mirror of https://github.com/databricks/cli.git
Compare commits
4 Commits
a56d082910
...
2bbdd04217
| Author | SHA1 | Date |
|---|---|---|
hectorcast-db
|
2bbdd04217 | |
Pieter Noordhuis
|
4a2d866f9a | |
|
Pieter Noordhuis
|
c12a157a2d | |
|
Pieter Noordhuis
|
79833f0071 |
|
|
@ -11,7 +11,6 @@ on:
|
|||
branches:
|
||||
- main
|
||||
|
||||
|
||||
jobs:
|
||||
comment-on-pr:
|
||||
runs-on: ubuntu-latest
|
||||
|
|
@ -19,73 +18,15 @@ jobs:
|
|||
pull-requests: write
|
||||
|
||||
steps:
|
||||
# NOTE: The following checks may not be accurate depending on Org or Repo settings.
|
||||
- name: Check user and potential secret access
|
||||
id: check-secrets-access
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
run: |
|
||||
USER_LOGIN="${{ github.event.pull_request.user.login }}"
|
||||
REPO_OWNER="${{ github.repository_owner }}"
|
||||
REPO_NAME="${{ github.event.repository.name }}"
|
||||
|
||||
echo "Pull request opened by: $USER_LOGIN"
|
||||
|
||||
# Check if PR is from a fork
|
||||
IS_FORK=$([[ "${{ github.event.pull_request.head.repo.full_name }}" != "${{ github.repository }}" ]] && echo "true" || echo "false")
|
||||
|
||||
HAS_ACCESS="false"
|
||||
|
||||
# Check user's permission level on the repository
|
||||
USER_PERMISSION=$(gh api repos/$REPO_OWNER/$REPO_NAME/collaborators/$USER_LOGIN/permission --jq '.permission')
|
||||
|
||||
if [[ "$USER_PERMISSION" == "admin" || "$USER_PERMISSION" == "write" ]]; then
|
||||
HAS_ACCESS="true"
|
||||
elif [[ "$USER_PERMISSION" == "read" ]]; then
|
||||
# For read access, we need to check if the user has been explicitly granted secret access
|
||||
# This information is not directly available via API, so we'll make an assumption
|
||||
# that read access does not imply secret access
|
||||
HAS_ACCESS="false"
|
||||
fi
|
||||
|
||||
# Check if repo owner is an organization
|
||||
IS_ORG=$(gh api users/$REPO_OWNER --jq '.type == "Organization"')
|
||||
|
||||
if [[ "$IS_ORG" == "true" && "$HAS_ACCESS" == "false" ]]; then
|
||||
# Check if user is a member of any team with write or admin access to the repo
|
||||
TEAMS_WITH_ACCESS=$(gh api repos/$REPO_OWNER/$REPO_NAME/teams --jq '.[] | select(.permission == "push" or .permission == "admin") | .slug')
|
||||
for team in $TEAMS_WITH_ACCESS; do
|
||||
IS_TEAM_MEMBER=$(gh api orgs/$REPO_OWNER/teams/$team/memberships/$USER_LOGIN --silent && echo "true" || echo "false")
|
||||
if [[ "$IS_TEAM_MEMBER" == "true" ]]; then
|
||||
HAS_ACCESS="true"
|
||||
break
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
# If it's a fork, set HAS_ACCESS to false regardless of other checks
|
||||
if [[ "$IS_FORK" == "true" ]]; then
|
||||
HAS_ACCESS="false"
|
||||
fi
|
||||
|
||||
echo "has_secrets_access=$HAS_ACCESS" >> $GITHUB_OUTPUT
|
||||
if [[ "$HAS_ACCESS" == "true" ]]; then
|
||||
echo "User $USER_LOGIN likely has access to secrets"
|
||||
else
|
||||
echo "User $USER_LOGIN likely does not have access to secrets"
|
||||
fi
|
||||
|
||||
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Delete old comments
|
||||
if: steps.check-secrets-access.outputs.has_secrets_access != 'true'
|
||||
env:
|
||||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
run: |
|
||||
# Delete previous comment if it exists
|
||||
previous_comment_ids=$(gh api "repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments" \
|
||||
--jq '.[] | select(.body | startswith("<!-- INTEGRATION_TESTS -->")) | .id')
|
||||
--jq '.[] | select(.body | startswith("<!-- INTEGRATION_TESTS_MANUAL -->")) | .id')
|
||||
echo "Previous comment IDs: $previous_comment_ids"
|
||||
# Iterate over each comment ID and delete the comment
|
||||
if [ ! -z "$previous_comment_ids" ]; then
|
||||
|
|
@ -96,14 +37,15 @@ jobs:
|
|||
fi
|
||||
|
||||
- name: Comment on PR
|
||||
if: steps.check-secrets-access.outputs.has_secrets_access != 'true'
|
||||
env:
|
||||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
COMMIT_SHA: ${{ github.event.pull_request.head.sha }}
|
||||
run: |
|
||||
gh pr comment ${{ github.event.pull_request.number }} --body \
|
||||
"<!-- INTEGRATION_TESTS -->
|
||||
Run integration tests manually:
|
||||
"<!-- INTEGRATION_TESTS_MANUAL -->
|
||||
If integration tests don't run automatically, an authorized user can run them manually by following the instructions below:
|
||||
|
||||
Trigger:
|
||||
[go/deco-tests-run/cli](https://go/deco-tests-run/cli)
|
||||
|
||||
Inputs:
|
||||
|
|
|
|||
|
|
@ -11,17 +11,18 @@ on:
|
|||
jobs:
|
||||
check-token:
|
||||
runs-on: ubuntu-latest
|
||||
environment: "test-trigger-is"
|
||||
outputs:
|
||||
has_token: ${{ steps.set-token-status.outputs.has_token }}
|
||||
steps:
|
||||
- name: Check if GITHUB_TOKEN is set
|
||||
- name: Check if DECO_WORKFLOW_TRIGGER_APP_ID is set
|
||||
id: set-token-status
|
||||
run: |
|
||||
if [ -z "${{ secrets.GITHUB_TOKEN }}" ]; then
|
||||
echo "GITHUB_TOKEN is empty. User has no access to tokens."
