From 53b20aeaf703c7afd65af2bfe1af9017ba21bae0 Mon Sep 17 00:00:00 2001 From: rory Date: Tue, 25 Mar 2025 12:12:18 -0700 Subject: [PATCH 1/2] Add checkbox as reminder to devs to review code before running test builds --- .github/workflows/testBuild.yml | 16 +++++++++++++--- .github/workflows/testBuildHybrid.yml | 19 ++++++++++++++----- 2 files changed, 27 insertions(+), 8 deletions(-) diff --git a/.github/workflows/testBuild.yml b/.github/workflows/testBuild.yml index 6bb8d48a7116..b0c1db6b72f5 100644 --- a/.github/workflows/testBuild.yml +++ b/.github/workflows/testBuild.yml @@ -6,6 +6,10 @@ on: PULL_REQUEST_NUMBER: description: Pull Request number for correct placement of apps required: true + REVIEWED_CODE: + description: I reviewed this pull request and verified that it does not contain any malicious code. + required: true + default: false WEB: description: Should build web app? type: boolean @@ -19,15 +23,15 @@ on: type: boolean default: true IOS_HYBRID: - description: Should build iOS hybrid app? + description: Should build iOS hybrid app? type: boolean default: true ANDROID: - description: Should build android app? + description: Should build android app? type: boolean default: true ANDROID_HYBRID: - description: Should build android hybrid app? + description: Should build android hybrid app? type: boolean default: true @@ -50,6 +54,12 @@ jobs: REQUIRE_APP_DEPLOYER: false OS_BOTIFY_TOKEN: ${{ secrets.OS_BOTIFY_COMMIT_TOKEN }} + - name: Validate that the user reviewed the pull request before running a test build + if: ${{ !inputs.REVIEWED_CODE }} + run: | + echo "::error::🕵️‍♀️ Please carefully review the pull request before running a test build to ensure it does not contain any malicious code" + exit 1 + - name: Check if pull request number is correct if: ${{ github.event_name == 'workflow_dispatch' }} id: getHeadRef diff --git a/.github/workflows/testBuildHybrid.yml b/.github/workflows/testBuildHybrid.yml index 3dfc22f8152c..15011a2227ec 100644 --- a/.github/workflows/testBuildHybrid.yml +++ b/.github/workflows/testBuildHybrid.yml @@ -3,6 +3,10 @@ name: Build and deploy hybrid apps for testing on: workflow_dispatch: inputs: + REVIEWED_CODE: + description: I reviewed this pull request and verified that it does not contain any malicious code. + required: true + default: false # Pull Request number from App repo for correct placement of ND app. If not specified defaults to main branch. APP_PULL_REQUEST_NUMBER: description: App PR number. Defaults to main. @@ -36,16 +40,15 @@ on: description: Should build Android app? type: boolean default: true - + outputs: ANDROID_LINK: value: ${{ jobs.androidHybrid.outputs.S3_APK_PATH }} IOS_LINK: value: ${{ jobs.iosHybrid.outputs.IOS_PATH }} - - + env: - # This variable is needed for fastlane to construct correct path, -hybrid suffix is needed to distinguish hybrid apps from standalone New Dot + # This variable is needed for fastlane to construct correct path, -hybrid suffix is needed to distinguish hybrid apps from standalone New Dot PULL_REQUEST_NUMBER: ${{ github.event.inputs.APP_PULL_REQUEST_NUMBER || github.event.inputs.HYBRIDAPP_PULL_REQUEST_NUMBER || inputs.APP_PR_NUMBER}}-hybrid jobs: @@ -62,6 +65,12 @@ jobs: REQUIRE_APP_DEPLOYER: false OS_BOTIFY_TOKEN: ${{ secrets.OS_BOTIFY_COMMIT_TOKEN }} + - name: Validate that the user reviewed the pull request before running a test build + if: ${{ github.event_name == 'workflow_dispatch' && !inputs.REVIEWED_CODE }} + run: | + echo "::error::🕵️‍♀️ Please carefully review the pull request before running a test build to ensure it does not contain any malicious code" + exit 1 + - name: Validate input if: github.event.inputs.DISPATCHED_MANUALLY run: | @@ -154,7 +163,7 @@ jobs: uses: ./.github/workflows/postBuildStartedComment.yml needs: [getNewDotRef, getOldDotPR, getOldDotRef] secrets: inherit - with: + with: APP_PULL_REQUEST_NUMBER: ${{ inputs.APP_PULL_REQUEST_NUMBER }} HYBRIDAPP_PULL_REQUEST_NUMBER: ${{ github.event.inputs.HYBRIDAPP_PULL_REQUEST_NUMBER || needs.getOldDotPR.outputs.OLD_DOT_PR }} From ed4dc7a67f87d4f3777448e36840b4bf5b7f8708 Mon Sep 17 00:00:00 2001 From: rory Date: Tue, 25 Mar 2025 12:15:00 -0700 Subject: [PATCH 2/2] Add missing type: boolean --- .github/workflows/testBuild.yml | 1 + .github/workflows/testBuildHybrid.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/testBuild.yml b/.github/workflows/testBuild.yml index b0c1db6b72f5..bc17b7311d50 100644 --- a/.github/workflows/testBuild.yml +++ b/.github/workflows/testBuild.yml @@ -8,6 +8,7 @@ on: required: true REVIEWED_CODE: description: I reviewed this pull request and verified that it does not contain any malicious code. + type: boolean required: true default: false WEB: diff --git a/.github/workflows/testBuildHybrid.yml b/.github/workflows/testBuildHybrid.yml index 15011a2227ec..64b6b24b3807 100644 --- a/.github/workflows/testBuildHybrid.yml +++ b/.github/workflows/testBuildHybrid.yml @@ -5,6 +5,7 @@ on: inputs: REVIEWED_CODE: description: I reviewed this pull request and verified that it does not contain any malicious code. + type: boolean required: true default: false # Pull Request number from App repo for correct placement of ND app. If not specified defaults to main branch.