pr_check.yml 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258
  1. name: PR-check
  2. on:
  3. pull_request_target:
  4. branches:
  5. - 'main'
  6. - 'stable-*'
  7. - 'stream-nb-*'
  8. - '*-stable-*'
  9. types:
  10. - 'opened'
  11. - 'synchronize'
  12. - 'reopened'
  13. - 'labeled'
  14. concurrency:
  15. group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
  16. cancel-in-progress: true
  17. jobs:
  18. check-running-allowed:
  19. if: ${{vars.CHECKS_SWITCH != '' && fromJSON(vars.CHECKS_SWITCH).pr_check == true}}
  20. runs-on: ubuntu-latest
  21. outputs:
  22. result: ${{ steps.check-ownership-membership.outputs.result == 'true' && steps.check-is-mergeable.outputs.result == 'true' }}
  23. commit_sha: ${{ steps.check-is-mergeable.outputs.commit_sha }}
  24. steps:
  25. - name: Reset integrated status
  26. run: |
  27. curl -L -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{github.token}}" -H "X-GitHub-Api-Version: 2022-11-28" \
  28. https://api.github.com/repos/${{github.repository}}/statuses/${{github.event.pull_request.head.sha}} \
  29. -d '{"state":"pending","description":"Waiting for relevant checks to complete","context":"checks_integrated"}'
  30. - name: Check if running tests is allowed
  31. id: check-ownership-membership
  32. uses: actions/github-script@v7
  33. with:
  34. github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
  35. script: |
  36. const labels = context.payload.pull_request.labels;
  37. const okToTestLabel = labels.find(
  38. label => label.name == 'ok-to-test'
  39. );
  40. console.log("okToTestLabel=%o", okToTestLabel !== undefined);
  41. if (okToTestLabel !== undefined) {
  42. return true;
  43. }
  44. // This is used primarily in forks. Repository owner
  45. // should be allowed to run anything.
  46. const userLogin = context.payload.pull_request.user.login;
  47. // How to interpret membership status code:
  48. // https://docs.github.com/rest/collaborators/collaborators#check-if-a-user-is-a-repository-collaborator
  49. const isRepoCollaborator = async function () {
  50. try {
  51. const response = await github.rest.repos.checkCollaborator({
  52. owner: context.payload.repository.owner.login,
  53. repo: context.payload.repository.name,
  54. username: userLogin,
  55. });
  56. return response.status == 204;
  57. } catch (error) {
  58. if (error.status && error.status == 404) {
  59. return false;
  60. }
  61. throw error;
  62. }
  63. }
  64. if (context.payload.repository.owner.login == userLogin) {
  65. console.log("You are the repository owner!");
  66. return true;
  67. }
  68. if (await isRepoCollaborator()) {
  69. console.log("You are a collaborator!");
  70. return true;
  71. }
  72. return false;
  73. - name: comment-if-waiting-on-ok
  74. if: steps.check-ownership-membership.outputs.result == 'false' &&
  75. github.event.action == 'opened'
  76. uses: actions/github-script@v7
  77. with:
  78. script: |
  79. let externalContributorLabel = 'external';
  80. github.rest.issues.createComment({
  81. issue_number: context.issue.number,
  82. owner: context.repo.owner,
  83. repo: context.repo.repo,
  84. body: 'Hi! Thank you for contributing!\nThe tests on this PR will run after a maintainer adds an `ok-to-test` label to this PR manually. Thank you for your patience!'
  85. });
  86. github.rest.issues.addLabels({
  87. ...context.repo,
  88. issue_number: context.issue.number,
  89. labels: [externalContributorLabel]
  90. });
  91. - name: cleanup-test-label
  92. uses: actions/github-script@v7
  93. with:
  94. script: |
  95. let labelsToRemove = ['ok-to-test', 'rebase-and-check'];
  96. const prNumber = context.payload.pull_request.number;
  97. const prLabels = new Set(context.payload.pull_request.labels.map(l => l.name));
  98. for await (const label of labelsToRemove.filter(l => prLabels.has(l))) {
  99. core.info(`remove label=${label} for pr=${prNumber}`);
  100. try {
  101. const result = await github.rest.issues.removeLabel({
  102. ...context.repo,
  103. issue_number: prNumber,
  104. name: label
  105. });
  106. } catch(error) {
  107. // ignore the 404 error that arises
  108. // when the label did not exist for the
  109. // organization member
  110. if (error.status && error.status != 404) {
  111. throw error;
  112. }
  113. }
  114. }
  115. - name: check is mergeable
  116. id: check-is-mergeable
  117. if: steps.check-ownership-membership.outputs.result == 'true'
  118. uses: actions/github-script@v7
  119. with:
  120. result-encoding: string
  121. script: |
  122. let pr = context.payload.pull_request;
  123. const delay = ms => new Promise(resolve => setTimeout(resolve, ms));
  124. const header = `<!-- merge pr=${pr.number} -->\n`;
  125. const fail_msg = header + ':red_circle: Unable to merge your PR into the base branch. '
  126. + 'Please rebase or merge it with the base branch.'
