chore: remove pull_request_trusted workflow

chmouel · chmouel · commit 6711cd6e0cb6 · 2025-03-25T13:25:48.000+01:00
- Removed the `pull_request_trusted` workflow.
- Added a new pipeline `run-gha-workflow` to trigger
  `nightly_push_dispatch` workflow on pull requests.
- Removed the `pipelinesascode.tekton.dev/task` annotation from go and linter
  pipelines.
- Updated the default SHA to `HEAD` in `nightly_push_dispatch` workflow,
- Changed condition to run e2e tests to be triggered on schedule event
  only if input sha is specified.

The `pull_request_trusted` workflow was deprecated and is no longer needed
since we now rely on the `/test` command for triggering E2E tests on pull
requests. We now use a PAC to trigger a workflow dispatch event
on the `nightly_push_dispatch` GitHub workflow. This allows us to leverage
GitHub Actions for running E2E tests on pull requests, providing a more

Signed-off-by: Chmouel Boudjnah &lt;chmouel@redhat.com&gt;
diff --git a/.github/workflows/nightly_push_dispatch.yaml b/.github/workflows/nightly_push_dispatch.yaml
@@ -13,7 +13,7 @@ on:
       sha:
         description: "The commit SHA to checkout"
         required: false
-        default: "main"
+        default: "HEAD"
 jobs:
   e2e-tests:
     concurrency:
@@ -101,7 +101,7 @@ jobs:
           ./hack/gh-workflow-ci.sh create_second_github_app_controller_on_ghe
 
       - name: Run E2E Tests
-        if: ${{ github.event_name != 'schedule' }}
+        if: ${{ github.event_name != 'schedule' || inputs.sha }}
         env:
           TEST_PROVIDER: ${{ matrix.provider }}
           TEST_BITBUCKET_CLOUD_TOKEN: ${{ secrets.BITBUCKET_CLOUD_TOKEN }}
diff --git a/.github/workflows/pull_request_trusted.yaml b/.github/workflows/pull_request_trusted.yaml
diff --git a/.tekton/go.yaml b/.tekton/go.yaml
@@ -4,7 +4,6 @@ kind: PipelineRun
 metadata:
   name: go-testing
   annotations:
-    pipelinesascode.tekton.dev/task: "[git-clone]"
     pipelinesascode.tekton.dev/max-keep-runs: "2"
     pipelinesascode.tekton.dev/cancel-in-progress: "true"
     pipelinesascode.tekton.dev/on-event: "pull_request"
diff --git a/.tekton/linter.yaml b/.tekton/linter.yaml
@@ -8,7 +8,6 @@ metadata:
     pipelinesascode.tekton.dev/on-target-branch: "[*]"
     pipelinesascode.tekton.dev/max-keep-runs: "2"
     pipelinesascode.tekton.dev/cancel-in-progress: "true"
-    pipelinesascode.tekton.dev/task: "[git-clone]"
 spec:
   params:
     - name: repo_url
diff --git a/.tekton/run-gha-workflow.yaml b/.tekton/run-gha-workflow.yaml
@@ -0,0 +1,77 @@
+---
+apiVersion: tekton.dev/v1beta1
+kind: PipelineRun
+metadata:
+  name: start-gha-workflow
+  annotations:
+    pipelinesascode.tekton.dev/max-keep-runs: "2"
+    pipelinesascode.tekton.dev/cancel-in-progress: "true"
+    pipelinesascode.tekton.dev/on-event: "pull_request"
+    pipelinesascode.tekton.dev/on-target-branch: "main"
+    pipelinesascode.tekton.dev/on-path-change: "[***/*.go, .github/workflows/*l]"
+spec:
+  params:
+    - name: repo_url
+      value: "{{repo_url}}"
+    - name: revision
+      value: "{{revision}}"
+  pipelineSpec:
+    params:
+      - name: repo_url
+      - name: revision
+    tasks:
+      - name: trigger-workflow
+        taskSpec:
+          workspaces:
+            - name: source
+          steps:
+            - name: fetch-repo
+              ref:
+                resolver: http
+                params:
+                  - name: url
+                    value: https://raw.githubusercontent.com/tektoncd/catalog/main/stepaction/git-clone/0.1/git-clone.yaml
+              params:
+                - name: output-path
+                  value: $(workspaces.source.path)
+                - name: url
+                  value: "$(params.repo_url)"
+                - name: revision
+                  value: "$(params.revision)"
+            - name: dispatch-workflow
+              # it has curl and we already pulled it
+              image: registry.access.redhat.com/ubi9/ubi
+              workingDir: $(workspaces.source.path)
+              env:
+                - name: HUB_TOKEN
+                  valueFrom:
+                    secretKeyRef:
+                      name: "nightly-ci-github-hub-token"
+                      key: "hub-token"
+              script: |
+                #!/usr/bin/env bash
+                set -eux
+                WORKFLOW=nightly_push_dispatch.yaml
+                REPO=""
+
+                url=$(curl -s -f -X GET -H "Accept: application/vnd.github.merge-info-preview+json, application/vnd.github.nebula-preview" \
+                  -H "Authorization: token ${HUB_TOKEN}" \
+                  -H "User-Agent: PAC" \
+                  https://api.github.com/repos/{{ repo_owner }}/{{ repo_name }}/actions/workflows/.github%2Fworkflows%2F${WORKFLOW} |
+                  sed -n 's/.*"url":"\([^"]*\)".*/\1/p')
+                [[ -z $url ]] && { echo "No url found" && exit 1; }
+
+                curl -s -f -X POST -H "Accept: application/vnd.github.v3+json" \
+                  -H "Authorization: token ${HUB_TOKEN}" \
+                  -H "Content-Type: application/json" \
+                  -d '{"ref":"main", "inputs": {"sha": "{{ revision }}"}}' \
+                  ${url}/dispatches
+
+        workspaces:
+          - name: source
+            workspace: source
+    workspaces:
+      - name: source
+  workspaces:
+    - name: source
+      emptyDir: {}
