Skip to content

Commit

Permalink
chore(ci): check for team membership on secret-requiring int tests (#…
Browse files Browse the repository at this point in the history
…17909)

- Incidentally this is a nice-to-have in general.

- However with the recent merge queue changes, it has become necessary
because previously, all status checks would run on external contributor
PRs, and the force merge because secret-requiring int tests was ok. But
there is no option to force add to merge queue, it's just force merge to
the protected branch.

- Thus, for the `pull_request` trigger, we need to skip the integration
tests that require secrets.

- On contributor PRs that touch those integrations, team members can
either run them locally after checking out the branch, or trigger them
by comment on the PR.
  • Loading branch information
neuronull authored Jul 7, 2023
1 parent b10d070 commit 9765809
Showing 1 changed file with 30 additions and 8 deletions.
38 changes: 30 additions & 8 deletions .github/workflows/integration.yml
Original file line number Diff line number Diff line change
Expand Up @@ -46,10 +46,25 @@ jobs:
int_tests: true
secrets: inherit

detect-user:
name: Detect user team membership
runs-on: ubuntu-latest
outputs:
IS_TEAM_MEMBER: ${{ steps.author.outputs.isTeamMember }}
steps:
- name: Get PR author
if: github.event_name == 'pull_request'
id: author
uses: tspascoal/get-user-teams-membership@v2
with:
username: ${{ github.actor }}
team: 'Vector'
GITHUB_TOKEN: ${{ secrets.GH_PAT_ORG }}

integration-tests:
name: Integration Tests
runs-on: [linux, ubuntu-20.04-4core]
needs: changes
needs: [changes, detect-user]
if: always() && (
github.event_name == 'merge_group' || (
needs.changes.outputs.all-int == 'true'
Expand Down Expand Up @@ -103,7 +118,8 @@ jobs:
max_attempts: 3
command: bash scripts/ci-integration-test.sh amqp

- if: ${{ github.event_name == 'merge_group' || needs.changes.outputs.all-int == 'true' || needs.changes.outputs.appsignal == 'true' }}
- if: (github.event_name == 'merge_group' || needs.changes.outputs.all-int == 'true' || needs.changes.outputs.appsignal == 'true') &&
(github.event_name != 'pull_request' || needs.detect-user.outputs.IS_TEAM_MEMBER == 'true')
name: appsignal
uses: nick-fields/retry@v2
with:
Expand All @@ -119,7 +135,8 @@ jobs:
max_attempts: 3
command: bash scripts/ci-integration-test.sh aws

- if: ${{ github.event_name == 'merge_group' || needs.changes.outputs.all-int == 'true' || needs.changes.outputs.axiom == 'true' }}
- if: (github.event_name == 'merge_group' || needs.changes.outputs.all-int == 'true' || needs.changes.outputs.axiom == 'true') &&
(github.event_name != 'pull_request' || needs.detect-user.outputs.IS_TEAM_MEMBER == 'true')
name: axiom
uses: nick-fields/retry@v2
with:
Expand All @@ -143,39 +160,44 @@ jobs:
max_attempts: 3
command: bash scripts/ci-integration-test.sh clickhouse

- if: ${{ github.event_name == 'merge_group' || needs.changes.outputs.all-int == 'true' || needs.changes.outputs.databend == 'true' }}
- if: (github.event_name == 'merge_group' || needs.changes.outputs.all-int == 'true' || needs.changes.outputs.databend == 'true') &&
(github.event_name != 'pull_request' || needs.detect-user.outputs.IS_TEAM_MEMBER == 'true')
name: databend
uses: nick-fields/retry@v2
with:
timeout_minutes: 30
max_attempts: 3
command: bash scripts/ci-integration-test.sh databend

- if: ${{ github.event_name == 'merge_group' || needs.changes.outputs.all-int == 'true' || needs.changes.outputs.datadog == 'true' }}
- if: (github.event_name == 'merge_group' || needs.changes.outputs.all-int == 'true' || needs.changes.outputs.datadog == 'true') &&
(github.event_name != 'pull_request' || needs.detect-user.outputs.IS_TEAM_MEMBER == 'true')
name: datadog-agent
uses: nick-fields/retry@v2
with:
timeout_minutes: 30
max_attempts: 3
command: bash scripts/ci-integration-test.sh datadog-agent

- if: ${{ github.event_name == 'merge_group' || needs.changes.outputs.all-int == 'true' || needs.changes.outputs.datadog == 'true' }}
- if: (github.event_name == 'merge_group' || needs.changes.outputs.all-int == 'true' || needs.changes.outputs.datadog == 'true') &&
(github.event_name != 'pull_request' || needs.detect-user.outputs.IS_TEAM_MEMBER == 'true')
name: datadog-logs
uses: nick-fields/retry@v2
with:
timeout_minutes: 30
max_attempts: 3
command: bash scripts/ci-integration-test.sh datadog-logs

- if: ${{ github.event_name == 'merge_group' || needs.changes.outputs.all-int == 'true' || needs.changes.outputs.datadog == 'true' }}
- if: (github.event_name == 'merge_group' || needs.changes.outputs.all-int == 'true' || needs.changes.outputs.datadog == 'true') &&
(github.event_name != 'pull_request' || needs.detect-user.outputs.IS_TEAM_MEMBER == 'true')
name: datadog-metrics
uses: nick-fields/retry@v2
with:
timeout_minutes: 30
max_attempts: 3
command: bash scripts/ci-integration-test.sh datadog-metrics

- if: ${{ github.event_name == 'merge_group' || needs.changes.outputs.all-int == 'true' || needs.changes.outputs.datadog == 'true' }}
- if: (github.event_name == 'merge_group' || needs.changes.outputs.all-int == 'true' || needs.changes.outputs.datadog == 'true') &&
(github.event_name != 'pull_request' || needs.detect-user.outputs.IS_TEAM_MEMBER == 'true')
name: datadog-traces
uses: nick-fields/retry@v2
with:
Expand Down

0 comments on commit 9765809

Please sign in to comment.