[PM-5756] Comment on originating PR with BIT results (#373)

jprusik · web-flow · commit b4f909ecfab5 · 2025-08-13T11:41:32.000-04:00
* comment on originating PR with BIT results

* update text with configuration info

* add failure commenting to no-flags workflow and update both workflowsto use GITHUB_TOKEN

* additional fixes

* further additional tweaks

* use actions/create-github-app-token and fix typos

* remove unused step id

* add ENABLE_PR_FEEDBACK var to enable turning off PR commenting

* only get and use GH App token if needed for sending orignating PR feedback
diff --git a/.github/workflows/test-all-custom-flags.yml b/.github/workflows/test-all-custom-flags.yml
@@ -1,9 +1,11 @@
 name: Test-all-custom-flags
-run-name: All tests with extension build ${{ inputs.CLIENTS_BRANCH }} by @${{ github.actor }}
+run-name: All tests with extension build ${{ inputs.CLIENTS_BRANCH || github.event.client_payload.origin_branch }} by @${{ github.actor }}
 on:
   push:
     branches:
       - "main"
+  repository_dispatch:
+    types: [trigger-bit-tests]
   pull_request:
   workflow_dispatch:
     inputs:
@@ -25,9 +27,49 @@ jobs:
       id-token: write
       contents: read
       packages: read
+      pull-requests: write
+    outputs:
+      send_pr_feedback: false
     steps:
+      - name: Send PR feedback check
+        id: set-send-pr-feedback
+        run: |
+          echo "send_pr_feedback=github.event.client_payload.origin_issue && vars.ENABLE_PR_FEEDBACK == 'true'" >> "$GITHUB_OUTPUT"
+
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        if: steps.set-send-pr-feedback.outputs.send_pr_feedback == 'true'
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        if: steps.set-send-pr-feedback.outputs.send_pr_feedback == 'true'
+        with:
+          keyvault: gh-org-bitwarden
+          secrets: "BW-GHAPP-ID,BW-GHAPP-KEY"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+        if: steps.set-send-pr-feedback.outputs.send_pr_feedback == 'true'
+
+      - name: Generate GH App token
+        id: app-token
+        uses: actions/create-github-app-token@30bf6253fa41bdc8d1501d202ad15287582246b4 # v2.0.3
+        if: steps.set-send-pr-feedback.outputs.send_pr_feedback == 'true'
+        with:
+          app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }}
+          private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }}
+          owner: bitwarden
+          repositories: clients
+          permission-actions: write
+
       - name: Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
       - name: Setup Node
         uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
@@ -68,7 +110,7 @@ jobs:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           workflow: build-browser.yml
           workflow_conclusion: ""
-          branch: ${{ inputs.CLIENTS_BRANCH || 'main' }}
+          branch: ${{ github.event.client_payload.origin_branch || inputs.CLIENTS_BRANCH || 'main' }}
           name: ^dist-chrome-MV3-\w{7}\.zip$
           name_is_regexp: true
           repo: bitwarden/clients
@@ -144,3 +186,32 @@ jobs:
             ./test-summary
             ./tests-out/videos
             ./tests-out/screenshots
+
+      # Only post back to the PR if there was a failure since test-all has the
+      # typical config case covered for success feedback
+      - name: Communicate BIT failure on originating issue
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        if: failure() && steps.set-send-pr-feedback.outputs.send_pr_feedback == 'true'
+        with:
+          github-token: ${{ steps.app-token.outputs.token }}
+          script: |
+            const owner = 'bitwarden';
+            const featureFlags = "${{ inputs.FEATURE_FLAGS || '{}' }}";
+            const featureFlagsMessage = featureFlags === '{}' ? 'all feature flags disabled.': `\n\n<details><summary><div>The following flags enabled:</div></summary>\`\`\`json\n${featureFlags}\`\`\``;
+            const runURL = `https://github.com/${owner}/browser-interactions-testing/actions/runs/${context.runId}`;
+            const message = `⚠️ **Files have been modified in this PR that impact the Autofill experience** ⚠️
+
+            [BIT](https://github.com/${owner}/browser-interactions-testing) was run to verify no regressions have been introduced to the core Autofill experience. The tests ran with ${featureFlagsMessage}
+
+            ❌ Unfortunately, one or more of these BIT tests failed. 😞
+
+            Please resolve the failure before merging; reach out to \`@bitwarden/team-autofill-dev\` if you'd like help.
+
+            You can view the detailed results of the tests [here](${runURL}).`;
+
+            github.rest.issues.createComment({
+              issue_number: context.payload.client_payload.origin_issue,
+              owner: owner,
+              repo: 'clients',
+              body: message
+            });
diff --git a/.github/workflows/test-all.yml b/.github/workflows/test-all.yml
@@ -1,9 +1,11 @@
 name: Test-all
-run-name: All tests with extension build ${{ inputs.CLIENTS_BRANCH }} by @${{ github.actor }}
+run-name: All tests with extension build ${{ inputs.CLIENTS_BRANCH || github.event.client_payload.origin_branch }} by @${{ github.actor }}
 on:
   push:
     branches:
       - "main"
+  repository_dispatch:
+    types: [trigger-bit-tests]
   pull_request:
   workflow_dispatch:
     inputs:
@@ -24,9 +26,49 @@ jobs:
       id-token: write
       contents: read
       packages: read
+      pull-requests: write
+    outputs:
+      send_pr_feedback: false
     steps:
+      - name: Send PR feedback check
+        id: set-send-pr-feedback
+        run: |
+          echo "send_pr_feedback=github.event.client_payload.origin_issue && vars.ENABLE_PR_FEEDBACK == 'true'" >> "$GITHUB_OUTPUT"
+
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        if: steps.set-send-pr-feedback.outputs.send_pr_feedback == 'true'
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        if: steps.set-send-pr-feedback.outputs.send_pr_feedback == 'true'
+        with:
+          keyvault: gh-org-bitwarden
+          secrets: "BW-GHAPP-ID,BW-GHAPP-KEY"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+        if: steps.set-send-pr-feedback.outputs.send_pr_feedback == 'true'
+
+      - name: Generate GH App token
+        id: app-token
+        uses: actions/create-github-app-token@30bf6253fa41bdc8d1501d202ad15287582246b4 # v2.0.3
+        if: steps.set-send-pr-feedback.outputs.send_pr_feedback == 'true'
+        with:
+          app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }}
+          private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }}
+          owner: bitwarden
+          repositories: clients
+          permission-actions: write
+
       - name: Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
       - name: Setup Node
         uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
@@ -65,7 +107,7 @@ jobs:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           workflow: build-browser.yml
           workflow_conclusion: ""
-          branch: ${{ inputs.CLIENTS_BRANCH || 'main' }}
+          branch: ${{ github.event.client_payload.origin_branch || inputs.CLIENTS_BRANCH || 'main' }}
           name: ^dist-chrome-MV3-\w{7}\.zip$
           name_is_regexp: true
           repo: bitwarden/clients
@@ -146,3 +188,49 @@ jobs:
             ./test-summary
             ./tests-out/videos
             ./tests-out/screenshots
+
+      - name: Communicate BIT failure on originating issue
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        if: failure() && steps.set-send-pr-feedback.outputs.send_pr_feedback == 'true'
+        with:
+          github-token: ${{ steps.app-token.outputs.token }}
+          script: |
+            const owner = 'bitwarden';
+            const runURL = `https://github.com/${owner}/browser-interactions-testing/actions/runs/${context.runId}`;
+            const configURL = new URL('${{ vars.BW_REMOTE_VAULT_CONFIG_MATCH }}');
+            const message = `⚠️ **Files have been modified in this PR that impact the Autofill experience** ⚠️
+
+            [BIT](https://github.com/${owner}/browser-interactions-testing) was run to verify no regressions have been introduced to the core Autofill experience. The tests ran with the same feature flag configuration used by \`${configURL.hostname}\`
+
+            ❌ Unfortunately, one or more of these BIT tests failed. 😞
+
+            Please resolve the failure before merging; reach out to \`@bitwarden/team-autofill-dev\` if you'd like help.
+
+            You can view the detailed results of the tests [here](${runURL}).`;
+
+            github.rest.issues.createComment({
+              issue_number: context.payload.client_payload.origin_issue,
+              owner: owner,
+              repo: 'clients',
+              body: message
+            });
+
+      - name: Communicate BIT success on originating issue
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        if: success() && steps.set-send-pr-feedback.outputs.send_pr_feedback == 'true'
+        with:
+          github-token: ${{ steps.app-token.outputs.token }}
+          script: |
+            const owner = 'bitwarden';
+            const message = `⚠️ **Files have been modified in this PR that impact the Autofill experience** ⚠️
+
+            [BIT](https://github.com/${owner}/browser-interactions-testing) was run to verify no regressions have been introduced to the core Autofill experience.
+
+            ✅ Fortunately, [these BIT tests have passed](https://github.com/${owner}/browser-interactions-testing/actions/runs/${context.runId})! 🎉`;
+
+            github.rest.issues.createComment({
+              issue_number: context.payload.client_payload.origin_issue,
+              owner: owner,
+              repo: 'clients',
+              body: message
+            });
