Skip to content

chore(ci): Move the Regression tests to merge queue, unify as one workflow#17399

Merged
neuronull merged 11 commits intoneuronull/ci_add_merge_queuefrom
neuronull/ci_one_regression_workflow
May 19, 2023
Merged

chore(ci): Move the Regression tests to merge queue, unify as one workflow#17399
neuronull merged 11 commits intoneuronull/ci_add_merge_queuefrom
neuronull/ci_one_regression_workflow

Conversation

@neuronull
Copy link
Contributor

@neuronull neuronull commented May 15, 2023

There are complications in running workflows triggered from another workflow run (as in the case of the current trusted regression workflow), when that is performed within the context of a merge queue. This is further made challenging by the fact that merge queues require the same status checks as pull requests (for now).

To resolve this, the regression tests were combined into a singular workflow.
The reason they were split was as a security measure, to prevent actions from being taken within a privileged context.

To maintain the security in the combined workflow, this is implicitly handled by the workflow triggers:

  • on merge queue: this is a trusted action because only a Vector team member may add a PR to the merge queue
  • on demand with an issue comment: this is a trusted action because the workflow logic verifies that the comment issuer is a member of the Vector GH team.

The regression report still uploads to the PR as previously, regardless of the trigger method.

If the regression experiment fails in a merge queue run, the PR is ejected from the merge queue.

@neuronull neuronull added the domain: ci Anything related to Vector's CI environment label May 15, 2023
@neuronull neuronull self-assigned this May 15, 2023
github-advanced-security[bot]
github-advanced-security bot found potential problems May 15, 2023
View reviewed changes
.github/workflows/regression.yml Outdated
- name: Setup PR metadata
id: pr-metadata
# If triggered by issue comment, the event payload doesn't directly contain the head and base sha from the PR.
# But, we can retreive this info from some commands.

Check failure

Code scanning / check-spelling

Unrecognized Spelling

[retreive](#security-tab) is not a recognized word. \(unrecognized-spelling\)
@github-actions github-actions bot removed the domain: ci Anything related to Vector's CI environment label May 15, 2023
@neuronull neuronull mentioned this pull request May 15, 2023
Merged
10 tasks
@neuronull neuronull marked this pull request as ready for review May 16, 2023 15:30
@neuronull neuronull requested review from blt and jszwedko May 16, 2023 16:11
jszwedko
jszwedko reviewed May 16, 2023
View reviewed changes
Copy link
Collaborator

@jszwedko jszwedko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a couple of questions, otherwise looks good to me! Thanks for adding the comments.

github-advanced-security[bot]
github-advanced-security bot found potential problems May 16, 2023
View reviewed changes
@neuronull neuronull requested a review from jszwedko May 17, 2023 14:35
jszwedko
jszwedko approved these changes May 17, 2023
View reviewed changes
Copy link
Collaborator

@jszwedko jszwedko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work!

@neuronull neuronull merged commit d356d76 into neuronull/ci_add_merge_queue May 19, 2023
@neuronull neuronull deleted the neuronull/ci_one_regression_workflow branch May 19, 2023 16:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@blt blt blt approved these changes

@jszwedko jszwedko jszwedko approved these changes

Assignees

@neuronull neuronull

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@neuronull @blt @jszwedko