From 96fb7ed5f3ab3bf1b0c636d7e4ff19ea0f88b566 Mon Sep 17 00:00:00 2001
From: Erick Benitez-Ramos <benieric@amazon.com>
Date: Thu, 7 Mar 2024 21:11:31 +0000
Subject: [PATCH 1/5] change: enable github actions for PRs

---
 .github/workflows/codebuild-ci.yml | 46 ++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 .github/workflows/codebuild-ci.yml

diff --git a/.github/workflows/codebuild-ci.yml b/.github/workflows/codebuild-ci.yml
new file mode 100644
index 0000000000..a566fd8d6b
--- /dev/null
+++ b/.github/workflows/codebuild-ci.yml
@@ -0,0 +1,46 @@
+name: PR Checks
+on:
+    pull_request:
+
+concurrency:
+    group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+    cancel-in-progress: true
+
+permissions:
+    id-token: write # This is required for requesting the JWT
+
+jobs:
+  codestyle-doc-tests:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }}
+          aws-region: us-west-2
+          role-duration-seconds: 10800
+      - name: Run Codestyle & Doc Tests
+        uses: aws-actions/aws-codebuild-run-build@v1
+        with:
+          project-name: sagemaker-python-sdk-ci-codestyle-doc-tests
+  unit-tests:
+    runs-on: ubuntu-latest
+    strategy:
+        fail-fast: false
+        matrix:
+          python-version: ["py38", "py39", "py310"]
+    steps:
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }}
+          aws-region: us-west-2
+          role-duration-seconds: 10800
+      - name: Run Unit Tests
+        uses: aws-actions/aws-codebuild-run-build@v1
+        with:
+          project-name: sagemaker-python-sdk-ci-unit-tests
+          env-vars-for-codebuild: |
+            PY_VERSION
+        env:
+          PY_VERSION: ${{ matrix.python-version }}
\ No newline at end of file

From 74924f8d21e402a4e9c19c666331fed7220eb112 Mon Sep 17 00:00:00 2001
From: Erick Benitez-Ramos <141277478+benieric@users.noreply.github.com>
Date: Mon, 11 Mar 2024 15:07:39 -0700
Subject: [PATCH 2/5] Update codebuild-ci.yml

---
 .github/workflows/codebuild-ci.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/codebuild-ci.yml b/.github/workflows/codebuild-ci.yml
index a566fd8d6b..59c070c437 100644
--- a/.github/workflows/codebuild-ci.yml
+++ b/.github/workflows/codebuild-ci.yml
@@ -8,6 +8,7 @@ concurrency:
 
 permissions:
     id-token: write # This is required for requesting the JWT
+    contents: read
 
 jobs:
   codestyle-doc-tests:
@@ -43,4 +44,4 @@ jobs:
           env-vars-for-codebuild: |
             PY_VERSION
         env:
-          PY_VERSION: ${{ matrix.python-version }}
\ No newline at end of file
+          PY_VERSION: ${{ matrix.python-version }}

From 0dc61324b00eb895f6c9192d3bacfa6f29f8dc8f Mon Sep 17 00:00:00 2001
From: Erick Benitez-Ramos <benieric@amazon.com>
Date: Tue, 12 Mar 2024 00:23:52 +0000
Subject: [PATCH 3/5] trigger on pull_request_target

---
 .github/workflows/codebuild-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/codebuild-ci.yml b/.github/workflows/codebuild-ci.yml
index 59c070c437..25a5d9d441 100644
--- a/.github/workflows/codebuild-ci.yml
+++ b/.github/workflows/codebuild-ci.yml
@@ -1,6 +1,6 @@
 name: PR Checks
 on:
-    pull_request:
+    pull_request_target:
 
 concurrency:
     group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}

From a5c37ee5f14fc65a78eaf31f12bc8487aca94d52 Mon Sep 17 00:00:00 2001
From: Erick Benitez-Ramos <benieric@amazon.com>
Date: Tue, 12 Mar 2024 02:04:23 +0000
Subject: [PATCH 4/5] add source-version-override

---
 .github/workflows/codebuild-ci.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/codebuild-ci.yml b/.github/workflows/codebuild-ci.yml
index 25a5d9d441..e94df9a56c 100644
--- a/.github/workflows/codebuild-ci.yml
+++ b/.github/workflows/codebuild-ci.yml
@@ -3,7 +3,7 @@ on:
     pull_request_target:
 
 concurrency:
-    group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+    group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.head_ref }}
     cancel-in-progress: true
 
 permissions:
@@ -24,6 +24,7 @@ jobs:
         uses: aws-actions/aws-codebuild-run-build@v1
         with:
           project-name: sagemaker-python-sdk-ci-codestyle-doc-tests
+          source-version-override: 'pr/${{ github.event.pull_request.number }}'
   unit-tests:
     runs-on: ubuntu-latest
     strategy:
@@ -41,6 +42,7 @@ jobs:
         uses: aws-actions/aws-codebuild-run-build@v1
         with:
           project-name: sagemaker-python-sdk-ci-unit-tests
+          source-version-override: 'pr/${{ github.event.pull_request.number }}'
           env-vars-for-codebuild: |
             PY_VERSION
         env:

From 0fcbc0829f06b499b09dbea100a8e5970eda27db Mon Sep 17 00:00:00 2001
From: Erick Benitez-Ramos <benieric@amazon.com>
Date: Tue, 12 Mar 2024 15:07:25 +0000
Subject: [PATCH 5/5] fix permission

---
 .github/workflows/codebuild-ci.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/codebuild-ci.yml b/.github/workflows/codebuild-ci.yml
index e94df9a56c..e72680be2a 100644
--- a/.github/workflows/codebuild-ci.yml
+++ b/.github/workflows/codebuild-ci.yml
@@ -8,7 +8,6 @@ concurrency:
 
 permissions:
     id-token: write # This is required for requesting the JWT
-    contents: read
 
 jobs:
   codestyle-doc-tests: