From 4c4f9adc05cf73afcfcdd1a27baa9442b3ab22d6 Mon Sep 17 00:00:00 2001 From: Itamar Hartstein Date: Sat, 22 Mar 2025 15:39:49 +0200 Subject: [PATCH 1/5] use pull_request_target + environment to allow running tests on contributor PRs --- .github/workflows/close_pylon_issue.yml | 5 +---- .github/workflows/create_pylon_issue.yml | 5 +---- .github/workflows/run-precommit.yml | 3 ++- .github/workflows/test-main-warehouse.yml | 3 ++- .github/workflows/test-warehouse.yml | 1 + 5 files changed, 7 insertions(+), 10 deletions(-) diff --git a/.github/workflows/close_pylon_issue.yml b/.github/workflows/close_pylon_issue.yml index 7469a77b5..0208c45ac 100644 --- a/.github/workflows/close_pylon_issue.yml +++ b/.github/workflows/close_pylon_issue.yml @@ -3,16 +3,13 @@ name: Close Pylon Ticket on Issue or Pull Request Closure on: issues: types: [closed] - pull_request: + pull_request_target: types: [closed] jobs: close_pylon_ticket: runs-on: ubuntu-latest steps: - - name: Check out the repository - uses: actions/checkout@v2 - - name: Extract Pylon Ticket ID id: extract_ticket_id run: | diff --git a/.github/workflows/create_pylon_issue.yml b/.github/workflows/create_pylon_issue.yml index 2dc435a98..93488dd4d 100644 --- a/.github/workflows/create_pylon_issue.yml +++ b/.github/workflows/create_pylon_issue.yml @@ -3,16 +3,13 @@ name: Create Pylon Issue on: issues: types: [opened] - pull_request: + pull_request_target: types: [opened] jobs: create_pylon_issue: runs-on: ubuntu-latest steps: - - name: Check out the repository - uses: actions/checkout@v2 - - name: Install jq run: sudo apt-get install -y jq diff --git a/.github/workflows/run-precommit.yml b/.github/workflows/run-precommit.yml index 65031fdc1..5712245b9 100644 --- a/.github/workflows/run-precommit.yml +++ b/.github/workflows/run-precommit.yml @@ -1,11 +1,12 @@ name: Run pre-commit hooks on: workflow_dispatch: - pull_request: + pull_request_target: jobs: code-quality: runs-on: ubuntu-latest + environment: elementary_test_env steps: - name: Checkout Elementary uses: actions/checkout@v4 diff --git a/.github/workflows/test-main-warehouse.yml b/.github/workflows/test-main-warehouse.yml index e33271512..0b232f16c 100644 --- a/.github/workflows/test-main-warehouse.yml +++ b/.github/workflows/test-main-warehouse.yml @@ -1,6 +1,6 @@ name: Test main warehouse platform on: - pull_request: + pull_request_target: branches: ["master"] paths: - elementary/** @@ -13,4 +13,5 @@ jobs: uses: ./.github/workflows/test-warehouse.yml with: warehouse-type: postgres + elementary-ref: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || '' }} secrets: inherit diff --git a/.github/workflows/test-warehouse.yml b/.github/workflows/test-warehouse.yml index 11b6ca48e..f583c684a 100644 --- a/.github/workflows/test-warehouse.yml +++ b/.github/workflows/test-warehouse.yml @@ -77,6 +77,7 @@ env: jobs: test: runs-on: ubuntu-latest + environment: elementary_test_env # This is a github environment (not to be confused with env vars) defaults: run: working-directory: elementary From 74fad2a89ff04f0861b0110692963fff87812b42 Mon Sep 17 00:00:00 2001 From: Itamar Hartstein Date: Sat, 22 Mar 2025 23:42:07 +0200 Subject: [PATCH 2/5] run-precommit should be on PR branch --- .github/workflows/run-precommit.