Skip to content

fix: avoid AccessDenied error for a while on SageMaker Studio wtih do… #1341

fix: avoid AccessDenied error for a while on SageMaker Studio wtih do…

fix: avoid AccessDenied error for a while on SageMaker Studio wtih do… #1341

Workflow file for this run

name: PR Checks
on:
pull_request_target:
branches:
- "master*"
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.head_ref }}
cancel-in-progress: true
permissions:
id-token: write # This is required for requesting the JWT
jobs:
collab-check:
runs-on: ubuntu-latest
outputs:
approval-env: ${{ steps.collab-check.outputs.result }}
steps:
- name: Collaborator Check
uses: actions/github-script@v7
id: collab-check
with:
github-token: ${{ secrets.COLLAB_CHECK_TOKEN }}
result-encoding: string
script: |
try {
const res = await github.rest.repos.checkCollaborator({
owner: context.repo.owner,
repo: context.repo.repo,
username: "${{ github.event.pull_request.user.login }}",
});
console.log("Verifed ${{ github.event.pull_request.user.login }} is a repo collaborator. Auto Approving PR Checks.")
return res.status == "204" ? "auto-approve" : "manual-approval"
} catch (error) {
console.log("${{ github.event.pull_request.user.login }} is not a collaborator. Requiring Manual Approval to run PR Checks.")
return "manual-approval"
}
wait-for-approval:
runs-on: ubuntu-latest
needs: [collab-check]
environment: ${{ needs.collab-check.outputs.approval-env }}
steps:
- run: echo "Workflow Approved! Starting PR Checks."
codestyle-doc-tests:
runs-on: ubuntu-latest
needs: [wait-for-approval]
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }}
aws-region: us-west-2
role-duration-seconds: 10800
- name: Run Codestyle & Doc Tests
uses: aws-actions/aws-codebuild-run-build@v1
with:
project-name: ${{ github.event.repository.name }}-ci-codestyle-doc-tests
source-version-override: 'refs/pull/${{ github.event.pull_request.number }}/head^{${{ github.event.pull_request.head.sha }}}'
unit-tests:
runs-on: ubuntu-latest
needs: [wait-for-approval]
strategy:
fail-fast: false
matrix:
python-version: ["py38","py39","py310","py311"]
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }}
aws-region: us-west-2
role-duration-seconds: 10800
- name: Run Unit Tests
uses: aws-actions/aws-codebuild-run-build@v1
with:
project-name: ${{ github.event.repository.name }}-ci-unit-tests
source-version-override: 'refs/pull/${{ github.event.pull_request.number }}/head^{${{ github.event.pull_request.head.sha }}}'
env-vars-for-codebuild: |
PY_VERSION
env:
PY_VERSION: ${{ matrix.python-version }}
integ-tests:
runs-on: ubuntu-latest
needs: [wait-for-approval]
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }}
aws-region: us-west-2
role-duration-seconds: 10800
- name: Run Integ Tests
uses: aws-actions/aws-codebuild-run-build@v1
with:
project-name: ${{ github.event.repository.name }}-ci-integ-tests
source-version-override: 'refs/pull/${{ github.event.pull_request.number }}/head^{${{ github.event.pull_request.head.sha }}}'