diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index 752bf0bad..993d21269 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -18,14 +18,14 @@ jobs: outputs: has_token: ${{ steps.set-token-status.outputs.has_token }} steps: - - name: Check if DECO_WORKFLOW_TRIGGER_APP_ID is set + - name: Check if required secrets are set id: set-token-status run: | - if [ -z "${{ secrets.DECO_WORKFLOW_TRIGGER_APP_ID }}" ]; then - echo "DECO_WORKFLOW_TRIGGER_APP_ID is empty. User has no access to secrets." + if [ -z "${{ secrets.DECO_WORKFLOW_TRIGGER_APP_ID }}" ] || [ -z "${{ secrets.DECO_TEST_APPROVAL_APP_ID }}" ]; then + echo "Required secrets are missing. User has no access to secrets." echo "::set-output name=has_token::false" else - echo "DECO_WORKFLOW_TRIGGER_APP_ID is set. User has access to secrets." + echo "All required secrets are set. User has access to secrets." echo "::set-output name=has_token::true" fi @@ -39,10 +39,35 @@ jobs: needs: check-token if: github.event_name == 'pull_request' && needs.check-token.outputs.has_token == 'true' environment: "test-trigger-is" + steps: - uses: actions/checkout@v3 - - name: Generate GitHub App Token + - name: Generate GitHub App Token for Check Updates + id: generate-check-token + uses: actions/create-github-app-token@v1 + with: + app-id: ${{ secrets.DECO_TEST_APPROVAL_APP_ID }} + private-key: ${{ secrets.DECO_TEST_APPROVAL_PRIVATE_KEY }} + owner: databricks + + - name: Create Check Run + id: create-check + env: + GH_TOKEN: ${{ steps.generate-check-token.outputs.token }} + run: | + response=$(gh api -X POST \ + /repos/${{ github.repository }}/check-runs \ + -f name="Integration Tests" \ + -f head_sha="${{ github.event.pull_request.head.sha }}" \ + -f status="queued" \ + -f output[title]="Integration Tests" \ + -f output[summary]="Tests queued and will be triggered shortly...") + + check_run_id=$(echo "$response" | jq -r .id) + echo "check_run_id=$check_run_id" >> $GITHUB_OUTPUT + + - name: Generate GitHub App Token for Workflow Trigger id: generate-token uses: actions/create-github-app-token@v1 with: @@ -58,7 +83,8 @@ jobs: gh workflow run sdk-java-isolated-pr.yml -R ${{ secrets.ORG_NAME }}/${{secrets.REPO_NAME}} \ --ref main \ -f pull_request_number=${{ github.event.pull_request.number }} \ - -f commit_sha=${{ github.event.pull_request.head.sha }} + -f commit_sha=${{ github.event.pull_request.head.sha }} \ + -f check_run_id=${{ steps.create-check.outputs.check_run_id }} # Statuses and checks apply to specific commits (by hash). # Enforcement of required checks is done both at the PR level and the merge queue level. @@ -74,14 +100,24 @@ jobs: group: databricks-deco-testing-runner-group labels: ubuntu-latest-deco + permissions: + checks: write + contents: read + steps: - - name: Mark Check - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - shell: bash - run: | - gh api -X POST -H "Accept: application/vnd.github+json" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - /repos/${{ github.repository }}/statuses/${{ github.sha }} \ - -f 'state=success' \ - -f 'context=Integration Tests Check' + - name: Auto-approve Check for Merge Queue + uses: actions/github-script@v7 + with: + script: | + await github.rest.checks.create({ + owner: context.repo.owner, + repo: context.repo.repo, + name: 'Integration Tests', + head_sha: context.sha, + status: 'completed', + conclusion: 'success', + output: { + title: 'Integration Tests', + summary: 'Auto-approved for merge queue (tests already passed on PR)' + } + });