Skip to content

Commit

Permalink
Fixes for pr_comment_bot (microsoft#1382)
Browse files Browse the repository at this point in the history 
* Fixup checkout steps across jobs

* Add persist-credentials=false

* Set repo/ref on checkout for filter
  • Loading branch information
@stuartleeks
stuartleeks authored Feb 25, 2022
1 parent 0be8fe0 commit c2742f6
Show file tree
Hide file tree
Showing 2 changed files with 87 additions and 7 deletions.
91 changes: 84 additions & 7 deletions .github/workflows/deploy_tre_reusable.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,11 +88,14 @@ jobs:
if: ${{ inputs.prRepo != '' }} # if running for a PR, checkout the PR commit
uses: actions/checkout@v2
with:
persist-credentials: false
repository: ${{ inputs.prRepo }}
ref: ${{ inputs.prRef }}

- name: Set up Docker BuildKit
uses: docker/setup-buildx-action@v1
with:
persist-credentials: false

- name: Login to Container Registry
uses: docker/login-action@v1
Expand Down Expand Up @@ -181,8 +184,19 @@ jobs:
build-and-push-gitea]

steps:
- name: Checkout
- name: Checkout (default)
if: ${{ inputs.prRepo == '' }} # if not running for a PR, checkout the default ref for the workflow run
uses: actions/checkout@v2
with:
persist-credentials: false

- name: Checkout (PR)
if: ${{ inputs.prRepo != '' }} # if running for a PR, checkout the PR commit
uses: actions/checkout@v2
with:
persist-credentials: false
repository: ${{ inputs.prRepo }}
ref: ${{ inputs.prRef }}

- name: Docker build
uses: ./.github/actions/devcontainer_run_command
Expand Down Expand Up @@ -215,8 +229,19 @@ jobs:
needs: [build_core_images]
environment: Dev
steps:
- name: Checkout
- name: Checkout (default)
if: ${{ inputs.prRepo == '' }} # if not running for a PR, checkout the default ref for the workflow run
uses: actions/checkout@v2
with:
persist-credentials: false

- name: Checkout (PR)
if: ${{ inputs.prRepo != '' }} # if running for a PR, checkout the PR commit
uses: actions/checkout@v2
with:
persist-credentials: false
repository: ${{ inputs.prRepo }}
ref: ${{ inputs.prRef }}

- name: Deploy Trusted Research Environment
uses: ./.github/actions/devcontainer_run_command
Expand Down Expand Up @@ -285,9 +310,17 @@ jobs:
BUNDLE_DIR: "./templates/workspace_services/innereye"}
environment: Dev
steps:
- name: Checkout
- name: Checkout (default)
if: ${{ inputs.prRepo == '' }} # if not running for a PR, checkout the default ref for the workflow run
uses: actions/checkout@v2

- name: Checkout (PR)
if: ${{ inputs.prRepo != '' }} # if running for a PR, checkout the PR commit
uses: actions/checkout@v2
with:
repository: ${{ inputs.prRepo }}
ref: ${{ inputs.prRef }}

- name: Publish bundle
uses: ./.github/actions/devcontainer_run_command
with:
Expand All @@ -314,8 +347,19 @@ jobs:
target: [build-and-push-guacamole]

steps:
- name: Checkout
- name: Checkout (default)
if: ${{ inputs.prRepo == '' }} # if not running for a PR, checkout the default ref for the workflow run
uses: actions/checkout@v2
with:
persist-credentials: false

- name: Checkout (PR)
if: ${{ inputs.prRepo != '' }} # if running for a PR, checkout the PR commit
uses: actions/checkout@v2
with:
persist-credentials: false
repository: ${{ inputs.prRepo }}
ref: ${{ inputs.prRef }}

- name: Docker build
uses: ./.github/actions/devcontainer_run_command
Expand Down Expand Up @@ -365,8 +409,19 @@ jobs:
BUNDLE_DIR: "./templates/workspace_services/innereye"}
environment: Dev
steps:
- name: Checkout
- name: Checkout (default)
if: ${{ inputs.prRepo == '' }} # if not running for a PR, checkout the default ref for the workflow run
uses: actions/checkout@v2
with:
persist-credentials: false

- name: Checkout (PR)
if: ${{ inputs.prRepo != '' }} # if running for a PR, checkout the PR commit
uses: actions/checkout@v2
with:
persist-credentials: false
repository: ${{ inputs.prRepo }}
ref: ${{ inputs.prRef }}

- name: Register bundle
uses: ./.github/actions/devcontainer_run_command
Expand Down Expand Up @@ -396,8 +451,19 @@ jobs:
environment: Dev
needs: [register_bundles, build_additional_images]
steps:
- name: Checkout
- name: Checkout (default)
if: ${{ inputs.prRepo == '' }} # if not running for a PR, checkout the default ref for the workflow run
uses: actions/checkout@v2
with:
persist-credentials: false

- name: Checkout (PR)
if: ${{ inputs.prRepo != '' }} # if running for a PR, checkout the PR commit
uses: actions/checkout@v2
with:
persist-credentials: false
repository: ${{ inputs.prRepo }}
ref: ${{ inputs.prRef }}

- name: Run E2E Tests (Smoke)
uses: ./.github/actions/devcontainer_run_command
Expand Down Expand Up @@ -463,8 +529,19 @@ jobs:
environment: Dev
needs: [register_bundles, build_additional_images]
steps:
- name: Checkout
- name: Checkout (default)
if: ${{ inputs.prRepo == '' }} # if not running for a PR, checkout the default ref for the workflow run
uses: actions/checkout@v2
with:
persist-credentials: false

- name: Checkout (PR)
if: ${{ inputs.prRepo != '' }} # if running for a PR, checkout the PR commit
uses: actions/checkout@v2
with:
persist-credentials: false
repository: ${{ inputs.prRepo }}
ref: ${{ inputs.prRef }}

- name: Run E2E Tests (Extended)
uses: ./.github/actions/devcontainer_run_command
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/pr_comment_bot.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,10 @@ jobs:
if: ${{ steps.check_command.outputs.result == 'run-tests' || steps.check_command.outputs.result == 'force-approve' }}
uses: actions/checkout@v2
with:
repository: ${{ inputs.prRepo }}
ref: ${{ inputs.prRef }}
persist-credentials: false

- uses: dorny/paths-filter@v2
id: filter
if: ${{ steps.check_command.outputs.result == 'run-tests' }}
Expand Down

0 comments on commit c2742f6

Please sign in to comment.