|
14 | 14 | # limitations under the License. |
15 | 15 |
|
16 | 16 | # A workflow to trigger ci on hybrid infra (github + self hosted runner) |
17 | | -name: Blossom-CI |
| 17 | +name: L0-Test |
18 | 18 | on: |
19 | 19 | issue_comment: |
20 | 20 | types: [created] |
|
25 | 25 | required: true |
26 | 26 | test_result: |
27 | 27 | description: 'test result' |
28 | | - required: true |
| 28 | + required: false |
29 | 29 | test_results_url: |
30 | 30 | description: 'test results url' |
31 | 31 | required: true |
32 | 32 | jobs: |
33 | 33 | Authorization: |
34 | | - name: Authorization |
35 | | - runs-on: blossom |
36 | | - outputs: |
37 | | - args: ${{ env.args }} |
38 | | - |
39 | | - # This job only runs for pull request comments |
40 | | - if: | |
41 | | - startsWith( github.event.comment.body, '/bot' ) && contains('["chzblych", "tburt-nv", "niukuo"]', github.actor) |
42 | | - steps: |
43 | | - - name: Check if comment is issued by authorized person |
44 | | - run: blossom-ci |
45 | | - env: |
46 | | - OPERATION: 'AUTH' |
47 | | - REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
48 | | - REPO_KEY_DATA: ${{ secrets.BLOSSOM_KEY }} |
49 | | - |
50 | | - Vulnerability-scan: |
51 | | - name: Vulnerability scan |
52 | | - needs: [Authorization] |
53 | 34 | runs-on: ubuntu-latest |
| 35 | + name: Authorization |
| 36 | + if: startsWith( github.event.comment.body, '/bot' ) |
54 | 37 | steps: |
55 | | - - name: Checkout code |
56 | | - uses: actions/checkout@v2 |
57 | | - with: |
58 | | - repository: ${{ fromJson(needs.Authorization.outputs.args).repo }} |
59 | | - ref: ${{ fromJson(needs.Authorization.outputs.args).ref }} |
60 | | - lfs: 'true' |
61 | | - |
62 | | - - name: Run blossom action |
63 | | - uses: NVIDIA/blossom-action@main |
64 | | - env: |
65 | | - REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
66 | | - REPO_KEY_DATA: ${{ secrets.BLOSSOM_KEY }} |
| 38 | + - name: Check Team Membership |
| 39 | + uses: actions/github-script@v6 |
67 | 40 | with: |
68 | | - args1: ${{ fromJson(needs.Authorization.outputs.args).args1 }} |
69 | | - args2: ${{ fromJson(needs.Authorization.outputs.args).args2 }} |
70 | | - args3: ${{ fromJson(needs.Authorization.outputs.args).args3 }} |
| 41 | + github-token: ${{ secrets.CI_TEAM_TOKEN }} |
| 42 | + script: | |
| 43 | + try { |
| 44 | + const { data: membership } = await github.rest.teams.getMembershipForUserInOrg({ |
| 45 | + org: context.repo.owner, |
| 46 | + team_slug: 'trt-llm-ci-approvers', |
| 47 | + username: context.actor, |
| 48 | + }); |
| 49 | + if (membership.state != 'active') { |
| 50 | + core.setFailed('only member in [trt-llm-ci-approvers] can run', membership) |
| 51 | + } |
| 52 | + } catch (error) { |
| 53 | + console.log('check membership failed:', error); |
| 54 | + core.setFailed('only member in [trt-llm-ci-approvers] can run') |
| 55 | + } |
71 | 56 |
|
72 | 57 | Job-trigger: |
73 | 58 | name: Start ci job |
74 | | - needs: [Vulnerability-scan] |
75 | | - runs-on: blossom |
| 59 | + needs: [Authorization] |
| 60 | + runs-on: [self-hosted, Linux, Jenkins] |
76 | 61 | steps: |
77 | 62 | - name: Start ci job |
78 | | - run: blossom-ci |
79 | | - env: |
80 | | - OPERATION: 'START-CI-JOB' |
81 | | - CI_SERVER: ${{ secrets.CI_SERVER }} |
82 | | - REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 63 | + run: | |
| 64 | + CI_SERVER="${{ secrets.CI_SERVER }}" |
| 65 | + JENKINS_URL=$(echo "$CI_SERVER" | cut -d '@' -f 1) |
| 66 | + TOKEN=$(echo "$CI_SERVER" | cut -d '@' -f 2) |
| 67 | +
|
| 68 | + echo '${{ toJson(github.event) }}' > githubData.json |
| 69 | +
|
| 70 | + curl -s -X POST \ |
| 71 | + -H "Content-Type: application/json" \ |
| 72 | + -d @githubData.json \ |
| 73 | + "$JENKINS_URL/generic-webhook-trigger/invoke?token=$TOKEN" |
83 | 74 |
|
84 | | - Upload-results: |
| 75 | + Upload-Test: |
85 | 76 | name: Upload test results |
86 | 77 | runs-on: linux-amd64-cpu4 |
87 | 78 | if: github.event_name == 'workflow_dispatch' |
|
0 commit comments