# Dispatch a request to getsentry to run getsentry test suites name: getsentry dispatcher on: # XXX: We are using `pull_request_target` instead of `pull_request` because we want # this to run on forks. It allows forks to access secrets safely by # only running workflows from the main branch. Prefer to use `pull_request` when possible. # # See https://github.com/getsentry/sentry/pull/21600 for more details pull_request_target: types: [labeled, opened, reopened, synchronize] # disable all other special privileges permissions: # needed for `actions/checkout` to clone the code contents: read # needed to remove the pull-request label pull-requests: write jobs: dispatch: if: github.event.action != 'labeled' || github.event.label.name == 'trigger-getsentry-external' name: getsentry dispatch runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v3 with: persist-credentials: false - name: permissions run: | python3 -uS .github/workflows/scripts/getsentry-dispatch-setup \ --repo-id ${{ github.event.repository.id }} \ --pr ${{ github.event.number }} \ --event ${{ github.event.action }} \ --username "$ARG_USERNAME" \ --label-names "$ARG_LABEL_NAMES" env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # these can contain special characters ARG_USERNAME: ${{ github.event.pull_request.user.login }} ARG_LABEL_NAMES: ${{ toJSON(github.event.pull_request.labels.*.name) }} - name: Check for file changes uses: getsentry/paths-filter@v2 id: changes with: token: ${{ github.token }} filters: .github/file-filters.yml - name: getsentry token uses: getsentry/action-github-app-token@v1 id: getsentry with: app_id: ${{ secrets.SENTRY_INTERNAL_APP_ID }} private_key: ${{ secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY }} - name: Dispatch getsentry tests uses: actions/github-script@v3 with: github-token: ${{ steps.getsentry.outputs.token }} script: | require(`${process.env.GITHUB_WORKSPACE}/.github/workflows/scripts/getsentry-dispatch`).dispatch({ github, context, fileChanges: ${{ toJson(steps.changes.outputs) }} });