Remove usage of pull_request_target everywhere (#878)

samikshya-db · web-flow · commit 9bf1d2712282 · 2025-07-02T16:32:42.000+05:30
* Remove usage of GH workflows everywhere

* Add SSL testing
diff --git a/.github/workflows/checkNextChangelog.yml b/.github/workflows/checkNextChangelog.yml
@@ -1,12 +1,11 @@
 name: Check for NEXT_CHANGELOG.md Changes
 
 on:
-  pull_request_target:
+  pull_request:
      branches: [ main ]
 
 permissions:
   contents: read
-  pull-requests: write
 
 jobs:
   check-next-changelog:
@@ -67,47 +66,8 @@ jobs:
               echo "NO_CHANGELOG=true found in PR message. Skipping changelog check."
               exit 0
             else
-              echo "WARNING: file NEXT_CHANGELOG.md not changed. If this is expected, add NO_CHANGELOG=true to the PR message."
+              echo "ERROR: NEXT_CHANGELOG.md not changed and NO_CHANGELOG=true not found in PR message."
+              echo "Please update NEXT_CHANGELOG.md or add NO_CHANGELOG=true to the PR description."
               exit 1
             fi
-          fi
-
-      - name: Comment on PR with instructions if needed
-        if: failure() # This step will only run if the previous step fails (i.e., if NEXT_CHANGELOG.md was not modified and NO_CHANGELOG=true was not in the PR message)
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          # Check if a comment exists with the instructions
-          previous_comment_ids=$(gh api "repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments" \
-            --jq '.[] | select(.body | startswith("<!-- NEXT_CHANGELOG_INSTRUCTIONS -->")) | .id')
-          echo "Previous comment IDs: $previous_comment_ids"
-
-          # If no previous comment exists, add one with instructions
-          if [ -z "$previous_comment_ids" ]; then
-            echo "Adding instructions comment."
-            gh pr comment ${{ github.event.pull_request.number }} --body \
-            "<!-- NEXT_CHANGELOG_INSTRUCTIONS -->
-            Please ensure that the NEXT_CHANGELOG.md file is updated with any relevant changes. 
-            If this is not necessary for your PR, please include the following in your PR description:
-            NO_CHANGELOG=true
-            and rerun the job."
-          fi
-
-      - name: Delete instructions comment on success
-        if: success() # This step will only run if the previous check passed (i.e., if NEXT_CHANGELOG.md was modified or NO_CHANGELOG=true is in the PR message)
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          # Check if there is a previous instructions comment
-          previous_comment_ids=$(gh api "repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments" \
-            --jq '.[] | select(.body | startswith("<!-- NEXT_CHANGELOG_INSTRUCTIONS -->")) | .id')
-          
-            # If a comment exists, delete it
-            if [ -n "$previous_comment_ids" ]; then
-              echo "Deleting previous instructions comment."
-              for comment_id in $previous_comment_ids; do
-                gh api "repos/${{ github.repository }}/issues/comments/$comment_id" --method DELETE
-              done
-            else
-              echo "No instructions comment found to delete."
-            fi
+          fi
diff --git a/.github/workflows/coverageReport.yml b/.github/workflows/coverageReport.yml
@@ -2,11 +2,9 @@ name: Code Coverage
 
 permissions:
   contents: read
-  pull-requests: write
-  issues: write
 
 on:
-  pull_request_target:
+  pull_request:
 
 jobs:
   coverage:
@@ -52,34 +50,38 @@ jobs:
           echo "No coverage override found"
         fi
       
-    - name: Add coverage to PR (with strict checks)
+    - name: Check coverage percentage
       if: steps.override.outputs.override == 'false'
-      id: jacoco
-      uses: madrapps/jacoco-report@v1.7.2
-      with:
-        paths: |
-          ${{ github.workspace }}/target/site/jacoco/jacoco.xml
-        token: ${{ secrets.GITHUB_TOKEN }}
-        min-coverage-overall: 85
-        title: '📊 Code Coverage Report'
-        update-comment: true
-        pass-emoji: ':green_circle:'
-        fail-emoji: ':red_circle:'
+      run: |
+        COVERAGE_FILE="target/site/jacoco/jacoco.xml"
+        if [ ! -f "$COVERAGE_FILE" ]; then
+          echo "ERROR: Coverage file not found at $COVERAGE_FILE"
+          exit 1
+        fi
         
-    - name: Add coverage to PR (with override)
-      if: steps.override.outputs.override == 'true'
-      id: jacoco-override
-      uses: madrapps/jacoco-report@v1.7.2
-      with:
-        paths: |
-          ${{ github.workspace }}/target/site/jacoco/jacoco.xml
-        token: ${{ secrets.GITHUB_TOKEN }}
-        min-coverage-overall: 85
-        min-coverage-changed-files: 0
-        title: '📊 Code Coverage Report (SKIPPED: ${{ steps.override.outputs.reason }})'
-        update-comment: true
-        pass-emoji: ':green_circle:'
-        fail-emoji: ':red_circle:'
+        # Install xmllint if not available
+        if ! command -v xmllint &> /dev/null; then
+          sudo apt-get update && sudo apt-get install -y libxml2-utils
+        fi
+        
+        COVERED=$(xmllint --xpath "string(//report/counter[@type='INSTRUCTION']/@covered)" "$COVERAGE_FILE")
+        MISSED=$(xmllint --xpath "string(//report/counter[@type='INSTRUCTION']/@missed)" "$COVERAGE_FILE")
+        TOTAL=$((COVERED + MISSED))
+        
+        # Use Python for floating-point math
+        PERCENTAGE=$(python3 -c "covered=${COVERED}; total=${TOTAL}; print(round((covered/total)*100, 2))")
+        
+        echo "Branch Coverage: $PERCENTAGE%"
+        echo "Required Coverage: 85%"
+        
+        # Use Python to compare the coverage with 85
+        python3 -c "import sys; sys.exit(0 if float('$PERCENTAGE') >= 85 else 1)"
+        if [ $? -eq 1 ]; then
+          echo "ERROR: Coverage is $PERCENTAGE%, which is less than the required 85%"
+          exit 1
+        else
+          echo "SUCCESS: Coverage is $PERCENTAGE%, which meets the required 85%"
+        fi
         
     - name: Coverage enforcement summary
       run: |
diff --git a/.github/workflows/sslTesting.yml b/.github/workflows/sslTesting.yml
@@ -20,6 +20,8 @@
 name: SSL Certificate Validation Test with Squid Proxy
 
 on:
+  push:
+    branches: [ main ]
   workflow_dispatch:
     inputs:
       branch:
@@ -30,7 +32,6 @@ on:
         description: 'Repository to checkout (e.g., user/repo)'
         required: false
         default: 'databricks/databricks-jdbc'
-  pull_request_target:
 
 jobs:
   ssl-test:
