From 14f57e3aff978e5b1a1117e2fb74f803ae760e0b Mon Sep 17 00:00:00 2001 From: Scott Hart Date: Fri, 19 Jul 2024 14:22:16 -0400 Subject: [PATCH 01/13] ci: add org member check --- .github/workflows/test-runner.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.github/workflows/test-runner.yml b/.github/workflows/test-runner.yml index 2de91e3dddf8a..5e277c5578c04 100644 --- a/.github/workflows/test-runner.yml +++ b/.github/workflows/test-runner.yml @@ -31,6 +31,18 @@ concurrency: cancel-in-progress: true jobs: + # Require that the PR author be a member of the same organization as this + # repository in order to continue execution. + author-association-member: + name: Require Org Membership + runs-on: ubuntu-latest + steps: + - name: Check Membership + if: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.author_association != 'MEMBER' }} + run: | + echo "Event not triggered by organization member." + exit 1 + pre-flight: # For external contributors, run the build in the `external` environment. # This requires manual approval from a contributor. It also saves the @@ -43,6 +55,7 @@ jobs: 'external' }} name: Require Approval for External PRs + needs: [author-association-member] runs-on: ubuntu-latest outputs: checkout-sha: ${{ steps.save-pull-request.outputs.sha }} From a55c05a71e813068bd4bdbb29222637e1f5eb3b4 Mon Sep 17 00:00:00 2001 From: Scott Hart Date: Mon, 22 Jul 2024 14:58:27 -0400 Subject: [PATCH 02/13] add unstrusted pull_target alternative --- .github/workflows/test-runner-untrusted.yml | 170 ++++++++++++++++++++ .github/workflows/test-runner.yml | 20 +-- 2 files changed, 178 insertions(+), 12 deletions(-) create mode 100644 .github/workflows/test-runner-untrusted.yml diff --git a/.github/workflows/test-runner-untrusted.yml b/.github/workflows/test-runner-untrusted.yml new file mode 100644 index 0000000000000..434f09ab0c0f4 --- /dev/null +++ b/.github/workflows/test-runner-untrusted.yml @@ -0,0 +1,170 @@ +name: "gha: macOS & Windows Untrusted" + +# Build on pull requests and pushes to `main`. The PR builds will be +# non-blocking for now, but that is configured elsewhere. +on: + # Start the build in the context of the target branch. This is considered + # "safe", as the workflow files are already committed. These types of builds + # have access to the secrets in the build, which we need to use the remote + # caches (Bazel and sccache). + pull_request: + types: + - opened + - synchronize + - reopened + workflow_dispatch: + +# Cancel in-progress runs of the workflow if somebody adds a new commit to the +# PR or branch. That reduces billing, but it creates more noise about cancelled +# jobs +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.head.label || github.head_ref || github.ref }} + cancel-in-progress: true + +jobs: + # Only execute this workflow for PR authors that are not members of this repo + # organization. + author-association-external: + name: Identify non-member contributors. + runs-on: ubuntu-latest + steps: + - name: Check Membership + if: >- + ${{ + github.event_name == 'pull_request' && + github.event.pull_request.author_association == 'MEMBER' + }} + run: | + echo "Workflow only executed for non organization members." + exit 0 + + pre-flight: + # For external contributors, run the build in the `external` environment. + # This requires manual approval from a contributor. It also saves the + # `ref` of the pull request, so downstream jobs know what to checkout. + environment: 'external' + name: Require Approval for External PRs + needs: [author-association-external] + runs-on: ubuntu-latest + outputs: + checkout-sha: ${{ steps.save-pull-request.outputs.sha }} + steps: + - name: Save Pull Request + id: save-pull-request + run: > + echo "sha=${{ github.event.pull_request.head.sha || github.ref }}" >> $GITHUB_OUTPUT + + # Run other jobs once the `pre-flight` job passes. When the `pre-flight` + # job requires approval, these blocks all the other jobs. The jobs are defined + # in separate files to keep the size of this file under control. Note how + # the additional jobs inherit any secrets needed to use the remote caches and + # receive what version to checkout as an input. + external-account-integration: + name: External Account Integration + needs: [pre-flight] + uses: ./.github/workflows/external-account-integration.yml + with: + checkout-ref: ${{ needs.pre-flight.outputs.checkout-sha }} + macos-bazel: + # Build the full matrix only on push events to the default branch, or + # when PR gets the has a `gha:full-build` label, or when it had the + # label already and it gets a new commit. + if: |- + ${{ + github.event_name == 'schedule' || + github.event_name == 'push' || + github.event_name == 'workflow_dispatch' || + contains(github.event.pull_request.labels.*.name, 'gha:full-build') + }} + name: macOS-Bazel + needs: [pre-flight] + uses: ./.github/workflows/macos-bazel.yml + with: + checkout-ref: ${{ needs.pre-flight.outputs.checkout-sha }} + windows-bazel: + # Build the full matrix only on push events to the default branch, or + # when PR gets the has a `gha:full-build` label, or when it had the + # label already and it gets a new commit. + if: |- + ${{ + github.event_name == 'schedule' || + github.event_name == 'push' || + github.event_name == 'workflow_dispatch' || + contains(github.event.pull_request.labels.*.name, 'gha:full-build') + }} + name: Windows-Bazel + needs: [pre-flight] + uses: ./.github/workflows/windows-bazel.yml + with: + checkout-ref: ${{ needs.pre-flight.outputs.checkout-sha }} + macos-cmake: + name: macOS-CMake + needs: [pre-flight] + uses: ./.github/workflows/macos-cmake.yml + with: + checkout-ref: ${{ needs.pre-flight.outputs.checkout-sha }} + # Build the full matrix only on push events to the default branch, or + # when PR gets the has a `gha:full-build` label, or when it had the + # label already and it gets a new commit. + full-matrix: |- + ${{ + github.event_name == 'schedule' || + github.event_name == 'push' || + github.event_name == 'workflow_dispatch' || + contains(github.event.pull_request.labels.*.name, 'gha:full-build') + }} + windows-cmake: + name: Windows-CMake + needs: [pre-flight] + uses: ./.github/workflows/windows-cmake.yml + with: + checkout-ref: ${{ needs.pre-flight.outputs.checkout-sha }} + # Build the full matrix only on push events to the default branch, or + # when PR gets the has a `gha:full-build` label, or when it had the + # label already and it gets a new commit. + full-matrix: |- + ${{ + github.event_name == 'schedule' || + github.event_name == 'push' || + github.event_name == 'workflow_dispatch' || + contains(github.event.pull_request.labels.*.name, 'gha:full-build') + }} + notify: + name: Notify-Google-Chat + # Wait until all the other jobs have completed. + needs: + - external-account-integration + - macos-bazel + - macos-cmake + - windows-bazel + - windows-cmake + # Run even if the other jobs failed or were skipped. + if: always() + runs-on: ubuntu-latest + steps: + - name: Notify Google Chat + shell: bash + run: | + event_name="${{ github.event_name }}" + case "${event_name}" in + schedule) + ;; + push) + ;; + workflow_dispatch) + ;; + *) + exit 0 + ;; + esac + failure="${{ contains(needs.*.result, 'failure') }}" + cancelled="${{ contains(needs.