chore: Allow org members to trigger E2E workflow #2285
Conversation
|
Note Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported. |
There was a problem hiding this comment.
Pull Request Overview
This PR enhances the E2E workflow permission checking system to allow public members of the openshift-pipelines organization to trigger E2E tests. The changes implement a multi-condition permission check that evaluates trusted bots, organization membership, and repository collaborator permissions in sequence.
- Restructured permission checking into three sequential conditions for better organization
- Added public organization membership check for
openshift-pipelinesorganization - Included
renovate[bot]in the list of trusted bots
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
|
/issue-create |
✅ GitHub Issue Created
📋 Created Issue#2286 - Enhancement: Allow organization members to trigger E2E tests on their PRs 🔗 RelationshipThis pull request resolves the issue described above. The issue was automatically generated based on the PR content to represent the underlying problem being solved. 📝 Issue Content PreviewClick to view the generated issue contentProblem DescriptionCurrently, only repository collaborators with write access can trigger E2E tests on pull requests. This limitation prevents members of the Current BehaviorE2E tests can only be initiated by a limited set of users, specifically those with repository write permissions or trusted bots. Organization members who do not have direct write access to the repository are unable to trigger these crucial tests on their pull requests. Expected BehaviorWe should enable members of the Additional ContextThis change aims to streamline the contribution and testing process for organization members, fostering a more collaborative environment and ensuring that changes are adequately tested before merging. It specifically addresses the scenario where organization members want to validate their work through E2E testing without needing explicit repository write permissions. 🤖 Issue created automatically using |
.github/workflows/e2e.yaml
Outdated
| // Condition 2: Check for public membership in the target organization. | ||
| core.info(`User @${actor} is not a trusted bot. Checking for membership in '${targetOrg}'...`); | ||
| try { | ||
| await github.rest.orgs.checkMembershipForUser({ |
There was a problem hiding this comment.
this checks for public and private both membership if you only wanna check public membership then three is another function for that checkPublicMembershipForUser.
Note: see this docs and search for function name "checkPublicMembershipForUser"
There was a problem hiding this comment.
or you can use getMembershipForUserInOrg func to check permission of a user in a team for an org
github.rest.teams.getMembershipForUserInOrg({
org,
team_slug,
username,
});
|
I think we should finalize this first as it is happening for Abhishek as well |
Refactored the GitHub script used in the E2E workflow for checking pull request submitter permissions. The logic was expanded to check for trusted bots, organization team membership, organization membership, and finally repository collaborator permissions, allowing for a more robust set of conditions to permit workflow execution. Additionally, removed legacy steps related to logging test failures and Slack reporting that are now handled elsewhere or implicitly by the job status. The step was also simplified to rely on the standard test runner output. Co-authored-by: Claude <[email protected]> Signed-off-by: Chmouel Boudjnah <[email protected]>
chmouel
force-pushed
the
fix-github-script-client
branch
from
6c646e4 to
2f1afa0
Compare
2 participants
The permission check script in the E2E workflow was updated. It now verifies if the pull request author is a public member of the
openshift-pipelinesorganization.This check is performed in addition to the existing checks for trusted bots and collaborators with repository write access. This allows organization members to run E2E tests on their pull requests without requiring direct write permissions on the repository.
Additionally,
renovate[bot]was added to the list of trusted bots.📝 Description of the Change
👨🏻 Linked Jira
🔗 Linked GitHub Issue
Fixes #
🚀 Type of Change
fix:)feat:)feat!:,fix!:)docs:)chore:)refactor:)enhance:)deps:)🧪 Testing Strategy
🤖 AI Assistance
If you have used AI assistance, please provide the following details:
Which LLM was used?
Extent of AI Assistance:
Important
If the majority of the code in this PR was generated by an AI, please add a
Co-authored-bytrailer to your commit message.For example:
Co-authored-by: Gemini [email protected]
Co-authored-by: ChatGPT [email protected]
Co-authored-by: Claude [email protected]
Co-authored-by: Cursor [email protected]
Co-authored-by: Copilot [email protected]
**💡You can use the script
./hack/add-llm-coauthor.shto automatically addthese co-author trailers to your commits.
✅ Submitter Checklist
fix:,feat:) matches the "Type of Change" I selected above.make testandmake lintlocally to check for and fix anyissues. For an efficient workflow, I have considered installing
pre-commit and running
pre-commit installtoautomate these checks.
Closes #2286