Allow slash commands on PRs from forks (#9742)

This enables all slash commands to also work on PRs created from forks. This will not run CI on PRs coming from a fork. There are unfortunately some limitations around injecting secrets in pull_request actions, which I described in detail in this comment. I've done most of the testing for this in https://github.com/timroes/github-actions-test to test out that the context are set the way I'd expect them. There's one risk: if any of the actual build scripts called by one of the slash commands would use this repository hard-coded they might fail. I've tried to search through the whole code base and don't believe this is the case.
airbytehq · Mar 8, 2022 · 3df0619 · 3df0619
1 parent f232bd5
commit 3df0619
Show file tree

Hide file tree

Showing 8 changed files with 83 additions and 7 deletions.
diff --git a/.github/workflows/gke-kube-test-command.yml b/.github/workflows/gke-kube-test-command.yml
@@ -4,6 +4,14 @@ on:
     - cron: '0 */6 * * *'
   workflow_dispatch:
     inputs:
+      repo:
+        description: "Repo to check out code from. Defaults to the main airbyte repo. Set this when building connectors from forked repos."
+        required: false
+        default: "airbytehq/airbyte"
+      gitref:
+        description: "The git ref to check out from the specified repository."
+        required: false
+        default: master
       comment-id:
         description: 'The comment-id of the slash command. Used to update the comment with the status.'
         required: false
@@ -19,6 +27,9 @@ jobs:
     steps:
       - name: Checkout Airbyte
         uses: actions/checkout@v2
+        with:
+          repository: ${{ github.event.inputs.repo }}
+          ref: ${{ github.event.inputs.gitref }}
       - name: Start AWS Runner
         id: start-ec2-runner
         uses: ./.github/actions/start-aws-runner
@@ -43,6 +54,9 @@ jobs:
 
       - name: Checkout Airbyte
         uses: actions/checkout@v2
+        with:
+          repository: ${{ github.event.inputs.repo }}
+          ref: ${{ github.event.inputs.gitref }}
 
       - uses: actions/setup-java@v1
         with:

diff --git a/.github/workflows/publish-cdk-command.yml b/.github/workflows/publish-cdk-command.yml
@@ -2,6 +2,14 @@ name: Publish CDK
 on:
   workflow_dispatch:
     inputs:
+      repo:
+        description: "Repo to check out code from. Defaults to the main airbyte repo. Set this when building connectors from forked repos."
+        required: false
+        default: "airbytehq/airbyte"
+      gitref:
+        description: "The git ref to check out from the specified repository."
+        required: false
+        default: master
       dry-run:
         description: 'By default dry-run publishes to Test PyPi. Use "false" to publish to actual PyPi servers.'
         required: false
@@ -26,6 +34,9 @@ jobs:
           java-version: '17'
       - name: Checkout Airbyte
         uses: actions/checkout@v2
+        with:
+          repository: ${{ github.event.inputs.repo }}
+          ref: ${{ github.event.inputs.gitref }}
       - name: Build CDK Package
         run: SUB_BUILD=CONNECTORS_BASE ./gradlew --no-daemon --no-build-cache :airbyte-cdk:python:build
       - name: Add Failure Comment
@@ -56,6 +67,9 @@ jobs:
           echo "pypi_url=https://test.pypi.org/legacy/" >> $GITHUB_ENV
       - name: Checkout Airbyte
         uses: actions/checkout@v2
+        with:
+          repository: ${{ github.event.inputs.repo }}
+          ref: ${{ github.event.inputs.gitref }}
       - name: Publish Python Package
         uses: mariamrf/py-package-publish-action@v1.1.0
         with:

diff --git a/.github/workflows/publish-command.yml b/.github/workflows/publish-command.yml
@@ -2,6 +2,14 @@ name: Publish Connector Image
 on:
   workflow_dispatch:
     inputs:
+      repo:
+        description: "Repo to check out code from. Defaults to the main airbyte repo. Set this when building connectors from forked repos."
+        required: false
+        default: "airbytehq/airbyte"
+      gitref:
+        description: "The git ref to check out from the specified repository."
+        required: false
+        default: master
       connector:
         description: "Airbyte Connector"
         required: true
@@ -26,7 +34,8 @@ jobs:
       - name: Checkout Airbyte
         uses: actions/checkout@v2
         with:
-          repository: ${{github.event.pull_request.head.repo.full_name}} # always use the branch's repository
+          repository: ${{ github.event.inputs.repo }}
+          ref: ${{ github.event.inputs.gitref }}
       - name: Start AWS Runner
         id: start-ec2-runner
         uses: ./.github/actions/start-aws-runner
@@ -66,7 +75,8 @@ jobs:
       - name: Checkout Airbyte
         uses: actions/checkout@v2
         with:
-          repository: ${{github.event.pull_request.head.repo.full_name}} # always use the branch's repository
+          repository: ${{ github.event.inputs.repo }}
+          ref: ${{ github.event.inputs.gitref }}
       - name: Install Java
         uses: actions/setup-java@v1
         with:

diff --git a/.github/workflows/publish-external-command.yml b/.github/workflows/publish-external-command.yml
@@ -11,6 +11,14 @@ on:
       comment-id:
         description: "The comment-id of the slash command. Used to update the comment with the status."
         required: false
+      repo:
+        description: "Repo to check out code from. Defaults to the main airbyte repo. Set this when building connectors from forked repos."
+        required: false
+        default: "airbytehq/airbyte"
+      gitref:
+        description: "The git ref to check out from the specified repository."
+        required: false
+        default: master
 
