Include service-check-batch and enforce checkbox

.github/scripts/run-codebuild-batch-job.sh

@@ -8,6 +8,8 @@ error_exit() {
 PROJECT_NAME=$1
 # get the source version to be built (defaults to main branch if not specified)
 SOURCE_VERSION=${2:-main}
+SDK_PR=$3
+SMITHY_PR=$4
 
 echo "Starting CodeBuild project ${PROJECT_NAME}"
 
@@ -18,7 +20,7 @@ START_RESULT=$(
   aws codebuild start-build-batch \
     --project-name ${PROJECT_NAME} \
     --source-version $SOURCE_VERSION \
-    --environment-variables-override file:///tmp/gh_env_vars.json
+    --environment-variables-override file:///tmp/gh_env_vars.json name=SDK_PR,value=$SDK_PR name=SMITHY_PR,value=$SMITHY_PR
 )
 
 if [ "$?" != "0" ]; then

.github/workflows/codebuild-ci.yml

@@ -38,11 +38,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Configure AWS Credentials
+        if: ${{ ((inputs.aws-sdk-kotlin-pr != '' || inputs.smithy-kotlin-pr != '') && inputs.check-pr == true) || (inputs.aws-sdk-kotlin-pr == '' && inputs.smithy-kotlin-pr == '') }}
         uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }}
           aws-region: us-west-2
       - name: Run E2E Tests
+        if: ${{ ((inputs.aws-sdk-kotlin-pr != '' || inputs.smithy-kotlin-pr != '') && inputs.check-pr == true) || (inputs.aws-sdk-kotlin-pr == '' && inputs.smithy-kotlin-pr == '') }}
         id: e2e-tests
         uses: aws-actions/aws-codebuild-run-build@v1
         with:
@@ -57,21 +59,33 @@ jobs:
             echo "cancelling in-progress build: id=$BUILD_ID"
             aws codebuild stop-build --id $BUILD_ID
           fi
+      - name: Verify PRs are not running malicious code
+        if: ${{ (inputs.aws-sdk-kotlin-pr != '' || inputs.smithy-kotlin-pr != '') && inputs.check-pr == false }}
+        run: |
+          echo Please verify the PRs are not running any malicious code and mark the checkbox true when running the workflow
+          exit 1
 
   service-check-batch:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout sources
+        if: ${{ ((inputs.aws-sdk-kotlin-pr != '' || inputs.smithy-kotlin-pr != '') && inputs.check-pr == true) || (inputs.aws-sdk-kotlin-pr == '' && inputs.smithy-kotlin-pr == '') }}
         uses: actions/checkout@v2
       - name: Configure AWS Credentials
+        if: ${{ ((inputs.aws-sdk-kotlin-pr != '' || inputs.smithy-kotlin-pr != '') && inputs.check-pr == true) || (inputs.aws-sdk-kotlin-pr == '' && inputs.smithy-kotlin-pr == '') }}
         uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }}
           aws-region: us-west-2
-      - name: Run Service Check Batch # TODO: Add PR numbers here... and figure out how this works so you can debug the e2e tests
+      - name: Run Service Check Batch
+        if: ${{ ((inputs.aws-sdk-kotlin-pr != '' || inputs.smithy-kotlin-pr != '') && inputs.check-pr == true) || (inputs.aws-sdk-kotlin-pr == '' && inputs.smithy-kotlin-pr == '') }}
         id: svc-check-batch
         run: |
-          .github/scripts/run-codebuild-batch-job.sh gh-aws-sdk-kotlin-svc-check-batch ${{ github.event.pull_request.head.sha }}
+          .github/scripts/run-codebuild-batch-job.sh \
+            gh-aws-sdk-kotlin-svc-check-batch \
+            ${{ github.event.pull_request.head.sha }} \
+            ${{ inputs.aws-sdk-kotlin-pr }} \
+            ${{ inputs.smithy-kotlin-pr }}
       - name: Cancel build
         if: ${{ cancelled() }}
         env:
@@ -81,3 +95,8 @@ jobs:
             echo "cancelling in-progress batch build: id=$BUILD_ID"
             aws codebuild stop-build --id $BUILD_ID
           fi
+      - name: Verify PRs are not running malicious code
+        if: ${{ (inputs.aws-sdk-kotlin-pr != '' || inputs.smithy-kotlin-pr != '') && inputs.check-pr == false }}
+        run: |
+          echo Please verify the PRs are not running any malicious code and mark the checkbox true when running the workflow
+          exit 1