diff --git a/.github/workflows/application-signals-e2e-test.yml b/.github/workflows/application-signals-e2e-test.yml index 0a5edbc7a6..62ffcdaec8 100644 --- a/.github/workflows/application-signals-e2e-test.yml +++ b/.github/workflows/application-signals-e2e-test.yml @@ -12,20 +12,31 @@ on: description: 'The ID of the build-test-artifacts workflow run' type: number required: true + build_sha: + description: 'The SHA of the build-test-artifacts workflow run' + type: string + required: true permissions: id-token: write contents: read concurrency: - group: '${{ github.workflow }} @ ${{ inputs.aws-region }}' - cancel-in-progress: false + group: ${{ github.workflow }}-${{ github.ref_name }} + cancel-in-progress: true jobs: CheckBuildTestArtifacts: runs-on: ubuntu-latest steps: + - run: | + if [[ ${{ inputs.build_sha }} == ${{ github.sha }} ]]; then + echo "Build SHA matches test SHA" + else + echo "Build SHA does not match test SHA" + exit 1 + fi - run: | conclusion=$(gh run view ${{ inputs.build_run_id }} --repo $GITHUB_REPOSITORY --json conclusion -q '.conclusion') if [[ $conclusion == "success" ]]; then diff --git a/.github/workflows/build-test-artifacts.yml b/.github/workflows/build-test-artifacts.yml index 3b8ec31733..ca12788fc7 100644 --- a/.github/workflows/build-test-artifacts.yml +++ b/.github/workflows/build-test-artifacts.yml @@ -9,11 +9,12 @@ on: paths-ignore: - '**/*.md' - 'NOTICE' - - 'RELEASE_NOTES' - 'THIRD-PARTY' - 'LICENSE' - '.github/**' - '!.github/workflows/build-test-artifacts.yml' + - '!.github/workflows/integration-test.yml' + - '!.github/workflows/application-signals-e2e-test.yml' workflow_dispatch: concurrency: @@ -88,14 +89,16 @@ jobs: needs: [ BuildAndUploadPackages, BuildAndUploadITAR, BuildAndUploadCN, BuildDocker ] runs-on: ubuntu-latest steps: - - run: gh workflow run integration-test.yml --ref ${{ github.ref_name }} --repo $GITHUB_REPOSITORY -f build_run_id=${{ github.run_id }} + - run: gh workflow run integration-test.yml --ref ${{ github.ref_name }} --repo $GITHUB_REPOSITORY -f build_run_id=${{ github.run_id }} -f build_sha=${{ github.sha }} env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} StartApplicationSignalsE2ETests: - needs: [ BuildAndUpload, BuildDocker ] + needs: [ BuildAndUploadPackages, BuildAndUploadITAR, BuildAndUploadCN, BuildDocker ] + # Workflow only runs against main + if: ${{ contains(github.ref_name, 'main') }} runs-on: ubuntu-latest steps: - - run: gh workflow run application-signals-e2e-test.yml --ref ${{ github.ref_name }} --repo $GITHUB_REPOSITORY -f build_run_id=${{ github.run_id }} + - run: gh workflow run application-signals-e2e-test.yml --ref ${{ github.ref_name }} --repo $GITHUB_REPOSITORY -f build_run_id=${{ github.run_id }} -f build_sha=${{ github.sha }} env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml index 0c9138389b..a41c36c803 100644 --- a/.github/workflows/integration-test.yml +++ b/.github/workflows/integration-test.yml @@ -26,6 +26,10 @@ on: description: 'The ID of the build-test-artifacts workflow run' type: number required: true + build_sha: + description: 'The SHA of the build-test-artifacts workflow run' + type: string + required: true concurrency: group: ${{ github.workflow }}-${{ github.ref_name }} @@ -35,6 +39,13 @@ jobs: CheckBuildTestArtifacts: runs-on: ubuntu-latest steps: + - run: | + if [[ ${{ inputs.build_sha }} == ${{ github.sha }} ]]; then + echo "Build SHA matches test SHA" + else + echo "Build SHA does not match test SHA" + exit 1 + fi - run: | conclusion=$(gh run view ${{ inputs.build_run_id }} --repo $GITHUB_REPOSITORY --json conclusion -q '.conclusion') if [[ $conclusion == "success" ]]; then