Migrate Python and Ruby Linux tests to GHA actions

PiperOrigin-RevId: 506449977

.github/workflows/test_cpp.yml

@@ -47,7 +47,7 @@ jobs:
         with:
           image: ${{ matrix.image }}
           credentials: ${{ secrets.GAR_SERVICE_ACCOUNT }}
-          bazel-cache: cpp_bazel/${{ matrix.config.name }}
+          bazel-cache: cpp_linux/${{ matrix.config.name }}
           bazel: test ${{ matrix.targets }} ${{ matrix.config.flags }} --distinct_host_configuration=false
 
   cmake:

.github/workflows/test_python.yml

@@ -0,0 +1,45 @@
+name: Python Tests
+
+on:
+  workflow_call:
+    inputs:
+      safe-checkout:
+        required: true
+        description: "The SHA key for the commit we want to run over"
+        type: string
+
+jobs:
+  linux:
+    strategy:
+      fail-fast: false   # Don't cancel all jobs if one fails.
+      matrix:
+        type: [ Pure, C++]
+        version: [ "3.7", "3.8", "3.9", "3.10" ]
+        include:
+          - type: Pure
+            targets: //python/... @upb//python/... //python:python_version
+            flags: --define=use_fast_cpp_protos=false
+          - type: C++
+            targets: //python/... //python:python_version
+            flags: --define=use_fast_cpp_protos=true
+          - type: C++
+            version: aarch64
+            targets: //python/... //python:aarch64_test
+            # TODO(b/262628111) Enable this once conformance tests are fixed.
+            flags: --define=use_fast_cpp_protos=true --test_tag_filters=-conformance
+            image: us-docker.pkg.dev/protobuf-build/containers/test/linux/emulation:aarch64-e863f8ec6b1dfe41f7dc573bac9c8072a0a68b1b
+
+    name: Linux ${{ matrix.type }} ${{ matrix.version }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout pending changes
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        with:
+          ref: ${{ inputs.safe-checkout }}
+      - name: Run tests
+        uses: ./.github/actions/bazel-docker
+        with:
+          image: ${{ matrix.image || format('us-docker.pkg.dev/protobuf-build/containers/test/linux/python:{0}-65526ea124d1034eac33e7c37cc6d65c5bef054f', matrix.version) }}
+          credentials: ${{ secrets.GAR_SERVICE_ACCOUNT }}
+          bazel-cache: python_linux/${{ matrix.type }}_${{ matrix.version }}
+          bazel: test ${{ matrix.targets }} ${{ matrix.flags }} --test_env=KOKORO_PYTHON_VERSION

.github/workflows/test_ruby.yml

@@ -1,4 +1,4 @@
-name: Ruby Install Tests
+name: Ruby Tests
 
 on:
   workflow_call:
@@ -9,7 +9,7 @@ on:
         type: string
 
 jobs:
-  test_ruby_gems:
+  linux:
     strategy:
       fail-fast: false
       matrix:
@@ -23,8 +23,38 @@ jobs:
           - { name: JRuby 9.3, ruby: jruby-9.3.4.0, bazel: 5.1.1}
           - { name: Ruby 2.6 (Bazel6), ruby: ruby-2.6.0, bazel: 6.0.0}
           - { name: JRuby 9.2 (Bazel6), ruby: jruby-9.2.20.1, bazel: 6.0.0}
+
     name: Linux ${{ matrix.name }}
     runs-on: ubuntu-latest
+    steps:
+      - name: Checkout pending changes
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        with:
+          ref: ${{ inputs.safe-checkout }}
+      - name: Run tests
+        uses: ./.github/actions/bazel-docker
+        with:
+          image: us-docker.pkg.dev/protobuf-build/containers/test/linux/ruby:${{ matrix.ruby }}-${{ matrix.bazel }}-75e79f791b96e056086f43ace729cf3ebf9a9f5d
+          credentials: ${{ secrets.GAR_SERVICE_ACCOUNT }}
+          bazel-cache: ruby_linux/${{ matrix.ruby }}_${{ matrix.bazel }}
+          bazel: test //ruby/... //ruby/tests:ruby_version --test_env=KOKORO_RUBY_VERSION
+
+  test_ruby_gems:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - { name: Ruby 2.6, ruby: ruby-2.6.0, bazel: 5.1.1}
+          - { name: Ruby 2.7, ruby: ruby-2.7.0, bazel: 5.1.1}
+          - { name: Ruby 3.0, ruby: ruby-3.0.2, bazel: 5.1.1}
+          - { name: Ruby 3.1, ruby: ruby-3.1.0, bazel: 5.1.1}
+          - { name: Ruby 3.2, ruby: ruby-3.2.0, bazel: 5.1.1}
+          - { name: JRuby 9.2, ruby: jruby-9.2.20.1, bazel: 5.1.1}
+          - { name: JRuby 9.3, ruby: jruby-9.3.4.0, bazel: 5.1.1}
+          - { name: Ruby 2.6 (Bazel6), ruby: ruby-2.6.0, bazel: 6.0.0}
+          - { name: JRuby 9.2 (Bazel6), ruby: jruby-9.2.20.1, bazel: 6.0.0}
+    name: Install ${{ matrix.name }}
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout pending changes
         uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
@@ -44,3 +74,4 @@ jobs:
             bazel-bin/protoc --proto_path=src --proto_path=ruby/tests --proto_path=ruby --ruby_out=ruby tests/test_import_proto2.proto;
             bazel-bin/protoc --proto_path=src --proto_path=ruby/tests --proto_path=ruby --ruby_out=ruby tests/basic_test.proto;
             ruby ruby/tests/basic.rb
+

.github/workflows/test_runner.yml

@@ -89,7 +89,7 @@ jobs:
   # Note: this pattern of passing the head sha is vulnerable to PWN requests for
   # pull_request_target events. We carefully limit those workflows to require a
   # human stamp before continuing.
-  cpp-bazel:
+  cpp:
     name: C++
     needs: [check-tag]
     uses: ./.github/workflows/test_cpp.yml
@@ -97,10 +97,18 @@ jobs:
       safe-checkout: ${{ needs.check-tag.outputs.checkout-sha }}
     secrets: inherit
 
-  ruby-install:
+  python:
-    name: Ruby Install
+    name: Python
     needs: [check-tag]
-    uses: ./.github/workflows/test_ruby_install.yml
+    uses: ./.github/workflows/test_python.yml
+    with:
+      safe-checkout: ${{ needs.check-tag.outputs.checkout-sha }}
+    secrets: inherit
+
+  ruby:
+    name: Ruby
+    needs: [check-tag]
+    uses: ./.github/workflows/test_ruby.yml
     with:
       safe-checkout: ${{ needs.check-tag.outputs.checkout-sha }}
     secrets: inherit