From 2dcdcf96f742142d672633846e047458dd3ce487 Mon Sep 17 00:00:00 2001 From: Adam Stone-Lord Date: Wed, 20 Sep 2023 13:29:49 -0600 Subject: [PATCH] chore: gate restricted contexts with approval job for contributor workflow --- .circleci/workflows.yml | 70 ++++++++++++++++++----------------------- 1 file changed, 30 insertions(+), 40 deletions(-) diff --git a/.circleci/workflows.yml b/.circleci/workflows.yml index 30f82ce838e8..7eaecde9f8da 100644 --- a/.circleci/workflows.yml +++ b/.circleci/workflows.yml @@ -2898,6 +2898,14 @@ linux-x64-contributor-workflow: &linux-x64-contributor-workflow - build: requires: - node_modules_install + + # In subsequent jobs, we use some contexts that are restricted to members of the Cypress organization. + # This job will allow for a Cypress member to approve and run the rest of the restricted jobs in the pipeline after the contributor code has been reviewed. + - contributor-pr: + type: approval + requires: + - build + - check-ts: requires: - build @@ -2909,7 +2917,7 @@ linux-x64-contributor-workflow: &linux-x64-contributor-workflow context: [test-runner:poll-circle-workflow, test-runner:percy] required_env_var: PERCY_TOKEN # skips job if not defined (external PR) requires: - - build + - contributor-pr - lint-types: requires: - build @@ -2917,14 +2925,14 @@ linux-x64-contributor-workflow: &linux-x64-contributor-workflow - cli-visual-tests: context: test-runner:percy requires: - - build + - contributor-pr - unit-tests: requires: - build - verify-release-readiness: context: test-runner:npm-release requires: - - build + - contributor-pr - server-unit-tests: requires: - build @@ -2937,7 +2945,7 @@ linux-x64-contributor-workflow: &linux-x64-contributor-workflow - system-tests-node-modules-install: context: test-runner:performance-tracking requires: - - build + - contributor-pr - system-tests-chrome: context: test-runner:performance-tracking requires: @@ -2962,23 +2970,23 @@ linux-x64-contributor-workflow: &linux-x64-contributor-workflow - driver-integration-tests-chrome: context: test-runner:cypress-record-key requires: - - build + - contributor-pr - driver-integration-tests-chrome-beta: context: test-runner:cypress-record-key requires: - - build + - contributor-pr - driver-integration-tests-firefox: context: test-runner:cypress-record-key requires: - - build + - contributor-pr - driver-integration-tests-electron: context: test-runner:cypress-record-key requires: - - build + - contributor-pr - driver-integration-tests-webkit: context: test-runner:cypress-record-key requires: - - build + - contributor-pr - driver-integration-memory-tests: requires: - build @@ -2986,22 +2994,22 @@ linux-x64-contributor-workflow: &linux-x64-contributor-workflow context: [test-runner:cypress-record-key, test-runner:launchpad-tests, test-runner:percy] percy: true requires: - - build + - contributor-pr - run-launchpad-integration-tests-chrome: context: [test-runner:cypress-record-key, test-runner:launchpad-tests, test-runner:percy] percy: true requires: - - build + - contributor-pr - run-launchpad-component-tests-chrome: context: [test-runner:cypress-record-key, test-runner:launchpad-tests, test-runner:percy] percy: true requires: - - build + - contributor-pr - run-app-integration-tests-chrome: context: [test-runner:cypress-record-key, test-runner:launchpad-tests, test-runner:percy] percy: true requires: - - build + - contributor-pr - run-webpack-dev-server-integration-tests: context: [test-runner:cypress-record-key, test-runner:percy] requires: @@ -3014,16 +3022,16 @@ linux-x64-contributor-workflow: &linux-x64-contributor-workflow context: [test-runner:cypress-record-key, test-runner:launchpad-tests, test-runner:percy] percy: true requires: - - build + - contributor-pr - run-reporter-component-tests-chrome: context: [test-runner:cypress-record-key, test-runner:percy] percy: true requires: - - build + - contributor-pr - reporter-integration-tests: context: [test-runner:cypress-record-key, test-runner:percy] requires: - - build + - contributor-pr - npm-webpack-dev-server: requires: - system-tests-node-modules-install @@ -3167,28 +3175,16 @@ linux-x64-contributor-workflow: &linux-x64-contributor-workflow - run-vite-dev-server-integration-tests - v8-integration-tests - # This approval job will block the building of the binary on contributor jobs - # If a member of the Cypress team manually approves this job, then it will run with the required contexts - - approve-binary-build: - type: approval - requires: - - build - - create-and-trigger-packaging-artifacts: - context: - - test-runner:upload - - test-runner:build-binary - - publish-binary + context: [test-runner:upload, test-runner:build-binary, publish-binary] requires: - - approve-binary-build + - contributor-pr - wait-for-binary-publish: type: approval requires: - create-and-trigger-packaging-artifacts - get-published-artifacts: - context: - - publish-binary - - test-runner:commit-status-checks + context: [publish-binary, test-runner:commit-status-checks] requires: - wait-for-binary-publish # various testing scenarios, like building full binary @@ -3287,11 +3283,7 @@ linux-arm64-workflow: &linux-arm64-workflow - create-and-trigger-packaging-artifacts: name: linux-arm64-create-and-trigger-packaging-artifacts - context: - - test-runner:upload - - test-runner:commit-status-checks - - test-runner:build-binary - - publish-binary + context: [test-runner:upload, test-runner:commit-status-checks, test-runner:build-binary, publish-binary] executor: linux-arm64 resource_class: arm.medium requires: @@ -3305,9 +3297,7 @@ linux-arm64-workflow: &linux-arm64-workflow - get-published-artifacts: name: linux-arm64-get-published-artifacts - context: - - publish-binary - - test-runner:commit-status-checks + context: [publish-binary, test-runner:commit-status-checks] executor: linux-arm64 resource_class: arm.medium requires: @@ -3529,4 +3519,4 @@ workflows: <<: *darwin-workflow-filters windows: <<: *windows-workflow - <<: *windows-workflow-filters + <<: *windows-workflow-filters \ No newline at end of file