add gating check to tests to ensure/recheck that pr submitter is auth…#463
add gating check to tests to ensure/recheck that pr submitter is auth…#463acornett21 wants to merge 1 commit into
Conversation
…orized Signed-off-by: Adam D. Cornett <adc@redhat.com>
|
This PR has changes outside of |
| test-kiwi: | ||
| name: "kiwi / Full operator test" | ||
| needs: pr-check | ||
| if: needs.pr-check.outputs.opp_test_ready == '1' && (needs.pr-check.outputs.opp_op_delete == '0' || needs.pr-check.outputs.opp_is_new_operatror == '1' || needs.pr-check.outputs.opp_recreate == '1' ) && needs.pr-check.outputs.opp_ci_yaml_only == '0' |
There was a problem hiding this comment.
The problem with this is that the tests are simply skipped (not failed) if the authorized-changes label is not set. This just marks the operator as validated (even though no validation ran). Some bigger rework will be needed for proper gating. See this testing PR I ran with update of the CI based on your PR.
There was a problem hiding this comment.
@BorekZnovustvoritel Thanks for testing this, it was on my todo today, since I just learned last week how the testing works here. However, since this doesn't work, and since you all updated the jira to work on this. I'll close this PR and let you all take care of this.
|
PR needs rebase. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Implement workflow authorization gating and secret scoping:
Changes:
ci.yamlreviewers)IIB_INPUT_REGISTRY_TOKENfrom workflow-level to individual test jobs, limiting exposure