Make it harder for users to accidentally launch new (Canton) nodes via faulty config overrides #1985
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Trigger a cluster test on a PR | |
| on: | |
| issue_comment: | |
| types: [created] | |
| permissions: | |
| contents: read | |
| issues: read | |
| pull-requests: write # To comment back on the PR | |
| id-token: write | |
| jobs: | |
| get_head: | |
| runs-on: ubuntu-24.04 | |
| if: github.event.issue.pull_request | |
| outputs: | |
| sha: ${{ steps.get_head.outputs.sha }} | |
| repo: ${{ steps.get_head.outputs.repo }} | |
| steps: | |
| - name: Get head SHA | |
| id: get_head | |
| run: | | |
| set -euo pipefail | |
| query='query pullRequestDetails { repository(name: \"${{ github.event.repository.name }}\", owner: \"${{ github.repository_owner }}\") { pullRequest(number: ${{ github.event.issue.number }}) { headRef { target { oid } } } } }' | |
| result=$(curl -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" -X POST -d " { \"query\": \"$query\" } " https://api.github.com/graphql) | |
| if ! echo "$result" | jq empty > /dev/null 2>&1; then | |
| echo "GitHub API did not return valid JSON. Response: $result" | |
| exit 1 | |
| fi | |
| sha=$(echo "$result" | jq -r '.data.repository.pullRequest.headRef.target.oid') | |
| if [ "$sha" == "null" ] || [ -z "$sha" ]; then | |
| echo "Failed to fetch SHA from API. Full response: $result" | |
| exit 1 | |
| fi | |
| echo "sha=$sha" >> "$GITHUB_OUTPUT" | |
| trigger_cluster_test_basic: | |
| if: github.event.issue.pull_request && contains(github.event.comment.body, '/cluster_test') | |
| needs: get_head | |
| uses: ./.github/workflows/cluster_tests.yml | |
| secrets: inherit | |
| with: | |
| workflow: cluster_test | |
| sha: ${{ needs.get_head.outputs.sha }} | |
| result: | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - trigger_cluster_test_basic | |
| - get_head | |
| steps: | |
| - name: parse the result | |
| id: parse | |
| run: | | |
| number=$(echo '${{ needs.trigger_cluster_test_basic.outputs.result }}' | jq -r '.number') | |
| echo "Deploy scratchnet pipeline triggered for [Commit ${{ needs.get_head.outputs.sha }} in ${{ needs.get_head.outputs.repo }}](https://github.com/${{ github.repository }}/pull/${{ github.event.issue.number }}/files/${{ needs.get_head.outputs.sha }}), please approve it in CircleCI: https://app.circleci.com/pipelines/github/DACH-NY/canton-network-internal/${number}" | |
| echo "number=$number" >> "$GITHUB_OUTPUT" | |
| - name: Comment on the PR | |
| uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
| with: | |
| script : | | |
| await github.rest.issues.createComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: context.issue.number, | |
| body: "Deploy cluster test triggered for [Commit ${{ needs.get_head.outputs.sha }} in ${{ needs.get_head.outputs.repo }}](https://github.com/${{ github.repository }}/pull/${{ github.event.issue.number }}/files/${{ needs.get_head.outputs.sha }}), please contact a Contributor to approve it in CircleCI: https://app.circleci.com/pipelines/github/DACH-NY/canton-network-internal/${{ steps.parse.outputs.number }}" | |
| }); | |
| trigger_cluster_test_hdm: | |
| if: github.event.issue.pull_request && contains(github.event.comment.body, '/hdm_test') | |
| needs: get_head | |
| uses: ./.github/workflows/cluster_tests.yml | |
| secrets: inherit | |
| with: | |
| workflow: hdm_test | |
| sha: ${{ needs.get_head.outputs.sha }} | |
| result_hdm: | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - trigger_cluster_test_hdm | |
| - get_head | |
| steps: | |
| - name: parse the result | |
| id: parse | |
| run: | | |
| number=$(echo '${{ needs.trigger_cluster_test_hdm.outputs.result }}' | jq -r '.number') | |
| echo "Deploy scratchnet HDM pipeline triggered for [Commit ${{ needs.get_head.outputs.sha }} in ${{ needs.get_head.outputs.repo }}](https://github.com/${{ github.repository }}/pull/${{ github.event.issue.number }}/files/${{ needs.get_head.outputs.sha }}), please approve it in CircleCI: https://app.circleci.com/pipelines/github/DACH-NY/canton-network-internal/${number}" | |
| echo "number=$number" >> "$GITHUB_OUTPUT" | |
| - name: Comment on the PR | |
| uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
| with: | |
| script : | | |
| await github.rest.issues.createComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: context.issue.number, | |
| body: "Deploy HDM pipeline triggered for [Commit ${{ needs.get_head.outputs.sha }} in ${{ needs.get_head.outputs.repo }}](https://github.com/${{ github.repository }}/pull/${{ github.event.issue.number }}/files/${{ needs.get_head.outputs.sha }}), please contact a Contributor to approve it in CircleCI: https://app.circleci.com/pipelines/github/DACH-NY/canton-network-internal/${{ steps.parse.outputs.number }}" | |
| }); |