From de74811b2a29dff4684997f39adac469346d2b19 Mon Sep 17 00:00:00 2001
From: Doug Smith <doug.smith@datadoghq.com>
Date: Fri, 30 Jun 2023 10:12:12 -0400
Subject: [PATCH 1/2] chore(ci): correctly validate comment author in k8s e2e
 job

---
 .github/workflows/k8s_e2e.yml | 57 +++++++++++++++++------------------
 1 file changed, 28 insertions(+), 29 deletions(-)

diff --git a/.github/workflows/k8s_e2e.yml b/.github/workflows/k8s_e2e.yml
index 50de3f5db9a2c..d3673293c901d 100644
--- a/.github/workflows/k8s_e2e.yml
+++ b/.github/workflows/k8s_e2e.yml
@@ -42,9 +42,31 @@ env:
   PROFILE: debug
 
 jobs:
+  validate:
+    name: Validate comment
+    runs-on: ubuntu-latest
+    if: |
+      github.event_name != 'issue_comment' ||
+      ( github.event.issue.pull_request && 
+        ( contains(github.event.comment.body, '/ci-run-all') ||
+          contains(github.event.comment.body, '/ci-run-k8s')
+        )
+      )
+    steps:
+      - name: Get PR comment author
+        id: comment
+        uses: tspascoal/get-user-teams-membership@v2
+        with:
+          username: ${{ github.actor }}
+          team: 'Vector'
+          GITHUB_TOKEN: ${{ secrets.GH_PAT_ORG }}
+
+      - name: Validate author membership
+        if: steps.comment.outputs.isTeamMember == 'false'
+        run: exit 1
+
   changes:
-    if: github.event_name != 'issue_comment' || (github.event.issue.pull_request &&
-          (contains(github.event.comment.body, '/ci-run-k8s') || contains(github.event.comment.body, '/ci-run-all')))
+    needs: validate
     uses: ./.github/workflows/changes.yml
     with:
       base_ref: ${{ github.event.pull_request.base.ref }}
@@ -54,7 +76,7 @@ jobs:
   build-x86_64-unknown-linux-gnu:
     name: Build - x86_64-unknown-linux-gnu
     runs-on: [linux, ubuntu-20.04-4core]
-    needs: changes
+    needs: [changes, validate]
     if: github.event_name != 'pull_request' || needs.changes.outputs.k8s == 'true'
     # cargo-deb requires a release build, but we don't need optimizations for tests
     env:
@@ -62,14 +84,6 @@ jobs:
       CARGO_PROFILE_RELEASE_CODEGEN_UNITS: 256
       CARGO_INCREMENTAL: 0
     steps:
-      - name: Validate issue comment
-        if: github.event_name == 'issue_comment'
-        uses: tspascoal/get-user-teams-membership@v2
-        with:
-          username: ${{ github.actor }}
-          team: 'Vector'
-          GITHUB_TOKEN: ${{ secrets.GH_PAT_ORG }}
-
       - name: (PR comment) Get PR branch
         if: ${{ github.event_name == 'issue_comment' }}
         uses: xt0rted/pull-request-comment-branch@v2
@@ -127,19 +141,11 @@ jobs:
   compute-k8s-test-plan:
     name: Compute K8s test plan
     runs-on: ubuntu-latest
-    needs: changes
+    needs: [changes, validate]
     if: github.event_name != 'pull_request' || needs.changes.outputs.k8s == 'true'
     outputs:
       matrix: ${{ steps.set-matrix.outputs.matrix }}
     steps:
-      - name: Validate issue comment
-        if: github.event_name == 'issue_comment'
-        uses: tspascoal/get-user-teams-membership@v2
-        with:
-          username: ${{ github.actor }}
-          team: 'Vector'
-          GITHUB_TOKEN: ${{ secrets.GH_PAT_ORG }}
-
       - uses: actions/github-script@v6.4.1
         id: set-matrix
         with:
@@ -189,6 +195,7 @@ jobs:
     name: K8s ${{ matrix.kubernetes_version.version }} / ${{ matrix.container_runtime }} (${{ matrix.kubernetes_version.role }})
     runs-on: [linux, ubuntu-20.04-4core]
     needs:
+      - validate
       - build-x86_64-unknown-linux-gnu
       - compute-k8s-test-plan
     strategy:
@@ -239,21 +246,13 @@ jobs:
   final-result:
     name: K8s E2E Suite
     runs-on: ubuntu-latest
-    needs: test-e2e-kubernetes
+    needs: [test-e2e-kubernetes, validate]
     if: |
       always() && (github.event_name != 'issue_comment' || (github.event.issue.pull_request
         && (contains(github.event.comment.body, '/ci-run-k8s') || contains(github.event.comment.body, '/ci-run-all'))))
     env:
       FAILED: ${{ contains(needs.*.result, 'failure') }}
     steps:
-      - name: Validate issue comment
-        if: github.event_name == 'issue_comment'
-        uses: tspascoal/get-user-teams-membership@v2
-        with:
-          username: ${{ github.actor }}
-          team: 'Vector'
-          GITHUB_TOKEN: ${{ secrets.GH_PAT_ORG }}
-
       - name: (PR comment) Get PR branch
         if: success() && github.event_name == 'issue_comment'
         uses: xt0rted/pull-request-comment-branch@v2

From 9a09634b08d9f460e6c97e09379ad68510d46d0b Mon Sep 17 00:00:00 2001
From: Doug Smith <doug.smith@datadoghq.com>
Date: Fri, 30 Jun 2023 10:29:23 -0400
Subject: [PATCH 2/2] fmt

---
 .github/workflows/k8s_e2e.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/k8s_e2e.yml b/.github/workflows/k8s_e2e.yml
index d3673293c901d..e7faa3a59555a 100644
--- a/.github/workflows/k8s_e2e.yml
+++ b/.github/workflows/k8s_e2e.yml
@@ -47,7 +47,7 @@ jobs:
     runs-on: ubuntu-latest
     if: |
       github.event_name != 'issue_comment' ||
-      ( github.event.issue.pull_request && 
+      ( github.event.issue.pull_request &&
         ( contains(github.event.comment.body, '/ci-run-all') ||
           contains(github.event.comment.body, '/ci-run-k8s')
         )