diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 3afe9888d99..b979551c66c 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -14,7 +14,9 @@ # Run secret-dependent integration tests only after approval name: Integration tests -on: pull_request_target +on: + pull_request_review: + types: [submitted] permissions: contents: read @@ -22,6 +24,7 @@ permissions: jobs: approve: + if: github.event.review.state == 'approved' runs-on: ubuntu-latest steps: - name: Harden Runner @@ -50,14 +53,14 @@ jobs: - name: setup-go uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 with: - go-version: '1.19' + go-version: "1.19" check-latest: true - name: Prepare test env run: | - go mod download + go mod download - - name: Run GITHUB_TOKEN E2E #using retry because the GitHub token is being throttled. + - name: Run GITHUB_TOKEN E2E #using retry because the GitHub token is being throttled. uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd env: GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -68,7 +71,7 @@ jobs: timeout_minutes: 30 command: make e2e-gh-token - - name: Run PAT E2E #using retry because the GitHub token is being throttled. + - name: Run PAT E2E #using retry because the GitHub token is being throttled. uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd env: GITHUB_AUTH_TOKEN: ${{ secrets.GH_AUTH_TOKEN }} @@ -81,15 +84,15 @@ jobs: - name: codecov uses: codecov/codecov-action@81cd2dc8148241f03f5839d295e000b8f761e378 # 2.1.0 with: - files: ./e2e-coverage.out - verbose: true + files: ./e2e-coverage.out + verbose: true - name: find comment uses: peter-evans/find-comment@f4499a714d59013c74a08789b48abe4b704364a0 # v2.1.0 id: fc with: issue-number: ${{ github.event.pull_request.number || github.event.client_payload.pull_request.number }} - comment-author: 'github-actions[bot]' + comment-author: "github-actions[bot]" body-includes: Integration tests ran for - name: create or update comment