🔄 synced file(s) with upbound/sa-up #162

	name: End to End Testing

	on:
	# https://securitylab.github.com/resources/github-actions-preventing-pwn-requests/
	# pull_request_target is potentially dangerous target so we keep it strict
	# under the label and benefit from secret propagation
	pull_request_target:
	types:
	- synchronize
	- labeled

	env:
	UP_API_TOKEN: ${{ secrets.UP_E2E_API_TOKEN \|\| secrets.UP_API_TOKEN }}
	UP_ORG: ${{ secrets.UP_E2E_ORG \|\| secrets.UP_ORG }}
	UP_GROUP: ${{ secrets.UP_E2E_GROUP \|\| secrets.UP_GROUP \|\| 'default' }}
	UP_ROBOT_ID: ${{ secrets.UP_E2E_ROBOT_ID \|\| secrets.UP_ROBOT_ID }}

	jobs:
	e2e:
	if: contains(github.event.pull_request.labels.*.name, 'run-e2e-tests')
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	id: checkout
	uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
	with:
	ref: ${{ github.event.pull_request.head.sha }}

	- name: Install and login with up
	if: env.UP_API_TOKEN != '' && env.UP_ORG != ''
	uses: upbound/action-up@53fe6395637d884c80d2bbc8c2d75d0ece776ced # v1
	with:
	api-token: ${{ env.UP_API_TOKEN }}
	organization: ${{ env.UP_ORG }}

	# doesn't work with plain token when pushing otherwise
	- name: Login to xpkg with robot
	uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3
	with:
	registry: xpkg.upbound.io
	username: ${{ env.UP_ROBOT_ID }}
	password: ${{ env.UP_API_TOKEN }}

	- name: Build project
	run: up project build

	- name: Switch up context
	run: up ctx ${{ env.UP_ORG }}/upbound-gcp-us-central-1/${{ env.UP_GROUP }}

	- name: Run e2e tests
	run: up test run tests/* --e2e

Provide feedback