*.result, 'cancelled') }}" + status="" + # Report whether any of the jobs failed or were cancelled. + if [[ "${cancelled}" == "true" ]]; then status="cancelled"; fi + if [[ "${failure}" == "true" ]]; then status="failure"; fi + # Exit early if there is nothing interesting to report. + if [[ -z "${status}" ]]; then exit 0; fi + printf '{"text": "GHA Build %s %s/%s/actions/runs/%s"}' \ + "${status}" "${{ github.server_url }}" "${{ github.repository }}" "${{ github.run_id }}" | + curl -fsX POST -o /dev/null -d@- -H "Content-Type: application/json; charset=UTF-8" '${{ secrets.CLOUD_CPP_BUILD_ALERTS_WEBHOOK }}' diff --git a/.github/workflows/test-runner.yml b/.github/workflows/test-runner.yml index 5e277c5578c04..f70766da0b652 100644 --- a/.github/workflows/test-runner.yml +++ b/.github/workflows/test-runner.yml @@ -38,22 +38,18 @@ jobs: runs-on: ubuntu-latest steps: - name: Check Membership - if: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.author_association != 'MEMBER' }} + if: >- + ${{ + github.event_name == 'pull_request_target' && + github.event.pull_request.author_association != 'MEMBER' + }} run: | echo "Event not triggered by organization member." - exit 1 + exit 0 pre-flight: - # For external contributors, run the build in the `external` environment. - # This requires manual approval from a contributor. It also saves the - # `ref` of the pull request, so downstream jobs know what to checkout. - environment: >- - ${{ - (github.event_name != 'pull_request_target' && 'internal') || - (github.event.pull_request.head.repo.full_name == github.repository && 'internal') || - (contains(fromJSON(vars.TRUSTED_FORKS), github.actor) && 'internal') || - 'external' - }} + # Save the `ref` of the pull request, so downstream jobs know what to checkout. + environment: 'internal' name: Require Approval for External PRs needs: [author-association-member] runs-on: ubuntu-latest From d5e193a229bee283e0f31bf63a67301a982ee690 Mon Sep 17 00:00:00 2001 From: Scott Hart Date: Mon, 22 Jul 2024 15:06:38 -0400 Subject: [PATCH 03/13] tweak trusted environment --- .github/workflows/test-runner.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-runner.yml b/.github/workflows/test-runner.yml index f70766da0b652..ed309d351651c 100644 --- a/.github/workflows/test-runner.yml +++ b/.github/workflows/test-runner.yml @@ -49,8 +49,12 @@ jobs: pre-flight: # Save the `ref` of the pull request, so downstream jobs know what to checkout. - environment: 'internal' - name: Require Approval for External PRs + environment: >- + ${{ + (github.event_name != 'pull_request_target' && 'internal') || + (github.event.pull_request.head.repo.full_name == github.repository && 'internal') + }} + name: Save PR ref needs: [author-association-member] runs-on: ubuntu-latest outputs: From 07dfab0a42d6f0b012ecbccec53637d55a43005f Mon Sep 17 00:00:00 2001 From: Scott Hart Date: Mon, 22 Jul 2024 15:21:52 -0400 Subject: [PATCH 04/13] add untrusted job condition --- .github/workflows/test-runner-untrusted.yml | 42 +++++++-------------- 1 file changed, 14 insertions(+), 28 deletions(-) diff --git a/.github/workflows/test-runner-untrusted.yml b/.github/workflows/test-runner-untrusted.yml index 434f09ab0c0f4..a7e9e0b11ba6c 100644 --- a/.github/workflows/test-runner-untrusted.yml +++ b/.github/workflows/test-runner-untrusted.yml @@ -22,28 +22,13 @@ concurrency: cancel-in-progress: true jobs: - # Only execute this workflow for PR authors that are not members of this repo - # organization. - author-association-external: - name: Identify non-member contributors. - runs-on: ubuntu-latest - steps: - - name: Check Membership - if: >- - ${{ - github.event_name == 'pull_request' && - github.event.pull_request.author_association == 'MEMBER' - }} - run: | - echo "Workflow only executed for non organization members." - exit 0 - pre-flight: # For external contributors, run the build in the `external` environment. # This requires manual approval from a contributor. It also saves the # `ref` of the pull request, so downstream jobs know what to checkout. environment: 