Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: Prevent certain checks from running on forked PRs #16047

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

ci: Prevent certain checks from running on forked PRs #16047

wants to merge 1 commit into from

Conversation

andrewb1269hg
Copy link
Contributor

@andrewb1269hg andrewb1269hg commented Oct 18, 2024
edited
Loading

Description:
Add a check for a forked repo to any workflow file steps which use secrets.* token or default GITHUB_TOKEN.

Related Issue(s):
Fixes #16004

@andrewb1269hg andrewb1269hg linked an issue Oct 18, 2024 that may be closed by this pull request
Prevent certain checks from running on forked PRs #16004
Open
@andrewb1269hg andrewb1269hg self-assigned this Oct 18, 2024
@andrewb1269hg andrewb1269hg added this to the v0.56 milestone Oct 18, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 18, 2024
edited
Loading

Node: HAPI Test (Restart) Results

9 files  1 errors  8 suites   7m 50s ⏱️
7 tests 7 ✅ 0 💤 0 ❌
8 runs  8 ✅ 0 💤 0 ❌

For more details on these parsing errors, see this check.

Results for commit d62de25.

♻️ This comment has been updated with latest results.

@codacy-production Codacy Production
Copy link

codacy-production bot commented Oct 18, 2024
edited
Loading

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
+0.00% (target: -1.00%)
Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (029a73f) 97692 63846 65.35%
Head commit (2128cab) 97692 (+0) 63846 (+0) 65.35% (+0.00%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#16047) 0 0 ∅ (not applicable)

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

Codacy stopped sending the deprecated coverage status on June 5th, 2024. Learn more

@codecov Codecov
Copy link

codecov bot commented Oct 18, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 63.65%. Comparing base (029a73f) to head (2128cab).

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             develop   #16047   +/-   ##
==========================================
  Coverage      63.65%   63.65%           
  Complexity     20447    20447           
==========================================
  Files           2538     2538           
  Lines          94927    94927           
  Branches        9919     9919           
==========================================
  Hits           60424    60424           
  Misses         30891    30891           
  Partials        3612     3612

Impacted file tree graph

@andrewb1269hg andrewb1269hg changed the title ci: Add fork repo check in workflows ci: Prevent certain checks from running on forked PRs Oct 18, 2024
@andrewb1269hg andrewb1269hg marked this pull request as ready for review October 21, 2024 11:18
@andrewb1269hg andrewb1269hg requested review from a team as code owners October 21, 2024 11:18
@andrewb1269hg andrewb1269hg force-pushed the 16004-prevent-certain-checks-from-running-on-forked-prs branch 2 times, most recently from 2b822a9 to 3a70aef Compare October 21, 2024 11:37
nathanklick
nathanklick reviewed Oct 21, 2024
View reviewed changes
.github/workflows/node-flow-build-application.yaml Outdated Show resolved Hide resolved
.github/workflows/flow-node-performance-tests.yaml Outdated Show resolved Hide resolved
.github/workflows/flow-node-performance-tests.yaml Outdated Show resolved Hide resolved
.github/workflows/flow-node-performance-tests.yaml Outdated Show resolved Hide resolved
.github/workflows/node-flow-deploy-adhoc-artifact.yaml Outdated Show resolved Hide resolved
.github/workflows/node-flow-deploy-preview.yaml Outdated Show resolved Hide resolved
.github/workflows/node-flow-deploy-release-artifact.yaml Outdated Show resolved Hide resolved
.github/workflows/node-flow-deploy-release-artifact.yaml Outdated Show resolved Hide resolved
.github/workflows/node-flow-fsts-custom-regression.yaml Outdated Show resolved Hide resolved
rbarkerSL
rbarkerSL requested changes Oct 21, 2024
View reviewed changes
.github/workflows/flow-node-performance-tests.yaml Outdated Show resolved Hide resolved
.github/workflows/flow-pull-request-formatting.yaml Outdated
@@ -51,6 +51,7 @@ jobs:
egress-policy: audit

- name: Check PR Title
if: ${{ !github.event.pull_request.base.repo.fork }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should check for the fork condition at the job level instead of at the individual step

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn't appear to have been updated. I'm moving it to the level under title-check step so it will skip on the whole job.

