feat: add trigger workflow to run upload artifacts on post merge (#1409)

starkware-libs · Oct 21, 2024 · 21ae817 · 21ae817
1 parent a74d062
commit 21ae817
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 10 deletions.
diff --git a/.github/workflows/trigger _workflow.yml b/.github/workflows/trigger _workflow.yml
@@ -0,0 +1,52 @@
+name: Trigger-Workflow
+
+# This workflow exists to trigger the upload_artifacts workflow on both pull requests and push
+# events. It solves the issue of forked PRs not having access to secrets. Since external
+# contributors don’t have permission to access secrets, this dummy workflow runs with their
+# privileges and triggers the upload_artifacts workflow via the workflow_run event.
+# The upload_artifacts workflow runs in the context of the main branch, where it has access to
+# the necessary secrets for uploading artifacts, providing a secure solution for managing artifacts
+# in forked PRs.
+
+on:
+  push:
+    branches:
+      - main
+      - main-v[0-9].**
+    tags:
+      - v[0-9].**
+
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+      - auto_merge_enabled
+      - edited
+    paths:
+      # Other than code-related changes, all changes related to the native-blockifier build-and-push
+      # process should trigger the build (e.g., changes to the Dockerfile, build scripts, etc.).
+      - '.github/workflows/blockifier_ci.yml'
+      - '.github/workflows/trigger_workflow.yml'
+      - '.github/workflows/upload_artifacts_workflow.yml'
+      - 'build_native_in_docker.sh'
+      - 'Cargo.lock'
+      - 'Cargo.toml'
+      - 'crates/blockifier/**'
+      - 'crates/native_blockifier/**'
+      - 'scripts/build_native_blockifier.sh'
+      - 'scripts/dependencies.sh'
+      - 'scripts/install_build_tools.sh'
+      - 'scripts/sequencer-ci.Dockerfile'
+
+# On PR events, cancel existing CI runs on this same PR for this workflow.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}-${{ github.job }}
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+
+jobs:
+  dummy_job:
+    runs-on: starkware-ubuntu-latest-small
+    steps:
+      - name: Dummy step
+        run: echo "This is a dummy job to trigger the upload_artifacts workflow."
diff --git a/.github/workflows/upload_artifacts_workflow.yml b/.github/workflows/upload_artifacts_workflow.yml
@@ -2,7 +2,7 @@ name: Upload-Artifacts
 
 on:
   workflow_run:
-    workflows: [Blockifier-CI]
+    workflows: [Trigger-Workflow]
     types: [completed]
 
 jobs:
@@ -16,22 +16,18 @@ jobs:
           echo "SHORT_HASH=${COMMIT_SHA:0:7}" >> $GITHUB_ENV
           echo "COMMIT_SHA=${COMMIT_SHA}" >> $GITHUB_ENV
 
-      - name: Check tests status
-        if: ${{ github.event.workflow_run.conclusion == 'failure' }}
-        run: |
-          echo 'Blockifier-CI workflow failed'
-          exit 1
+      # This workflow is always triggered in `main` branch context, so need to checkout the commit.
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ env.COMMIT_SHA }}
+
       - uses: actions/checkout@v4
         with:
           ref: ${{ env.COMMIT_SHA }}
       - uses: ./.github/actions/bootstrap
       - name: Build native blockifier
         run: ./build_native_in_docker.sh scripts/build_native_blockifier.sh
 
-        # Commit hash on pull request event would be the head commit of the branch.
-
-      # TODO: Add post merge event to get the commit hash.
-
       # Rename is required; see https://pyo3.rs/v0.19.2/building_and_distribution#manual-builds.
       - name: Rename shared object
         run: |