Skip to content

Commit

Permalink
ci: remove use of pull_request_target (part 1) (GoogleCloudPlatform#3747
Browse files Browse the repository at this point in the history
)

* ci: remove use of pull_request_target (part 1)

* CONTRIBUTING: Second => Multiple times

* CONTRIBUTING: Cleanup guidance polish

* Update .github/workflows/remove-label.yaml

* Update CONTRIBUTING.md

* swap live example implementation
  • Loading branch information
grayside authored Jul 19, 2024
1 parent e1a8b22 commit 2c58dcd
Show file tree
Hide file tree
Showing 6 changed files with 36 additions and 54 deletions.
11 changes: 5 additions & 6 deletions .github/workflows/functions-env_vars.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -22,12 +22,11 @@ on:
- '.github/workflows/functions-env_vars.yaml'
- '.github/workflows/test.yaml'
pull_request:
paths:
- 'functions/env_vars/**'
- '.github/workflows/functions-env_vars.yaml'
- '.github/workflows/test.yaml'
pull_request_target:
types: [labeled]
types:
- opened
- reopened
- synchronize
- labeled
paths:
- 'functions/env_vars/**'
- '.github/workflows/functions-env_vars.yaml'
Expand Down
25 changes: 3 additions & 22 deletions .github/workflows/remove-label.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,30 +17,11 @@ name: Remove Label
on:
workflow_call:

permissions: {}

jobs:
remove_label:
permissions:
contents: 'read'
id-token: 'write'
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- uses: actions/github-script@v6
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
try {
const event = JSON.parse(
require("fs").readFileSync(process.env.GITHUB_EVENT_PATH, "utf8")
);
await github.rest.issues.removeLabel({
name: "actions:force-run",
owner: "GoogleCloudPlatform",
repo: "nodejs-docs-samples",
issue_number: event.pull_request.number,
});
} catch (e) {
if (!e.message.includes("Label does not exist")) {
throw e;
}
}
- run: echo "Label removal is currently skipped. Please remove the 'actions:force-run' label manually. See b/354216420"
10 changes: 5 additions & 5 deletions .github/workflows/utils/ci-matrix.yaml.njk
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,11 @@ on:
- '{{path}}/**'
- '.github/workflows/{{name}}.yaml'
pull_request:
paths:
- '{{path}}/**'
- '.github/workflows/{{name}}.yaml'
pull_request_target:
types: [labeled]
types:
- opened
- reopened
- synchronize
- labeled
paths:
- '{{path}}/**'
- '.github/workflows/{{name}}.yaml'
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/utils/ci-secrets.yaml.njk
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,11 @@ on:
- '{{ path }}/**'
- '.github/workflows/{{ name }}.yaml'
pull_request:
paths:
- '{{ path }}/**'
- '.github/workflows/{{ name }}.yaml'
pull_request_target:
types: [labeled]
types:
- opened
- reopened
- synchronize
- labeled
paths:
- '{{ path }}/**'
- '.github/workflows/{{ name }}.yaml'
Expand Down
20 changes: 5 additions & 15 deletions .github/workflows/utils/ci.yaml.njk
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,11 @@ on:
- '{{path}}/**'
- '.github/workflows/{{name}}.yaml'
pull_request:
paths:
- '{{path}}/**'
- '.github/workflows/{{name}}.yaml'
pull_request_target:
types: [labeled]
types:
- opened
- reopened
- synchronize
- labeled
paths:
- '{{path}}/**'
- '.github/workflows/{{name}}.yaml'
Expand All @@ -42,16 +42,6 @@ jobs:
with:
name: '{{name}}'
path: '{{path}}'
remove_label:
# Ref: https://github.com/google-github-actions/auth#usage
permissions:
contents: 'read'
id-token: 'write'
if: |
github.event.action == 'labeled' &&
github.event.label.name == 'actions:force-run' &&
always()
uses: ./.github/workflows/remove-label.yaml
flakybot:
# Ref: https://github.com/google-github-actions/auth#usage
permissions:
Expand Down
14 changes: 13 additions & 1 deletion CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,9 @@ a great sample but it is not used in Google's official documentation, there are
better suited places to publish it such as a [community
tutorial](https://cloud.google.com/community/).

## Run the tests for a single sample
## Run the tests

### Run the tests locally for a single sample

1. Obtain authentication credentials. Depending on the sample, you need to
enable the appropriate APIs in the [Cloud
Expand All @@ -29,6 +31,16 @@ Console](https://console.cloud.google.com/apis/library).

npm test

### Running the tests for a Pull Request

When a Pull Request is opened, reopened, or has new commits pushed the sample tests (unit, integration, end-to-end) will be run.

If the tests for a sample change do not run, they can be triggered by adding the `actions:force-run` label.

If tests need to be triggered multiple times, manually remove `actions:force-run` and then re-add this label.

The automatic clean-up of labels is currently disabled. Please remove the actions:force-run before merging the Pull Request.

## Adding new samples

All samples must have tests. We use `mocha` as testing framework. The
Expand Down

0 comments on commit 2c58dcd

Please sign in to comment.