mirror of
				https://github.com/1Password/onepassword-operator.git
				synced 2025-10-24 16:30:47 +00:00 
			
		
		
		
	Compare commits
	
		
			18 Commits
		
	
	
		
			main
			...
			vzt/fix-ok
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|   | 5fb44ba7eb | ||
|   | 3eae7f3e7e | ||
|   | 04edd4dbfa | ||
|   | bb4f5bdcb0 | ||
|   | d403a29fdc | ||
|   | d30ed0b9d7 | ||
|   | db2053fde4 | ||
|   | 316f605680 | ||
|   | 7135f439a5 | ||
|   | 625297c1fb | ||
|   | e967f7ce1e | ||
|   | 5199e9f350 | ||
|   | 878b38deac | ||
|   | 1a40b4fb95 | ||
|   | 4b5d3c5f1a | ||
|   | 8d4908fb72 | ||
|   | 6cf52a7bfc | ||
|   | 7ef9ec6de7 | 
							
								
								
									
										2
									
								
								.github/workflows/e2e-tests.yml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										2
									
								
								.github/workflows/e2e-tests.yml
									
									
									
									
										vendored
									
									
								
							| @@ -1,4 +1,4 @@ | |||||||
| name: E2E Tests | name: E2E Tests [reusable] | ||||||
|  |  | ||||||
| on: | on: | ||||||
|   workflow_call: |   workflow_call: | ||||||
|   | |||||||
							
								
								
									
										2
									
								
								.github/workflows/ok-to-test.yml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										2
									
								
								.github/workflows/ok-to-test.yml
									
									
									
									
										vendored
									
									
								
							| @@ -1,4 +1,4 @@ | |||||||
| # Write comments "/ok-to-test <hash>" on a pull request. This will emit a repository_dispatch event. | # Write comments "/ok-to-test sha=<hash>" on a pull request. This will emit a repository_dispatch event. | ||||||
| name: Ok To Test | name: Ok To Test | ||||||
|  |  | ||||||
| on: | on: | ||||||
|   | |||||||
							
								
								
									
										26
									
								
								.github/workflows/test-e2e-fork.yml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										26
									
								
								.github/workflows/test-e2e-fork.yml
									
									
									
									
										vendored
									
									
								
							| @@ -13,7 +13,7 @@ concurrency: | |||||||
|   cancel-in-progress: true # cancel previous job runs for the same branch |   cancel-in-progress: true # cancel previous job runs for the same branch | ||||||
|  |  | ||||||
| jobs: | jobs: | ||||||
|   e2e-tests: |   run-e2e-tests-fork: | ||||||
|     uses: ./.github/workflows/e2e-tests.yml |     uses: ./.github/workflows/e2e-tests.yml | ||||||
|     if: | |     if: | | ||||||
|       github.event_name == 'repository_dispatch' && |       github.event_name == 'repository_dispatch' && | ||||||
| @@ -28,14 +28,13 @@ jobs: | |||||||
|       OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} |       OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} | ||||||
|  |  | ||||||
|   update-check-status: |   update-check-status: | ||||||
|     needs: e2e-tests |     needs: run-e2e-tests-fork | ||||||
|     runs-on: ubuntu-latest |     runs-on: ubuntu-latest | ||||||
|     if: always() && github.event_name == 'repository_dispatch' |     if: always() && github.event_name == 'repository_dispatch' | ||||||
|     steps: |     steps: | ||||||
|       - uses: actions/github-script@v6 |       - uses: actions/github-script@v6 | ||||||
|         env: |         env: | ||||||
|           ref: ${{ github.event.client_payload.pull_request.head.sha }} |           ref: ${{ github.event.client_payload.pull_request.head.sha }} | ||||||
|           conclusion: ${{ needs.e2e-tests.result }} |  | ||||||
|         with: |         with: | ||||||
|           github-token: ${{ secrets.GITHUB_TOKEN }} |           github-token: ${{ secrets.GITHUB_TOKEN }} | ||||||
|           script: | |           script: | | ||||||
| @@ -44,13 +43,24 @@ jobs: | |||||||
|               ref: process.env.ref |               ref: process.env.ref | ||||||
|             }); |             }); | ||||||
|  |  | ||||||
|             const check = checks.check_runs.filter(c => c.name === 'e2e-test'); |             // update the 'check-external-pr' check run | ||||||
|  |             const externalCheck = checks.check_runs.filter(c => c.name === 'check-external-pr'); | ||||||
|  |  | ||||||
|             const { data: result } = await github.rest.checks.update({ |             const { data: externalCheckUpdateResult } = await github.rest.checks.update({ | ||||||
|               ...context.repo, |               ...context.repo, | ||||||
|               check_run_id: check[0].id, |               check_run_id: externalCheck[0].id, | ||||||
|               status: 'completed', |               status: 'completed', | ||||||
|               conclusion: process.env.conclusion |               conclusion: 'success' | ||||||
|             }); |             }); | ||||||
|  |  | ||||||
|             return result; |             // update the 'run-e2e-tests' check run from 'test-e2e.yml' workflow | ||||||
|  |             const e2eTestCheck = checks.check_runs.filter(c => c.name === 'run-e2e-tests'); | ||||||
|  |  | ||||||
|  |             const { data: e2eTestCheckResult } = await github.rest.checks.update({ | ||||||
|  |               ...context.repo, | ||||||
|  |               check_run_id: e2eTestCheck[0].id, | ||||||
|  |               status: 'completed', | ||||||
|  |               conclusion: 'success' | ||||||
|  |             }); | ||||||
|  |  | ||||||
|  |             return [externalCheckUpdateResult, e2eTestCheckResult]; | ||||||
|   | |||||||
							
