From a6373ae0e905aa4e3def7e0fb00579ac6deaa452 Mon Sep 17 00:00:00 2001 From: Tejas Kashinath Date: Wed, 4 Mar 2026 18:03:25 -0500 Subject: [PATCH] ci: auto-run E2E tests for authorized team members Add an authorize job that checks github.actor against the AUTHORIZED_USERS secret before running E2E tests. Team member PRs auto-trigger; external contributors get a clear skip message directing them to request a manual run. --- .github/workflows/e2e-tests.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index 27e854f3a..c22aaf19f 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -17,7 +17,33 @@ permissions: contents: read jobs: + authorize: + runs-on: ubuntu-latest + if: github.event_name == 'workflow_dispatch' || github.event_name == 'pull_request_target' + outputs: + is_authorized: ${{ steps.check.outputs.is_authorized }} + steps: + - name: Check authorization + id: check + run: | + if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then + echo "✅ Manual workflow dispatch — authorized" + echo "is_authorized=true" >> "$GITHUB_OUTPUT" + exit 0 + fi + AUTHORIZED_USERS="${{ secrets.AUTHORIZED_USERS }}" + if [[ ",$AUTHORIZED_USERS," == *",${{ github.actor }},"* ]]; then + echo "✅ User ${{ github.actor }} is authorized" + echo "is_authorized=true" >> "$GITHUB_OUTPUT" + else + echo "⏭️ User ${{ github.actor }} is not in AUTHORIZED_USERS — skipping E2E tests." + echo "ℹ️ External contributors: ask a maintainer to run the E2E tests manually via workflow_dispatch." + echo "is_authorized=false" >> "$GITHUB_OUTPUT" + fi + e2e: + needs: authorize + if: needs.authorize.outputs.is_authorized == 'true' runs-on: ubuntu-latest environment: e2e-testing timeout-minutes: 30