'external' name: Require Approval for External PRs + if: ${{ github.event.pull_request.author_association != 'MEMBER' }} needs: [author-association-external] runs-on: ubuntu-latest outputs: @@ -61,6 +46,7 @@ jobs: # receive what version to checkout as an input. external-account-integration: name: External Account Integration + if: ${{ github.event.pull_request.author_association != 'MEMBER' }} needs: [pre-flight] uses: ./.github/workflows/external-account-integration.yml with: @@ -71,10 +57,10 @@ jobs: # label already and it gets a new commit. if: |- ${{ - github.event_name == 'schedule' || - github.event_name == 'push' || + github.event.pull_request.author_association != 'MEMBER' && + (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || - contains(github.event.pull_request.labels.*.name, 'gha:full-build') + contains(github.event.pull_request.labels.*.name, 'gha:full-build')) }} name: macOS-Bazel needs: [pre-flight] @@ -87,10 +73,10 @@ jobs: # label already and it gets a new commit. if: |- ${{ - github.event_name == 'schedule' || - github.event_name == 'push' || + github.event.pull_request.author_association != 'MEMBER' && + (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || - contains(github.event.pull_request.labels.*.name, 'gha:full-build') + contains(github.event.pull_request.labels.*.name, 'gha:full-build')) }} name: Windows-Bazel needs: [pre-flight] @@ -108,10 +94,10 @@ jobs: # label already and it gets a new commit. full-matrix: |- ${{ - github.event_name == 'schedule' || - github.event_name == 'push' || + github.event.pull_request.author_association != 'MEMBER' && + (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || - contains(github.event.pull_request.labels.*.name, 'gha:full-build') + contains(github.event.pull_request.labels.*.name, 'gha:full-build')) }} windows-cmake: name: Windows-CMake @@ -124,10 +110,10 @@ jobs: # label already and it gets a new commit. full-matrix: |- ${{ - github.event_name == 'schedule' || - github.event_name == 'push' || + github.event.pull_request.author_association != 'MEMBER' && + (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || - contains(github.event.pull_request.labels.*.name, 'gha:full-build') + contains(github.event.pull_request.labels.*.name, 'gha:full-build')) }} notify: name: Notify-Google-Chat From a9d60e333d7496287ffd669b977f4cfd38e07d7e Mon Sep 17 00:00:00 2001 From: Scott Hart Date: Mon, 22 Jul 2024 15:31:20 -0400 Subject: [PATCH 05/13] fix deps --- .github/workflows/test-runner-untrusted.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/test-runner-untrusted.yml b/.github/workflows/test-runner-untrusted.yml index a7e9e0b11ba6c..3420924fbf3bb 100644 --- a/.github/workflows/test-runner-untrusted.yml +++ b/.github/workflows/test-runner-untrusted.yml @@ -29,7 +29,6 @@ jobs: environment: 'external' name: Require Approval for External PRs if: ${{ github.event.pull_request.author_association != 'MEMBER' }} - needs: [author-association-external] runs-on: ubuntu-latest outputs: checkout-sha: ${{ steps.save-pull-request.outputs.sha }} From 5d5593dbc7274fca76af81db01bef16aa6cc2b87 Mon Sep 17 00:00:00 2001 From: Scott Hart Date: Mon, 22 Jul 2024 15:33:39 -0400 Subject: [PATCH 06/13] remove dispatch from trusted --- .github/workflows/test-runner.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/.github/workflows/test-runner.yml b/.github/workflows/test-runner.yml index ed309d351651c..0d93886e17355 100644 --- a/.github/workflows/test-runner.yml +++ b/.github/workflows/test-runner.yml @@ -21,7 +21,6 @@ on: - reopened schedule: - cron: '0 5 * * 1,2,3,4,5' - workflow_dispatch: # Cancel in-progress runs of the workflow if somebody adds a new commit to the # PR or branch. That reduces billing, but it creates more noise about cancelled @@ -85,7 +84,6 @@ jobs: ${{ github.event_name == 'schedule' || github.event_name == 'push' || - github.event_name == 'workflow_dispatch' || contains(github.event.pull_request.labels.