mirror of
https://github.com/neondatabase/neon.git
synced 2026-05-30 19:40:39 +00:00
edccef4514
## Problem CI doesn't work for external contributors (for PRs from forks), see #2222 for more information. I'm proposing the following: - External PR is created - PR is reviewed so that it doesn't contain any malicious code - Label `approved-for-ci-run` is added to that PR (by the reviewer) - A new workflow picks up this label and creates an internal branch from that PR (the branch name is `ci-run/pr-*`) - CI is run on the branch, but the results are also propagated to the PRs check - We can merge a PR itself if it's green; if not — repeat. ## Summary of changes - Create `approved-for-ci-run.yml` workflow which handles `approved-for-ci-run` label - Trigger `build_and_test.yml` and `neon_extra_builds.yml` workflows on `ci-run/pr-*` branches
56 lines
1.7 KiB
YAML
56 lines
1.7 KiB
YAML
name: Handle `approved-for-ci-run` label
|
|
# This workflow helps to run CI pipeline for PRs made by external contributors (from forks).
|
|
|
|
on:
|
|
pull_request:
|
|
types:
|
|
# Default types that triggers a workflow ([1]):
|
|
# - [1] https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request
|
|
- opened
|
|
- synchronize
|
|
- reopened
|
|
# Types that we wand to handle in addition to keep labels tidy:
|
|
- closed
|
|
# Actual magic happens here:
|
|
- labeled
|
|
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
PR_NUMBER: ${{ github.event.pull_request.number }}
|
|
|
|
jobs:
|
|
remove-label:
|
|
# Remove `approved-for-ci-run` label if the workflow is triggered by changes in a PR.
|
|
# The PR should be reviewed and labelled manually again.
|
|
|
|
runs-on: [ ubuntu-latest ]
|
|
|
|
if: |
|
|
contains(fromJSON('["opened", "synchronize", "reopened", "closed"]'), github.event.action) &&
|
|
contains(github.event.pull_request.labels.*.name, 'approved-for-ci-run')
|
|
|
|
steps:
|
|
- run: gh pr --repo "${GITHUB_REPOSITORY}" edit "${PR_NUMBER}" --remove-label "approved-for-ci-run"
|
|
|
|
create-branch:
|
|
# Create a local branch for an `approved-for-ci-run` labelled PR to run CI pipeline in it.
|
|
|
|
runs-on: [ ubuntu-latest ]
|
|
|
|
if: |
|
|
github.event.action == 'labeled' &&
|
|
contains(github.event.pull_request.labels.*.name, 'approved-for-ci-run')
|
|
|
|
steps:
|
|
- run: gh pr --repo "${GITHUB_REPOSITORY}" edit "${PR_NUMBER}" --remove-label "approved-for-ci-run"
|
|
|
|
- uses: actions/checkout@v3
|
|
with:
|
|
ref: main
|
|
|
|
- run: gh pr checkout "${PR_NUMBER}"
|
|
|
|
- run: git checkout -b "ci-run/pr-${PR_NUMBER}"
|
|
|
|
- run: git push --force origin "ci-run/pr-${PR_NUMBER}"
|