Fix approval-gate skipping for org members in functional-test-cloud #11187
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The && operator has higher precedence than || in GitHub expressions. Without parentheses, the expression was incorrectly evaluating to 'external-contributor-approval' for ALL PRs, blocking org members. Fixed by adding parentheses around the trusted user check so it correctly returns '' (empty/no environment) for dependabot and org members (OWNER, MEMBER, COLLABORATOR). Before (buggy): actor == 'dependabot[bot]' || contains(...) && '' || 'external-...' After (fixed): (actor == 'dependabot[bot]' || contains(...)) && '' || 'external-...'
…ronment Signed-off-by: Sylvain Niles <sylvainniles@microsoft.com>
sylvainsf
requested a deployment
to
external-contributor-approval
GitHub Actions
Waiting
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Fix the approval-gate job in functional-test-cloud.yaml that was incorrectly gating PRs from org members (like PR #11177 from DariuszPorowski).
Root cause: The expression
environment: ${{ <condition> && 'external-contributor-approval' || '' }}evaluates to an empty string''for trusted users. However, GitHub Actions treats an empty string as a valid environment reference (creating an empty-named environment), NOT as "skip using an environment."Fix: Changed the approach to skip the
approval-gatejob entirely for trusted users viaifcondition, rather than using a conditional environment. Updated thesetupjob to also allowneeds.approval-gate.result == 'skipped'so downstream jobs proceed correctly.Type of change
Contributor checklist
Please verify that the PR mPlease verify that tequirPlease verify that the PR mPlease verify that tequirPlease verify that the PR mPlease verify that tequirPlease verify that the PR mPlease ver -->Please verify that the PR mPlease verify that tequirPlease verify that the PR mPlease verify that tequirPlease verify that the PR mPlease verify that tequirPlease verify that the PR mPlease ver -->Please verify that the PR mPlease verify that tequirPlease verify that the PR mPlease verify that tequirPlease verify that the PR mPl reviewed and approved by Radius maintainers/approvers.
- [ ] Yes
- [x] Not applicable