From 3ac50676c8badf84ef4a709d0a21ad4bc23b9405 Mon Sep 17 00:00:00 2001
From: hectorcast-db <hector.castejon@databricks.com>
Date: Wed, 30 Oct 2024 10:15:18 +0100
Subject: [PATCH] [Internal] Add test instructions for external contributors
 (#370)

Add test instructions for external contributors

See Go Changes
https://github.com/databricks/databricks-sdk-go/pull/1073
---
 .github/workflows/external-message.yml  | 83 +++++++++++++++++++++++++
 .github/workflows/integration-tests.yml | 23 ++++++-
 2 files changed, 104 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/external-message.yml

diff --git a/.github/workflows/external-message.yml b/.github/workflows/external-message.yml
new file mode 100644
index 00000000..3534ca09
--- /dev/null
+++ b/.github/workflows/external-message.yml
@@ -0,0 +1,83 @@
+name: PR Comment
+
+# WARNING:
+# THIS WORKFLOW ALWAYS RUNS FOR EXTERNAL CONTRIBUTORS WITHOUT ANY APPROVAL.
+# THIS WORKFLOW RUNS FROM MAIN BRANCH, NOT FROM THE PR BRANCH.
+# DO NOT PULL THE PR OR EXECUTE ANY CODE FROM THE PR.
+
+on:
+  pull_request_target:
+    types: [opened, reopened, synchronize]
+    branches:
+      - main
+
+  pull_request:
+    types: [opened, synchronize]
+
+
+jobs:
+  comment-on-pr:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+
+    steps:
+      - uses: actions/checkout@v4
+
+      # If the user has a token, the integration-tests.yml workflow will write a message. Wait
+      # and check if the message is present.
+      - name: Wait for 30 seconds
+        run: sleep 30
+        shell: bash
+
+      - name: Check for integration tests comment
+        id: check-secrets-access
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+        run: |
+          comment_found=$(gh pr view $PR_NUMBER --json comments \
+            --jq '.comments[].body | select(startswith("<!-- INTEGRATION_TESTS -->"))' \
+            --repo ${{ github.repository }})
+          
+          if [ -n "$comment_found" ]; then
+            echo "has_secrets_access=true" >> $GITHUB_OUTPUT
+          else
+            echo "has_secrets_access=false" >> $GITHUB_OUTPUT
+          fi
+
+      # If not found, write a comment for manual execution
+      - name: Delete old comments
+        if: steps.check-secrets-access.outputs.has_secrets_access != 'true'
+        env:
+           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+            # Delete previous comment if it exists
+            previous_comment_ids=$(gh api "repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments" \
+              --jq '.[] | select(.body | startswith("<!-- INTEGRATION_TESTS_MANUAL -->")) | .id')
+            echo "Previous comment IDs: $previous_comment_ids"
+            # Iterate over each comment ID and delete the comment
+            if [ ! -z "$previous_comment_ids" ]; then
+              echo "$previous_comment_ids" | while read -r comment_id; do
+                echo "Deleting comment with ID: $comment_id"
+                gh api "repos/${{ github.repository }}/issues/comments/$comment_id" -X DELETE
+              done
+            fi
+
+      - name: Comment on PR
+        if: steps.check-secrets-access.outputs.has_secrets_access != 'true'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          COMMIT_SHA: ${{ github.event.pull_request.head.sha }}
+        run: |
+          gh pr comment ${{ github.event.pull_request.number }} --body \
+          "<!-- INTEGRATION_TESTS_MANUAL -->
+          Run integration tests manually:
+          [go/deco-tests-run/sdk-java](https://go/deco-tests-run/sdk-java)
+
+          Inputs:
+          * PR number: ${{github.event.pull_request.number}}
+          * Commit SHA: \`${{ env.COMMIT_SHA }}\`
+          
+          Checks will be approved automatically on success.
+          "
diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml
index 57e93b13..7035f0ff 100644
--- a/.github/workflows/integration-tests.yml
+++ b/.github/workflows/integration-tests.yml
@@ -7,12 +7,31 @@ on:
     merge_group:
 
 jobs:
+    check-token:
+        name: Check secrets access
+        runs-on: ubuntu-latest
+        outputs:
+            has_token: ${{ steps.set-token-status.outputs.has_token }}
+        steps:
+        - name: Check if GITHUB_TOKEN is set
+          id: set-token-status
+          run: |
+            if [ -z "${{ secrets.GITHUB_TOKEN }}" ]; then
+                echo "GITHUB_TOKEN is empty. User has no access to tokens."
+                echo "::set-output name=has_token::false"
+            else
+                echo "GITHUB_TOKEN is set. User has access to tokens."
+                echo "::set-output name=has_token::false"
+            fi
+
     trigger-tests:
-        if: github.event_name == 'pull_request'
         name: Trigger Tests
         runs-on: ubuntu-latest
+        needs: check-token
+        if: github.event_name == 'pull_request'  && needs.check-token.outputs.has_token == 'true'
+        needs: check-token
+        if: github.event_name == 'pull_request'  && needs.check-token.outputs.has_token == 'true'
         environment: "test-trigger-is"
-
         steps:
             - uses: actions/checkout@v3