diff --git a/.github/workflows/testBuild.yml b/.github/workflows/testBuild.yml index 98b75f7da3de..6bfcf033e5b1 100644 --- a/.github/workflows/testBuild.yml +++ b/.github/workflows/testBuild.yml @@ -7,7 +7,7 @@ on: description: Pull Request number for correct placement of apps required: true pull_request_target: - types: [opened, synchronize] + types: [opened, synchronize, labeled] branches: ['*ci-test/**'] env: @@ -17,19 +17,32 @@ jobs: validateActor: runs-on: ubuntu-latest outputs: - IS_TEAM_MEMBER: ${{ fromJSON(steps.isUserDeployer.outputs.isTeamMember) }} + READY_TO_BUILD: ${{steps.readyToBuild.outputs.READY_TO_BUILD}} steps: - - id: isUserDeployer + - id: isUserTeamMember uses: tspascoal/get-user-teams-membership@baf2e6adf4c3b897bd65a7e3184305c165aec872 with: GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} username: ${{ github.actor }} - team: mobile-deployers + team: expensify-expensify + - name: Remove label if it was added by an unauthorized user + if: ${{ !fromJSON(steps.isUserTeamMember.outputs.isTeamMember) && github.event.label.name == 'Ready To Build' }} + uses: actions-ecosystem/action-remove-labels@v1 + with: + labels: 'Ready To Build' + - name: Throw exception if label was added by an unauthorized user + if: ${{ !fromJSON(steps.isUserTeamMember.outputs.isTeamMember) && github.event.label.name == 'Ready To Build' }} + run: | + echo "The 'Ready To Build' label was added by an unauthorized user" + exit 1 + - id: readyToBuild + name: Set READY_TO_BUILD flag + run: echo "READY_TO_BUILD=${{ fromJSON(steps.isUserTeamMember.outputs.isTeamMember) || contains(github.event.pull_request.labels.*.name, 'Ready To Build') }}" >> "$GITHUB_OUTPUT" getBranchRef: runs-on: ubuntu-latest needs: validateActor - if: ${{ fromJSON(needs.validateActor.outputs.IS_TEAM_MEMBER) }} + if: ${{ needs.validateActor.outputs.READY_TO_BUILD == 'true' }} outputs: REF: ${{steps.getHeadRef.outputs.REF}} steps: @@ -49,7 +62,7 @@ jobs: android: name: Build and deploy Android for testing needs: [validateActor, getBranchRef] - if: ${{ fromJSON(needs.validateActor.outputs.IS_TEAM_MEMBER) }} + if: ${{ needs.validateActor.outputs.READY_TO_BUILD == 'true' }} runs-on: ubuntu-latest env: PULL_REQUEST_NUMBER: ${{ github.event.number || github.event.inputs.PULL_REQUEST_NUMBER }} @@ -99,7 +112,7 @@ jobs: iOS: name: Build and deploy iOS for testing needs: [validateActor, getBranchRef] - if: ${{ fromJSON(needs.validateActor.outputs.IS_TEAM_MEMBER) }} + if: ${{ needs.validateActor.outputs.READY_TO_BUILD == 'true' }} env: PULL_REQUEST_NUMBER: ${{ github.event.number || github.event.inputs.PULL_REQUEST_NUMBER }} runs-on: macos-12 @@ -155,7 +168,7 @@ jobs: desktop: name: Build and deploy Desktop for testing needs: [validateActor, getBranchRef] - if: ${{ fromJSON(needs.validateActor.outputs.IS_TEAM_MEMBER) }} + if: ${{ needs.validateActor.outputs.READY_TO_BUILD == 'true' }} env: PULL_REQUEST_NUMBER: ${{ github.event.number || github.event.inputs.PULL_REQUEST_NUMBER }} runs-on: macos-12 @@ -192,7 +205,7 @@ jobs: web: name: Build and deploy Web needs: [validateActor, getBranchRef] - if: ${{ fromJSON(needs.validateActor.outputs.IS_TEAM_MEMBER) }} + if: ${{ needs.validateActor.outputs.READY_TO_BUILD == 'true' }} env: PULL_REQUEST_NUMBER: ${{ github.event.number || github.event.inputs.PULL_REQUEST_NUMBER }} runs-on: ubuntu-latest