*.name, 'gha:full-build') }} name: macOS-Bazel @@ -102,7 +100,6 @@ jobs: ${{ github.event_name == 'schedule' || github.event_name == 'push' || - github.event_name == 'workflow_dispatch' || contains(github.event.pull_request.labels.*.name, 'gha:full-build') }} name: Windows-Bazel @@ -124,7 +121,6 @@ jobs: ${{ github.event_name == 'schedule' || github.event_name == 'push' || - github.event_name == 'workflow_dispatch' || contains(github.event.pull_request.labels.*.name, 'gha:full-build') }} secrets: inherit @@ -141,7 +137,6 @@ jobs: ${{ github.event_name == 'schedule' || github.event_name == 'push' || - github.event_name == 'workflow_dispatch' || contains(github.event.pull_request.labels.*.name, 'gha:full-build') }} secrets: inherit @@ -167,8 +162,6 @@ jobs: ;; push) ;; - workflow_dispatch) - ;; *) exit 0 ;; From 4f63c43ec7866e6e861b68f9cb0b51bc82e71278 Mon Sep 17 00:00:00 2001 From: Scott Hart Date: Mon, 22 Jul 2024 17:11:26 -0400 Subject: [PATCH 07/13] address review comments --- .github/workflows/test-runner-untrusted.yml | 94 --------------------- .github/workflows/test-runner.yml | 22 ++--- 2 files changed, 5 insertions(+), 111 deletions(-) diff --git a/.github/workflows/test-runner-untrusted.yml b/.github/workflows/test-runner-untrusted.yml index 3420924fbf3bb..9dc5975b51b37 100644 --- a/.github/workflows/test-runner-untrusted.yml +++ b/.github/workflows/test-runner-untrusted.yml @@ -43,61 +43,6 @@ jobs: # in separate files to keep the size of this file under control. Note how # the additional jobs inherit any secrets needed to use the remote caches and # receive what version to checkout as an input. - external-account-integration: - name: External Account Integration - if: ${{ github.event.pull_request.author_association != 'MEMBER' }} - needs: [pre-flight] - uses: ./.github/workflows/external-account-integration.yml - with: - checkout-ref: ${{ needs.pre-flight.outputs.checkout-sha }} - macos-bazel: - # Build the full matrix only on push events to the default branch, or - # when PR gets the has a `gha:full-build` label, or when it had the - # label already and it gets a new commit. - if: |- - ${{ - github.event.pull_request.author_association != 'MEMBER' && - (github.event_name == 'push' || - github.event_name == 'workflow_dispatch' || - contains(github.event.pull_request.labels.*.name, 'gha:full-build')) - }} - name: macOS-Bazel - needs: [pre-flight] - uses: ./.github/workflows/macos-bazel.yml - with: - checkout-ref: ${{ needs.pre-flight.outputs.checkout-sha }} - windows-bazel: - # Build the full matrix only on push events to the default branch, or - # when PR gets the has a `gha:full-build` label, or when it had the - # label already and it gets a new commit. - if: |- - ${{ - github.event.pull_request.author_association != 'MEMBER' && - (github.event_name == 'push' || - github.event_name == 'workflow_dispatch' || - contains(github.event.pull_request.labels.*.name, 'gha:full-build')) - }} - name: Windows-Bazel - needs: [pre-flight] - uses: ./.github/workflows/windows-bazel.yml - with: - checkout-ref: ${{ needs.pre-flight.outputs.checkout-sha }} - macos-cmake: - name: macOS-CMake - needs: [pre-flight] - uses: ./.github/workflows/macos-cmake.yml - with: - checkout-ref: ${{ needs.pre-flight.outputs.checkout-sha }} - # Build the full matrix only on push events to the default branch, or - # when PR gets the has a `gha:full-build` label, or when it had the - # label already and it gets a new commit. - full-matrix: |- - ${{ - github.event.pull_request.author_association != 'MEMBER' && - (github.event_name == 'push' || - github.event_name == 'workflow_dispatch' || - contains(github.event.pull_request.labels.