GoogleCloudPlatform · jackwotherspoon · Jul 22, 2024 · Jul 22, 2024 · Jul 22, 2024 · Jul 22, 2024
@@ -16,72 +16,72 @@
   color: ededed
   description: ""
 
-- name: 'type: bug'
+- name: "type: bug"
   color: db4437
-  description: Error or flaw in code with unintended results or allowing sub-optimal
+  description:
+    Error or flaw in code with unintended results or allowing sub-optimal
     usage patterns.
-- name: 'type: cleanup'
+- name: "type: cleanup"
   color: c5def5
   description: An internal cleanup or hygiene concern.
-- name: 'type: docs'
+- name: "type: docs"
   color: 0000A0
   description: Improvement to the documentation for an API.
-- name: 'type: feature request'
+- name: "type: feature request"
   color: c5def5
   description: ‘Nice-to-have’ improvement, new feature or different behavior or design.
-- name: 'type: process'
+- name: "type: process"
   color: c5def5
   description: A process-related concern. May include testing, release, or the like.
-- name: 'type: question'
+- name: "type: question"
   color: c5def5
   description: Request for information or clarification.
 
-- name: 'priority: p0'
+- name: "priority: p0"
   color: b60205
   description: Highest priority. Critical issue. P0 implies highest priority.
-- name: 'priority: p1'
+- name: "priority: p1"
   color: ffa03e
-  description: Important issue which blocks shipping the next release. Will be fixed
+  description:
+    Important issue which blocks shipping the next release. Will be fixed
     prior to next release.
-- name: 'priority: p2'
+- name: "priority: p2"
   color: fef2c0
   description: Moderately-important priority. Fix may not be included in next release.
-- name: 'priority: p3'
+- name: "priority: p3"
   color: ffffc7
   description: Desirable enhancement or fix. May not be included in next release.
 
 - name: automerge
   color: 00ff00
   description: Merge the pull request once unit tests and other checks pass.
-- name: 'automerge: exact'
+- name: "automerge: exact"
   color: 8dd517
-  description: Summon MOG for automerging, but approvals need to be against the latest
+  description:
+    Summon MOG for automerging, but approvals need to be against the latest
     commit
 - name: do not merge
   color: d93f0b
-  description: Indicates a pull request not ready for merge, due to either quality
+  description:
+    Indicates a pull request not ready for merge, due to either quality
     or timing.
 
-- name: 'autorelease: pending'
+- name: "autorelease: pending"
   color: ededed
   description: Release please needs to do its work on this.
-- name: 'autorelease: triggered'
+- name: "autorelease: triggered"
   color: ededed
   description: Release please has triggered a release for this.
-- name: 'autorelease: tagged'
+- name: "autorelease: tagged"
   color: ededed
   description: Release please has completed a release for this.
 
-- name: 'tests: run'
-  color: 3DED97
-  description: Label to trigger Github Action tests.
-
-- name: 'flakybot: flaky'
+- name: "flakybot: flaky"
   color: 86d9d7
   description: Tells the Flaky Bot not to close or comment on this issue.
-- name: 'flakybot: quiet'
+- name: "flakybot: quiet"
   color: 86d9d7
   description: Tells the Flaky Bot to comment less.
-- name: 'flakybot: issue'
+- name: "flakybot: issue"
   color: a9f9f7
   description: An issue filed by the Flaky Bot. Should not be added manually.
@@ -16,24 +16,18 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ "main" ]
+    branches: ["main"]
   pull_request:
-    branches: [ "main" ]
+    branches: ["main"]
     paths-ignore:
-      - '**/*.md'
-      - '**/*.txt'
-  pull_request_target:
-    types: [labeled]
-    paths-ignore:
-      - '**/*.md'
-      - '**/*.txt'
+      - "**/*.md"
+      - "**/*.txt"
 
