fix(workflow): dynamically set environment

chmouel · chmouel · commit 6af6fb1d7a57 · 2025-03-24T10:21:50.000+01:00
Updated the GitHub Actions workflow to dynamically set the environment based on
the event type and user permissions. Added a step to check if the user is an
admin using the GitHub API and set the environment accordingly.

Signed-off-by: Chmouel Boudjnah &lt;chmouel@redhat.com&gt;
diff --git a/.github/workflows/kind-e2e-tests.yaml b/.github/workflows/kind-e2e-tests.yaml
@@ -1,15 +1,6 @@
 name: E2E Tests on Kind
 
 on:
-  schedule:
-    - cron: "0 5 * * *"
-  workflow_dispatch:
-    inputs:
-      debug_enabled:
-        type: boolean
-        description: "Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)"
-        required: false
-        default: false
   pull_request:
     types: [opened, synchronize, reopened]
     paths:
@@ -22,6 +13,9 @@ jobs:
       cancel-in-progress: true
     name: e2e tests
     runs-on: ubuntu-latest
+    if: >
+      (github.event_name == 'pull_request_target' || github.event_name == 'pull_request_target')  &&
+      contains(fromJson('["chmouel", "zakisk"]'), github.event.pull_request.user.login)
     strategy:
       matrix:
         provider: [providers, gitea_others]
@@ -57,6 +51,31 @@ jobs:
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
+      - name: Check if user is an admin
+        id: check-permissions
+        run: |
+          set -x
+          USER_LOGIN="${{ github.event.pull_request.user.login }}"
+          REPO_FULL_NAME="${{ github.repository }}"
+          echo "Checking permissions for user: $USER_LOGIN in repo: $REPO_FULL_NAME"
+
+          # Fetch user permissions using GitHub API
+          PERMISSIONS=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
+            "https://api.github.com/repos/$REPO_FULL_NAME/collaborators/$USER_LOGIN/permission")
+
+          # Extract the permission level
+          PERMISSION_LEVEL=$(echo "$PERMISSIONS" | jq -r '.permission')
+
+          # Set output variable to indicate if the user is an admin
+          if [[ "$PERMISSION_LEVEL" == "admin" ]]; then
+            echo "User is an admin."
+            echo "is-admin=true" >> $GITHUB_OUTPUT
+          else
+            echo "User is not an admin."
+            echo "is-admin=false" >> $GITHUB_OUTPUT
+          fi
+        shell: bash
+
       - uses: actions/setup-go@v5
         with:
           go-version-file: "go.mod"
@@ -102,26 +121,7 @@ jobs:
           ./hack/gh-workflow-ci.sh create_second_github_app_controller_on_ghe
 
       - name: Run E2E Tests on pull_request
-        if: ${{ github.event_name != 'schedule' }}
-        env:
-          TEST_PROVIDER: ${{ matrix.provider }}
-          TEST_BITBUCKET_CLOUD_TOKEN: ${{ secrets.BITBUCKET_CLOUD_TOKEN }}
-          TEST_EL_WEBHOOK_SECRET: ${{ secrets.WEBHOOK_SECRET }}
-          TEST_GITEA_SMEEURL: ${{ secrets.TEST_GITEA_SMEEURL }}
-          TEST_GITHUB_REPO_INSTALLATION_ID: ${{ secrets.INSTALLATION_ID }}
-          TEST_GITHUB_TOKEN: ${{ secrets.GH_APPS_TOKEN }}
-          TEST_GITHUB_SECOND_TOKEN: ${{ secrets.TEST_GITHUB_SECOND_TOKEN }}
-          TEST_GITLAB_TOKEN: ${{ secrets.GITLAB_TOKEN }}
-          TEST_BITBUCKET_SERVER_TOKEN: ${{ secrets.BITBUCKET_SERVER_TOKEN }}
-          TEST_BITBUCKET_SERVER_API_URL: ${{ secrets.BITBUCKET_SERVER_API_URL }}
-          TEST_BITBUCKET_SERVER_WEBHOOK_SECRET: ${{ secrets.BITBUCKET_SERVER_WEBHOOK_SECRET }}
-        run: |
-          ./hack/gh-workflow-ci.sh run_e2e_tests
-
-      - name: Run E2E Tests on nightly
-        if: ${{ github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' }}
         env:
-          NIGHTLY_E2E_TEST: "true"
           TEST_PROVIDER: ${{ matrix.provider }}
           TEST_BITBUCKET_CLOUD_TOKEN: ${{ secrets.BITBUCKET_CLOUD_TOKEN }}
           TEST_EL_WEBHOOK_SECRET: ${{ secrets.WEBHOOK_SECRET }}
@@ -150,12 +150,3 @@ jobs:
         with:
           name: logs-e2e-tests-${{ matrix.provider }}
           path: /tmp/logs
-
-      - name: Report Status
-        if: ${{ always() && github.ref_name == 'main' && github.event_name == 'schedule' }}
-        uses: ravsamhq/notify-slack-action@v2
-        with:
-          status: ${{ job.status }}
-          notify_when: "failure"
-        env:
-          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
