =~ ^i18n ]]; then echo "Skipping: non-i18n branch"; exit 0; fi
export TESTFILES=$(cd securedrop; circleci tests glob 'tests/pageslayout/test*py' |circleci tests split --split-by=timings |xargs echo)
docker rm -f securedrop-test-xenial-py2 || true
fromtag=$(docker images |grep securedrop-test-xenial-py2 |head -n1 |awk '{print $2}')
Expand All @@ -202,19 +215,35 @@ jobs:
docker:
- image: gcr.io/cloud-builders/docker
steps:
- run: apt-get install -y make
- run: apt-get install -y make jq
- checkout
- setup_remote_docker
- run: cd admin ; make test
- run:
name: Run tests
command: |
CIRCLE_PR_BRANCH=$([[ -n ${CIRCLE_PR_NUMBER} ]] && (curl -s https://api.github.com/repos/${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME}/pulls/${CIRCLE_PR_NUMBER} | jq -r '.head.ref') || "")
echo "CIRCLE_PR_BRANCH: ${CIRCLE_PR_BRANCH}"
if [[ $CIRCLE_BRANCH =~ ^i18n || $CIRCLE_PR_BRANCH =~ ^i18n ]]; then echo "Skipping: i18n branch"; exit 0; fi
if [[ $CIRCLE_BRANCH =~ ^docs || $CIRCLE_PR_BRANCH =~ ^docs ]]; then echo "Skipping: docs branch"; exit 0; fi
if [[ $CIRCLE_BRANCH =~ ^update-builder || $CIRCLE_PR_BRANCH =~ ^update-builder ]]; then echo "Skipping: update-builder branch"; exit 0; fi
cd admin ; make test
fetch-tor-debs:
docker:
- image: gcr.io/cloud-builders/docker
steps:
- run: apt-get install -y make virtualenv python-pip enchant
- run: apt-get install -y make virtualenv python-pip enchant jq
- checkout
- setup_remote_docker
- run: make fetch-tor-packages
- run:
name: Fetch Tor packages
command: |
CIRCLE_PR_BRANCH=$([[ -n ${CIRCLE_PR_NUMBER} ]] && (curl -s https://api.github.com/repos/${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME}/pulls/${CIRCLE_PR_NUMBER} | jq -r '.head.ref') || "")
echo "CIRCLE_PR_BRANCH: ${CIRCLE_PR_BRANCH}"
if [[ $CIRCLE_BRANCH =~ ^i18n || $CIRCLE_PR_BRANCH =~ ^i18n ]]; then echo "Skipping: i18n branch"; exit 0; fi
if [[ $CIRCLE_BRANCH =~ ^docs || $CIRCLE_PR_BRANCH =~ ^docs ]]; then echo "Skipping: docs branch"; exit 0; fi
if [[ $CIRCLE_BRANCH =~ ^update-builder || $CIRCLE_PR_BRANCH =~ ^update-builder ]]; then echo "Skipping: update-builder branch"; exit 0; fi
make fetch-tor-packages
updater-gui-tests:
docker:
Expand All @@ -241,6 +270,11 @@ jobs:
- run:
name: Run tests
command: |
CIRCLE_PR_BRANCH=$([[ -n ${CIRCLE_PR_NUMBER} ]] && (curl -s https://api.github.com/repos/${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME}/pulls/${CIRCLE_PR_NUMBER} | jq -r '.head.ref') || "")
echo "CIRCLE_PR_BRANCH: ${CIRCLE_PR_BRANCH}"
if [[ $CIRCLE_BRANCH =~ ^i18n || $CIRCLE_PR_BRANCH =~ ^i18n ]]; then echo "Skipping: i18n branch"; exit 0; fi
if [[ $CIRCLE_BRANCH =~ ^docs || $CIRCLE_PR_BRANCH =~ ^docs ]]; then echo "Skipping: docs branch"; exit 0; fi
if [[ $CIRCLE_BRANCH =~ ^update-builder || $CIRCLE_PR_BRANCH =~ ^update-builder ]]; then echo "Skipping: update-builder branch"; exit 0; fi
cd journalist_gui
xvfb-run -a pipenv run python3 test_gui.py
Expand Down Expand Up @@ -268,8 +302,13 @@ jobs:
- *installenchant

- run:
name: Run Staging tests on GCE (Xenial)
command: make ci-go
name: Run Staging tests on GCE
command: |
CIRCLE_PR_BRANCH=$([[ -n ${CIRCLE_PR_NUMBER} ]] && (curl -s https://api.github.com/repos/${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME}/pulls/${CIRCLE_PR_NUMBER} | jq -r '.head.ref') || "")
echo "CIRCLE_PR_BRANCH: ${CIRCLE_PR_BRANCH}"
if [[ $CIRCLE_BRANCH =~ ^i18n || $CIRCLE_PR_BRANCH =~ ^i18n ]]; then echo "Skipping: i18n branch"; exit 0; fi
if [[ $CIRCLE_BRANCH =~ ^docs || $CIRCLE_PR_BRANCH =~ ^docs ]]; then echo "Skipping: docs branch"; exit 0; fi
make ci-go
no_output_timeout: 20m

- run:
Expand All @@ -292,7 +331,13 @@ jobs:
- run: apt-get install -y make virtualenv python-pip enchant
- checkout
- setup_remote_docker
- run: make ci-deb-tests
- run:
name: Test Debian package build
command: |
CIRCLE_PR_BRANCH=$([[ -n ${CIRCLE_PR_NUMBER} ]] && (curl -s https://api.github.com/repos/${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME}/pulls/${CIRCLE_PR_NUMBER} | jq -r '.head.ref') || "")
echo "CIRCLE_PR_BRANCH: ${CIRCLE_PR_BRANCH}"
if ! [[ $CIRCLE_BRANCH =~ ^update-builder || $CIRCLE_PR_BRANCH =~ ^update-builder ]]; then echo "Skipping: non-update-builder branch"; exit 0; fi
make ci-deb-tests
workflows:
version: 2
Expand Down Expand Up @@ -345,11 +390,6 @@ workflows:
requires:
- lint
- static-analysis-and-no-known-cves:
filters:
branches:
ignore:
- /docs-.*/
- /i18n-.*/
requires:
- lint
- staging-test-with-rebase:
Expand All @@ -361,10 +401,6 @@ workflows:
requires:
- lint
- translation-tests:
filters:
branches:
only:
- /i18n-.*/
requires:
- lint
- deb-tests:
Expand Down

0 comments on commit 5fa2e0e

Please sign in to comment.