mirror of
https://github.com/sourcegraph/sourcegraph.git
synced 2026-02-06 19:51:50 +00:00
4a04287e53
closes CLO-527 [context](https://sourcegraph.slack.com/archives/CHXHX7XAS/p1721835847010889) cloud uses a lot of the GraphQL API to pre-configure instances on customer behave, and it's very sensitive to breaking changes to the schema upstream. currently, we have a [cronjob github actions](https://github.com/sourcegraph/controller/actions/workflows/srcgql-compat.yaml) that periodically check the schema compatibility every day. such approach works but we're always playing catch up and will have to result in extra work on the product team to re-work the PR. it is much better to catch this in CI time within the monorepo. This PR added a new github actions to the monorepo that will run on any `*.graphql` changes. Then it will remotely trigger the cronjob github action in sourcegraph/controller to run and poll the result. See test plan for demo. ## FAQ ### Why not run the test in buildkite or directly in this repo using github actions? - sourcegraph/controller is a huge repo forhistorical reason (> 2G) and cloning it is very expensive - the repo contains sensitive information, and we don't want to make it possible to expose it accidentally. ### How does authentication work? We use a [GitHub App](https://github.com/organizations/sourcegraph/settings/apps/cloud-srcgql-compat-test-invoker) with extremely limited permissions. It only permits the workflow to trigger/read the workflow without any access to the source code itself. Also, GitHub App installation access token has a life span of 1h, much better than PAT.  ## Test plan it triggered the job and it worked: good: https://github.com/sourcegraph/sourcegraph/pull/64094 bad: https://github.com/sourcegraph/sourcegraph/pull/64095 |
||
|---|---|---|
| .. | ||
| ISSUE_TEMPLATE | ||
| PULL_REQUEST_TEMPLATE | ||
| workflows | ||
| PULL_REQUEST_TEMPLATE.md | ||
| teams.yml | ||
| test.CODEOWNERS | ||