Skip to content

Trigger remote Workflow #66

Trigger remote Workflow

Trigger remote Workflow #66

name: "Trigger remote Workflow"
#Workflow to trigger cicd workflow after checking trigger access.
permissions:
issues: write
id-token: write
contents: write
#Running after the 'Checking Labels' workflow.
on:
workflow_run:
workflows: [Checking Labels]
types: [completed]
#Concurrency group to avoid grabbing false artifacts.
concurrency:
group: trigger-group
cancel-in-progress: false
jobs:
Checking-PR:
runs-on: ubuntu-latest
steps:
#generating token to trigger the pipeline in cicd repository.
- name: Generate token
id: generate_token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ secrets.WORKFLOW_APP_ID }}
private-key: ${{ secrets.WORKFLOW_APP_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
repositories: "datavault4dbt,datavault4dbt-ci-cd"
#Checking if creator of PR is member of internal development team.
- name: Checking User Identity
id: user_affiliation
uses: tspascoal/get-user-teams-membership@v2
with:
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
username: ${{ github.actor }}
team: 'Datavault4dbt Devs'
#Team Membership output for debugging
- name: Output Team Membership
run: echo "Member of datavault4dbt dev team; ${{ steps.user_affiliation.outputs.isTeamMember }}"
#Grabbing the artifacts of 'checking labels' workflow.
- name: downloading-artifacts
id: download-artifact
uses: dawidd6/action-download-artifact@v6
with:
github_token: ${{ steps.generate_token.outputs.token }}
workflow: checking_labels.yml
workflow_search: false
skip_unpack: false
path: ./
allow_forks: true
- name: extract-artifact
id: extract-artifact
run: |
echo "labels=$(cat label/label)" >> $GITHUB_OUTPUT
echo "labels=$(cat label/label)"
echo "prid=$(cat prid/prid)" >> $GITHUB_OUTPUT
echo "prid=$(cat prid/prid)"
- name: Checkout
uses: actions/checkout@v3
- name: Create a new branch based on the PR ID
run: |
git fetch origin pull/${{ steps.extract-artifact.outputs.prid }}/head:pull/${{ steps.extract-artifact.outputs.prid }}
git push -u origin pull/${{ steps.extract-artifact.outputs.prid }}
#Trigger the workflow if creator of PR is not a member of development team.
#Will only be triggered if external PRs is approved before.
- name: Call Workflow
if: ${{ steps.user_affiliation.outputs.isTeamMember == 'false'}}
env:
GH_TOKEN: ${{ steps.generate_token.outputs.token }}
run: |
gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
/repos/ScalefreeCOM/datavault4dbt-ci-cd/actions/workflows/reusable-workflow.yml/dispatches \
-f "ref=main" -f "inputs[pr_branch]=pull/${{ steps.extract-artifact.outputs.prid }}" -f "inputs[all_env]=true" -f "inputs[pr_id]=${{ steps.extract-artifact.outputs.prid }}" -f "inputs[remote-triggered]=true"
#Trigger workflow if member of development team added testing label to PR.
- name: trigger-labeled-workflow
if: ${{ steps.extract-artifact.outputs.labels == 'true' && steps.user_affiliation.outputs.isTeamMember == 'true'}}
env:
GH_TOKEN: ${{ steps.generate_token.outputs.token }}
run: |
gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
/repos/ScalefreeCOM/datavault4dbt-ci-cd/actions/workflows/reusable-workflow.yml/dispatches \
-f "ref=main" -f "inputs[pr_branch]=pull/${{ steps.extract-artifact.outputs.prid }}" -f "inputs[all_env]=true" -f "inputs[pr_id]=${{ steps.extract-artifact.outputs.prid }}" -f "inputs[remote-triggered]=true"