 # Declare default permissions as read only.
 permissions: read-all
 
 jobs:
   analyze:
-    if: "${{ github.event.action != 'labeled' || github.event.label.name == 'tests: run' }}"
     name: Analyze
     runs-on: ubuntu-latest
     permissions:
@@ -44,27 +38,24 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'python' ]
+        language: ["python"]
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      with:
-        ref: ${{ github.event.pull_request.head.sha }}
-        repository: ${{ github.event.pull_request.head.repo.full_name }}
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
-      with:
-        languages: ${{ matrix.language }}
-
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
-    # If this step fails, then you should remove it and run the build manually
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
-      with:
-        category: "/language:${{matrix.language}}"
+      - name: Checkout repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
+        with:
+          languages: ${{ matrix.language }}
+
+      # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
+      # If this step fails, then you should remove it and run the build manually
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
+        with:
+          category: "/language:${{matrix.language}}"
@@ -15,37 +15,14 @@
 name: Code Coverage
 on:
   pull_request:
-  pull_request_target:
-    types: [labeled]
 
 # Declare default permissions as read only.
 permissions: read-all
 
 jobs:
   coverage:
-    if: "${{ github.event.action != 'labeled' || github.event.label.name == 'tests: run' }}"
     runs-on: ubuntu-latest
-    permissions:
-      issues: write
-      pull-requests: write
     steps:
-      - name: Remove PR Label
-        if: "${{ github.event.action == 'labeled' && github.event.label.name == 'tests: run' }}"
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          script: |
-            try {
-              await github.rest.issues.removeLabel({
-                name: 'tests: run',
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                issue_number: context.payload.pull_request.number
-              });
-            } catch (e) {
-              console.log('Failed to remove label. Another job may have already removed it!');
-            }
-
       - name: Setup Python
         uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
         with:

@@ -15,51 +15,25 @@
 name: Lint
 on:
   pull_request:
-  pull_request_target:
-    types: [labeled]
 
 # Declare default permissions as read only.
 permissions: read-all
 
 jobs:
   lint:
-    if: "${{ github.event.action != 'labeled' || github.event.label.name == 'tests: run' }}"
     name: Run lint
     runs-on: ubuntu-latest
-    permissions:
-      issues: write
-      pull-requests: write
     steps:
-      - name: Remove PR Label
-        if: "${{ github.event.action == 'labeled' && github.event.label.name == 'tests: run' }}"
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          script: |
-            try {
-              await github.rest.issues.removeLabel({
-                name: 'tests: run',
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                issue_number: context.payload.pull_request.number
-              });
-            } catch (e) {
-              console.log('Failed to remove label. Another job may have already removed it!');
-            }
-
       - name: Setup Python
         uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
         with:
           python-version: "3.12"
-      
+
       - name: Install nox
         run: pip install nox
 
       - name: Checkout code
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-          repository: ${{ github.event.pull_request.head.repo.full_name }}
 
       - name: Run nox lint session
         run: nox --sessions lint
@@ -18,9 +18,9 @@ on:
   branch_protection_rule:
   schedule:
     # weekly on Sunday
-    - cron: '0 20 * * 0'
+    - cron: "0 20 * * 0"
   push:
-    branches: [ "main" ]
+    branches: ["main"]
 
 # Declare default permissions as read only.
 permissions: read-all
@@ -44,7 +44,7 @@ jobs:
         with:
           results_file: results.sarif
           results_format: sarif
-      
+
       - name: Filter SARIF to skip false positives
         # filter out DangerousWorkflow alerts as they do not account for safe use of labels to trigger actions
         env:
@@ -53,7 +53,7 @@ jobs:
           SCORECARD_SKIPPED_RULE_IDS_JSON=$(echo $SCORECARD_SKIPPED_RULE_IDS | jq -cR 'split(",")')
           # Trim the SARIF file to remove false positive detections
           cat results.sarif | jq '.runs[].results |= map(select(.ruleId as $id | '$SCORECARD_SKIPPED_RULE_IDS_JSON' | all($id != .)))' > resultsFiltered.sarif
-      
+
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"