diff --git a/.github/workflows/e2e-label-help.yml b/.github/workflows/e2e-label-help.yml deleted file mode 100644 index e1a268803..000000000 --- a/.github/workflows/e2e-label-help.yml +++ /dev/null @@ -1,68 +0,0 @@ -name: E2E Label Help - -# When a `test:e2e*` label is applied, post a PR comment -# telling the maintainer the next manual step. We don't dispatch the workflow -# ourselves: a workflow_dispatch-triggered run does not surface in the PR's -# Checks tab, so we'd lose in-progress visibility. Instead we point the -# maintainer at either the existing run (re-run from the UI) or the -# `/ok to test ` command needed to refresh the mirror. -# -# Uses `pull_request_target` so forked PRs get a token capable of posting -# comments. The job never checks out PR code; it only calls the GitHub API. - -on: - pull_request_target: - types: [labeled] - -permissions: {} - -jobs: - hint: - name: Post next-step hint for E2E label - if: github.event.label.name == 'test:e2e' || github.event.label.name == 'test:e2e-gpu' || github.event.label.name == 'test:e2e-kubernetes' - runs-on: ubuntu-latest - permissions: - pull-requests: write - actions: read - contents: read - steps: - - name: Post comment - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GH_REPO: ${{ github.repository }} - PR_NUMBER: ${{ github.event.pull_request.number }} - PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }} - LABEL_NAME: ${{ github.event.label.name }} - shell: bash - run: | - set -euo pipefail - - case "$LABEL_NAME" in - test:e2e) workflow_file=branch-e2e.yml; workflow_name="Branch E2E Checks" ;; - test:e2e-gpu) workflow_file=test-gpu.yml; workflow_name="GPU Test" ;; - test:e2e-kubernetes) workflow_file=branch-kubernetes-e2e.yml; workflow_name="Branch Kubernetes E2E" ;; - *) echo "Unrecognized label $LABEL_NAME"; exit 1 ;; - esac - - mirror_ref="pull-request/$PR_NUMBER" - mirror_sha=$(gh api "repos/$GH_REPO/branches/$mirror_ref" --jq '.commit.sha' 2>/dev/null || echo "") - short_pr=${PR_HEAD_SHA:0:7} - - if [ -z "$mirror_sha" ]; then - body="Label \`$LABEL_NAME\` applied, but \`$mirror_ref\` does not exist yet. A maintainer needs to comment \`/ok to test $PR_HEAD_SHA\` to mirror this PR. Once the mirror exists, re-apply the label or re-run [$workflow_name](https://github.com/$GH_REPO/actions/workflows/$workflow_file) from the Actions tab." - elif [ "$mirror_sha" != "$PR_HEAD_SHA" ]; then - short_mirror=${mirror_sha:0:7} - body="Label \`$LABEL_NAME\` applied, but \`$mirror_ref\` is at \`$short_mirror\` while the PR head is \`$short_pr\`. A maintainer needs to comment \`/ok to test $PR_HEAD_SHA\` to refresh the mirror. Once the mirror catches up, re-run [$workflow_name](https://github.com/$GH_REPO/actions/workflows/$workflow_file) from the Actions tab." - else - run_id=$(gh api "repos/$GH_REPO/actions/workflows/$workflow_file/runs?head_sha=$PR_HEAD_SHA&event=push" \ - --jq '.workflow_runs | sort_by(.created_at) | reverse | .[0].id // empty') - if [ -n "$run_id" ]; then - instructions="Open [the existing run](https://github.com/$GH_REPO/actions/runs/$run_id) and click **Re-run all jobs** to execute with the label set." - else - workflow_link="[$workflow_name](https://github.com/$GH_REPO/actions/workflows/$workflow_file)" - instructions="Open $workflow_link, find the run for commit \`$short_pr\`, and click **Re-run all jobs** to execute with the label set." - fi - body="Label \`$LABEL_NAME\` applied for \`$short_pr\`. $instructions The matching required CI gate status on this PR will flip green automatically once the run finishes." - fi - - gh pr comment "$PR_NUMBER" --body "$body" diff --git a/.github/workflows/required-ci-gates.yml b/.github/workflows/required-ci-gates.yml deleted file mode 100644 index cba7a6b9a..000000000 --- a/.github/workflows/required-ci-gates.yml +++ /dev/null @@ -1,185 +0,0 @@ -name: Required CI Gates - -on: - pull_request_target: - types: [opened, synchronize, reopened, ready_for_review, labeled, unlabeled] - workflow_run: - workflows: - - Branch Checks - - Branch E2E Checks - - GPU Test - - Branch Kubernetes E2E - - Helm Lint - types: [completed] - -permissions: - actions: read - contents: read - pull-requests: read - statuses: write - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.workflow_run.head_sha || github.run_id }} - cancel-in-progress: true - -jobs: - publish: - name: Publish required CI gate statuses - runs-on: ubuntu-latest - steps: - - name: Evaluate required CI gates - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GH_REPO: ${{ github.repository }} - EVENT_NAME: ${{ github.event_name }} - PR_NUMBER_FROM_EVENT: ${{ github.event.pull_request.number }} - PR_HEAD_SHA_FROM_EVENT: ${{ github.event.pull_request.head.sha }} - PR_LABELS_FROM_EVENT: ${{ toJSON(github.event.pull_request.labels.