								
								
									
										2
									
								
								.github/workflows/test-e2e.yml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										2
									
								
								.github/workflows/test-e2e.yml
									
									
									
									
										vendored
									
									
								
							| @@ -33,7 +33,7 @@ jobs: | |||||||
|           fi |           fi | ||||||
|           echo "✅ Internal PR detected. Proceeding with tests." |           echo "✅ Internal PR detected. Proceeding with tests." | ||||||
|  |  | ||||||
|   e2e-test: |   run-e2e-tests: | ||||||
|     needs: check-external-pr |     needs: check-external-pr | ||||||
|     if: always() && (needs.check-external-pr.result == 'success' || github.event_name != 'pull_request') |     if: always() && (needs.check-external-pr.result == 'success' || github.event_name != 'pull_request') | ||||||
|     uses: ./.github/workflows/e2e-tests.yml |     uses: ./.github/workflows/e2e-tests.yml | ||||||
|   | |||||||
							
								
								
									
										109
									
								
								docs/fork-pr-testing.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										109
									
								
								docs/fork-pr-testing.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,109 @@ | |||||||
|  | # Fork PR Testing Guide | ||||||
|  |  | ||||||
|  | This document explains how to test external pull requests using the dispatch action workflow system. | ||||||
|  |  | ||||||
|  | ## Overview | ||||||
|  |  | ||||||
|  | The testing system consists of three main workflows: | ||||||
|  |  | ||||||
|  | 1. **E2E Tests** (`test-e2e.yml`) - Runs automatically for internal PRs, requires approval for external PRs | ||||||
|  | 2. **Ok To Test** (`ok-to-test.yml`) - Processes slash commands to trigger fork testing | ||||||
|  | 3. **E2E tests [fork]** (`test-e2e-fork.yml`) - Triggered manually via slash commands for external PRs | ||||||
|  |  | ||||||
|  | ## How It Works | ||||||
|  |  | ||||||
|  | ### 1. Initial PR State | ||||||
|  | When a PR is created or updated: | ||||||
|  | - The `test-e2e.yml` workflow automatically runs | ||||||
|  | - For **external PRs**: The `check-external-pr` job detects it's from a fork and **fails intentionally** | ||||||
|  | - For **internal PRs**: The workflow proceeds normally with e2e tests | ||||||
|  | - External PRs show ❌ for the check-external-pr job with a message asking for maintainer approval | ||||||
|  |  | ||||||
|  | ### 2. Manual Approval Required | ||||||
|  | **Important**: External PRs require manual approval before workflows can run. | ||||||
|  |  | ||||||
|  | **Steps for maintainers:** | ||||||
|  | 1. Go to the PR page | ||||||
|  | 2. Click **"Approve workflow to run"** button. For contributors who have made more than one contribution, workflows will start automatically after approval.  | ||||||
|  | 3. The workflow will then execute | ||||||
|  |  | ||||||
|  | **Note**: The `test-e2e.yml` workflow will still fail for external PRs even after approval, as it's designed to prevent automatic execution. Need to use the slash command instead. | ||||||
|  |  | ||||||
|  | ### 3. Testing External PRs | ||||||
|  | Once the initial checks have run (and failed), maintainers can test the PR using slash commands: | ||||||
|  |  | ||||||
|  | #### Step-by-Step Process: | ||||||
|  |  | ||||||
|  | 1. **Navigate to the PR** | ||||||
|  |    - Go to the pull request you want to test | ||||||
|  |  | ||||||
|  | 2. **Add a comment with slash command** | ||||||
|  |    ``` | ||||||
|  |    /ok-to-test sha=<commit-sha> | ||||||
|  |    ``` | ||||||
|  |    Replace `<commit-sha>` with the latest commit SHA from the PR. | ||||||
|  |     | ||||||
|  |    **Note**: Use the short SHA. | ||||||
|  |  | ||||||
|  | 3. **Dispatch Action Triggers** | ||||||
|  |    - The `ok-to-test.yml` workflow processes the slash command | ||||||
|  |    - It triggers a `repository_dispatch` event with type `ok-to-test-command` | ||||||
|  |    - The `test-e2e-fork.yml` workflow starts | ||||||
|  |  | ||||||
|  | 4. **Workflow Execution** | ||||||
|  |    The fork workflow runs two jobs: | ||||||
|  |     | ||||||
|  |    **a) `run-e2e-tests` job** (conditional) | ||||||
|  |    - Only runs if: | ||||||
|  |      - Event is `repository_dispatch` | ||||||
|  |      - SHA parameter is not empty | ||||||
|  |      - PR head SHA contains the provided SHA | ||||||
|  |    - Calls the reusable `run-e2e-tests.yml` workflow | ||||||
|  |    - Runs the actual E2E tests if conditions are met | ||||||
|  |     | ||||||
|  |    **b) `update-check-status` job** (conditional) | ||||||
|  |    - Runs after `e2e-tests` completes | ||||||
|  |    - Updates the existing check for job named "run-e2e-tests" from 'test-e2e.yml' workflow | ||||||
|  |    - Sets the conclusion based on `run-e2e-tests` result: | ||||||
|  |      - ✅ **Success** if tests pass | ||||||
|  |      - ❌ **Failure** if tests fail | ||||||
|  |  | ||||||
|  | ## Troubleshooting | ||||||
|  |  | ||||||
|  | ### Workflow Not Running | ||||||
|  | - **Check**: Ensure you've approved the workflow to run | ||||||
|  | - **Action**: Click "Approve workflow to run" in the PR checks tab | ||||||
|  |  | ||||||
|  | ### SHA Not Found | ||||||
|  | - **Check**: Verify the SHA exists in the PR commits | ||||||
|  | - **Action**: Use `git log --oneline` to find valid commit SHAs | ||||||
|  |  | ||||||
|  | ### Dispatch Not Triggering | ||||||
|  | - **Check**: Ensure the slash command format is correct | ||||||
|  | - **Action**: Use exact format: `/ok-to-test sha=<sha>` | ||||||
|  |  | ||||||
|  | ### Check Runs Not Updating | ||||||
|  | - **Note**: The fork workflow updates the existing "E2E Tests [reusable]" check run | ||||||
|  | - **Behavior**: The same check run is updated with new results rather than creating a new one | ||||||
|  |  | ||||||
|  | ## Security Notes | ||||||
|  |  | ||||||
|  | - Only users with **write** permissions can trigger dispatch commands | ||||||
|  | - The fork workflow runs in the main repository context, allowing it to update check runs | ||||||
|  | - Manual approval is required for external PR workflows | ||||||
|  | - External PRs are automatically detected and prevented from running tests automatically | ||||||
|  |  | ||||||
|  | ## Workflow Files | ||||||
|  |  | ||||||
|  | - **`.github/workflows/ok-to-test.yml`** - Ok To Test - Slash command processor | ||||||
|  | - **`.github/workflows/test-e2e.yml`** - E2E Tests - Initial PR checks | ||||||
|  | - **`.github/workflows/test-e2e-fork.yml`** - E2E tests [fork] - Dispatch action handler | ||||||
|  | - **`.github/workflows/e2e-tests.yml`** - E2E Tests [reusable] - Reusable workflow for actual testing | ||||||
|  |  | ||||||
|  | ## Testing Checklist | ||||||
|  |  | ||||||
|  | - [ ] PR created with failing check-external-pr check (for external PRs) | ||||||
|  | - [ ] Workflow approved to run (if required) | ||||||
|  | - [ ] Slash command posted with valid SHA | ||||||
|  | - [ ] Dispatch action triggered successfully | ||||||
|  | - [ ] `check-external-pr` check run updated with correct conclusion | ||||||
		Reference in New Issue
	
	Block a user