-
Notifications
You must be signed in to change notification settings - Fork 75
225 lines (197 loc) · 8.88 KB
/
pr-e2e-codebuild.yml
File metadata and controls
225 lines (197 loc) · 8.88 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
name: PR E2E Tests (CodeBuild)
on:
issue_comment:
types: [created]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
id-token: write # Required for OIDC authentication with AWS
contents: read
pull-requests: write # To post comments back to the PR
statuses: write # To create commit status checks
jobs:
trigger-codebuild:
# Only run on PR comments that contain /test-e2e
if: |
github.event.issue.pull_request &&
contains(github.event.comment.body, '/test-e2e')
runs-on: ubuntu-latest
steps:
- name: Check user permissions
id: check-permissions
uses: actions/github-script@v7
with:
script: |
const username = context.payload.comment.user.login;
try {
const { data: permissionData } = await github.rest.repos.getCollaboratorPermissionLevel({
owner: context.repo.owner,
repo: context.repo.repo,
username: username
});
const permission = permissionData.permission;
console.log(`User ${username} has permission: ${permission}`);
// Allow admin, write, and maintain permissions
const allowedPermissions = ['admin', 'write', 'maintain'];
if (!allowedPermissions.includes(permission)) {
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
body: `@${username} Sorry, you don't have permission to trigger E2E tests. This command is restricted to repository maintainers.`
});
core.setFailed(`User ${username} does not have sufficient permissions (has: ${permission}, needs: ${allowedPermissions.join(', ')})`);
}
core.setOutput('allowed', 'true');
} catch (error) {
console.error('Error checking permissions:', error);
core.setFailed('Failed to check user permissions');
}
- name: React to comment
if: steps.check-permissions.outputs.allowed == 'true'
uses: actions/github-script@v7
with:
script: |
await github.rest.reactions.createForIssueComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: context.payload.comment.id,
content: 'rocket'
});
- name: Get PR details
id: pr
uses: actions/github-script@v7
with:
script: |
const pr = await github.rest.pulls.get({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number
});
core.setOutput('sha', pr.data.head.sha);
core.setOutput('ref', pr.data.head.ref);
core.setOutput('repo', pr.data.head.repo.clone_url);
- name: Check if PR has buildspec.yml
id: check-buildspec
uses: actions/github-script@v7
with:
script: |
try {
await github.rest.repos.getContent({
owner: context.repo.owner,
repo: context.repo.repo,
path: 'buildspec.yml',
ref: '${{ steps.pr.outputs.sha }}'
});
core.setOutput('has-buildspec', 'true');
} catch (error) {
if (error.status === 404) {
core.setOutput('has-buildspec', 'false');
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
body: '⚠️ This PR branch does not contain `buildspec.yml`, which is required to run E2E tests.\n\nPlease rebase this PR with the `master` branch to include the latest changes, then try `/test-e2e` again.'
});
} else {
throw error;
}
}
- name: Fail if buildspec.yml is missing
if: steps.check-buildspec.outputs.has-buildspec == 'false'
uses: actions/github-script@v7
with:
script: |
const sha = '${{ steps.pr.outputs.sha }}';
await github.rest.repos.createCommitStatus({
owner: context.repo.owner,
repo: context.repo.repo,
sha: sha,
state: 'failure',
context: 'CodeBuild / E2E Tests',
description: 'PR needs rebase - buildspec.yml missing'
});
core.setFailed('This PR branch does not contain buildspec.yml. Please rebase with master.');
- name: Create pending status check
if: steps.check-permissions.outputs.allowed == 'true' && steps.check-buildspec.outputs.has-buildspec == 'true'
uses: actions/github-script@v7
with:
script: |
const projectUrl = 'https://us-east-1.codebuild.aws.amazon.com/project/eyJlbmNyeXB0ZWREYXRhIjoiTHJVaVRGR05mWnExNnVLS3N1OWMrMGtFMEdYQnZ5VmVmMjJ6ZEFsYzdLQUc2WjViWTI2d3RLS21UalVWZHN3c2kwaytBMm1SaHZOVTd6elNGeGJaaEtnc0tKeUp0WTNOOUptOUIyMVBrZXRzIiwiaXZQYXJhbWV0ZXJTcGVjIjoiTS9ZYlZlTDA4M2F1cW1zMSIsIm1hdGVyaWFsU2V0U2VyaWFsIjoxfQ%3D%3D';
await github.rest.repos.createCommitStatus({
owner: context.repo.owner,
repo: context.repo.repo,
sha: '${{ steps.pr.outputs.sha }}',
state: 'pending',
context: 'CodeBuild / E2E Tests',
description: 'Running E2E tests...',
target_url: projectUrl
});
- name: Configure AWS credentials
if: steps.check-buildspec.outputs.has-buildspec == 'true'
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_CODEBUILD_ROLE_ARN }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Run CodeBuild
if: steps.check-buildspec.outputs.has-buildspec == 'true'
id: codebuild
uses: aws-actions/aws-codebuild-run-build@v1
with:
hide-cloudwatch-logs: true
project-name: clowder-pr-check
source-version-override: ${{ steps.pr.outputs.sha }}
env-vars-for-codebuild: |
GITHUB_PR_NUMBER,
GITHUB_SHA,
GITHUB_REF,
GITHUB_ACTOR,
GITHUB_REPOSITORY
env:
GITHUB_PR_NUMBER: ${{ github.event.issue.number }}
GITHUB_SHA: ${{ steps.pr.outputs.sha }}
GITHUB_REF: ${{ steps.pr.outputs.ref }}
GITHUB_ACTOR: ${{ github.actor }}
GITHUB_REPOSITORY: ${{ github.repository }}
- name: Update status check on success
if: success() && steps.codebuild.outputs.aws-build-id
uses: actions/github-script@v7
with:
script: |
const buildId = '${{ steps.codebuild.outputs.aws-build-id }}'.split(':')[1];
const buildUrl = `https://us-east-1.codebuild.aws.amazon.com/project/eyJlbmNyeXB0ZWREYXRhIjoiTHJVaVRGR05mWnExNnVLS3N1OWMrMGtFMEdYQnZ5VmVmMjJ6ZEFsYzdLQUc2WjViWTI2d3RLS21UalVWZHN3c2kwaytBMm1SaHZOVTd6elNGeGJaaEtnc0tKeUp0WTNOOUptOUIyMVBrZXRzIiwiaXZQYXJhbWV0ZXJTcGVjIjoiTS9ZYlZlTDA4M2F1cW1zMSIsIm1hdGVyaWFsU2V0U2VyaWFsIjoxfQ%3D%3D/build/${buildId}`;
await github.rest.repos.createCommitStatus({
owner: context.repo.owner,
repo: context.repo.repo,
sha: '${{ steps.pr.outputs.sha }}',
state: 'success',
context: 'CodeBuild / E2E Tests',
description: 'E2E tests passed',
target_url: buildUrl
});
- name: Update status check on failure
if: failure()
uses: actions/github-script@v7
with:
script: |
const buildId = '${{ steps.codebuild.outputs.aws-build-id }}';
const baseUrl = 'https://us-east-1.codebuild.aws.amazon.com/project/eyJlbmNyeXB0ZWREYXRhIjoiTHJVaVRGR05mWnExNnVLS3N1OWMrMGtFMEdYQnZ5VmVmMjJ6ZEFsYzdLQUc2WjViWTI2d3RLS21UalVWZHN3c2kwaytBMm1SaHZOVTd6elNGeGJaaEtnc0tKeUp0WTNOOUptOUIyMVBrZXRzIiwiaXZQYXJhbWV0ZXJTcGVjIjoiTS9ZYlZlTDA4M2F1cW1zMSIsIm1hdGVyaWFsU2V0U2VyaWFsIjoxfQ%3D%3D';
let buildUrl;
let description;
if (buildId) {
buildUrl = `${baseUrl}/build/${buildId.split(':')[1]}`;
description = 'E2E tests failed';
} else {
buildUrl = baseUrl;
description = 'Failed to start E2E tests';
}
await github.rest.repos.createCommitStatus({
owner: context.repo.owner,
repo: context.repo.repo,
sha: '${{ steps.pr.outputs.sha }}',
state: 'failure',
context: 'CodeBuild / E2E Tests',
description: description,
target_url: buildUrl
});