mirror of
https://github.com/neondatabase/neon.git
synced 2026-06-01 20:40:37 +00:00
d33e1b1b24
## Problem Another thing I overlooked regarding'approved-for-ci-run`: - When we create a PR, the action is associated with @vipvap and this triggers the pipeline — this is good. - When we update the PR by force-pushing to the branch, the action is associated with @github-actions, which doesn't trigger a pipeline — this is bad. Initially spotted in #5239 / #5211 ([link](https://github.com/neondatabase/neon/actions/runs/6122249456/job/16633919558?pr=5239)) — `check-permissions` should not fail. ## Summary of changes - Use `CI_ACCESS_TOKEN` to check out the repo (I expect this token will be reused in the following `git push`)
104 lines
3.5 KiB
YAML
104 lines
3.5 KiB
YAML
name: Handle `approved-for-ci-run` label
|
|
# This workflow helps to run CI pipeline for PRs made by external contributors (from forks).
|
|
|
|
on:
|
|
pull_request_target:
|
|
branches:
|
|
- main
|
|
types:
|
|
# Default types that triggers a workflow ([1]):
|
|
# - [1] https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request
|
|
- opened
|
|
- synchronize
|
|
- reopened
|
|
# Types that we wand to handle in addition to keep labels tidy:
|
|
- closed
|
|
# Actual magic happens here:
|
|
- labeled
|
|
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
PR_NUMBER: ${{ github.event.pull_request.number }}
|
|
|
|
permissions: write-all
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
|
|
|
|
jobs:
|
|
remove-label:
|
|
# Remove `approved-for-ci-run` label if the workflow is triggered by changes in a PR.
|
|
# The PR should be reviewed and labelled manually again.
|
|
|
|
if: |
|
|
contains(fromJSON('["opened", "synchronize", "reopened", "closed"]'), github.event.action) &&
|
|
contains(github.event.pull_request.labels.*.name, 'approved-for-ci-run')
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- run: gh pr --repo "${GITHUB_REPOSITORY}" edit "${PR_NUMBER}" --remove-label "approved-for-ci-run"
|
|
|
|
create-or-update-pr-for-ci-run:
|
|
# Create local PR for an `approved-for-ci-run` labelled PR to run CI pipeline in it.
|
|
|
|
if: |
|
|
github.event.action == 'labeled' &&
|
|
contains(github.event.pull_request.labels.*.name, 'approved-for-ci-run')
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- run: gh pr --repo "${GITHUB_REPOSITORY}" edit "${PR_NUMBER}" --remove-label "approved-for-ci-run"
|
|
|
|
- uses: actions/checkout@v3
|
|
with:
|
|
ref: main
|
|
token: ${{ secrets.CI_ACCESS_TOKEN }}
|
|
|
|
- run: gh pr checkout "${PR_NUMBER}"
|
|
|
|
- run: git checkout -b "ci-run/pr-${PR_NUMBER}"
|
|
|
|
- run: git push --force origin "ci-run/pr-${PR_NUMBER}"
|
|
|
|
- name: Create a Pull Request for CI run (if required)
|
|
env:
|
|
GH_TOKEN: ${{ secrets.CI_ACCESS_TOKEN }}
|
|
run: |
|
|
HEAD="ci-run/pr-${PR_NUMBER}"
|
|
cat << EOF > body.md
|
|
This Pull Request is created automatically to run the CI pipeline for #${PR_NUMBER}
|
|
|
|
Please do not alter or merge/close it.
|
|
|
|
Feel free to review/comment/discuss the original PR #${PR_NUMBER}.
|
|
EOF
|
|
|
|
ALREADY_CREATED="$(gh pr --repo ${GITHUB_REPOSITORY} list --head ${HEAD} --base main --json number --jq '.[].number')"
|
|
if [ -z "${ALREADY_CREATED}" ]; then
|
|
gh pr --repo "${GITHUB_REPOSITORY}" create --title "CI run for PR #${PR_NUMBER}" \
|
|
--body-file "body.md" \
|
|
--head "${HEAD}" \
|
|
--base "main" \
|
|
--draft
|
|
fi
|
|
|
|
cleanup:
|
|
# Close PRs and delete branchs if the original PR is closed.
|
|
|
|
if: |
|
|
github.event.action == 'closed' &&
|
|
github.event.pull_request.head.repo.full_name != github.repository
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- run: |
|
|
HEAD="ci-run/pr-${PR_NUMBER}"
|
|
|
|
CLOSED="$(gh pr --repo ${GITHUB_REPOSITORY} list --head ${HEAD} --json 'closed' --jq '.[].closed')"
|
|
if [ "${CLOSED}" != "false" ]; then
|
|
gh pr --repo "${GITHUB_REPOSITORY}" close "ci-run/pr-${{ github.event.pull_request.number }}" --delete-branch
|
|
fi
|