|
||||
if [ -z "${{ secrets.DECO_WORKFLOW_TRIGGER_APP_ID }}" ]; then
|
||||
echo "DECO_WORKFLOW_TRIGGER_APP_ID is empty. User has no access to secrets."
|
||||
echo "::set-output name=has_token::false"
|
||||
else
|
||||
echo "GITHUB_TOKEN is set. User has no access to tokens."
|
||||
echo "DECO_WORKFLOW_TRIGGER_APP_ID is set. User has access to secrets."
|
||||
echo "::set-output name=has_token::true"
|
||||
fi
|
||||
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ jobs:
|
|||
- name: Setup Go
|
||||
uses: actions/setup-go@v5
|
||||
with:
|
||||
go-version: 1.22.7
|
||||
go-version: 1.23.2
|
||||
|
||||
- name: Setup Python
|
||||
uses: actions/setup-python@v5
|
||||
|
|
@ -68,7 +68,7 @@ jobs:
|
|||
- name: Setup Go
|
||||
uses: actions/setup-go@v5
|
||||
with:
|
||||
go-version: 1.22.7
|
||||
go-version: 1.23.2
|
||||
|
||||
# No need to download cached dependencies when running gofmt.
|
||||
cache: false
|
||||
|
|
@ -100,7 +100,7 @@ jobs:
|
|||
- name: Setup Go
|
||||
uses: actions/setup-go@v5
|
||||
with:
|
||||
go-version: 1.22.7
|
||||
go-version: 1.23.2
|
||||
|
||||
# Github repo: https://github.com/ajv-validator/ajv-cli
|
||||
- name: Install ajv-cli
|
||||
|
|
|
|||
|
|
@ -6,6 +6,15 @@ on:
|
|||
- "main"
|
||||
- "demo-*"
|
||||
|
||||
# Confirm that snapshot builds work if this file is modified.
|
||||
pull_request:
|
||||
types:
|
||||
- opened
|
||||
- synchronize
|
||||
- reopened
|
||||
paths:
|
||||
- ".github/workflows/release-snapshot.yml"
|
||||
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
|
|
@ -21,7 +30,7 @@ jobs:
|
|||
- name: Setup Go
|
||||
uses: actions/setup-go@v5
|
||||
with:
|
||||
go-version: 1.22.7
|
||||
go-version: 1.23.2
|
||||
|
||||
# The default cache key for this action considers only the `go.sum` file.
|
||||
# We include .goreleaser.yaml here to differentiate from the cache used by the push action
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ jobs:
|
|||
- name: Setup Go
|
||||
uses: actions/setup-go@v5
|
||||
with:
|
||||
go-version: 1.22.7
|
||||
go-version: 1.23.2
|
||||
|
||||
# The default cache key for this action considers only the `go.sum` file.
|
||||
# We include .goreleaser.yaml here to differentiate from the cache used by the push action
|
||||
|
|
@ -63,7 +63,7 @@ jobs:
|
|||
echo "VERSION=${VERSION:1}" >> $GITHUB_ENV
|
||||
|
||||
- name: Update setup-cli
|
||||
uses: actions/github-script@v6
|
||||
uses: actions/github-script@v7
|
||||
with:
|
||||
github-token: ${{ secrets.DECO_GITHUB_TOKEN }}
|
||||
script: |
|
||||
|
|
@ -87,7 +87,7 @@ jobs:
|
|||
echo "VERSION=${VERSION:1}" >> $GITHUB_ENV
|
||||
|
||||
- name: Update homebrew-tap
|
||||
uses: actions/github-script@v6
|
||||
uses: actions/github-script@v7
|
||||
with:
|
||||
github-token: ${{ secrets.DECO_GITHUB_TOKEN }}
|
||||
script: |
|
||||
|
|
@ -124,7 +124,7 @@ jobs:
|
|||
echo "VERSION=${VERSION:1}" >> $GITHUB_ENV
|
||||
|
||||
- name: Update CLI version in the VSCode extension
|
||||
uses: actions/github-script@v6
|
||||
uses: actions/github-script@v7
|
||||
with:
|
||||
github-token: ${{ secrets.DECO_GITHUB_TOKEN }}
|
||||
script: |
|
||||
|
|
|
|||
|
|
@ -95,7 +95,7 @@ checksum:
|
|||
algorithm: sha256
|
||||
|
||||
snapshot:
|
||||
name_template: '{{ incpatch .Version }}-dev+{{ .ShortCommit }}'
|
||||
version_template: '{{ incpatch .Version }}-dev+{{ .ShortCommit }}'
|
||||
|
||||
changelog:
|
||||
sort: asc
|
||||
|
|
|
|||
Loading…
Reference in New Issue