  127. let i = 0;
  128. while (pr.mergeable == null && i < 60) {
  129. console.log("get pull-request status");
  130. let result = await github.rest.pulls.get({
  131. ...context.repo,
  132. pull_number: pr.number
  133. })
  134. pr = result.data;
  135. if (pr.mergeable == null) {
  136. await delay(5000);
  137. }
  138. i += 1;
  139. }
  140. console.log("pr.mergeable=%o", pr.mergeable);
  141. if (pr.mergeable === null) {
  142. core.setFailed("Unable to check if the PR is mergeable, please re-run the check.");
  143. return false;
  144. }
  145. const { data: comments } = await github.rest.issues.listComments({
  146. issue_number: context.issue.number,
  147. owner: context.repo.owner,
  148. repo: context.repo.repo
  149. });
  150. const commentToUpdate = comments.find(comment => comment.body.startsWith(header));
  151. if (!pr.mergeable) {
  152. let commentParams = {
  153. ...context.repo,
  154. issue_number: context.issue.number,
  155. body: fail_msg
  156. };
  157. if (commentToUpdate) {
  158. await github.rest.issues.updateComment({
  159. ...commentParams,
  160. comment_id: commentToUpdate.id,
  161. });
  162. } else {
  163. await github.rest.issues.createComment({...commentParams});
  164. }
  165. core.setFailed("Merge conflict detected");
  166. return false;
  167. } else if (commentToUpdate) {
  168. await github.rest.issues.deleteComment({
  169. ...context.repo,
  170. issue_number: context.issue.number,
  171. comment_id: commentToUpdate.id,
  172. });
  173. }
  174. core.info(`commit_sha=${pr.commit_sha}`);
  175. core.setOutput('commit_sha', pr.merge_commit_sha);
  176. return true;
  177. build_and_test:
  178. needs:
  179. - check-running-allowed
  180. if: needs.check-running-allowed.outputs.result == 'true' && needs.check-running-allowed.outputs.commit_sha != ''
  181. strategy:
  182. fail-fast: false
  183. matrix:
  184. build_preset: ["relwithdebinfo", "release-asan", "release-clang14"]
  185. runs-on: [ self-hosted, auto-provisioned, "${{ format('build-preset-{0}', matrix.build_preset) }}" ]
  186. name: Build and test ${{ matrix.build_preset }}
  187. steps:
  188. - name: Checkout
  189. uses: actions/checkout@v4
  190. with:
  191. ref: ${{ needs.check-running-allowed.outputs.commit_sha }}
  192. fetch-depth: 2
  193. - name: Setup ydb access
  194. uses: ./.github/actions/setup_ci_ydb_service_account_key_file_credentials
  195. with:
  196. ci_ydb_service_account_key_file_credentials: ${{ secrets.CI_YDB_SERVICE_ACCOUNT_KEY_FILE_CREDENTIALS }}
  197. - name: Build and test
  198. uses: ./.github/actions/build_and_test_ya
  199. with:
  200. build_preset: ${{ matrix.build_preset }}
  201. build_target: "ydb/"
  202. increment: true
  203. run_tests: ${{ contains(fromJSON('["relwithdebinfo", "release-asan"]'), matrix.build_preset) }}
  204. test_size: "small,medium"
  205. test_threads: 52
  206. put_build_results_to_cache: true
  207. secs: ${{ format('{{"TESTMO_TOKEN2":"{0}","AWS_KEY_ID":"{1}","AWS_KEY_VALUE":"{2}","REMOTE_CACHE_USERNAME":"{3}","REMOTE_CACHE_PASSWORD":"{4}"}}',
  208. secrets.TESTMO_TOKEN2, secrets.AWS_KEY_ID, secrets.AWS_KEY_VALUE, secrets.REMOTE_CACHE_USERNAME, secrets.REMOTE_CACHE_PASSWORD ) }}
  209. vars: ${{ format('{{"AWS_BUCKET":"{0}","AWS_ENDPOINT":"{1}","REMOTE_CACHE_URL":"{2}","TESTMO_URL":"{3}","TESTMO_PROJECT_ID":"{4}"}}',
  210. vars.AWS_BUCKET, vars.AWS_ENDPOINT, vars.REMOTE_CACHE_URL_YA, vars.TESTMO_URL, vars.TESTMO_PROJECT_ID ) }}
  211. update_integrated_status:
  212. runs-on: ubuntu-latest
  213. needs: build_and_test
  214. if: always()
  215. steps:
  216. - name: Gather required checks results
  217. shell: bash
  218. run: |
  219. successbuilds=$(curl -L -X GET -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{github.token}}" -H "X-GitHub-Api-Version: 2022-11-28" \
  220. https://api.github.com/repos/${{github.repository}}/commits/${{github.event.pull_request.head.sha}}/status | \
  221. jq -cr '.statuses | .[] | select(.state=="success") | select(.context | (startswith("build_") or startswith("test_relwithdebinfo")) ) | .context' | \
  222. wc -l )
  223. if [[ $successbuilds == "4" ]];then
  224. integrated_status="success"
  225. else
  226. integrated_status="failure"
  227. fi
  228. curl -L -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{github.token}}" -H "X-GitHub-Api-Version: 2022-11-28" \
  229. https://api.github.com/repos/${{github.repository}}/statuses/${{github.event.pull_request.head.sha}} \
  230. -d '{"state":"'$integrated_status'","description":"All checks completed","context":"checks_integrated"}'