[PM-5756] Trigger Autofill BIT checks on browser build workflow completion with autofill-affecting file changes (#15960)

* trigger Autofill BIT checks on browser build workflow completion and autofill-affecting file changes * further adjustments * hardcode bitwarden owner * remove unneeded origin_repo data in dispatch payload * add ownership for workflow * use actions/create-github-app-token * update CODEOWNERS line with suggestion
4 months ago · ef60f5bb51
2 changed files with 75 additions and 0 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@ -143,6 +143,7 @@ apps/desktop/macos/autofill-extension @bitwarden/team-autofill-dev
 apps/desktop/src/app/components/fido2placeholder.component.ts @bitwarden/team-autofill-dev
 apps/desktop/desktop_native/windows_plugin_authenticator @bitwarden/team-autofill-dev
 apps/desktop/desktop_native/autotype @bitwarden/team-autofill-dev
 .github/workflows/test-browser-interactions.yml @bitwarden/team-autofill-dev
 # DuckDuckGo integration
 apps/desktop/native-messaging-test-runner @bitwarden/team-autofill-dev
 apps/desktop/src/services/duckduckgo-message-handler.service.ts @bitwarden/team-autofill-dev
--- a/.github/workflows/test-browser-interactions.yml
+++ b/.github/workflows/test-browser-interactions.yml
@ -0,0 +1,74 @@
 name: Autofill BIT checks
 on:
  workflow_run:
    workflows: ["Build Browser"]
    types:
      - completed
 jobs:
  check-files:
    name: Check files
    runs-on: ubuntu-22.04
    permissions:
      actions: read
      contents: read
      id-token: write
    steps:
    - name: Log in to Azure
      uses: bitwarden/gh-actions/azure-login@main
      with:
        subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
        tenant_id: ${{ secrets.AZURE_TENANT_ID }}
        client_id: ${{ secrets.AZURE_CLIENT_ID }}
    - name: Get Azure Key Vault secrets
      id: get-kv-secrets
      uses: bitwarden/gh-actions/get-keyvault-secrets@main
      with:
        keyvault: gh-org-bitwarden
        secrets: "BW-GHAPP-ID,BW-GHAPP-KEY"
    - name: Log out from Azure
      uses: bitwarden/gh-actions/azure-logout@main
    - name: Generate GH App token
      uses: actions/create-github-app-token@30bf6253fa41bdc8d1501d202ad15287582246b4 # v2.0.3
      id: app-token
      with:
        app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }}
        private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }}
        owner: bitwarden
        repositories: browser-interactions-testing
        permission-actions: write
    - name: Checkout code
      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      with:
        fetch-depth: 0
    - name: Get changed files
      id: changed-files
      uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
      with:
        list-files: shell
        ref: ${{ github.event.workflow_run.head_branch }}
        token: ${{ secrets.GITHUB_TOKEN }}
        filters: |
          monitored:
            - 'apps/browser/src/autofill/**'
            - 'apps/browser/src/background/**'
            - 'apps/browser/src/platform/services/browser-script-injector.service.ts'
    - name: Trigger test-all workflow in browser-interactions-testing
      if: steps.changed-files.outputs.monitored == 'true'
      uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3.0.0
      with:
        token: ${{ steps.app-token.outputs.token }}
        repository: "bitwarden/browser-interactions-testing"
        event-type: trigger-bit-tests
        client-payload: |-
          {
            "origin_issue": ${{ github.event.workflow_run.pull_requests[0].number }},
            "origin_branch": "${{ github.event.workflow_run.pull_requests[0].head.ref }}"
          }