run extras on comment

benieric · benieric · commit ae1e742e6947 · 2024-07-30T02:05:45.000-07:00
diff --git a/.github/workflows/Trigger-codebuild.yml b/.github/workflows/Trigger-codebuild.yml
@@ -0,0 +1,40 @@
+name: Trigger CodeBuild Job
+
+on:
+  workflow_call:
+    inputs:
+      codeBuildProjectName:
+        required: true
+        type: string
+      prNumber:
+        required: true
+        type: number
+      commitSha:
+        required: true
+        type: string
+    secrets: 
+      CI_AWS_ROLE_ARN:
+        required: true
+
+concurrency:
+  group: ${{ github.workflow }}-${{ inputs.prNumber }}
+  cancel-in-progress: true
+
+permissions:
+  id-token: write # This is required for requesting the JWT
+
+jobs:
+  slow-mode-tests:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }}
+          aws-region: us-west-2
+          role-duration-seconds: 10800
+      - name: Run Test
+        uses: aws-actions/aws-codebuild-run-build@v1
+        with:
+          project-name: ${{ inputs.codeBuildProjectName}}
+          source-version-override: 'refs/pull/${{ inputs.prNumber }}/head^{${{ inputs.commitSha }}}'
diff --git a/.github/workflows/codebuild-ci.yml b/.github/workflows/codebuild-ci.yml
@@ -26,7 +26,7 @@ jobs:
         uses: actions/github-script@v7
         id: collab-check
         env:
-            PR_USER_LOGIN: ${{ github.event.pull_request.user.login }}
+            GH_USER_LOGIN: ${{ github.event.pull_request.user.login }}
         with:
           github-token: ${{ secrets.COLLAB_CHECK_TOKEN }}
           result-encoding: string
@@ -35,7 +35,7 @@ jobs:
               const res = await github.rest.repos.checkCollaborator({
                 owner: context.repo.owner,
                 repo: context.repo.repo,
-                username: "${{ env.PR_USER_LOGIN }}",
+                username: "${{ env.GH_USER_LOGIN }}",
               });
               console.log("Verifed user is a repo collaborator. Auto Approving PR Checks.")
               return res.status == "204" ? "auto-approve" : "manual-approval"
diff --git a/.github/workflows/run-extras.yml b/.github/workflows/run-extras.yml
@@ -0,0 +1,64 @@
+name: Run Extras
+
+on:
+    pull_request_review:
+        types: [submitted]
+
+permissions:
+    id-token: write # This is required for requesting the JWT
+
+jobs:   
+    check-comment:
+        if: github.event.review.body == '/run slow' || github.event.review.body == '/run localmode' || github.event.review.body == '/run extras'
+        runs-on: ubuntu-latest
+        steps:
+            - name: Configure AWS Credentials
+              uses: aws-actions/configure-aws-credentials@v4
+              with:
+                  role-to-assume: ${{ secrets.MONITORING_AWS_ROLE_ARN }}
+                  aws-region: us-west-2
+            - name: Collaborator Check
+              uses: actions/github-script@v7
+              id: collab-check
+              env:
+                  GH_USER_LOGIN: ${{ github.event.review.user.login }}
+              with:
+                github-token: ${{ secrets.COLLAB_CHECK_TOKEN }}
+                result-encoding: string
+                script: | 
+                  try {
+                    const res = await github.rest.repos.checkCollaborator({
+                      owner: context.repo.owner,
+                      repo: context.repo.repo,
+                      username: "${{ env.GH_USER_LOGIN }}",
+                    });
+                    console.log("Verifed user is a repo collaborator.")
+                    return
+                  } catch (error) {
+                    if (error.message == "Bad credentials") {
+                      console.log("Token Expired. Please update the COLLAB_CHECK_TOKEN secret.")
+                      const { execSync } = require('child_process')
+                      execSync('aws cloudwatch put-metric-data --namespace "GitHubActions" --metric-name "BadCredentials" --value 1')
+                    } 
+                    throw new Error("Collaborator status could not be verified.")
+                  }
+    run-slow-tests:
+        needs: [check-comment]
+        if: needs.check-comment.result == 'success' && github.event.review.body == '/run slow' || github.event.review.body == '/run extras'
+        uses: ./.github/workflows/trigger-codebuild.yml
+        secrets: 
+            CI_AWS_ROLE_ARN: ${{ secrets.CI_AWS_ROLE_ARN }}
+        with:
+            codeBuildProjectName: "${{ github.repository.name }}-ci-slow-tests"
+            prNumber: ${{ github.event.pull_request.number }}
+            commitSha: ${{ github.event.pull_request.head.sha }}
+    run-localmode-tests:
+        needs: [check-comment]
+        if: needs.check-comment.result == 'success' && github.event.review.body == '/run localmode' || github.event.review.body == '/run extras'
+        uses: ./.github/workflows/trigger-codebuild.yml
+        secrets:
+            CI_AWS_ROLE_ARN: ${{ secrets.CI_AWS_ROLE_ARN }}
+        with:
+            codeBuildProjectName: "${{ github.repository.name }}-ci-localmode-tests"
+            prNumber: ${{ github.event.pull_request.number }}
+            commitSha: ${{ github.event.pull_request.head.sha }}
diff --git a/.github/workflows/run-local-mode-tests.yml b/.github/workflows/run-local-mode-tests.yml
diff --git a/.github/workflows/run-slow-tests.yml b/.github/workflows/run-slow-tests.yml
diff --git a/.github/workflows/trigger-codebuild.yml b/.github/workflows/trigger-codebuild.yml
@@ -0,0 +1,40 @@
+name: Trigger CodeBuild Job
+
+on:
+  workflow_call:
+    inputs:
+      codeBuildProjectName:
+        required: true
+        type: string
+      prNumber:
+        required: true
+        type: number
+      commitSha:
+        required: true
+        type: string
+    secrets: 
+      CI_AWS_ROLE_ARN:
+        required: true
+
+concurrency:
+  group: ${{ github.workflow }}-${{ inputs.prNumber }}
+  cancel-in-progress: true
+
+permissions:
+  id-token: write # This is required for requesting the JWT
+
+jobs:
+  slow-mode-tests:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }}
+          aws-region: us-west-2
+          role-duration-seconds: 10800
+      - name: Run Test
+        uses: aws-actions/aws-codebuild-run-build@v1
+        with:
+          project-name: ${{ inputs.codeBuildProjectName}}
+          source-version-override: 'refs/pull/${{ inputs.prNumber }}/head^{${{ inputs.commitSha }}}'
