11name : CI - OpenShift E2E Tests
22
3+ # Permissions needed for the build-image job to push to GHCR
34permissions :
45 contents : read
56 packages : write
6- pull-requests : write
7- issues : write
87
98on :
10- # Called by gate workflow after permission check
11- workflow_call :
12- inputs :
13- ref :
14- description : ' Git ref to checkout (SHA for PRs)'
15- required : false
16- type : string
17- # Direct triggers (gate job handles permission check for these)
189 pull_request :
1910 branches :
2011 - main
2112 - dev
22- issue_comment :
23- types : [created]
2413 workflow_dispatch :
2514 inputs :
2615 model_id :
5342 default : ' 30'
5443
5544jobs :
56- # Gate: Check permissions and post instructions for external contributors
57- # Skip this job when called via workflow_call (gate file already checked permissions)
58- gate :
59- if : github.event_name != 'workflow_call'
60- runs-on : ubuntu-latest
61- outputs :
62- should_run : ${{ steps.check.outputs.should_run }}
63- ref : ${{ steps.check.outputs.ref }}
64- steps :
65- - name : Check permissions and determine if tests should run
66- id : check
67- uses : actions/github-script@v7
68- with :
69- script : |
70- const privilegedRoles = ['admin', 'maintain', 'write'];
71-
72- // Handle workflow_dispatch - always run
73- if (context.eventName === 'workflow_dispatch') {
74- core.setOutput('should_run', 'true');
75- core.setOutput('ref', context.sha);
76- console.log('workflow_dispatch: running tests');
77- return;
78- }
79-
80- // Handle issue_comment (/ok-to-test)
81- if (context.eventName === 'issue_comment') {
82- // Only process comments on PRs that contain /ok-to-test
83- if (!context.payload.issue.pull_request ||
84- !context.payload.comment.body.includes('/ok-to-test')) {
85- core.setOutput('should_run', 'false');
86- console.log('issue_comment: not a /ok-to-test comment on a PR');
87- return;
88- }
89-
90- // Check commenter permission
91- const { data: permission } = await github.rest.repos.getCollaboratorPermissionLevel({
92- owner: context.repo.owner,
93- repo: context.repo.repo,
94- username: context.payload.comment.user.login
95- });
96- const isPrivileged = privilegedRoles.includes(permission.permission);
97- console.log(`Commenter ${context.payload.comment.user.login} permission: ${permission.permission}, privileged: ${isPrivileged}`);
98-
99- // Add reaction
100- await github.rest.reactions.createForIssueComment({
101- owner: context.repo.owner,
102- repo: context.repo.repo,
103- comment_id: context.payload.comment.id,
104- content: isPrivileged ? 'rocket' : '-1'
105- });
106-
107- if (isPrivileged) {
108- // Get PR SHA
109- const { data: pr } = await github.rest.pulls.get({
110- owner: context.repo.owner,
111- repo: context.repo.repo,
112- pull_number: context.payload.issue.number
113- });
114- core.setOutput('should_run', 'true');
115- core.setOutput('ref', pr.head.sha);
116- console.log(`Approved by ${context.payload.comment.user.login}, running tests for PR #${pr.number} at ${pr.head.sha}`);
117- } else {
118- core.setOutput('should_run', 'false');
119- console.log('Commenter is not privileged, not running tests');
120- }
121- return;
122- }
123-
124- // Handle pull_request
125- if (context.eventName === 'pull_request') {
126- const { data: permission } = await github.rest.repos.getCollaboratorPermissionLevel({
127- owner: context.repo.owner,
128- repo: context.repo.repo,
129- username: context.payload.pull_request.user.login
130- });
131- const isPrivileged = privilegedRoles.includes(permission.permission);
132- console.log(`PR author ${context.payload.pull_request.user.login} permission: ${permission.permission}, privileged: ${isPrivileged}`);
133-
134- if (isPrivileged) {
135- core.setOutput('should_run', 'true');
136- core.setOutput('ref', context.payload.pull_request.head.sha);
137- console.log('PR author is privileged, running tests');
138- } else {
139- core.setOutput('should_run', 'false');
140- console.log('PR author is not privileged, posting instructions');
141-
142- // Check if we already posted instructions
143- const comments = await github.rest.issues.listComments({
144- owner: context.repo.owner,
145- repo: context.repo.repo,
146- issue_number: context.payload.pull_request.number
147- });
148-
149- const botComment = comments.data.find(c =>
150- c.user.type === 'Bot' &&
151- c.body.includes('OpenShift E2E tests require approval')
152- );
153-
154- if (!botComment) {
155- await github.rest.issues.createComment({
156- owner: context.repo.owner,
157- repo: context.repo.repo,
158- issue_number: context.payload.pull_request.number,
159- body: `## OpenShift E2E Tests
160-
161- OpenShift E2E tests require approval before running on external contributions.
