Skip to content

Commit 9765809

Browse files
neuronullneuronull
authored
chore(ci): check for team membership on secret-requiring int tests (#17909)
- Incidentally this is a nice-to-have in general. - However with the recent merge queue changes, it has become necessary because previously, all status checks would run on external contributor PRs, and the force merge because secret-requiring int tests was ok. But there is no option to force add to merge queue, it's just force merge to the protected branch. - Thus, for the `pull_request` trigger, we need to skip the integration tests that require secrets. - On contributor PRs that touch those integrations, team members can either run them locally after checking out the branch, or trigger them by comment on the PR.
1 parent b10d070 commit 9765809

File tree

1 file changed

+30
-8
lines changed

1 file changed

+30
-8
lines changed

.github/workflows/integration.yml

+30-8
Original file line numberDiff line numberDiff line change
@@ -46,10 +46,25 @@ jobs:
4646
int_tests: true
4747
secrets: inherit
4848

49+
detect-user:
50+
name: Detect user team membership
51+
runs-on: ubuntu-latest
52+
outputs:
53+
IS_TEAM_MEMBER: ${{ steps.author.outputs.isTeamMember }}
54+
steps:
55+
- name: Get PR author
56+
if: github.event_name == 'pull_request'
57+
id: author
58+
uses: tspascoal/get-user-teams-membership@v2
59+
with:
60+
username: ${{ github.actor }}
61+
team: 'Vector'
62+
GITHUB_TOKEN: ${{ secrets.GH_PAT_ORG }}
63+
4964
integration-tests:
5065
name: Integration Tests
5166
runs-on: [linux, ubuntu-20.04-4core]
52-
needs: changes
67+
needs: [changes, detect-user]
5368
if: always() && (
5469
github.event_name == 'merge_group' || (
5570
needs.changes.outputs.all-int == 'true'
@@ -103,7 +118,8 @@ jobs:
103118
max_attempts: 3
104119
command: bash scripts/ci-integration-test.sh amqp
105120

106-
- if: ${{ github.event_name == 'merge_group' || needs.changes.outputs.all-int == 'true' || needs.changes.outputs.appsignal == 'true' }}
121+
- if: (github.event_name == 'merge_group' || needs.changes.outputs.all-int == 'true' || needs.changes.outputs.appsignal == 'true') &&
122+
(github.event_name != 'pull_request' || needs.detect-user.outputs.IS_TEAM_MEMBER == 'true')
107123
name: appsignal
108124
uses: nick-fields/retry@v2
109125
with:
@@ -119,7 +135,8 @@ jobs:
119135
max_attempts: 3
120136
command: bash scripts/ci-integration-test.sh aws
121137

122-
- if: ${{ github.event_name == 'merge_group' || needs.changes.outputs.all-int == 'true' || needs.changes.outputs.axiom == 'true' }}
138+
- if: (github.event_name == 'merge_group' || needs.changes.outputs.all-int == 'true' || needs.changes.outputs.axiom == 'true') &&
139+
(github.event_name != 'pull_request' || needs.detect-user.outputs.IS_TEAM_MEMBER == 'true')
123140
name: axiom
124141
uses: nick-fields/retry@v2
125142
with:
@@ -143,39 +160,44 @@ jobs:
143160
max_attempts: 3
144161
command: bash scripts/ci-integration-test.sh clickhouse
145162

146-
- if: ${{ github.event_name == 'merge_group' || needs.changes.outputs.all-int == 'true' || needs.changes.outputs.databend == 'true' }}
163+
- if: (github.event_name == 'merge_group' || needs.changes.outputs.all-int == 'true' || needs.changes.outputs.databend == 'true') &&
164+
(github.event_name != 'pull_request' || needs.detect-user.outputs.IS_TEAM_MEMBER == 'true')
147165
name: databend
148166
uses: nick-fields/retry@v2
149167
with:
150168
timeout_minutes: 30
151169
max_attempts: 3
152170
command: bash scripts/ci-integration-test.sh databend
153171

154-
- if: ${{ github.event_name == 'merge_group' || needs.changes.outputs.all-int == 'true' || needs.changes.outputs.datadog == 'true' }}
172+
- if: (github.event_name == 'merge_group' || needs.changes.outputs.all-int == 'true' || needs.changes.outputs.datadog == 'true') &&
173+
(github.event_name != 'pull_request' || needs.detect-user.outputs.IS_TEAM_MEMBER == 'true')
155174
name: datadog-agent
156175
uses: nick-fields/retry@v2
157176
with:
158177
timeout_minutes: 30
159178
max_attempts: 3
160179
command: bash scripts/ci-integration-test.sh datadog-agent
161180

162-
- if: ${{ github.event_name == 'merge_group' || needs.changes.outputs.all-int == 'true' || needs.changes.outputs.datadog == 'true' }}
181+
- if: (github.event_name == 'merge_group' || needs.changes.outputs.all-int == 'true' || needs.changes.outputs.datadog == 'true') &&
182+
(github.event_name != 'pull_request' || needs.detect-user.outputs.IS_TEAM_MEMBER == 'true')
163183
name: datadog-logs
164184
uses: nick-fields/retry@v2
165185
with:
166186
timeout_minutes: 30
167187
max_attempts: 3
168188
command: bash scripts/ci-integration-test.sh datadog-logs
169189

170-
- if: ${{ github.event_name == 'merge_group' || needs.changes.outputs.all-int == 'true' || needs.changes.outputs.datadog == 'true' }}
190+
- if: (github.event_name == 'merge_group' || needs.changes.outputs.all-int == 'true' || needs.changes.outputs.datadog == 'true') &&
191+
(github.event_name != 'pull_request' || needs.detect-user.outputs.IS_TEAM_MEMBER == 'true')
171192
name: datadog-metrics
172193
uses: nick-fields/retry@v2
173194
with:
174195
timeout_minutes: 30
175196
max_attempts: 3
176197
command: bash scripts/ci-integration-test.sh datadog-metrics
177198

178-
- if: ${{ github.event_name == 'merge_group' || needs.changes.outputs.all-int == 'true' || needs.changes.outputs.datadog == 'true' }}
199+
- if: (github.event_name == 'merge_group' || needs.changes.outputs.all-int == 'true' || needs.changes.outputs.datadog == 'true') &&
200+
(github.event_name != 'pull_request' || needs.detect-user.outputs.IS_TEAM_MEMBER == 'true')
179201
name: datadog-traces
180202
uses: nick-fields/retry@v2
181203
with:

0 commit comments

Comments
 (0)