Conversation
Julesssss
changed the title
Julesssss
force-pushed
the
jules-setupGithubActions
branch
from
de8bc51 to
b14e13b
Compare
Julesssss
force-pushed
the
jules-setupGithubActions
branch
from
b14e13b to
b7a1179
Compare
Julesssss
force-pushed
the
jules-setupGithubActions
branch
2 times, most recently
from
f66a6f4 to
acdf2a2
Compare
Julesssss
force-pushed
the
jules-setupGithubActions
branch
from
acdf2a2 to
e4a7bd2
Compare
|
| run: git checkout -b version-bump-${{ github.sha }} | ||
|
|
||
| - name: Generate version | ||
| run: npm version patch -m "Update version to %s" |
There was a problem hiding this comment.
'npm version patch' is the only change from our existing ReactNativeChat Actions
.github/workflows/verision.yml
Outdated
| with: | ||
| ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} | ||
|
|
||
| - name: Install dependenices |
sketchydroide
left a comment
sketchydroide
left a comment
There was a problem hiding this comment.
Looks great, just a typo found I think
|
Would you mind adding two commits to ensure that the linting is working?
|
|
Action failed successfully: https://github.com/Expensify/react-native-onyx/pull/4/checks?check_run_id=1413126745 |
|
Thanks for reviews and test suggestions. Please see above for example of a failing lint Action |
|
Awesome, thanks! |
|
As soon as I merged this I realized we were probably forgetting one workflow: https://github.com/Expensify/ReactNativeChat/blob/master/.github/workflows/automerge.yml The version action will create the PR here: #6 But it won't automatically merge it until we have the automerge action in place. |
|
Also.. We might want to beef up the security checks on https://github.com/Expensify/ReactNativeChat/blob/master/.github/workflows/automerge.yml - As I believe right now any PR that is labeled "auto merge" will be merged automatically, which works for internal use, but might be a bit riskier for open source usage. |
|
Yeah, I agree. That doesn't seem very safe when it becomes open-source.
…On Tue, Nov 17, 2020 at 11:16 AM Andrew Gable ***@***.***> wrote:
Also.. We might want to beef up the security checks on
https://github.com/Expensify/ReactNativeChat/blob/master/.github/workflows/automerge.yml
- As I believe right now any PR that is labeled "auto merge" will be merged
automatically, which works for internal use, but might be a bit riskier for
open source usage.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#4 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAJMAB7D5PERNYDWADVDRR3SQK4WVANCNFSM4TTTDBPQ>
.
|
|
Thanks for adding the automerge Action @AndrewGable |
|
On that note, I raised a point regarding Github Action security yesterday in Infra -- It looks like we'll need to block Actions from running on forked PRs. |
|
If they don't run on forked PRs, how do we verify they are linted correctly? |
Exactly -- this is obviously not going to be acceptable, so we will need to verify the security concern or look into alternatives. The initial concern was that anyone can create Actions that run against the repo, and in theory would be able to expose our repo secrets. |
|
Opened an issue to collect and thoughts regarding this: https://github.com/Expensify/Expensify/issues/146339 |
4 participants
CC @tgolen @AndrewGable
Onyx is now a standalone package, we need to setup automated actions for versioning and linting.
Fixed Issues
Fixes: https://github.com/Expensify/Expensify/issues/145386
Tests
Added two commits to test the lint script
Pre-merge
Post-Merge
x.x.x, push the tag and auto-merge the version bump PR