162-
163- **For maintainers/admins:** Comment \`/ok-to-test\` to approve and run the OpenShift E2E tests.
164-
165- **For contributors:** Please wait for a maintainer to review and approve your PR for E2E testing.
166-
167- _This check uses GPU resources on a shared OpenShift cluster._`
168- });
169- }
170- }
171- return;
172- }
173-
174- // Unknown event
175- core.setOutput('should_run', 'false');
176-
177- # Build the WVA controller image on GitHub-hosted runner
45+ # Build the WVA controller image on GitHub-hosted runner (has proper Docker setup)
17846 build-image :
179- needs : gate
180- # Run if: workflow_call (gate file approved) OR gate job approved
181- if : always() && (github.event_name == 'workflow_call' || needs.gate.outputs.should_run == 'true')
18247 runs-on : ubuntu-latest
18348 outputs :
18449 image_tag : ${{ steps.build.outputs.image_tag }}
18550 steps :
18651 - name : Checkout source
18752 uses : actions/checkout@v4
188- with :
189- # Use inputs.ref for workflow_call, gate.outputs.ref for direct triggers
190- ref : ${{ inputs.ref || needs.gate.outputs.ref || github.sha }}
19153
19254 - name : Log in to GHCR
19355 uses : docker/login-action@v3
@@ -201,7 +63,7 @@ _This check uses GPU resources on a shared OpenShift cluster._`
20163 env :
20264 REGISTRY : ghcr.io
20365 IMAGE_NAME : ${{ github.repository }}
204- GIT_REF : ${{ inputs.ref || needs.gate.outputs.ref || github.sha }}
66+ GIT_REF : ${{ github.sha }}
20567 run : |
20668 # Build image with git ref tag for this PR
20769 # Use first 8 chars of the git ref
@@ -220,9 +82,7 @@ _This check uses GPU resources on a shared OpenShift cluster._`
22082# Run e2e tests on OpenShift self-hosted runner
22183 e2e-openshift :
22284 runs-on : [self-hosted, openshift]
223- needs : [gate, build-image]
224- # Run if: workflow_call (gate file approved) OR gate job approved
225- if : always() && (github.event_name == 'workflow_call' || needs.gate.outputs.should_run == 'true') && needs.build-image.result == 'success'
85+ needs : build-image
22686 env :
22787 MODEL_ID : ${{ github.event.inputs.model_id || 'unsloth/Meta-Llama-3.1-8B' }}
22888 ACCELERATOR_TYPE : ${{ github.event.inputs.accelerator_type || 'H100' }}
@@ -239,8 +99,6 @@ _This check uses GPU resources on a shared OpenShift cluster._`
23999 steps :
240100 - name : Checkout source
241101 uses : actions/checkout@v4
242- with :
243- ref : ${{ inputs.ref || needs.gate.outputs.ref || github.sha }}
244102
245103 - name : Extract Go version from go.mod
246104 run : sed -En 's/^go (.*)$/GO_VERSION=\1/p' go.mod >> $GITHUB_ENV
0 commit comments