diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 72d83d584..63b8c0f94 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -49,6 +49,7 @@ before_script: ANSIBLE_KEEP_REMOTE_FILES: "1" BOOTSTRAP_OS: none LOG_LEVEL: "-vv" + MAGIC: "ci check this" .gce: &gce <<: *job @@ -202,7 +203,7 @@ before_script: CLUSTER_MODE: ha BOOTSTRAP_OS: coreos -# Builds for PRs only (auto) and triggers (auto) +# Builds for PRs only (premoderated by unit-tests step) and triggers (auto) coreos-calico-sep: stage: deploy-gce-part1 <<: *job @@ -405,11 +406,15 @@ coreos-alpha-weave-ha: except: ['triggers'] only: ['master', /^pr-.*$/] +# Premoderated with manual actions syntax-check: <<: *job stage: unit-tests + before_script: + - apt-get -y install jq script: - ansible-playbook -i inventory/local-tests.cfg -u root -e ansible_ssh_user=root -b --become-user=root cluster.yml -vvv --syntax-check + - /bin/sh scripts/premoderator.sh except: ['triggers'] tox-inventory-builder: diff --git a/scripts/premoderator.sh b/scripts/premoderator.sh new file mode 100644 index 000000000..f039205ae --- /dev/null +++ b/scripts/premoderator.sh @@ -0,0 +1,14 @@ +#!/bin/sh -eux -o pipefail +# A naive premoderation script to allow Gitlab CI pipeline on a specific PRs' comment +# Exits with 0, if the pipeline is good to go + +CURL_ARGS="-fs --connect-timeout 5 --max-time 5 --retry-max-time 20 --retry 4 --retry-delay 5" +MAGIC="${MAGIC:-ci check this}" + +# Get PR number from CI_BUILD_REF_NAME +issue=$(echo ${CI_BUILD_REF_NAME} | perl -ne '/^pr-(\d+)-\S+$/ && print $1') +# Get the user name from the PR comments with the wanted magic incantation casted +user=$(curl ${CURL_ARGS} "https://api.github.com/repos/kubernetes-incubator/kargo/issues/${issue}/comments" \ + | jq -M "map(select(.body | contains (\"$MAGIC\"))) | .[0] .user.login" | tr -d '"') +# Check for the required user group membership to allow (exit 0) or decline (exit >0) the pipeline +curl ${CURL_ARGS} "https://api.github.com/orgs/kubernetes-incubator/members/${user}"