forked from JuliaLang/julia
-
Notifications
You must be signed in to change notification settings - Fork 0
92 lines (85 loc) · 5.12 KB
/
rerun_failed.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# Please ping @DilumAluthge when making any changes to this file.
# Here are some steps that we take in this workflow file for security reasons:
# 1. We do not checkout any code.
# 2. We only run actions that are defined in a repository in the `JuliaLang` GitHub organization.
# 3. We do not give the `GITHUB_TOKEN` any permissions.
# 4. We only give the Buildkite API token (`BUILDKITE_API_TOKEN_RETRY`) the minimum necessary
# set of permissions.
# Important note to Buildkite maintainers:
# In order to make this work, you need to tell Buildkite that it should NOT create a brand-new
# build when someone closes and reopens a pull request. To do so:
# 1. Go to the relevant pipeline (e.g. https://buildkite.com/julialang/julia-master).
# 2. Click on the "Pipeline Settings" button.
# 3. In the left sidebar, under "Pipeline Settings", click on "GitHub".
# 4. In the "GitHub Settings", under "Build Pull Requests", make sure that the "Skip pull
# request builds for existing commits" checkbox is checked. This is the setting that tells
# Buildkite that it should NOT create a brand-new build when someone closes and reopens a
# pull request.
# 5. At the bottom of the page, click the "Save GitHub Settings" button.
name: Rerun Failed Buildkite Jobs
# There are two ways that a user can rerun the failed Buildkite jobs:
# 1. Close and reopen the pull request.
# In order to use this approach, the user must be in one of the following three categories:
# (i) Author of the pull request
# (ii) Commit permissions
# (iii) Triage permissions
# 2. Post a comment on the pull request with exactly the following contents: /buildkite rerun failed
# In order to use this approach, the user must be in the following category:
# - A member of the JuliaLang GitHub organization (the membership must be publicized)
on:
# When using the `pull_request_target` event, all PRs will get access to secret environment
# variables (such as the `BUILDKITE_API_TOKEN_RETRY` secret environment variable), even if
# the PR is from a fork. Therefore, for security reasons, we do not checkout any code in
# this workflow.
pull_request_target:
types: [ reopened ]
issue_comment:
types: [ created ]
# We do not give the `GITHUB_TOKEN` any permissions.
# Therefore, the `GITHUB_TOKEN` only has the same access as any member of the public.
permissions:
contents: none
jobs:
rerun-failed-buildkite-jobs:
name: Rerun Failed Buildkite Jobs
runs-on: ubuntu-latest
if: (github.repository == 'JuliaLang/julia') && ((github.event_name == 'pull_request_target' && github.event.action == 'reopened') || (github.event_name == 'issue_comment' && github.event.issue.pull_request && github.event.comment.body == '/buildkite rerun failed'))
steps:
# For security reasons, we do not checkout any code in this workflow.
- name: Check organization membership
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
if [[ "${{ github.event_name }}" == "pull_request_target" ]]; then
if [[ "${{ github.event.action }}" == "reopened" ]]; then
echo "This is a \"reopened\" event, so we do not need to check the user's organization membership."
echo "GOOD_TO_PROCEED=yes" >> ${GITHUB_ENV:?}
echo "PULL_REQUEST_NUMBER=${{ github.event.number }}" >> ${GITHUB_ENV:?}
else
echo "ERROR: The github.event_name is \"pull_request_target\", but the github.event.action is not \"reopened\"."
exit 1
fi
else
curl -H "Authorization: token ${GITHUB_TOKEN:?}" "https://api.github.com/users/${{ github.event.sender.login }}"
curl -H "Authorization: token ${GITHUB_TOKEN:?}" "https://api.github.com/users/${{ github.event.sender.login }}/orgs"
export USER_IS_ORGANIZATION_MEMBER=`curl -H "Authorization: token ${GITHUB_TOKEN:?}" "https://api.github.com/users/${{ github.event.sender.login }}/orgs" | jq '[.[] | .login] | index("JuliaLang") != null' | tr -s ' '`
if [[ "${USER_IS_ORGANIZATION_MEMBER:?}" == "true" ]]; then
echo "The \"${{ github.event.sender.login }}\" user is a public member of the JuliaLang organization."
echo "GOOD_TO_PROCEED=yes" >> ${GITHUB_ENV:?}
echo "PULL_REQUEST_NUMBER=${{ github.event.issue.number }}" >> ${GITHUB_ENV:?}
else
echo "ERROR: the \"${{ github.event.sender.login }}\" user is NOT a public member of the JuliaLang organization."
echo "If you are a member, please make sure that you have publicized your membership."
exit 1
fi
fi
- run: |
echo "GOOD_TO_PROCEED: ${{ env.GOOD_TO_PROCEED }}"
echo "PULL_REQUEST_NUMBER: ${{ env.PULL_REQUEST_NUMBER }}"
- uses: JuliaLang/buildkite-rerun-failed@057f6f2d37aa29a57b7679fd2af0df1d9f9188b4
if: env.GOOD_TO_PROCEED == 'yes'
with:
buildkite_api_token: ${{ secrets.BUILDKITE_API_TOKEN_RETRY }}
buildkite_organization_slug: 'julialang'
buildkite_pipeline_slug: 'julia-master'
pr_number: ${{ env.PULL_REQUEST_NUMBER }}