 jobs:
   ## Gradle Build
@@ -25,7 +33,8 @@ jobs:
       - name: Checkout Airbyte
         uses: actions/checkout@v2
         with:
-          repository: ${{github.event.pull_request.head.repo.full_name}} # always use the branch's repository
+          repository: ${{ gituhb.event.inputs.repo }}
+          ref: ${{ github.event.inputs.gitref }}
       - name: Start AWS Runner
         id: start-ec2-runner
         uses: ./.github/actions/start-aws-runner
@@ -55,7 +64,8 @@ jobs:
       - name: Checkout Airbyte
         uses: actions/checkout@v2
         with:
-          repository: ${{github.event.pull_request.head.repo.full_name}} # always use the branch's repository
+          repository: ${{ gituhb.event.inputs.repo }}
+          ref: ${{ github.event.inputs.gitref }}
       - run: |
           echo "$SPEC_CACHE_SERVICE_ACCOUNT_KEY" > spec_cache_key_file.json && docker login -u airbytebot -p ${DOCKER_PASSWORD}
           ./tools/integrations/manage.sh publish_external ${{ github.event.inputs.connector }} ${{ github.event.inputs.version }}

diff --git a/.github/workflows/run-specific-test.yml → ...b/workflows/run-specific-test-command.yml b/.github/workflows/run-specific-test.yml → ...b/workflows/run-specific-test-command.yml
@@ -2,6 +2,14 @@ name: performance-test
 on:
   workflow_dispatch:
     inputs:
+      repo:
+        description: "Repo to check out code from. Defaults to the main airbyte repo. Set this when building connectors from forked repos."
+        required: false
+        default: "airbytehq/airbyte"
+      gitref:
+        description: "The git ref to check out from the specified repository."
+        required: false
+        default: master
       test-name:
         description: "Test to run classname"
         required: true
@@ -15,6 +23,9 @@ jobs:
     steps:
       - name: Checkout Airbyte
         uses: actions/checkout@v2
+        with:
+          repository: ${{ github.event.inputs.repo }}
+          ref: ${{ github.event.inputs.gitref }}
 
       - name: Npm Caching
         uses: actions/cache@v2

diff --git a/.github/workflows/slash-commands.yml b/.github/workflows/slash-commands.yml
@@ -6,15 +6,19 @@ jobs:
   slashCommandDispatch:
     runs-on: ubuntu-latest
     steps:
-      - name: Get PR Ref
+      - name: Get PR repo and ref
         id: getref
         run: |
-          echo "::set-output name=ref::$(curl ${{ github.event.issue.pull_request.url }} | jq -r '.head.ref')"
+          pr_info="$(curl ${{ github.event.issue.pull_request.url }})"
+          echo ::set-output name=ref::"$(echo $pr_info | jq -r '.head.ref')"
+          echo ::set-output name=repo::"$(echo $pr_info | jq -r '.head.repo.full_name')"
       - name: Slash Command Dispatch
         id: scd
         uses: peter-evans/slash-command-dispatch@v2
         with:
           token: ${{ secrets.SLASH_COMMAND_PAT }}
+          # Only allow slash commands on pull request (not on issues)
+          issue-type: pull-request
           commands: |
             test
             test-performance
@@ -24,7 +28,8 @@ jobs:
             gke-kube-test
             run-specific-test
           static-args: |
-            ref=${{ steps.getref.outputs.ref }}
+            repo=${{ steps.getref.outputs.repo }}
+            gitref=${{ steps.getref.outputs.ref }}
             comment-id=${{ github.event.comment.id }}
           dispatch-type: workflow
       - name: Edit comment with error message

diff --git a/.github/workflows/test-command.yml b/.github/workflows/test-command.yml
@@ -9,6 +9,10 @@ on:
         description: "Repo to check out code from. Defaults to the main airbyte repo. Set this when building connectors from forked repos."
         required: false
         default: "airbytehq/airbyte"
+      gitref:
+        description: "The git ref to check out from the specified repository."
+        required: false
+        default: master
       comment-id:
         description: "The comment-id of the slash command. Used to update the comment with the status."
         required: false
@@ -26,6 +30,7 @@ jobs:
         uses: actions/checkout@v2
         with:
           repository: ${{ github.event.inputs.repo }}
+          ref: ${{ github.event.inputs.gitref }}
       - name: Start AWS Runner
         id: start-ec2-runner
         uses: ./.github/actions/start-aws-runner
@@ -62,6 +67,7 @@ jobs:
         uses: actions/checkout@v2
         with:
           repository: ${{ github.event.inputs.repo }}
+          ref: ${{ github.event.inputs.gitref }}
       - name: Install Java
         uses: actions/setup-java@v1
         with:

diff --git a/.github/workflows/test-performance-command.yml b/.github/workflows/test-performance-command.yml
@@ -9,6 +9,10 @@ on:
         description: "Repo to check out code from. Defaults to the main airbyte repo. Set this when building connectors from forked repos."
         required: false
         default: "airbytehq/airbyte"
+      gitref:
+        description: "The git ref to check out from the specified repository."
+        required: false
+        default: master
       comment-id:
         description: "The comment-id of the slash command. Used to update the comment with the status."
         required: false
@@ -32,6 +36,7 @@ jobs:
         uses: actions/checkout@v2
         with:
           repository: ${{ github.event.inputs.repo }}
+          ref: ${{ github.event.inputs.gitref }}
       - name: Start AWS Runner
         id: start-ec2-runner
         uses: ./.github/actions/start-aws-runner
@@ -68,6 +73,7 @@ jobs:
         uses: actions/checkout@v2
         with:
           repository: ${{ github.event.inputs.repo }}
+          ref: ${{ github.event.inputs.gitref }}
       - name: Install Java
         uses: actions/setup-java@v1
         with: