Manually run extra tests & emit metric if token expired

benieric · benieric · commit 1676a300435a · 2024-07-30T00:20:42.000-07:00
diff --git a/.github/workflows/codebuild-ci.yml b/.github/workflows/codebuild-ci.yml
@@ -17,9 +17,16 @@ jobs:
     outputs: 
       approval-env: ${{ steps.collab-check.outputs.result }}
     steps:
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+            role-to-assume: ${{ secrets.MONITORING_AWS_ROLE_ARN }}
+            aws-region: us-west-2
       - name: Collaborator Check
         uses: actions/github-script@v7
         id: collab-check
+        env:
+            PR_USER_LOGIN: ${{ github.event.pull_request.user.login }}
         with:
           github-token: ${{ secrets.COLLAB_CHECK_TOKEN }}
           result-encoding: string
@@ -28,13 +35,19 @@ jobs:
               const res = await github.rest.repos.checkCollaborator({
                 owner: context.repo.owner,
                 repo: context.repo.repo,
-                username: "${{ github.event.pull_request.user.login }}",
+                username: "${{ env.PR_USER_LOGIN }}",
               });
-              console.log("Verifed ${{ github.event.pull_request.user.login }} is a repo collaborator. Auto Approving PR Checks.")
+              console.log("Verifed user is a repo collaborator. Auto Approving PR Checks.")
               return res.status == "204" ? "auto-approve" : "manual-approval"
             } catch (error) {
-              console.log("${{ github.event.pull_request.user.login }} is not a collaborator. Requiring Manual Approval to run PR Checks.")
-              return "manual-approval"
+              if (error.message == "Bad credentials") {
+                console.log("Token Expired. Please update the COLLAB_CHECK_TOKEN secret. Requiring Manual Approval to run PR Checks becuase the collaborator status could not be verified.")
+                const { execSync } = require('child_process')
+                execSync('aws cloudwatch put-metric-data --namespace "GitHubActions" --metric-name "BadCredentials" --value 1')
+              } else {
+                console.log("User is not a collaborator. Requiring Manual Approval to run PR Checks.")
+              }
+                return "manual-approval"
             }
   wait-for-approval:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/run-local-mode-tests.yml b/.github/workflows/run-local-mode-tests.yml
@@ -0,0 +1,35 @@
+name: Run Local Mode Tests
+
+on:
+  workflow_dispatch:
+    inputs:
+      prNumber:
+        description: 'Pull Request Number'
+        required: true
+      commitSha:
+        description: 'Commit SHA'
+        required: true
+
+concurrency:
+    group: ${{ github.workflow }}-${{ github.event.inputs.prNumber }}
+    cancel-in-progress: true
+
+permissions:
+    id-token: write # This is required for requesting the JWT
+
+jobs:
+    local-mode-tests:
+        runs-on: ubuntu-latest
+        steps:
+        - name: Configure AWS Credentials
+          uses: aws-actions/configure-aws-credentials@v4
+          with:
+              role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }}
+              aws-region: us-west-2
+              role-duration-seconds: 10800
+        - name: Run Slow Tests
+          uses: aws-actions/aws-codebuild-run-build@v1
+          with:
+              project-name: ${{ github.event.repository.name }}-ci-localmode-tests
+              source-version-override: 'refs/pull/${{ github.event.inputs.prNumber}}/head^{${{ github.event.inputs.commitSha }}}'
+      
diff --git a/.github/workflows/run-slow-tests.yml b/.github/workflows/run-slow-tests.yml
@@ -0,0 +1,35 @@
+name: Run Slow Tests
+
+on:
+  workflow_dispatch:
+    inputs:
+      prNumber:
+        description: 'Pull Request Number'
+        required: true
+      commitSha:
+        description: 'Commit SHA'
+        required: true
+
+concurrency:
+    group: ${{ github.workflow }}-${{ github.event.inputs.prNumber }}
+    cancel-in-progress: true
+
+permissions:
+    id-token: write # This is required for requesting the JWT
+
+jobs:
+    slow-tests:
+        runs-on: ubuntu-latest
+        steps:
+        - name: Configure AWS Credentials
+          uses: aws-actions/configure-aws-credentials@v4
+          with:
+              role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }}
+              aws-region: us-west-2
+              role-duration-seconds: 10800
+        - name: Run Slow Tests
+          uses: aws-actions/aws-codebuild-run-build@v1
+          with:
+              project-name: ${{ github.event.repository.name }}-ci-slow-tests
+              source-version-override: 'refs/pull/${{ github.event.inputs.prNumber}}/head^{${{ github.event.inputs.commitSha }}}'
+      
