[iOS] Fix Login for Admin and Welcome Discovery incompatibility #775
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Pull Request | |
| on: | |
| # pull_request_target is used so secrets are available to fork PRs. | |
| # Mitigated by per-job Member Check (see "Check Write Permission" / "Validate Write Permission"). | |
| pull_request_target: # zizmor: ignore[dangerous-triggers] | |
| branches: [dev, master] | |
| paths-ignore: | |
| - '**/*.md' | |
| - 'LICENSE' | |
| - '.gitignore' | |
| - 'CODEOWNERS' | |
| permissions: | |
| contents: read | |
| jobs: | |
| static-analysis: | |
| runs-on: macos-latest | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| BUNDLE_GEMFILE: ${{ github.workspace }}/.github/DangerFiles/Gemfile | |
| steps: | |
| - name: Check Write Permission | |
| uses: octokit/request-action@dad4362715b7fb2ddedf9772c8670824af564f0d # v2.4.0 | |
| id: check_permissions | |
| with: | |
| route: GET /repos/${{ github.repository }}/collaborators/${{ github.triggering_actor }}/permission | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Debug Permission Response | |
| env: | |
| PERMISSION_DATA: ${{ steps.check_permissions.outputs.data }} | |
| run: | | |
| echo "Permission raw response: $PERMISSION_DATA" | |
| - name: Validate Write Permission | |
| env: | |
| PERMISSION: ${{ fromJson(steps.check_permissions.outputs.data).permission }} | |
| ACTOR: ${{ github.triggering_actor }} | |
| run: | | |
| echo "User $ACTOR has permission: $PERMISSION" | |
| if [[ "$PERMISSION" != "write" && "$PERMISSION" != "admin" ]]; then | |
| echo "User $ACTOR does not have sufficient permission (write or admin) to proceed. Someone from the team needs to rerun this workflow AFTER it has been deemed safe." | |
| exit 1 | |
| fi | |
| - name: Checkout | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| with: | |
| persist-credentials: false | |
| # We need a sufficient depth or Danger will occasionally run into issues checking which files were modified. | |
| fetch-depth: 100 | |
| # This is dangerous without the member check | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Install Dependencies | |
| run: | | |
| npm install shelljs@0.8.5 | |
| ./install.sh | |
| - name: Run Static Analysis | |
| # It would be nice to use xcbeaufity here but all the warnings and errors get annotated onto the PR, including | |
| # files not mofified in the PR which is annoying. | |
| run: | |
| xcodebuild analyze -workspace SalesforceMobileSDK.xcworkspace -scheme MobileSync -sdk 'iphonesimulator' \ | |
| CLANG_ANALYZER_OUTPUT=plist-html CLANG_ANALYZER_OUTPUT_DIR=./clangReport RUN_CLANG_STATIC_ANALYZER=YES | |
| - uses: ruby/setup-ruby@afeafc3d1ab54a631816aba4c914a0081c12ff2f # v1.310.0 | |
| with: | |
| ruby-version: '3.3' | |
| bundler-cache: true | |
| - name: Report Static Analysis | |
| env: | |
| DANGER_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: bundle exec danger --dangerfile=.github/DangerFiles/StaticAnalysis.rb --danger_id=StaticAnalysis | |
| test-orchestrator: | |
| runs-on: macos-latest | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| BUNDLE_GEMFILE: ${{ github.workspace }}/.github/DangerFiles/Gemfile | |
| outputs: | |
| libs: ${{ steps.test-orchestrator.outputs.libs }} | |
| steps: | |
| - name: Check Write Permission | |
| uses: octokit/request-action@dad4362715b7fb2ddedf9772c8670824af564f0d # v2.4.0 | |
| id: check_permissions | |
| with: | |
| route: GET /repos/${{ github.repository }}/collaborators/${{ github.triggering_actor }}/permission | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Debug Permission Response | |
| env: | |
| PERMISSION_DATA: ${{ steps.check_permissions.outputs.data }} | |
| run: | | |
| echo "Permission raw response: $PERMISSION_DATA" | |
| - name: Validate Write Permission | |
| env: | |
| PERMISSION: ${{ fromJson(steps.check_permissions.outputs.data).permission }} | |
| ACTOR: ${{ github.triggering_actor }} | |
| run: | | |
| echo "User $ACTOR has permission: $PERMISSION" | |
| if [[ "$PERMISSION" != "write" && "$PERMISSION" != "admin" ]]; then | |
| echo "User $ACTOR does not have sufficient permission (write or admin) to proceed. Someone from the team needs to rerun this workflow AFTER it has been deemed safe." | |
| exit 1 | |
| fi | |
| - name: Checkout | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | |
| with: | |
| persist-credentials: false | |
| # We need a sufficient depth or Danger will occasionally run into issues checking which files were modified. | |
| fetch-depth: 100 | |
| # This is dangerous without the member check | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - uses: ruby/setup-ruby@afeafc3d1ab54a631816aba4c914a0081c12ff2f # v1.310.0 | |
| with: | |
| ruby-version: '3.3' | |
| bundler-cache: true | |
| - name: Determine Tests to Run | |
| id: test-orchestrator | |
| env: | |
| DANGER_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: bundle exec danger --dangerfile=.github/DangerFiles/TestOrchestrator.rb --danger_id="TestOrchestrator" | |
| ios-pr: | |
| needs: [test-orchestrator] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| lib: ${{ fromJson(needs.test-orchestrator.outputs.libs) }} | |
| ios: [^26, ^18] | |
| include: | |
| - ios: ^26 | |
| xcode: ^26 | |
| - ios: ^18 | |
| xcode: ^16 | |
| uses: ./.github/workflows/reusable-test-workflow.yaml | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| with: | |
| lib: ${{ matrix.lib }} | |
| ios: ${{ matrix.ios }} | |
| xcode: ${{ matrix.xcode }} | |
| is_pr: true | |
| secrets: | |
| TEST_CREDENTIALS: ${{ secrets.TEST_CREDENTIALS }} | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| native-samples-pr: | |
| needs: [test-orchestrator] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| app: [RestAPIExplorer, MobileSyncExplorer, AuthFlowTester] | |
| ios: [^26, ^18] | |
| include: | |
| - ios: ^26 | |
| xcode: ^26 | |
| - ios: ^18 | |
| xcode: ^16 | |
| uses: ./.github/workflows/reusable-build-workflow.yaml | |
| permissions: | |
| contents: read | |
| with: | |
| app: ${{ matrix.app }} | |
| ios: ${{ matrix.ios }} | |
| xcode: ${{ matrix.xcode }} | |
| is_pr: true | |
| ui-tests-pr: | |
| needs: [test-orchestrator] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| ios: [^26, ^18] | |
| include: | |
| - ios: ^26 | |
| xcode: ^26 | |
| - ios: ^18 | |
| xcode: ^16 | |
| uses: ./.github/workflows/reusable-ui-test-workflow.yaml | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| with: | |
| is_pr: true | |
| ios: ${{ matrix.ios }} | |
| xcode: ${{ matrix.xcode }} | |
| pr_test: "AuthFlowTesterUITests/LegacyLoginTests/testCAOpaque_DefaultScopes_WebServerFlow" | |
| short_timeout: "3" | |
| long_timeout: "15" | |
| secrets: | |
| UI_TEST_CONFIG: ${{ secrets.UI_TEST_CONFIG }} | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} |