.github/workflows/node-flow-deploy-release-artifact.yaml Outdated Show resolved Hide resolved
.github/workflows/node-flow-fsts-daily-interval-01.yaml Outdated Show resolved Hide resolved
.github/workflows/node-flow-fsts-daily-interval-01.yaml Outdated Show resolved Hide resolved
.github/workflows/node-flow-pull-request-checks.yaml Outdated Show resolved Hide resolved
.github/workflows/node-flow-pull-request-checks.yaml Outdated Show resolved Hide resolved
.github/workflows/node-flow-pull-request-checks.yaml Outdated Show resolved Hide resolved
.github/workflows/node-flow-pull-request-checks.yaml Outdated Show resolved Hide resolved
.github/workflows/node-flow-pull-request-checks.yaml Outdated Show resolved Hide resolved
@rbarkerSL rbarkerSL marked this pull request as draft October 21, 2024 22:25
@andrewb1269hg andrewb1269hg force-pushed the 16004-prevent-certain-checks-from-running-on-forked-prs branch 2 times, most recently from ec1e411 to 9eab51e Compare October 22, 2024 19:28
@andrewb1269hg andrewb1269hg marked this pull request as ready for review October 23, 2024 15:40
@andrewb1269hg
Copy link
Contributor Author

Major updates:

  1. Removed all workflow_dispatch checks.
  2. Added checks to workflow_call files.
  3. Reformat and standardize the order of if-check stanzas inside steps.

rbarkerSL
rbarkerSL previously approved these changes Oct 23, 2024
View reviewed changes
@rbarkerSL rbarkerSL self-requested a review October 29, 2024 14:06
rbarkerSL
rbarkerSL previously approved these changes Oct 29, 2024
View reviewed changes
rbarkerSL
rbarkerSL previously approved these changes Nov 5, 2024
View reviewed changes
rbarkerSL
rbarkerSL previously approved these changes Nov 26, 2024
View reviewed changes
rbarkerSL
rbarkerSL previously approved these changes Nov 26, 2024
View reviewed changes
nathanklick
nathanklick requested changes Nov 26, 2024
View reviewed changes
.github/workflows/node-zxc-build-release-artifact.yaml Outdated Show resolved Hide resolved
.github/workflows/node-zxc-build-release-artifact.yaml Outdated Show resolved Hide resolved
.github/workflows/node-zxc-build-release-artifact.yaml Outdated Show resolved Hide resolved
.github/workflows/node-zxc-build-release-artifact.yaml Outdated Show resolved Hide resolved
.github/workflows/node-zxc-build-release-artifact.yaml Outdated Show resolved Hide resolved
.github/workflows/node-zxc-build-release-artifact.yaml Outdated Show resolved Hide resolved
.github/workflows/node-zxc-build-release-artifact.yaml Outdated Show resolved Hide resolved
.github/workflows/node-zxc-compile-application-code.yaml Outdated Show resolved Hide resolved
@andrewb1269hg andrewb1269hg force-pushed the 16004-prevent-certain-checks-from-running-on-forked-prs branch from 1346368 to 14e60c3 Compare December 2, 2024 21:34
@andrewb1269hg andrewb1269hg requested a review from a team as a code owner December 2, 2024 21:34
@andrewb1269hg
ci: Add fork repo check in workflows
2128cab 
**Description**:
Add a check to any workflow file steps which use secrets.* token or default GITHUB_TOKEN.

**Related Issue(s)**:

Fixes #16004

Signed-off-by: Andrew Brandt <[email protected]>
@andrewb1269hg andrewb1269hg force-pushed the 16004-prevent-certain-checks-from-running-on-forked-prs branch from 60e7d2d to 2128cab Compare December 2, 2024 21:58
@rbarkerSL rbarkerSL modified the milestones: v0.56, v0.58 Dec 3, 2024
rbarkerSL
rbarkerSL approved these changes Dec 3, 2024
View reviewed changes
Copy link
Contributor

@rbarkerSL rbarkerSL left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nathanklick nathanklick nathanklick requested changes

@rbarkerSL rbarkerSL rbarkerSL approved these changes

@dalvizu dalvizu Awaiting requested review from dalvizu dalvizu is a code owner automatically assigned from hashgraph/devops

Requested changes must be addressed to merge this pull request.

Assignees

@andrewb1269hg andrewb1269hg

Labels
None yet
Projects
None yet
Milestone
v0.58
Development

Successfully merging this pull request may close these issues.

Prevent certain checks from running on forked PRs
3 participants
@andrewb1269hg @nathanklick @rbarkerSL