*.name, 'gha:full-build')) - }} windows-cmake: name: Windows-CMake needs: [pre-flight] @@ -114,42 +59,3 @@ jobs: github.event_name == 'workflow_dispatch' || contains(github.event.pull_request.labels.*.name, 'gha:full-build')) }} - notify: - name: Notify-Google-Chat - # Wait until all the other jobs have completed. - needs: - - external-account-integration - - macos-bazel - - macos-cmake - - windows-bazel - - windows-cmake - # Run even if the other jobs failed or were skipped. - if: always() - runs-on: ubuntu-latest - steps: - - name: Notify Google Chat - shell: bash - run: | - event_name="${{ github.event_name }}" - case "${event_name}" in - schedule) - ;; - push) - ;; - workflow_dispatch) - ;; - *) - exit 0 - ;; - esac - failure="${{ contains(needs.*.result, 'failure') }}" - cancelled="${{ contains(needs.*.result, 'cancelled') }}" - status="" - # Report whether any of the jobs failed or were cancelled. - if [[ "${cancelled}" == "true" ]]; then status="cancelled"; fi - if [[ "${failure}" == "true" ]]; then status="failure"; fi - # Exit early if there is nothing interesting to report. - if [[ -z "${status}" ]]; then exit 0; fi - printf '{"text": "GHA Build %s %s/%s/actions/runs/%s"}' \ - "${status}" "${{ github.server_url }}" "${{ github.repository }}" "${{ github.run_id }}" | - curl -fsX POST -o /dev/null -d@- -H "Content-Type: application/json; charset=UTF-8" '${{ secrets.CLOUD_CPP_BUILD_ALERTS_WEBHOOK }}' diff --git a/.github/workflows/test-runner.yml b/.github/workflows/test-runner.yml index 0d93886e17355..c70363bff6228 100644 --- a/.github/workflows/test-runner.yml +++ b/.github/workflows/test-runner.yml @@ -30,22 +30,6 @@ concurrency: cancel-in-progress: true jobs: - # Require that the PR author be a member of the same organization as this - # repository in order to continue execution. - author-association-member: - name: Require Org Membership - runs-on: ubuntu-latest - steps: - - name: Check Membership - if: >- - ${{ - github.event_name == 'pull_request_target' && - github.event.pull_request.author_association != 'MEMBER' - }} - run: | - echo "Event not triggered by organization member." - exit 0 - pre-flight: # Save the `ref` of the pull request, so downstream jobs know what to checkout. environment: >- @@ -54,7 +38,11 @@ jobs: (github.event.pull_request.head.repo.full_name == github.repository && 'internal') }} name: Save PR ref - needs: [author-association-member] + if: >- + ${{ + github.event_name == 'pull_request_target' && + github.event.pull_request.author_association == 'MEMBER' + }} runs-on: ubuntu-latest outputs: checkout-sha: ${{ steps.save-pull-request.outputs.sha }} From 7957c20fe0ba8b3f3eaf92907c518e613d58f381 Mon Sep 17 00:00:00 2001 From: Scott Hart Date: Mon, 22 Jul 2024 17:15:53 -0400 Subject: [PATCH 08/13] fix preflight conditional --- .github/workflows/test-runner.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-runner.yml b/.github/workflows/test-runner.yml index c70363bff6228..4c3dd8e55cdb6 100644 --- a/.github/workflows/test-runner.yml +++ b/.github/workflows/test-runner.yml @@ -40,8 +40,11 @@ jobs: name: Save PR ref if: >- ${{ - github.event_name == 'pull_request_target' && - github.event.pull_request.author_association == 'MEMBER' + github.event.pull_request.author_association == 'MEMBER' && + (github.event_name == 'pull_request_target' || + github.event_name == 'push' || + github.event_name == 'schedule') + }} runs-on: ubuntu-latest outputs: From 6df457ae3dc0793aa0859aa3e08392884bf327c6 Mon Sep 17 00:00:00 2001 From: Scott Hart Date: Mon, 22 Jul 2024 17:21:24 -0400 Subject: [PATCH 09/13] debug --- .github/workflows/test-runner.