[VAULT-20630] CI: Fix the CI workflow issue where we check out base ref instead of the ref that triggered the workflow run (#23453) (#23454)

Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
2025-10-30 18:17:55 +00:00 · 2023-10-03 09:29:04 -04:00
parent 0779ac452d
commit d34cbbead7
2 changed files with 21 additions and 0 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -28,6 +28,7 @@ jobs:
      compute-xlarge: ${{ steps.setup-outputs.outputs.compute-xlarge }}
      enterprise: ${{ steps.setup-outputs.outputs.enterprise }}
      go-tags: ${{ steps.setup-outputs.outputs.go-tags }}
+      checkout-ref: ${{ steps.checkout-ref-output.outputs.checkout-ref }}
    steps:
      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
      - id: setup-outputs
@@ -59,6 +60,14 @@ jobs:
        with:
          github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
          no-restore: true # don't download them on a cache hit
+      # control checking out head instead of ref by a GH label
+      # if checkout-head label is added to a PR, checkout HEAD otherwise checkout ref
+      - if: ${{ !contains(github.event.pull_request.labels.*.name, 'checkout-head') }}
+        run: echo "CHECKOUT_REF=${{ github.ref }}" >> "$GITHUB_ENV"
+      - if: ${{ contains(github.event.pull_request.labels.*.name, 'checkout-head') }}
+        run: echo "CHECKOUT_REF=${{ github.event.pull_request.head.sha }}" >> "$GITHUB_ENV"
+      - id: checkout-ref-output
+        run: echo "checkout-ref=${{ env.CHECKOUT_REF }}" >> "$GITHUB_OUTPUT"

  diff-oss-ci:
    name: Diff OSS
@@ -117,6 +126,7 @@ jobs:
      go-tags: '${{ needs.setup.outputs.go-tags }},deadlock'
      runs-on: ${{ needs.setup.outputs.compute-large }}
      enterprise: ${{ needs.setup.outputs.enterprise }}
+      checkout-ref: ${{ needs.setup.outputs.checkout-ref }}
    secrets: inherit

  test-go-race:
@@ -142,6 +152,7 @@ jobs:
      runs-on: ${{ needs.setup.outputs.compute-large }}
      enterprise: ${{ needs.setup.outputs.enterprise }}
      name: "race"
+      checkout-ref: ${{ needs.setup.outputs.checkout-ref }}
    secrets: inherit

  test-go-fips:
@@ -167,6 +178,7 @@ jobs:
      runs-on: ${{ needs.setup.outputs.compute-large }}
      enterprise: ${{ needs.setup.outputs.enterprise }}
      name: "fips"
+      checkout-ref: ${{ needs.setup.outputs.checkout-ref }}
    secrets: inherit

  test-ui:
--- a/.github/workflows/test-go.yml
+++ b/.github/workflows/test-go.yml
@@ -52,6 +52,11 @@ on:
        required: false
        default: 60
        type: number
+      checkout-ref:
+        description: The ref to use for checkout.
+        required: false
+        default: ${{ github.base_ref }}
+        type: string

 env: ${{ fromJSON(inputs.env-vars) }}

@@ -63,6 +68,8 @@ jobs:
    runs-on: ${{ fromJSON(inputs.runs-on) }}
    steps:
      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          ref: ${{ inputs.checkout-ref }}
      - uses: ./.github/actions/set-up-go
        with:
          github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
@@ -172,6 +179,8 @@ jobs:
      TIMEOUT_IN_MINUTES: ${{ inputs.timeout-minutes }}
    steps:
      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          ref: ${{ inputs.checkout-ref }}
      - uses: ./.github/actions/set-up-go
        with:
          github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}