fix: make the workflows more general and add yamllint (abcxyz#34)

.github/workflows/ci.yml

@@ -34,9 +34,11 @@ jobs:
     with:
       go_version: '1.20'
 
+  yaml_lint:
+    uses: 'abcxyz/pkg/.github/workflows/yaml-lint.yml@main' # ratchet:exclude
+
   # Unit tests - go
   go_test:
     uses: 'abcxyz/pkg/.github/workflows/go-test.yml@main' # ratchet:exclude
     with:
       go_version: '1.20'
-

.github/workflows/iam-handle.yml → .github/workflows/handle.yml

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-name: 'aod-iam-handle'
+name: 'aod-handle'
 # TODO(#30): Support pull_request labeled triggering event. Current workflow
 # requires the triggering event must be pull_request_review as it relies on this
 # event to get the review status and approval submit time as IAM permission
@@ -45,12 +45,12 @@ env:
 jobs:
   handle:
     # Only handle the request when the PR is approved.
-    if: ${{ github.event.review.state == 'approved' }}
+    if: '${{ github.event.review.state == ''approved'' }}'
     runs-on: 'ubuntu-latest'
     permissions:
       contents: 'read'
       id-token: 'write'
-    name: 'Handle IAM Request'
+    name: 'Handle Request'
     steps:
       - name: 'Checkout Triggering Branch'
         uses: 'actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab' # ratchet:actions/checkout@v3
@@ -68,8 +68,10 @@ jobs:
           token_format: 'access_token'
       - name: 'Install AOD CLI'
         run: 'go install github.com/abcxyz/access-on-demand/cmd/aod@${{ inputs.aod_cli_version }}'
-      # Duration labels need to be predixed with "duration-", an example is "duration-2h",
+      # Duration labels need to be prefixed with "duration-", an example is "duration-2h".
+      # Skip when iam.yaml file does not exist in the case of a pull_request_review event.
       - name: 'Get Duration From Label'
+        if: '${{ hashFiles(''iam.yaml'') != '''' }}'
         run: |
           names='${{ toJson(github.event.pull_request.labels.*.name) }}'
           for name in $(echo "$names" | jq -r '.[]'); do
@@ -79,9 +81,16 @@ jobs:
               break
             fi
           done
-      - name: 'Run AOD CLI'
+      # Request will not be handled when iam.yaml file does not exist in the
+      # case of a pull_request_review event, instead it prints out a notice.
+      - name: 'Handle IAM Request'
         env:
           DURATION: '${{ env.LABELED_DURATION || env.DEFAULT_DURATION }}'
           FILE_PATH: '${{ github.workspace }}/iam.yaml'
           START_TIME: '${{ github.event.review.submitted_at }}'
-        run: 'aod iam handle -path $FILE_PATH -duration $DURATION -start-time $START_TIME'
+        run: |
+          if [ -f "iam.yaml" ]; then
+            aod iam handle -path $FILE_PATH -duration $DURATION -start-time $START_TIME
+          else
+            echo "::notice title=IAM Request Handle::Skip because iam.yaml is not found"
+          fi

.github/workflows/iam-validate.yml → .github/workflows/validate.yml

@@ -12,9 +12,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-name: 'aod-iam-validate'
+name: 'aod-validate'
 
-# Support pull request triggering event.
+# Support triggering events containing pull request such as pull_request and pull_request_review.
 on:
   workflow_call:
     inputs:
@@ -32,7 +32,7 @@ on:
 jobs:
   validate:
     runs-on: 'ubuntu-latest'
-    name: 'Validate IAM Request'
+    name: 'Validate Request'
     steps:
       - name: 'Checkout Triggering Branch'
         uses: 'actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab' # ratchet:actions/checkout@v3
@@ -44,7 +44,14 @@ jobs:
           go-version: '${{ inputs.go_version }}'
       - name: 'Install AOD CLI'
         run: 'go install github.com/abcxyz/access-on-demand/cmd/aod@${{ inputs.aod_cli_version }}'
-      - name: 'Run AOD CLI'
+      # Request will not be validated when iam.yaml file does not exist in the
+      # case of a pull_request_review event, instead it prints out a notice.
+      - name: 'Validate IAM Request'
         env:
           FILE_PATH: '${{ github.workspace }}/iam.yaml'
-        run: 'aod iam validate -path $FILE_PATH'
+        run: |
+          if [ -f "test-iam.yaml" ]; then
+            aod iam validate -path $FILE_PATH
+          else
+            echo "::notice title=IAM Request Validation::Skip because iam.yaml is not found"
+          fi

go.mod

@@ -5,7 +5,7 @@ go 1.20
 require (
 	cloud.google.com/go/iam v0.13.0
 	cloud.google.com/go/resourcemanager v1.7.0
-	github.com/abcxyz/pkg v0.3.1-0.20230526035441-066c75c92766
+	github.com/abcxyz/pkg v0.3.1-0.20230602004249-183769b67b2d
 	github.com/google/go-cmp v0.5.9
 	github.com/googleapis/gax-go/v2 v2.8.0
 	github.com/posener/complete/v2 v2.0.1-alpha.13

go.sum

@@ -13,8 +13,8 @@ cloud.google.com/go/longrunning v0.4.1/go.mod h1:4iWDqhBZ70CvZ6BfETbvam3T8FMvLK+
 cloud.google.com/go/resourcemanager v1.7.0 h1:NRM0p+RJkaQF9Ee9JMnUV9BQ2QBIOq/v8M+Pbv/wmCs=
 cloud.google.com/go/resourcemanager v1.7.0/go.mod h1:HlD3m6+bwhzj9XCouqmeiGuni95NTrExfhoSrkC/3EI=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/abcxyz/pkg v0.3.1-0.20230526035441-066c75c92766 h1:/XORT0XkBoxn0KRr7SBrXzQ8vPz0Hj7uJEbXsqiUOkI=
-github.com/abcxyz/pkg v0.3.1-0.20230526035441-066c75c92766/go.mod h1:sff1Lb6nFm31g69Ussj9Hi96tSmzGqRcVAWKwUEjHd0=
+github.com/abcxyz/pkg v0.3.1-0.20230602004249-183769b67b2d h1:EokfqfS3to8GcZZNdJnPQdEWmWu+hXTaDHL9SI370kU=
+github.com/abcxyz/pkg v0.3.1-0.20230602004249-183769b67b2d/go.mod h1:sff1Lb6nFm31g69Ussj9Hi96tSmzGqRcVAWKwUEjHd0=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/benbjohnson/clock v1.3.0 h1:ip6w0uFQkncKQ979AypyG0ER7mqUSBdKLOgAle/AT8A=
 github.com/benbjohnson/clock v1.3.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=