getsentry-dispatch.yml 3.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081
  1. # Dispatch a request to getsentry to run getsentry test suites
  2. name: getsentry dispatcher
  3. on:
  4. # XXX: We are using `pull_request_target` instead of `pull_request` because we want
  5. # this to run on forks. It allows forks to access secrets safely by
  6. # only running workflows from the main branch. Prefer to use `pull_request` when possible.
  7. #
  8. # See https://github.com/getsentry/sentry/pull/21600 for more details
  9. pull_request_target:
  10. types: [labeled, opened, reopened, synchronize]
  11. # disable all other special privileges
  12. permissions:
  13. # needed for `actions/checkout` to clone the code
  14. contents: read
  15. # needed to remove the pull-request label
  16. pull-requests: write
  17. jobs:
  18. dispatch:
  19. if: "github.event.action != 'labeled' || github.event.label.name == 'Trigger: getsentry tests'"
  20. name: getsentry dispatch
  21. runs-on: ubuntu-24.04
  22. steps:
  23. - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
  24. with:
  25. persist-credentials: false
  26. - name: permissions
  27. run: |
  28. python3 -uS .github/workflows/scripts/getsentry-dispatch-setup \
  29. --repo-id ${{ github.event.repository.id }} \
  30. --pr ${{ github.event.number }} \
  31. --event ${{ github.event.action }} \
  32. --username "$ARG_USERNAME" \
  33. --label-names "$ARG_LABEL_NAMES"
  34. env:
  35. GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  36. # these can contain special characters
  37. ARG_USERNAME: ${{ github.event.pull_request.user.login }}
  38. ARG_LABEL_NAMES: ${{ toJSON(github.event.pull_request.labels.*.name) }}
  39. - name: Check for file changes
  40. uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0
  41. id: changes
  42. with:
  43. token: ${{ github.token }}
  44. filters: .github/file-filters.yml
  45. - name: getsentry token
  46. uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc # v3.0.0
  47. id: getsentry
  48. with:
  49. app_id: ${{ vars.SENTRY_INTERNAL_APP_ID }}
  50. private_key: ${{ secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY }}
  51. - name: Wait for PR merge commit
  52. uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
  53. id: mergecommit
  54. with:
  55. github-token: ${{ steps.getsentry.outputs.token }}
  56. script: |
  57. require(`${process.env.GITHUB_WORKSPACE}/.github/workflows/scripts/wait-for-merge-commit`).waitForMergeCommit({
  58. github,
  59. context,
  60. core,
  61. });
  62. - name: Dispatch getsentry tests
  63. uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
  64. with:
  65. github-token: ${{ steps.getsentry.outputs.token }}
  66. script: |
  67. require(`${process.env.GITHUB_WORKSPACE}/.github/workflows/scripts/getsentry-dispatch`).dispatch({
  68. github,
  69. context,
  70. core,
  71. mergeCommitSha: '${{ steps.mergecommit.outputs.mergeCommitSha }}',
  72. fileChanges: ${{ toJson(steps.changes.outputs) }},
  73. });