diff --git a/.github/workflows/CI-workflow.yml b/.github/workflows/CI-workflow.yml index debe6958b6..ee9b35d154 100644 --- a/.github/workflows/CI-workflow.yml +++ b/.github/workflows/CI-workflow.yml @@ -14,13 +14,16 @@ permissions: contents: read jobs: + Get-Require-Approval: + uses: ./.github/workflows/require-approval.yml + Get-CI-Image-Tag: uses: opensearch-project/opensearch-build/.github/workflows/get-ci-image-tag.yml@main with: product: opensearch Build-ml-linux: - needs: Get-CI-Image-Tag + needs: [Get-Require-Approval, Get-CI-Image-Tag] strategy: matrix: java: [21] @@ -29,7 +32,7 @@ jobs: name: Build and Test MLCommons Plugin on linux if: github.repository == 'opensearch-project/ml-commons' - environment: ml-commons-cicd-env + environment: ${{ needs.Get-Require-Approval.outputs.is-require-approval }} outputs: build-test-linux: ${{ steps.step-build-test-linux.outputs.build-test-linux }} runs-on: ubuntu-latest @@ -87,14 +90,14 @@ jobs: Test-ml-linux-docker: - needs: Build-ml-linux + needs: [Get-Require-Approval, Build-ml-linux] strategy: matrix: java: [21] name: Test MLCommons Plugin on linux docker if: github.repository == 'opensearch-project/ml-commons' - environment: ml-commons-cicd-env + environment: ${{ needs.Get-Require-Approval.outputs.is-require-approval }} runs-on: ubuntu-latest steps: @@ -189,7 +192,8 @@ jobs: java: [21] name: Build and Test MLCommons Plugin on Windows if: github.repository == 'opensearch-project/ml-commons' - environment: ml-commons-cicd-env + needs: [Get-Require-Approval] + environment: ${{ needs.Get-Require-Approval.outputs.is-require-approval }} runs-on: windows-latest steps: diff --git a/.github/workflows/require-approval.yml b/.github/workflows/require-approval.yml new file mode 100644 index 0000000000..7da166d618 --- /dev/null +++ b/.github/workflows/require-approval.yml @@ -0,0 +1,36 @@ +--- +name: Check if the workflow require approval +on: + workflow_call: + outputs: + is-require-approval: + description: The ci image version for linux build + value: ${{ jobs.Require-Approval.outputs.output-is-require-approval }} + +jobs: + Require-Approval: + runs-on: ubuntu-latest + outputs: + output-is-require-approval: ${{ steps.step-is-require-approval.outputs.is-require-approval }} + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.base.sha }} + - name: Get CodeOwner List + id: step-is-require-approval + run: | + github_event=${{ github.event_name }} + if [[ "$github_event" = "push" ]]; then + echo "Push event does not need approval" + echo "is-require-approval=ml-commons-cicd-env" >> $GITHUB_OUTPUT + else + approvers=$(cat .github/CODEOWNERS | grep @ | tr -d '* ' | sed 's/@/,/g' | sed 's/,//1') + author=${{ github.event.pull_request.user.login }} + if [[ "$approvers" =~ "$author" ]]; then + echo "$author is in the approval list" + echo "is-require-approval=ml-commons-cicd-env" >> $GITHUB_OUTPUT + else + echo "$author is not in the approval list" + echo "is-require-approval=ml-commons-cicd-env-require-approval" >> $GITHUB_OUTPUT + fi + fi