Skip to content

Publish Test results #509

Publish Test results

Publish Test results #509

name: Publish Test results
# WARNING:
# workflow_run provides read-write repo token and access to secrets.
# Do *not* merge changes to this file without the proper review.
# We should only be running trusted code here.
# See https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
# Docs: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_run
on:
workflow_run:
workflows:
- CI
- Publish
- Release
types:
- completed
permissions: {}
jobs:
# Job based on
# - https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
# - https://github.com/marketplace/actions/publish-test-results#support-fork-repositories-and-dependabot-branches
publish-test-results:
runs-on: ubuntu-latest
if: github.event.workflow_run.conclusion != 'skipped'
permissions:
checks: write
# needed unless run with comment_mode: off
pull-requests: write
# only needed for private repository
#contents: read
# only needed for private repository
#issues: read
# required by download step to access artifacts API
actions: read
steps:
- name: Download and Extract Artifacts
uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11
with:
run_id: ${{ github.event.workflow_run.id }}
path: artifacts
- name: Publish Test Results
uses: EnricoMi/publish-unit-test-result-action@v2
with:
commit: ${{ github.event.workflow_run.head_sha }}
event_file: artifacts/event-file/event.json
event_name: ${{ github.event.workflow_run.event }}
files: "artifacts/**/build/test-results/test/TEST-*.xml"
...