From 154311a457fb545f7210bc5f39edac97b528ade9 Mon Sep 17 00:00:00 2001 From: Adam Stone-Lord Date: Thu, 21 Sep 2023 11:19:37 -0400 Subject: [PATCH] chore: gate restricted contexts with approval job for contributor workflow (#27862) --- .circleci/workflows.yml | 70 ++++++++++++++++++----------------------- CONTRIBUTING.md | 2 ++ 2 files changed, 32 insertions(+), 40 deletions(-) diff --git a/.circleci/workflows.yml b/.circleci/workflows.yml index 30f82ce838e8..7eaecde9f8da 100644 --- a/.circleci/workflows.yml +++ b/.circleci/workflows.yml @@ -2898,6 +2898,14 @@ linux-x64-contributor-workflow: &linux-x64-contributor-workflow - build: requires: - node_modules_install + + # In subsequent jobs, we use some contexts that are restricted to members of the Cypress organization. + # This job will allow for a Cypress member to approve and run the rest of the restricted jobs in the pipeline after the contributor code has been reviewed. + - contributor-pr: + type: approval + requires: + - build + - check-ts: requires: - build @@ -2909,7 +2917,7 @@ linux-x64-contributor-workflow: &linux-x64-contributor-workflow context: [test-runner:poll-circle-workflow, test-runner:percy] required_env_var: PERCY_TOKEN # skips job if not defined (external PR) requires: - - build + - contributor-pr - lint-types: requires: - build @@ -2917,14 +2925,14 @@ linux-x64-contributor-workflow: &linux-x64-contributor-workflow - cli-visual-tests: context: test-runner:percy requires: - - build + - contributor-pr - unit-tests: requires: - build - verify-release-readiness: context: test-runner:npm-release requires: - - build + - contributor-pr - server-unit-tests: requires: - build @@ -2937,7 +2945,7 @@ linux-x64-contributor-workflow: &linux-x64-contributor-workflow - system-tests-node-modules-install: context: test-runner:performance-tracking requires: - - build + - contributor-pr - system-tests-chrome: context: test-runner:performance-tracking requires: @@ -2962,23 +2970,23 @@ linux-x64-contributor-workflow: &linux-x64-contributor-workflow - driver-integration-tests-chrome: context: test-runner:cypress-record-key requires: - - build + - contributor-pr - driver-integration-tests-chrome-beta: context: test-runner:cypress-record-key requires: - - build + - contributor-pr - driver-integration-tests-firefox: context: test-runner:cypress-record-key requires: - - build + - contributor-pr - driver-integration-tests-electron: context: test-runner:cypress-record-key requires: - - build + - contributor-pr - driver-integration-tests-webkit: context: test-runner:cypress-record-key requires: - - build + - contributor-pr - driver-integration-memory-tests: requires: - build @@ -2986,22 +2994,22 @@ linux-x64-contributor-workflow: &linux-x64-contributor-workflow context: [test-runner:cypress-record-key, test-runner:launchpad-tests, test-runner:percy] percy: true requires: - - build + - contributor-pr - run-launchpad-integration-tests-chrome: context: [test-runner:cypress-record-key, test-runner:launchpad-tests, test-runner:percy] percy: true requires: - - build + - contributor-pr - run-launchpad-component-tests-chrome: context: [test-runner:cypress-record-key, test-runner:launchpad-tests, test-runner:percy] percy: true requires: - - build + - contributor-pr - run-app-integration-tests-chrome: context: [test-runner:cypress-record-key, test-runner:launchpad-tests, test-runner:percy] percy: true requires: - - build + - contributor-pr - run-webpack-dev-server-integration-tests: context: [test-runner:cypress-record-key, test-runner:percy] requires: @@ -3014,16 +3022,16 @@ linux-x64-contributor-workflow: &linux-x64-contributor-workflow context: [test-runner:cypress-record-key, test-runner:launchpad-tests, test-runner:percy] percy: true requires: - - build + - contributor-pr - run-reporter-component-tests-chrome: context: [test-runner:cypress-record-key, test-runner:percy] percy: true requires: - - build + - contributor-pr - reporter-integration-tests: context: [test-runner:cypress-record-key, test-runner:percy] requires: - - build + - contributor-pr - npm-webpack-dev-server: requires: - system-tests-node-modules-install @@ -3167,28 +3175,16 @@ linux-x64-contributor-workflow: &linux-x64-contributor-workflow - run-vite-dev-server-integration-tests - v8-integration-tests - # This approval job will block the building of the binary on contributor jobs - # If a member of the Cypress team manually approves this job, then it will run with the required contexts - - approve-binary-build: - type: approval - requires: - - build - - create-and-trigger-packaging-artifacts: - context: - - test-runner:upload - - test-runner:build-binary - - publish-binary + context: [test-runner:upload, test-runner:build-binary, publish-binary] requires: - - approve-binary-build + - contributor-pr - wait-for-binary-publish: type: approval requires: - create-and-trigger-packaging-artifacts - get-published-artifacts: - context: - - publish-binary - - test-runner:commit-status-checks + context: [publish-binary, test-runner:commit-status-checks] requires: - wait-for-binary-publish # various testing scenarios, like building full binary @@ -3287,11 +3283,7 @@ linux-arm64-workflow: &linux-arm64-workflow - create-and-trigger-packaging-artifacts: name: linux-arm64-create-and-trigger-packaging-artifacts - context: - - test-runner:upload - - test-runner:commit-status-checks - - test-runner:build-binary - - publish-binary + context: [test-runner:upload, test-runner:commit-status-checks, test-runner:build-binary, publish-binary] executor: linux-arm64 resource_class: arm.medium requires: @@ -3305,9 +3297,7 @@ linux-arm64-workflow: &linux-arm64-workflow - get-published-artifacts: name: linux-arm64-get-published-artifacts - context: - - publish-binary - - test-runner:commit-status-checks + context: [publish-binary, test-runner:commit-status-checks] executor: linux-arm64 resource_class: arm.medium requires: @@ -3529,4 +3519,4 @@ workflows: <<: *darwin-workflow-filters windows: <<: *windows-workflow - <<: *windows-workflow-filters + <<: *windows-workflow-filters \ No newline at end of file diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 3f562577b436..b2ba87e7ee8c 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -363,6 +363,8 @@ Additionally, we test the code by running it against various other example proje If you're curious how we manage all of these tests in CI check out our [CircleCI config](.circleci/config.yml). +Some of our test jobs in CircleCI require access to environment variables that are sensitive and are restricted to Cypress maintainers only. If you are not a Cypress maintainer, when your CI job runs, only a subset of jobs will run at first. A Cypress maintainer will need to approve the `contributor-pr` job in your workflow in order for your CI pipeline to complete. + #### Docker Sometimes tests pass locally, but fail in CI. Our CI environment is dockerized. In order to run the image used in CI locally: