From 03c1c005cfe34a6d1a7610c686a08bc2598e06c2 Mon Sep 17 00:00:00 2001 From: Pere Miquel Brull Date: Fri, 11 Nov 2022 11:25:59 +0100 Subject: [PATCH] Add Workflow label verification for CI (#8653) * Add labeler * Update verify with comment * Add label verification * Add label verification * Update .github/teams.yml --- .github/teams.yml | 56 +++++++++++++++++++ .github/workflows/airflow-apis-tests-3_9.yml | 16 ++++++ .github/workflows/approval.yml | 13 ----- .../cypress-integration-tests-mysql.yml | 16 ++++++ .../cypress-integration-tests-postgresql.yml | 16 ++++++ .github/workflows/java-checkstyle.yml | 17 ++++++ .github/workflows/maven-build.yml | 17 ++++++ .github/workflows/py-checkstyle.yml | 18 ++++++ .github/workflows/py-tests.yml | 17 ++++++ .github/workflows/team-labeler.yml | 39 +++++++++++++ .github/workflows/yarn-coverage.yml | 16 ++++++ 11 files changed, 228 insertions(+), 13 deletions(-) create mode 100644 .github/teams.yml delete mode 100644 .github/workflows/approval.yml create mode 100644 .github/workflows/team-labeler.yml diff --git a/.github/teams.yml b/.github/teams.yml new file mode 100644 index 00000000000..d9546d9956a --- /dev/null +++ b/.github/teams.yml @@ -0,0 +1,56 @@ +# Add here any member that should belong to either a specific team, +# or that can have the tests automatically validated to run safely. + +"safe to test": + - '@ayush-shah' + - '@MilanBariya' + - '@nahuelverdugo' + - '@NiharDoshi99' + - '@OnkarVO7' + - '@TeddyCr' + - '@ulixius9' + - '@pmbrull' + - '@aniketkatkar97' + - '@Ashish8689' + - '@chirag-madlani' + - '@Sachin-chaurasiya' + - '@shahsank3t' + - '@ShaileshParmar11' + - '@harshach' + - '@mohityadav766' + - '@sureshms' + - '@akash-jain-10' + - '@Vj-L' + - '@ShilpaVernekar' + - '@snyk-bot' + - '@dependabot' + +ingestion: + - '@ayush-shah' + - '@MilanBariya' + - '@nahuelverdugo' + - '@NiharDoshi99' + - '@OnkarVO7' + - '@TeddyCr' + - '@ulixius9' + - '@pmbrull' + +UI: + - '@aniketkatkar97' + - '@Ashish8689' + - '@chirag-madlani' + - '@Sachin-chaurasiya' + - '@shahsank3t' + - '@ShaileshParmar11' + +backend: + - '@harshach' + - '@mohityadav766' + - '@sureshms' + +devops: + - '@akash-jain-10' + - '@Vj-L' + +documentation: + - '@ShilpaVernekar' diff --git a/.github/workflows/airflow-apis-tests-3_9.yml b/.github/workflows/airflow-apis-tests-3_9.yml index a2e92b2b90e..27dcabca68c 100644 --- a/.github/workflows/airflow-apis-tests-3_9.yml +++ b/.github/workflows/airflow-apis-tests-3_9.yml @@ -34,6 +34,22 @@ jobs: runs-on: ubuntu-latest steps: + - name: Wait for the labeler + uses: lewagon/wait-on-check-action@v1.2.0 + with: + ref: ${{ github.event.pull_request.head.sha }} + check-name: Team Label + repo-token: ${{ secrets.GITHUB_TOKEN }} + wait-interval: 30 + + - name: Verify PR labels + uses: jesusvasquez333/verify-pr-label-action@v1.4.0 + with: + github-token: '${{ secrets.GITHUB_TOKEN }}' + valid-labels: 'safe to test' + pull-request-number: '${{ github.event.pull_request.number }}' + disable-reviews: true # To not auto approve changes + - name: Checkout uses: actions/checkout@v2 with: diff --git a/.github/workflows/approval.yml b/.github/workflows/approval.yml deleted file mode 100644 index aff2798a99d..00000000000 --- a/.github/workflows/approval.yml +++ /dev/null @@ -1,13 +0,0 @@ -name: Get Approval - -on: - pull_request: - -jobs: - approval: - name: Approval - runs-on: ubuntu-latest - steps: - - name: Echo - run: | - echo "PRs from external contributors require an approval from the OpenMetadata team." diff --git a/.github/workflows/cypress-integration-tests-mysql.yml b/.github/workflows/cypress-integration-tests-mysql.yml index 31666a61827..f5bbd550bd3 100644 --- a/.github/workflows/cypress-integration-tests-mysql.yml +++ b/.github/workflows/cypress-integration-tests-mysql.yml @@ -42,6 +42,22 @@ jobs: environment: cypress steps: + - name: Wait for the labeler + uses: lewagon/wait-on-check-action@v1.2.0 + with: + ref: ${{ github.event.pull_request.head.sha }} + check-name: Team Label + repo-token: ${{ secrets.GITHUB_TOKEN }} + wait-interval: 30 + + - name: Verify PR labels + uses: jesusvasquez333/verify-pr-label-action@v1.4.0 + with: + github-token: '${{ secrets.GITHUB_TOKEN }}' + valid-labels: 'safe to test' + pull-request-number: '${{ github.event.pull_request.number }}' + disable-reviews: true # To not auto approve changes + - name: Checkout uses: actions/checkout@v2 with: diff --git a/.github/workflows/cypress-integration-tests-postgresql.yml b/.github/workflows/cypress-integration-tests-postgresql.yml index ad838970e49..da127456e6d 100644 --- a/.github/workflows/cypress-integration-tests-postgresql.yml +++ b/.github/workflows/cypress-integration-tests-postgresql.yml @@ -42,6 +42,22 @@ jobs: environment: cypress steps: + - name: Wait for the labeler + uses: lewagon/wait-on-check-action@v1.2.0 + with: + ref: ${{ github.event.pull_request.head.sha }} + check-name: Team Label + repo-token: ${{ secrets.GITHUB_TOKEN }} + wait-interval: 30 + + - name: Verify PR labels + uses: jesusvasquez333/verify-pr-label-action@v1.4.0 + with: + github-token: '${{ secrets.GITHUB_TOKEN }}' + valid-labels: 'safe to test' + pull-request-number: '${{ github.event.pull_request.number }}' + disable-reviews: true # To not auto approve changes + - name: Checkout uses: actions/checkout@v2 with: diff --git a/.github/workflows/java-checkstyle.yml b/.github/workflows/java-checkstyle.yml index 4889ea7027d..33ccc15a037 100644 --- a/.github/workflows/java-checkstyle.yml +++ b/.github/workflows/java-checkstyle.yml @@ -30,6 +30,23 @@ jobs: pull-requests: write steps: + + - name: Wait for the labeler + uses: lewagon/wait-on-check-action@v1.2.0 + with: + ref: ${{ github.event.pull_request.head.sha }} + check-name: Team Label + repo-token: ${{ secrets.GITHUB_TOKEN }} + wait-interval: 30 + + - name: Verify PR labels + uses: jesusvasquez333/verify-pr-label-action@v1.4.0 + with: + github-token: '${{ secrets.GITHUB_TOKEN }}' + valid-labels: 'safe to test' + pull-request-number: '${{ github.event.pull_request.number }}' + disable-reviews: true # To not auto approve changes + - name: Checkout uses: actions/checkout@v2 with: diff --git a/.github/workflows/maven-build.yml b/.github/workflows/maven-build.yml index 77e56b4ec16..15e6c276a8a 100644 --- a/.github/workflows/maven-build.yml +++ b/.github/workflows/maven-build.yml @@ -20,6 +20,7 @@ on: - "openmetadata-service/**" - "openmetadata-ui/**" pull_request_target: + types: [labeled, opened, synchronize, reopened] branches: - main - '0.[0-9]+.[0-9]+' @@ -47,6 +48,22 @@ jobs: steps: + - name: Wait for the labeler + uses: lewagon/wait-on-check-action@v1.2.0 + with: + ref: ${{ github.event.pull_request.head.sha }} + check-name: Team Label + repo-token: ${{ secrets.GITHUB_TOKEN }} + wait-interval: 30 + + - name: Verify PR labels + uses: jesusvasquez333/verify-pr-label-action@v1.4.0 + with: + github-token: '${{ secrets.GITHUB_TOKEN }}' + valid-labels: 'safe to test' + pull-request-number: '${{ github.event.pull_request.number }}' + disable-reviews: true # To not auto approve changes + - name: install libssl run: | sudo su -c "echo 'deb http://security.ubuntu.com/ubuntu xenial-security main' >> /etc/apt/sources.list" diff --git a/.github/workflows/py-checkstyle.yml b/.github/workflows/py-checkstyle.yml index afbf36e5235..92295ebef8c 100644 --- a/.github/workflows/py-checkstyle.yml +++ b/.github/workflows/py-checkstyle.yml @@ -15,6 +15,7 @@ name: Python Checkstyle # access to secrets on: pull_request_target: + types: [labeled, opened, synchronize, reopened] branches: - main - '0.[0-9]+.[0-9]+' @@ -33,6 +34,23 @@ jobs: pull-requests: write steps: + + - name: Wait for the labeler + uses: lewagon/wait-on-check-action@v1.2.0 + with: + ref: ${{ github.event.pull_request.head.sha }} + check-name: Team Label + repo-token: ${{ secrets.GITHUB_TOKEN }} + wait-interval: 30 + + - name: Verify PR labels + uses: jesusvasquez333/verify-pr-label-action@v1.4.0 + with: + github-token: '${{ secrets.GITHUB_TOKEN }}' + valid-labels: 'safe to test' + pull-request-number: '${{ github.event.pull_request.number }}' + disable-reviews: true # To not auto approve changes + - name: Checkout uses: actions/checkout@v2 with: diff --git a/.github/workflows/py-tests.yml b/.github/workflows/py-tests.yml index f748077aace..8fdd16e0d67 100644 --- a/.github/workflows/py-tests.yml +++ b/.github/workflows/py-tests.yml @@ -19,6 +19,7 @@ on: - ingestion/** - openmetadata-service/** pull_request_target: + types: [labeled, opened, synchronize, reopened] branches: - main - '0.[0-9]+.[0-9]+' @@ -37,6 +38,22 @@ jobs: py-version: ['3.7', '3.8', '3.9'] steps: + - name: Wait for the labeler + uses: lewagon/wait-on-check-action@v1.2.0 + with: + ref: ${{ github.event.pull_request.head.sha }} + check-name: Team Label + repo-token: ${{ secrets.GITHUB_TOKEN }} + wait-interval: 30 + + - name: Verify PR labels + uses: jesusvasquez333/verify-pr-label-action@v1.4.0 + with: + github-token: '${{ secrets.GITHUB_TOKEN }}' + valid-labels: 'safe to test' + pull-request-number: '${{ github.event.pull_request.number }}' + disable-reviews: true # To not auto approve changes + - name: Checkout uses: actions/checkout@v2 with: diff --git a/.github/workflows/team-labeler.yml b/.github/workflows/team-labeler.yml new file mode 100644 index 00000000000..27997db22ff --- /dev/null +++ b/.github/workflows/team-labeler.yml @@ -0,0 +1,39 @@ +on: + pull_request_target: + +permissions: + contents: read + pull-requests: write + +name: Team Label +jobs: + labeler: + runs-on: ubuntu-latest + name: Team Label + steps: + - uses: JulienKode/team-labeler-action@v0.1.1 + with: + repo-token: "${{ secrets.GITHUB_TOKEN }}" + + - name: Verify PR labels + id: verify + continue-on-error: true + uses: jesusvasquez333/verify-pr-label-action@v1.4.0 + with: + github-token: '${{ secrets.GITHUB_TOKEN }}' + valid-labels: 'safe to test' + pull-request-number: '${{ github.event.pull_request.number }}' + disable-reviews: true # To not auto approve changes + + - name: Add verification comment + if: steps.verify.outcome != 'success' + uses: peter-evans/create-or-update-comment@v1 + with: + issue-number: ${{ github.event.pull_request.number }} + body: | + **Hi there 👋 Thanks for your contribution!** + + The OpenMetadata team will review the PR shortly! Once it has been labeled as `safe to test`, the CI workflows + will start executing and we'll be able to make sure everything is working as expected. + + Let us know if you need any help! diff --git a/.github/workflows/yarn-coverage.yml b/.github/workflows/yarn-coverage.yml index cfe75ad1f1c..0e1113b0f4a 100644 --- a/.github/workflows/yarn-coverage.yml +++ b/.github/workflows/yarn-coverage.yml @@ -30,6 +30,22 @@ jobs: runs-on: ubuntu-latest steps: + - name: Wait for the labeler + uses: lewagon/wait-on-check-action@v1.2.0 + with: + ref: ${{ github.event.pull_request.head.sha }} + check-name: Team Label + repo-token: ${{ secrets.GITHUB_TOKEN }} + wait-interval: 30 + + - name: Verify PR labels + uses: jesusvasquez333/verify-pr-label-action@v1.4.0 + with: + github-token: '${{ secrets.GITHUB_TOKEN }}' + valid-labels: 'safe to test' + pull-request-number: '${{ github.event.pull_request.number }}' + disable-reviews: true # To not auto approve changes + - uses: actions/checkout@v2 with: ref: ${{ github.event.pull_request.head.sha }}