From 5a59c6024a1bbe434e881f85f1aec96d34a1cc9d Mon Sep 17 00:00:00 2001
From: Joshua Cannon <joshdcannon@gmail.com>
Date: Sat, 10 Jun 2023 19:52:43 -0500
Subject: [PATCH] Add `act` to Pants (all in BUILD) and smoke test our
 workflows (#19278)

This is groundwork for/from
https://github.com/pantsbuild/pants/pull/19230.

Not only can we have devs run `act` now (without having to install it
:smile: (kudos to @chrisjrn 's work in adhoc/shell) but we can smoke
test our workflows.

My local testing using `act` has actually bore much fruit. Several bugs
were caught that existed solely in the YAML file itself. A history of
the `workflows` file shows PRs that mirror my own findings: It's damn
hard to test actions. Although this addition represents semi-significant
cognitive burden of `act` and what goes into smoke testing, I think it's
worth it to avoid the large churn that comes with authoring/editing
actions. And I want to author more actions (because automation is bae).

So, here's the foundation :smile:
---
 .github/workflows/BUILD       |  4 +++
 .github/workflows/tests/BUILD | 17 ++++++++++
 build-support/bin/act/.actrc  |  1 +
 build-support/bin/act/BUILD   | 64 +++++++++++++++++++++++++++++++++++
 pants.toml                    |  2 ++
 5 files changed, 88 insertions(+)
 create mode 100644 .github/workflows/BUILD
 create mode 100644 .github/workflows/tests/BUILD
 create mode 100644 build-support/bin/act/.actrc
 create mode 100644 build-support/bin/act/BUILD

diff --git a/.github/workflows/BUILD b/.github/workflows/BUILD
new file mode 100644
index 00000000000..86d21160841
--- /dev/null
+++ b/.github/workflows/BUILD
@@ -0,0 +1,4 @@
+# Copyright 2023 Pants project contributors (see CONTRIBUTORS.md).
+# Licensed under the Apache License, Version 2.0 (see LICENSE).
+
+files(sources=["*.yaml"])
diff --git a/.github/workflows/tests/BUILD b/.github/workflows/tests/BUILD
new file mode 100644
index 00000000000..c6621861ef7
--- /dev/null
+++ b/.github/workflows/tests/BUILD
@@ -0,0 +1,17 @@
+# Copyright 2023 Pants project contributors (see CONTRIBUTORS.md).
+# Licensed under the Apache License, Version 2.0 (see LICENSE).
+
+# This contains various smoke tests for out GitHub Actions workflows.
+# These aren't meant to be comprehensive, as they can be quite expensive to run. However, they are
+# still useful as they can expose bugs before the action is run in "prod".
+
+experimental_test_shell_command(
+    name="Test workflow_dispatch dryrun",
+    command="./act workflow_dispatch --dryrun",
+    execution_dependencies=[
+        "//build-support/bin/act:act-at-root",
+        ".github/workflows:workflows",
+    ],
+    workdir="/",
+    timeout=120,
+)
diff --git a/build-support/bin/act/.actrc b/build-support/bin/act/.actrc
new file mode 100644
index 00000000000..5c08277ae70
--- /dev/null
+++ b/build-support/bin/act/.actrc
@@ -0,0 +1 @@
+-P ubuntu-latest=catthehacker/ubuntu:act-latest
diff --git a/build-support/bin/act/BUILD b/build-support/bin/act/BUILD
new file mode 100644
index 00000000000..0b93b25f6df
--- /dev/null
+++ b/build-support/bin/act/BUILD
@@ -0,0 +1,64 @@
+# Copyright 2023 Pants project contributors (see CONTRIBUTORS.md).
+# Licensed under the Apache License, Version 2.0 (see LICENSE).
+
+# This contains all the plumbing in order to get https://github.com/nektos/act working in a sandbox
+# and in `run`.
+# To run `act`, use `pants run build-support/bin/act -- --version` (or whatever args you want).
+
+file(
+    name="downloaded-act",
+    source=per_platform(
+        macos_x86_64=http_source(
+            url="https://github.com/nektos/act/releases/download/v0.2.46/act_Darwin_x86_64.tar.gz",
+            len=6289585,
+            sha256="503bd4560afa3394fac87c404d4b34d1b422b8bb136b7f4ddaab27d08367700a",
+            filename="act.tar.gz",
+        ),
+        macos_arm64=http_source(
+            url="https://github.com/nektos/act/releases/download/v0.2.46/act_Darwin_arm64.tar.gz",
+            len=6015670,
+            sha256="6e5aae98192747d9430625cf0ac42e9fbcdbd9bc5e2558eb0297d0e2f9f2b2a8",
+            filename="act.tar.gz",
+        ),
+        linux_x86_64=http_source(
+            url="https://github.com/nektos/act/releases/download/v0.2.46/act_Linux_x86_64.tar.gz",
+            len=6079499,
+            sha256="19d5cdf534f892c1b62c32765c3982e2eb1334d66de4cc7e4a0e568cc0256f44",
+            filename="act.tar.gz",
+        ),
+        linux_arm64=http_source(
+            url="https://github.com/nektos/act/releases/download/v0.2.46/act_Linux_arm64.tar.gz",
+            len=5544514,
+            sha256="06418ca7430df409940812afe343c00118d7df889b11422232ff31a32a32b737",
+            filename="act.tar.gz",
+        ),
+    ),
+)
+
+shell_command(
+    name="extracted-act",
+    command="tar -xf act.tar.gz",
+    tools=["tar", "gzip"],
+    execution_dependencies=[":downloaded-act"],
+    output_directories=["act"],
+)
+
+file(
+    name=".actrc",
+    source=".actrc",
+)
+
+relocated_files(
+    name="act-at-root",
+    files_targets=[":extracted-act", ":.actrc"],
+    src=f"{build_file_dir()}",
+    dest="",
+)
+
+run_shell_command(
+    name="act",
+    # NB: Use XDG_CONFIG_DIRS so the .actrc gets loaded from the sandbox
+    command="XDG_CONFIG_DIRS=${CHROOT}:$XDG_CONFIG_DIRS {chroot}/act $@",
+    workdir="/",
+    execution_dependencies=[":act-at-root"],
+)
diff --git a/pants.toml b/pants.toml
index d69028a5b15..0e2ca28b97c 100644
--- a/pants.toml
+++ b/pants.toml
@@ -65,6 +65,8 @@ pants_ignore.add = [
   "!/pants.pex",
   # Ignore node modules for docs processing tools
   "/docs/node_modules",
+  # We have Pants stuff in here
+  "!.github/",
 ]
 
 build_ignore.add = [