@@ -2,10 +2,11 @@ name: CRD Validation
22
33on :
44 pull_request :
5- types : [opened, edited, synchronize, reopened]
5+ types : [opened, edited, synchronize, reopened, labeled, unlabeled ]
66
77permissions :
88 contents : read
9+ pull-requests : write
910
1011jobs :
1112 crd-validation :
2829 run : |
2930 go install sigs.k8s.io/crdify@latest
3031
32+ name : Reset Validation Approval
33+ if : github.event.action == 'synchronize' && contains(github.event.pull_request.labels.*.name, 'ack-breaking-changes')
34+ env :
35+ GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
36+ run : |
37+ gh pr edit ${{ github.event.pull_request.number }} --remove-label "ack-breaking-changes"
38+ echo "⚠️ Removed 'ack-breaking-changes' label due to new changes. Re-approval required."
39+
3140name : Run CRD Validation Check
41+ env :
42+ ALLOW_BREAKING : ${{ contains(github.event.pull_request.labels.*.name, 'ack-breaking-changes') && github.event.action != 'synchronize' }}
3243 run : |
3344 git fetch origin ${{ github.base_ref }}:upstream_base
3445 BASE_SHA=$(git rev-parse upstream_base)
@@ -37,15 +48,21 @@ jobs:
3748 for crd in config/crd/bases/*.yaml; do
3849 if ! crdify "git://${BASE_SHA}?path=$crd" "git://HEAD?path=$crd"; then
3950 echo "❌ Incompatible change detected in $crd"
40- ((FAILED++ ))
51+ FAILED=$ ((FAILED + 1 ))
4152 else
4253 echo "✅ $crd is valid"
4354 fi
4455 done
4556
4657 if [ "$FAILED" -gt 0 ]; then
47- echo "::error::Validation failed! Found $FAILED incompatible CRD change(s)."
48- exit 1
58+ if [[ "$ALLOW_BREAKING" == "true" ]]; then
59+ echo "⚠️ Validation failed with $FAILED incompatible change(s), but allowed via 'ack-breaking-changes' label."
60+ exit 0
61+ else
62+ echo "❌ error: Validation failed! Found $FAILED incompatible CRD change(s)."
63+ echo "⚠️ notice: To allow these changes, a reviewer must add the 'ack-breaking-changes' label to the PR."
64+ exit 1
65+ fi
4966 fi
5067
51- echo "All CRDs are compatible."
68+ echo "All CRDs are compatible."
0 commit comments