*.name) }} - WORKFLOW_RUN_HEAD_SHA: ${{ github.event.workflow_run.head_sha }} - WORKFLOW_RUN_EVENT: ${{ github.event.workflow_run.event }} - shell: bash - run: | - set -euo pipefail - - post_status() { - local context="$1" - local state="$2" - local description="$3" - local target_url="${4:-}" - - args=( - --method POST - "repos/$GH_REPO/statuses/$HEAD_SHA" - -f "state=$state" - -f "context=$context" - -f "description=$description" - ) - if [ -n "$target_url" ]; then - args+=(-f "target_url=$target_url") - fi - - echo "$context: $state - $description" - gh api "${args[@]}" >/dev/null - } - - has_label() { - local label="$1" - jq -e --arg label "$label" 'index($label) != null' <<< "$LABELS_JSON" >/dev/null - } - - resolve_pull_request_event() { - PR_NUMBER="$PR_NUMBER_FROM_EVENT" - HEAD_SHA="$PR_HEAD_SHA_FROM_EVENT" - LABELS_JSON=$(jq -c . <<< "$PR_LABELS_FROM_EVENT") - } - - resolve_workflow_run_event() { - if [ "$WORKFLOW_RUN_EVENT" != "push" ]; then - echo "Ignoring workflow_run from event '$WORKFLOW_RUN_EVENT'." - exit 0 - fi - - local associated_prs pr - associated_prs=$(gh api "repos/$GH_REPO/commits/$WORKFLOW_RUN_HEAD_SHA/pulls") - pr=$(jq -c 'map(select(.state == "open"))[0] // empty' <<< "$associated_prs") - if [ -z "$pr" ]; then - echo "No open PR associated with $WORKFLOW_RUN_HEAD_SHA; nothing to publish." - exit 0 - fi - - PR_NUMBER=$(jq -r '.number' <<< "$pr") - pr=$(gh api "repos/$GH_REPO/pulls/$PR_NUMBER") - HEAD_SHA=$(jq -r '.head.sha' <<< "$pr") - LABELS_JSON=$(gh api "repos/$GH_REPO/issues/$PR_NUMBER" --jq '[.labels[].name]') - } - - resolve_context() { - if [ "$EVENT_NAME" = "pull_request_target" ]; then - resolve_pull_request_event - elif [ "$EVENT_NAME" = "workflow_run" ]; then - resolve_workflow_run_event - else - echo "Unsupported event '$EVENT_NAME'." - exit 1 - fi - - PR_URL="https://github.com/$GH_REPO/pull/$PR_NUMBER" - MIRROR_REF="pull-request/$PR_NUMBER" - } - - verify_mirror() { - local context="$1" - local mirror_sha - - mirror_sha=$(gh api "repos/$GH_REPO/branches/$MIRROR_REF" --jq '.commit.sha' 2>/dev/null || true) - if [ -z "$mirror_sha" ]; then - post_status "$context" pending "Waiting for /ok to test mirror" "$PR_URL" - return 1 - fi - - if [ "$mirror_sha" != "$HEAD_SHA" ]; then - post_status "$context" pending "Waiting for /ok to test mirror" "$PR_URL" - return 1 - fi - - return 0 - } - - evaluate_workflow() { - local context="$1" - local workflow_file="$2" - local workflow_name="$3" - local required_label="${4:-}" - local workflow_url="https://github.com/$GH_REPO/actions/workflows/$workflow_file" - - if [ -n "$required_label" ] && ! has_label "$required_label"; then - post_status "$context" success "$required_label not applied" "$PR_URL" - return 0 - fi - - if ! verify_mirror "$context"; then - return 0 - fi - - local runs latest run_id status conclusion run_url real_success - runs=$(gh api "repos/$GH_REPO/actions/workflows/$workflow_file/runs?head_sha=$HEAD_SHA&event=push" --jq '.workflow_runs') - latest=$(jq -c --arg branch "$MIRROR_REF" '[.[] | select(.head_branch == $branch)] | sort_by(.created_at) | reverse | .[0] // empty' <<< "$runs") - - if [ -z "$latest" ]; then - post_status "$context" pending "Waiting for $workflow_name" "$workflow_url" - return 0 - fi - - run_id=$(jq -r '.id' <<< "$latest") - status=$(jq -r '.status' <<< "$latest") - conclusion=$(jq -r '.conclusion' <<< "$latest") - run_url=$(jq -r '.html_url' <<< "$latest") - - if [ "$status" != "completed" ]; then - post_status "$context" pending "$workflow_name is $status" "$run_url" - return 0 - fi - - if [ "$conclusion" != "success" ]; then - post_status "$context" failure "$workflow_name concluded $conclusion" "$run_url" - return 0 - fi - - real_success=$(gh api "repos/$GH_REPO/actions/runs/$run_id/jobs?per_page=100" \ - --jq '[.jobs[] | select(.conclusion == "success" and .name != "Resolve PR metadata")] | length') - - if [ "$real_success" -lt 1 ]; then - post_status "$context" failure "No real CI jobs ran" "$run_url" - return 0 - fi - - post_status "$context" success "$workflow_name passed" "$run_url" - } - - resolve_context - - evaluate_workflow "OpenShell / Branch Checks" "branch-checks.yml" "Branch Checks" - evaluate_workflow "OpenShell / E2E" "branch-e2e.yml" "Branch E2E Checks" "test:e2e" - evaluate_workflow "OpenShell / GPU E2E" "test-gpu.yml" "GPU Test" "test:e2e-gpu" - evaluate_workflow "OpenShell / Kubernetes E2E" "branch-kubernetes-e2e.yml" "Branch Kubernetes E2E" "test:e2e-kubernetes" - evaluate_workflow "OpenShell / Helm Lint" "helm-lint.yml" "Helm Lint"