From a364f141301aa28662ad62d9c5662e14692f4688 Mon Sep 17 00:00:00 2001 From: "opensearch-trigger-bot[bot]" <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 22:45:42 -0700 Subject: [PATCH] Add Test Env Require Approval Action (#3005) (#3016) * Add require approval stage so only maintainers can start CI stage without approval Signed-off-by: Peter Zhu * Add more Signed-off-by: Peter Zhu * Add more Signed-off-by: Peter Zhu * Add old files Signed-off-by: Peter Zhu * Update require-approval.yml Signed-off-by: Peter Zhu --------- Signed-off-by: Peter Zhu (cherry picked from commit 9de2d239430c16fe9a1bc84c531d794fc5bfc714) Co-authored-by: Peter Zhu --- .github/workflows/CI-workflow.yml | 14 ++++++---- .github/workflows/require-approval.yml | 36 ++++++++++++++++++++++++++ 2 files changed, 45 insertions(+), 5 deletions(-) create mode 100644 .github/workflows/require-approval.yml diff --git a/.github/workflows/CI-workflow.yml b/.github/workflows/CI-workflow.yml index 02c25afa9c..c10711becb 100644 --- a/.github/workflows/CI-workflow.yml +++ b/.github/workflows/CI-workflow.yml @@ -14,13 +14,16 @@ permissions: contents: read jobs: + Get-Require-Approval: + uses: ./.github/workflows/require-approval.yml + Get-CI-Image-Tag: uses: opensearch-project/opensearch-build/.github/workflows/get-ci-image-tag.yml@main with: product: opensearch Build-ml-linux: - needs: Get-CI-Image-Tag + needs: [Get-Require-Approval, Get-CI-Image-Tag] strategy: matrix: java: [11, 17, 21] @@ -29,7 +32,7 @@ jobs: name: Build and Test MLCommons Plugin on linux if: github.repository == 'opensearch-project/ml-commons' - environment: ml-commons-cicd-env + environment: ${{ needs.Get-Require-Approval.outputs.is-require-approval }} outputs: build-test-linux: ${{ steps.step-build-test-linux.outputs.build-test-linux }} runs-on: ubuntu-latest @@ -87,14 +90,14 @@ jobs: Test-ml-linux-docker: - needs: Build-ml-linux + needs: [Get-Require-Approval, Build-ml-linux] strategy: matrix: java: [11, 17, 21] name: Test MLCommons Plugin on linux docker if: github.repository == 'opensearch-project/ml-commons' - environment: ml-commons-cicd-env + environment: ${{ needs.Get-Require-Approval.outputs.is-require-approval }} runs-on: ubuntu-latest steps: @@ -184,7 +187,8 @@ jobs: java: [11, 17, 21] name: Build and Test MLCommons Plugin on Windows if: github.repository == 'opensearch-project/ml-commons' - environment: ml-commons-cicd-env + needs: [Get-Require-Approval] + environment: ${{ needs.Get-Require-Approval.outputs.is-require-approval }} runs-on: windows-latest steps: diff --git a/.github/workflows/require-approval.yml b/.github/workflows/require-approval.yml new file mode 100644 index 0000000000..7da166d618 --- /dev/null +++ b/.github/workflows/require-approval.yml @@ -0,0 +1,36 @@ +--- +name: Check if the workflow require approval +on: + workflow_call: + outputs: + is-require-approval: + description: The ci image version for linux build + value: ${{ jobs.Require-Approval.outputs.output-is-require-approval }} + +jobs: + Require-Approval: + runs-on: ubuntu-latest + outputs: + output-is-require-approval: ${{ steps.step-is-require-approval.outputs.is-require-approval }} + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.base.sha }} + - name: Get CodeOwner List + id: step-is-require-approval + run: | + github_event=${{ github.event_name }} + if [[ "$github_event" = "push" ]]; then + echo "Push event does not need approval" + echo "is-require-approval=ml-commons-cicd-env" >> $GITHUB_OUTPUT + else + approvers=$(cat .github/CODEOWNERS | grep @ | tr -d '* ' | sed 's/@/,/g' | sed 's/,//1') + author=${{ github.event.pull_request.user.login }} + if [[ "$approvers" =~ "$author" ]]; then + echo "$author is in the approval list" + echo "is-require-approval=ml-commons-cicd-env" >> $GITHUB_OUTPUT + else + echo "$author is not in the approval list" + echo "is-require-approval=ml-commons-cicd-env-require-approval" >> $GITHUB_OUTPUT + fi + fi