-
Notifications
You must be signed in to change notification settings - Fork 17
75 lines (64 loc) · 2.61 KB
/
test-deploy-owners.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# NOTE: This name appears in GitHub's Checks API and in workflow's status badge.
name: test-deploy-owners
env:
# CI variables
DOCKER_PLATFORM: "amd64"
# Indexer variables
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_TOOLS_GITHUB_APP_PRIVATE_KEY: ${{ secrets.PR_TOOLS_GITHUB_APP_PRIVATE_KEY }}
PR_TOOLS_GITHUB_APP_ID: ${{ secrets.PR_TOOLS_GITHUB_APP_ID }}
PR_TOOLS_ADMIN_TEAM_NAME: ${{ secrets.PR_TOOLS_ADMIN_TEAM_NAME }}
# should not be set to a legitimate value for testing. This will use up API
# quota otherwise
DUNE_API_KEY: "none"
PR_TOOLS_REPO: ${{ github.repository }}
# Trigger the workflow when:
on:
pull_request_target:
types: [assigned, opened, synchronize, reopened]
# Cancel in progress jobs on new pushes.
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
test-deploy:
name: Test Deployment Initializer
if: ${{ github.event.pull_request }}
environment: external-prs-app
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Setup external pr tools
uses: ./.github/workflows/setup-external-pr-tools
- name: Initialize check
run: |
cd ops/external-prs &&
pnpm tools initialize-check ${{ github.event.pull_request.head.sha }} ${{ github.event.pull_request.user.login }} test-deploy
- name: Check if the user is an admin
id: prs_permissions
run: |
cd ops/external-prs &&
pnpm tools common is-repo-admin ${{ github.event.pull_request.user.login }} --output-file $GITHUB_OUTPUT
- name: Auto-approve PR if conditions are met
run: |
cd ops/external-prs &&
pnpm tools common attempt-auto-approve ${{ github.event.pull_request.number }}
- name: Login to google
uses: "google-github-actions/auth@v2"
with:
credentials_json: "${{ secrets.GOOGLE_BQ_ADMIN_CREDENTIALS_JSON }}"
create_credentials_file: true
if: ${{ steps.prs_permissions.outputs.is_admin == '1' }}
- name: Run test-deploy
uses: ./.github/workflows/test-deploy
with:
sha: ${{ github.event.pull_request.head.sha }}
pr: ${{ github.event.pull_request.number }}
requester: ${{ github.event.sender.login }}
author: ${{ github.event.sender.login }}
gcp_service_account_path: ${{ env.GOOGLE_APPLICATION_CREDENTIALS }}
google_project_id: ${{ vars.GOOGLE_PROJECT_ID }}
if: ${{ steps.prs_permissions.outputs.is_admin == '1' }}