Invoke Canary as Maintainer for Pull Request 4078 #30
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow allows maintainers to manually run the canary given an external contributor's pull request created from | |
| # a forked repository, which does not have required repository secrets to execute the canary. | |
| name: Invoke Canary as Maintainer | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| pull_request_number: | |
| description: The PR number to invoke the canary for. | |
| required: true | |
| type: string | |
| commit_sha: | |
| description: The the full SHA for the HEAD commit of the PR | |
| required: true | |
| type: string | |
| run-name: ${{ github.workflow }} for Pull Request ${{ inputs.pull_request_number }} | |
| # Allow one instance of this workflow per pull request, and cancel older runs when new changes are pushed | |
| concurrency: | |
| group: manual-canary-${{ inputs.pull_request_number }} | |
| cancel-in-progress: true | |
| jobs: | |
| get-pr-info: | |
| name: Get PR info | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Get PR info | |
| id: get-pr-info | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const response = await github.rest.pulls.get({ | |
| pull_number: ${{ inputs.pull_request_number }}, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| }); | |
| const data = { | |
| commit_sha: response.data.head.sha, | |
| }; | |
| console.log("data:", data); | |
| if(data.commit_sha !== "${{ inputs.commit_sha }}""){ | |
| throw new Error("Input SHA does not match retrieved SHA") | |
| } | |
| return data; | |
| outputs: | |
| pull_data: ${{ steps.get-pr-info.outputs.result }} | |
| acquire-base-image: | |
| name: Acquire Base Image | |
| needs: | |
| - get-pr-info | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| path: smithy-rs | |
| # The ref used needs to match the HEAD revision of the PR being diffed, or else | |
| # the `docker-build` action won't find the built Docker image. | |
| ref: ${{ inputs.commit_sha }} | |
| fetch-depth: 0 | |
| - name: Acquire base image | |
| id: acquire | |
| run: ./smithy-rs/.github/scripts/acquire-build-image | |
| - name: Upload base image | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: smithy-rs-base-image | |
| path: smithy-rs-base-image | |
| retention-days: 1 | |
| generate: | |
| name: Generate | |
| needs: | |
| - acquire-base-image | |
| - get-pr-info | |
| runs-on: smithy_ubuntu-latest_8-core | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| path: smithy-rs | |
| ref: ${{ inputs.commit_sha }} | |
| - name: Generate a subset of SDKs for the canary | |
| uses: ./smithy-rs/.github/actions/docker-build | |
| with: | |
| action: generate-aws-sdk-for-canary | |
| canary: | |
| name: Canary | |
| needs: | |
| - generate | |
| - get-pr-info | |
| runs-on: smithy_ubuntu-latest_8-core | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| path: smithy-rs | |
| ref: ${{ inputs.commit_sha }} | |
| - name: Configure credentials | |
| id: creds | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: us-west-2 | |
| role-to-assume: ${{ secrets.CANARY_GITHUB_ACTIONS_ROLE_ARN }} | |
| output-credentials: true | |
| - name: Run canary | |
| uses: ./smithy-rs/.github/actions/docker-build | |
| with: | |
| action: run-canary | |
| action-arguments: ${{ secrets.CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME }} ${{ steps.creds.outputs.aws-access-key-id }} ${{ steps.creds.outputs.aws-secret-access-key }} ${{ steps.creds.outputs.aws-session-token }} |