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/test-runner.yml b/.github/workflows/test-runner.yml index 4c3dd8e55cdb6..d12131721de03 100644 --- a/.github/workflows/test-runner.yml +++ b/.github/workflows/test-runner.yml @@ -30,7 +30,17 @@ concurrency: cancel-in-progress: true jobs: + debug: + name: debug vars + runs-on: ubuntu-latest + steps: + -name: echo + id: echo + run: | + echo "assoc=${{ github.event.pull_request.author_association }}; event=${{ github.event_name }}" + pre-flight: + needs: [debug] # Save the `ref` of the pull request, so downstream jobs know what to checkout. environment: >- ${{ From 9fb1b174c1c09666ed793d10a38a642bbc1d9eb1 Mon Sep 17 00:00:00 2001 From: Scott Hart Date: Mon, 22 Jul 2024 17:22:30 -0400 Subject: [PATCH 10/13] debug 2 --- .github/workflows/test-runner.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test-runner.yml b/.github/workflows/test-runner.yml index d12131721de03..4f467765aeba3 100644 --- a/.github/workflows/test-runner.yml +++ b/.github/workflows/test-runner.yml @@ -34,10 +34,10 @@ jobs: name: debug vars runs-on: ubuntu-latest steps: - -name: echo - id: echo - run: | - echo "assoc=${{ github.event.pull_request.author_association }}; event=${{ github.event_name }}" + -name: echo + id: echo + run: | + echo "assoc=${{ github.event.pull_request.author_association }}; event=${{ github.event_name }}" pre-flight: needs: [debug] From 31dc41c5802189b88e8d71133f6b760ab1e9003f Mon Sep 17 00:00:00 2001 From: Scott Hart Date: Mon, 22 Jul 2024 17:23:28 -0400 Subject: [PATCH 11/13] debug 3 --- .github/workflows/test-runner.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test-runner.yml b/.github/workflows/test-runner.yml index 4f467765aeba3..b3db32a219f1a 100644 --- a/.github/workflows/test-runner.yml +++ b/.github/workflows/test-runner.yml @@ -34,10 +34,10 @@ jobs: name: debug vars runs-on: ubuntu-latest steps: - -name: echo - id: echo - run: | - echo "assoc=${{ github.event.pull_request.author_association }}; event=${{ github.event_name }}" + - name: echo + id: echo + run: | + echo "assoc=${{ github.event.pull_request.author_association }}; event=${{ github.event_name }}" pre-flight: needs: [debug] From acd38517ff125c67e66fc3cdac47204fc3b459a7 Mon Sep 17 00:00:00 2001 From: Scott Hart Date: Mon, 22 Jul 2024 17:24:49 -0400 Subject: [PATCH 12/13] fix preflight condition --- .github/workflows/test-runner.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test-runner.yml b/.github/workflows/test-runner.yml index b3db32a219f1a..371b61d976ab3 100644 --- a/.github/workflows/test-runner.yml +++ b/.github/workflows/test-runner.yml @@ -50,10 +50,10 @@ jobs: name: Save PR ref if: >- ${{ - github.event.pull_request.author_association == 'MEMBER' && - (github.event_name == 'pull_request_target' || + (github.event.pull_request.author_association == 'MEMBER' && + github.event_name == 'pull_request_target') || github.event_name == 'push' || - github.event_name == 'schedule') + github.event_name == 'schedule' }} runs-on: ubuntu-latest From b0713577996ed8947d3f33f6ae8fb0257f682c4b Mon Sep 17 00:00:00 2001 From: Scott Hart Date: Mon, 22 Jul 2024 17:27:10 -0400 Subject: [PATCH 13/13] remove debug --- .github/workflows/test-runner.yml | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/.github/workflows/test-runner.yml b/.github/workflows/test-runner.yml index 371b61d976ab3..26ea9d43b152e 100644 --- a/.github/workflows/test-runner.yml +++ b/.github/workflows/test-runner.yml @@ -30,17 +30,7 @@ concurrency: cancel-in-progress: true jobs: - debug: - name: debug vars - runs-on: ubuntu-latest - steps: - - name: echo - id: echo - run: | - echo "assoc=${{ github.event.pull_request.author_association }}; event=${{ github.event_name }}" - pre-flight: - needs: [debug] # Save the `ref` of the pull request, so downstream jobs know what to checkout. environment: >- ${{