From 2be2e1270bb8464b54f1d7914f372bc1123f247c Mon Sep 17 00:00:00 2001 From: Chris Mitchell Date: Fri, 21 Nov 2025 10:34:12 +1300 Subject: [PATCH 1/3] ci: Swap to pull_request_target trigger Required to allow reading of secret --- .github/workflows/build-lint-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-lint-test.yml b/.github/workflows/build-lint-test.yml index 22a92fba..b76e6360 100644 --- a/.github/workflows/build-lint-test.yml +++ b/.github/workflows/build-lint-test.yml @@ -4,7 +4,7 @@ on: push: branches: - master - pull_request: + pull_request_target: types: [opened, reopened, synchronize] jobs: From 9bde1e1f840e7418843a24055455ddeab98a0b27 Mon Sep 17 00:00:00 2001 From: Chris Mitchell Date: Tue, 25 Nov 2025 12:30:58 +1300 Subject: [PATCH 2/3] ci: use prism script from master branch prevent the ability to modify the prism script from pr branch --- .github/workflows/build-lint-test.yml | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build-lint-test.yml b/.github/workflows/build-lint-test.yml index b76e6360..e45558ec 100644 --- a/.github/workflows/build-lint-test.yml +++ b/.github/workflows/build-lint-test.yml @@ -15,9 +15,17 @@ jobs: - name: Checkout Xero-Java repo uses: actions/checkout@v4 with: - repository: XeroAPI/Xero-Java + ref: ${{ github.event.pull_request.head.ref }} path: Xero-Java + - name: Checkout start-prism.sh from master + uses: actions/checkout@v4 + with: + ref: master + path: prism-script + sparse-checkout: src/test/java/com/xero/api/util/start-prism.sh + sparse-checkout-cone-mode: false + - name: Set up JDK environment uses: actions/setup-java@v4 with: @@ -41,7 +49,7 @@ jobs: - name: Start PRISM Server run: ./start-prism.sh feature/prism-changes-mt-v2 & sleep 15 - working-directory: Xero-Java/src/test/java/com/xero/api/util + working-directory: prism-script/src/test/java/com/xero/api/util - name: Build and test post generation run: | @@ -50,7 +58,3 @@ jobs: env: MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} working-directory: Xero-Java - - - name: Stop PRISM - run: pkill -f prism - working-directory: Xero-Java From 2554093aea2331145f48e3aae62e7c01c0f7defa Mon Sep 17 00:00:00 2001 From: Chris Mitchell Date: Tue, 25 Nov 2025 14:32:33 +1300 Subject: [PATCH 3/3] ci: remove use of gpg key --- .github/workflows/build-lint-test.yml | 24 +++--------------------- 1 file changed, 3 insertions(+), 21 deletions(-) diff --git a/.github/workflows/build-lint-test.yml b/.github/workflows/build-lint-test.yml index e45558ec..360dc2b2 100644 --- a/.github/workflows/build-lint-test.yml +++ b/.github/workflows/build-lint-test.yml @@ -4,7 +4,7 @@ on: push: branches: - master - pull_request_target: + pull_request: types: [opened, reopened, synchronize] jobs: @@ -15,17 +15,8 @@ jobs: - name: Checkout Xero-Java repo uses: actions/checkout@v4 with: - ref: ${{ github.event.pull_request.head.ref }} path: Xero-Java - - name: Checkout start-prism.sh from master - uses: actions/checkout@v4 - with: - ref: master - path: prism-script - sparse-checkout: src/test/java/com/xero/api/util/start-prism.sh - sparse-checkout-cone-mode: false - - name: Set up JDK environment uses: actions/setup-java@v4 with: @@ -33,12 +24,6 @@ jobs: java-version: '11' cache: maven - - name: Import GPG Key - run: | - echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --batch --import - env: - GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY}} - - name: Set up Node environment uses: actions/setup-node@v2 with: @@ -49,12 +34,9 @@ jobs: - name: Start PRISM Server run: ./start-prism.sh feature/prism-changes-mt-v2 & sleep 15 - working-directory: prism-script/src/test/java/com/xero/api/util + working-directory: Xero-Java/src/test/java/com/xero/api/util - name: Build and test post generation run: | - export GPG_TTY=$(tty) - mvn clean verify - env: - MAVEN_GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + mvn clean verify -Dgpg.skip working-directory: Xero-Java