diff --git a/.github/workflows/tft.yml b/.github/workflows/tft-pr.yml similarity index 90% rename from .github/workflows/tft.yml rename to .github/workflows/tft-pr.yml index e39004c..b2753ab 100644 --- a/.github/workflows/tft.yml +++ b/.github/workflows/tft-pr.yml @@ -1,9 +1,11 @@ --- -name: Run integration tests in Testing Farm +name: Run integration tests in Testing Farm on PR on: - issue_comment: + pull_request: types: - - created + - opened + - synchronize + - reopened permissions: contents: read # This is required for the ability to create/update the Pull request status @@ -16,13 +18,6 @@ jobs: # group name contains reponame-pr_num to allow simualteneous runs in different PRs group: testing-farm-${{ github.event.repository.name }}-${{ github.event.issue.number }} cancel-in-progress: true - # Let's schedule tests only on user request. NOT automatically. - # Only repository owner or member can schedule tests - if: | - github.event.issue.pull_request - && contains(github.event.comment.body, '[citest]') - && (contains(fromJson('["OWNER", "MEMBER", "COLLABORATOR", "CONTRIBUTOR"]'), github.event.comment.author_association) - || contains('systemroller', github.event.comment.user.login)) runs-on: ubuntu-latest outputs: supported_platforms: ${{ steps.supported_platforms.outputs.supported_platforms }} @@ -35,6 +30,23 @@ jobs: env: GITHUB_CONTEXT: ${{ toJson(github) }} + - name: Get User Permission + id: checkAccess + uses: actions-cool/check-user-permission@v2 + with: + require: write + username: ${{ github.triggering_actor }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Check User Permission + if: steps.checkAccess.outputs.require-result == 'false' + run: | + echo "${{ github.triggering_actor }} does not have permissions on this repo." + echo "Job originally triggered by ${{ github.actor }} with permission level ${{ steps.checkAccess.outputs.user-permission }}" + echo "This jub can be re-run by a maintainer" + exit 1 + - name: Checkout repo uses: actions/checkout@v4 diff --git a/.github/workflows/tft_citest_bad.yml b/.github/workflows/tft_citest_bad.yml deleted file mode 100644 index 4b65ebb..0000000 --- a/.github/workflows/tft_citest_bad.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -name: Re-run failed testing farm tests -on: - issue_comment: - types: - - created -permissions: - contents: read -jobs: - citest_bad_rerun: - if: | - github.event.issue.pull_request - && github.event.comment.body == '[citest_bad]' - && contains(fromJson('["OWNER", "MEMBER", "COLLABORATOR", "CONTRIBUTOR"]'), github.event.comment.author_association) - permissions: - actions: write # for re-running failed jobs: https://docs.github.com/en/rest/actions/workflow-runs?apiVersion=2022-11-28#re-run-a-job-from-a-workflow-run - runs-on: ubuntu-latest - steps: - - name: Wait 10s until tft.yml workflow is created and skipped because new comment don't match [citest] - run: sleep 10s - - - name: Re-run failed jobs for this PR - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - REPO: ${{ github.repository }} - PR_TITLE: ${{ github.event.issue.title }} - run: | - PENDING_RUN=$(gh api "repos/$REPO/actions/workflows/tft.yml/runs?event=issue_comment" \ - | jq -r "[.workflow_runs[] | select( .display_title == \"$PR_TITLE\") | \ - select(.status == \"pending\" or .status == \"queued\" or .status == \"in_progress\") | .id][0]") - # if pending run don't exist, take the last run with failure state - if [ "$PENDING_RUN" != "null" ]; then - echo "The workflow $PENDING_RUN is still running, wait for it to finish to re-run" - exit 1 - fi - RUN_ID=$(gh api "repos/$REPO/actions/workflows/tft.yml/runs?event=issue_comment" \ - | jq -r "[.workflow_runs[] | select( .display_title == \"$PR_TITLE\" ) | select( .conclusion == \"failure\" ) | .id][0]") - if [ "$RUN_ID" = "null" ]; then - echo "Failed workflow not found, exitting" - exit 1 - fi - echo "Re-running workflow $RUN_ID" - gh api --method POST repos/$REPO/actions/runs/$RUN_ID/rerun-failed-jobs