Bump slash-command-dispatch and avoid running unverified commit in ok-to-test (#1756)
## Description Bumps ok-to-test to v3. Plus fix the issue where someone might have been able to run unverified code if they push between commenting `/ok-to-test` and the job starting. ## Type of change <!--- Please check the type of change your PR introduces: ---> - [ ] 🌻 Feature - [ ] 🐛 Bugfix - [ ] 🗺️ Documentation - [ ] 🤖 Test - [x] 💻 CI/Deployment - [ ] 🐹 Trivial/Minor ## Issue(s) <!-- Can reference multiple issues. Use one of the following "magic words" - "closes, fixes" to auto-close the Github issue. --> * https://github.com/alcionai/corso/pull/1651 ## Test Plan <!-- How will this be tested prior to merging.--> - [x] 💪 Manual - [ ] ⚡ Unit test - [ ] 💚 E2E
This commit is contained in:
Abin Simon
GitHub
parent
48e6e8f08f
commit
da0fac20bf
16
.github/workflows/ci.yml
vendored
16
.github/workflows/ci.yml
vendored
@ -239,17 +239,29 @@ jobs:
|
|||||||
run:
|
run:
|
||||||
working-directory: src
|
working-directory: src
|
||||||
steps:
|
steps:
|
||||||
- name: Fail check
|
- name: Fail check if not repository_dispatch
|
||||||
if: github.event_name != 'repository_dispatch'
|
if: github.event_name != 'repository_dispatch'
|
||||||
run: |
|
run: |
|
||||||
echo "Workflow requires approval from a maintainer to run. It will be automatically rerun on approval."
|
echo "Workflow requires approval from a maintainer to run. It will be automatically rerun on approval."
|
||||||
exit 1
|
exit 1
|
||||||
|
|
||||||
|
- uses: marocchino/sticky-pull-request-comment@v2
|
||||||
|
if: github.event.client_payload.slash_command.args.named.sha != '' && contains(github.event.client_payload.pull_request.head.sha, github.event.client_payload.slash_command.args.named.sha)
|
||||||
|
with:
|
||||||
|
message: |
|
||||||
|
Workflow run sha specified via `ok-to-test` is not the latest commit on PR. Run canceled.
|
||||||
|
|
||||||
|
- name: Fail check if not head of PR
|
||||||
|
if: github.event.client_payload.slash_command.args.named.sha != '' && contains(github.event.client_payload.pull_request.head.sha, github.event.client_payload.slash_command.args.named.sha)
|
||||||
|
run: |
|
||||||
|
echo "Workflow run sha specified is not the latest commit on PR. Exiting."
|
||||||
|
exit 1
|
||||||
|
|
||||||
# add comment to PR with link to workflow run
|
# add comment to PR with link to workflow run
|
||||||
- uses: marocchino/sticky-pull-request-comment@v2
|
- uses: marocchino/sticky-pull-request-comment@v2
|
||||||
with:
|
with:
|
||||||
message: |
|
message: |
|
||||||
https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID
|
Test suite run will be available at https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID
|
||||||
|
|
||||||
# Check out merge commit
|
# Check out merge commit
|
||||||
- name: Fork based /ok-to-test checkout
|
- name: Fork based /ok-to-test checkout
|
||||||
|
|||||||
3
.github/workflows/ok-to-test.yml
vendored
3
.github/workflows/ok-to-test.yml
vendored
@ -19,7 +19,7 @@ jobs:
|
|||||||
private_key: ${{ secrets.PRIVATE_KEY }}
|
private_key: ${{ secrets.PRIVATE_KEY }}
|
||||||
|
|
||||||
- name: Slash Command Dispatch
|
- name: Slash Command Dispatch
|
||||||
uses: peter-evans/slash-command-dispatch@v1
|
uses: peter-evans/slash-command-dispatch@v3
|
||||||
env:
|
env:
|
||||||
TOKEN: ${{ steps.generate_token.outputs.token }}
|
TOKEN: ${{ steps.generate_token.outputs.token }}
|
||||||
with:
|
with:
|
||||||
@ -27,5 +27,4 @@ jobs:
|
|||||||
reaction-token: ${{ secrets.GITHUB_TOKEN }}
|
reaction-token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
issue-type: pull-request
|
issue-type: pull-request
|
||||||
commands: ok-to-test
|
commands: ok-to-test
|
||||||
named-args: true
|
|
||||||
permission: write
|
permission: write
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user