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/run-precommit.yml b/.github/workflows/run-precommit.yml index 5712245b9..aa513de1f 100644 --- a/.github/workflows/run-precommit.yml +++ b/.github/workflows/run-precommit.yml @@ -10,6 +10,8 @@ jobs: steps: - name: Checkout Elementary uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.head.sha }} - name: Set up Python uses: actions/setup-python@v4.3.0 From 28da92ad2db3ff9666e2312374d5c27c7330bd09 Mon Sep 17 00:00:00 2001 From: Itamar Hartstein Date: Sat, 22 Mar 2025 23:47:11 +0200 Subject: [PATCH 3/5] a bit safer condition --- .github/workflows/test-main-warehouse.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-main-warehouse.yml b/.github/workflows/test-main-warehouse.yml index 0b232f16c..048443b0f 100644 --- a/.github/workflows/test-main-warehouse.yml +++ b/.github/workflows/test-main-warehouse.yml @@ -13,5 +13,5 @@ jobs: uses: ./.github/workflows/test-warehouse.yml with: warehouse-type: postgres - elementary-ref: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || '' }} + elementary-ref: ${{ (github.event_name == 'pull_request_target' && github.event.pull_request.head.sha) || '' }} secrets: inherit From ac4dd8cb9552f400c88d864dead15a7152815c40 Mon Sep 17 00:00:00 2001 From: Itamar Hartstein Date: Mon, 24 Mar 2025 19:31:52 +0200 Subject: [PATCH 4/5] CR fixes --- .github/workflows/close_pylon_issue.yml | 4 ++-- .github/workflows/create_pylon_issue.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/close_pylon_issue.yml b/.github/workflows/close_pylon_issue.yml index 0208c45ac..4ad679116 100644 --- a/.github/workflows/close_pylon_issue.yml +++ b/.github/workflows/close_pylon_issue.yml @@ -17,12 +17,12 @@ jobs: ISSUE_BODY=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ "https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}" | jq -r '.body') pylon_ticket_id=$(echo "$ISSUE_BODY" | grep -oP '(?<=)') - elif [[ "${{ github.event_name }}" == 'pull_request' ]]; then + elif [[ "${{ github.event_name }}" =~ ^pull_request ]]; then PR_BODY=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ "https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}" | jq -r '.body') pylon_ticket_id=$(echo "$PR_BODY" | grep -oP '(?<=)') fi - echo "::set-output name=pylon_ticket_id::$pylon_ticket_id" + echo "pylon_ticket_id=$pylon_ticket_id" >> "$GITHUB_OUTPUT" - name: Close Pylon Ticket if: steps.extract_ticket_id.outputs.pylon_ticket_id != '' diff --git a/.github/workflows/create_pylon_issue.yml b/.github/workflows/create_pylon_issue.yml index 93488dd4d..a43dafd7d 100644 --- a/.github/workflows/create_pylon_issue.yml +++ b/.github/workflows/create_pylon_issue.yml @@ -43,7 +43,7 @@ jobs: "https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}" - name: Create Pylon Issue for Pull Request - if: github.event_name == 'pull_request' + if: contains(github.event_name, 'pull_request') run: | response=$(curl --request POST \ --url https://api.usepylon.com/issues \ From a092fb03d8f2644e377f8d4c0fe83519fb11cc5d Mon Sep 17 00:00:00 2001 From: Itamar Hartstein Date: Mon, 24 Mar 2025 19:36:53 +0200 Subject: [PATCH 5/5] no need for pull_request_target in precommit --- .github/workflows/run-precommit.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/run-precommit.yml b/.github/workflows/run-precommit.yml index aa513de1f..65031fdc1 100644 --- a/.github/workflows/run-precommit.yml +++ b/.github/workflows/run-precommit.yml @@ -1,17 +1,14 @@ name: Run pre-commit hooks on: workflow_dispatch: - pull_request_target: + pull_request: jobs: code-quality: runs-on: ubuntu-latest - environment: elementary_test_env steps: - name: Checkout Elementary uses: actions/checkout@v4 - with: - ref: ${{ github.event.pull_request.head.sha }} - name: Set up Python uses: actions/setup-python@v4.3.0