A number of our workflows use write tokens for integration tests. This isn't great and prevents third-party contributions, so let's replace that with tests that we can mock API calls and other benefits such as code coverage monitoring.
Replaced tests
Action
Status
check-commit-format
✅ Could do with better coverage but is no worse than what we had before
dismiss-approvals
✅
label-pull-requests
✅ Could do with better coverage but is no worse than what we had before
post-comment
✅
Still integration tests, but in good state
Action
Status
brew-script
Composite action that executes Ruby. Unchanged as the existing workflow doesn't need sensitive tokens
git-try-push
Executes commands so messier to mock. Need for write tokens when testing removed in #541
git-user-config
Executes commands. Unchanged as the existing workflow doesn't need sensitive tokens
setup-commit-signing
Shell script so can't be integrated into the Node test suite. Need for secrets when testing removed in #540
setup-homebrew
Shell script. Unchanged as the existing workflow doesn't need sensitive tokens and is fairly comprehensive as is
Note that these will not have code coverage monitored as a result.
No tests; need attention
Action
Status
Recommendation
bump-formulae
Deprecated but stable. Any bump-package test coverage would cover this one
Add tests to bump-packages
bump-packages
Composite action. No tests
Figure out how to test this
create-gcloud-instance
Shell scripts. No tests
Will deprecate this soon
failures-summary-and-bottle-result
Composite action. No tests
Figure out how to test this
find-related-workflow-run-id
Uses gh. No tests
Migrate this to use octokit.js
limit-pull-requests
Uses gh. No tests
Migrate this to use octokit.js
post-build pre-build
Composite action. No tests and has a history of "blind changes"
Move this to homebrew-core
remove-disabled-formulae
Uses Ruby, executes commands. No tests
Figure out how to test this
wait-for-idle-runner
Can easily be added to the Node test suite but isn't expected to stay around for long
A number of our workflows use write tokens for integration tests. This isn't great and prevents third-party contributions, so let's replace that with tests that we can mock API calls and other benefits such as code coverage monitoring.
Replaced tests
Still integration tests, but in good state
Note that these will not have code coverage monitored as a result.
No tests; need attention
Any bump-package test coverage would cover this one
gh. No testsoctokit.jsgh. No testsoctokit.jspre-build
No tests and has a history of "blind changes"
but isn't expected to stay around for long