Skip to content

chore(e2e): just recipes for the gh-automatable setup #49

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
lex00 merged 1 commit into from
Jun 19, 2026
Merged

chore(e2e): just recipes for the gh-automatable setup #49

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -277,6 +277,14 @@ and **Actions secrets + variables** read+write, plus the read scopes the cycles
touch. CI runs it nightly + on demand via `.github/workflows/e2e.yml` using
`WARDEN_E2E_*` repo secrets (never on PRs).

Once the App is created, installed on the test org, and its `.pem` downloaded
(the web-only steps), wiring the secrets and triggering a run is automated:

```bash
just e2e-setup <test-org> <app-slug> ./warden-e2e.pem # discovers app/installation id, sets the 4 secrets
just e2e-run # dispatch Phase 1 (add `true` for Phase 2)
```

## Architecture

The provider-agnostic reconcile core (change-set model, generic collection diff,
Expand Down
30 changes: 30 additions & 0 deletions justfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,3 +59,33 @@ release bump="patch":
git tag "v$next"
git push origin main "v$next"
echo "Released v$next — publish workflow triggered (tag pattern v*)"

# Wire the e2e repo secrets from an already-installed GitHub App (the
# gh-automatable part of e2e setup). Discovers the App id + installation id
# from the org and sets all four WARDEN_E2E_* secrets.
# just e2e-setup <test-org> <app-slug> <path-to-private-key.pem>
# Prereqs you must do by hand first (not available via gh/API): create the
# GitHub App, download its .pem, and install it on the test org.
e2e-setup org app_slug pem:
#!/usr/bin/env bash
set -euo pipefail
repo="intentius/github-warden"
if [ ! -f "{{pem}}" ]; then echo "private key not found: {{pem}}" >&2; exit 1; fi
echo "Looking up '{{app_slug}}' installation on org '{{org}}'…"
inst=$(gh api "/orgs/{{org}}/installations" --jq '.installations[] | select(.app_slug=="{{app_slug}}")')
if [ -z "$inst" ]; then echo "No '{{app_slug}}' installation found on '{{org}}' (is it installed?)" >&2; exit 1; fi
app_id=$(echo "$inst" | jq -r .app_id)
install_id=$(echo "$inst" | jq -r .id)
echo "Found app_id=$app_id installation_id=$install_id"
gh secret set WARDEN_E2E_ORG --repo "$repo" --body "{{org}}"
gh secret set WARDEN_E2E_APP_ID --repo "$repo" --body "$app_id"
gh secret set WARDEN_E2E_INSTALLATION_ID --repo "$repo" --body "$install_id"
gh secret set WARDEN_E2E_PRIVATE_KEY --repo "$repo" < "{{pem}}"
echo "Set 4 e2e secrets on $repo. Kick it off with: just e2e-run"

# Trigger the e2e workflow on GitHub (set apply=true to also run Phase 2).
# just e2e-run # Phase 1 only
# just e2e-run true # + the teardown-guarded apply phase
e2e-run apply="false":
gh workflow run e2e.yml --repo intentius/github-warden -f apply={{apply}}
echo "Dispatched e2e.yml — watch with: gh run watch \$(gh run list --repo intentius/github-warden --workflow e2e.yml --limit 1 --json databaseId -q '.[0].databaseId')"
Loading