Skip to content

Commit

Permalink
For v1-10-test PRs and pushes, use target branch scripts for images (#…
Browse files Browse the repository at this point in the history 
…12339)

Previously, always master scripts were used to build images
for workflow_run, because workflow_run always runs from master
branch. However that causes some surprising effects becuase the
sripts from master had to support both master and 1.10.

This change utilises a new feature in the "get-workflow-origin"
action - to get the target branch of PR and uses ci scripts from that
target branch.

This is perfectly secure, because both v1-10-test, v1-10-stable
and future 2-0 branches can only be updated by committers,
either by direct push or by merge.

(cherry picked from commit 7c4fe19)
  • Loading branch information
@potiuk @kaxil
potiuk authored and kaxil committed Nov 18, 2020
1 parent 10b7a29 commit ee92e47
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 30 deletions.
12 changes: 9 additions & 3 deletions .github/workflows/build-images-workflow-run.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,13 +53,14 @@ jobs:
targetCommitSha: ${{ steps.source-run-info.outputs.targetCommitSha }}
pullRequestNumber: ${{ steps.source-run-info.outputs.pullRequestNumber }}
pullRequestLabels: ${{ steps.source-run-info.outputs.pullRequestLabels }}
targetBranch: ${{ steps.source-run-info.outputs.targetBranch }}
sourceEvent: ${{ steps.source-run-info.outputs.sourceEvent }}
cacheDirective: ${{ steps.cache-directive.outputs.docker-cache }}
buildImages: ${{ steps.build-images.outputs.buildImages }}
upgradeToLatestConstraints: ${{ steps.upgrade-constraints.outputs.upgradeToLatestConstraints }}
steps:
- name: "Get information about the original trigger of the run"
uses: potiuk/get-workflow-origin@2ef0b065db6b688a2231f8a7f464df1aac254328 # v1_2
uses: potiuk/get-workflow-origin@588cc14f9f1cdf1b8be3db816855e96422204fec # v1_3
id: source-run-info
with:
token: ${{ secrets.GITHUB_TOKEN }}
Expand Down Expand Up @@ -326,17 +327,22 @@ jobs:
[Image Build](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})
for details" }
if: steps.defaults.outputs.proceed == 'true'
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} ) to 'main-airflow' to use main scripts"
- name: >
Checkout "${{ needs.cancel-workflow-runs.outputs.targetBranch }}" branch to 'main-airflow' folder
to use ci/scripts from there.
uses: actions/checkout@v2
with:
path: "main-airflow"
ref: "${{ needs.cancel-workflow-runs.outputs.targetBranch }}"
if: steps.defaults.outputs.proceed == 'true'
- name: "Setup python"
uses: actions/setup-python@v2
with:
python-version: ${{ needs.build-info.outputs.defaultPythonVersion }}
if: steps.defaults.outputs.proceed == 'true'
- name: "Override 'scripts/ci' with the ${{ github.ref }} version so that the PR cannot override it."
- name: >
Override "scripts/ci" with the "${{ needs.cancel-workflow-runs.outputs.targetBranch }}" branch
so that the PR does not override it
# We should not override those scripts which become part of the image as they will not be
# changed in the image built - we should only override those that are executed to build
# the image.
Expand Down
38 changes: 12 additions & 26 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,35 +95,22 @@ jobs:
image-build: ${{ steps.selective-checks.outputs.image-build }}
docs-build: ${{ steps.selective-checks.outputs.docs-build }}
needs-helm-tests: ${{ steps.selective-checks.outputs.needs-helm-tests }}
needs-api-tests: ${{ steps.selective-checks.outputs.needs-api-tests }}
pullRequestNumber: ${{ steps.source-run-info.outputs.pullRequestNumber }}
pullRequestLabels: ${{ steps.source-run-info.outputs.pullRequestLabels }}
steps:
- name: "Get information about the PR"
uses: potiuk/get-workflow-origin@2ef0b065db6b688a2231f8a7f464df1aac254328 # v1_2
uses: potiuk/get-workflow-origin@588cc14f9f1cdf1b8be3db816855e96422204fec # v1_3
id: source-run-info
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
# First fetch the sha of merge commit in case it is pull request so that we can
# Run selective tests
- name: >
Fetch merge commit ${{ github.ref }} ( ${{ github.sha }}:
merge_commit ${{ github.event.pull_request.merge_commit_sha }} )
uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.merge_commit_sha }}
fetch-depth: 2
if: github.event_name == 'pull_request'
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} : merge commit ${{ github.merge_commit_sha }} )"
uses: actions/checkout@v2
- name: >
Event: ${{ github.event_name }}
Repo: ${{ steps.source-run-info.outputs.sourceHeadRepo }}
Branch: ${{ github.head_ref }}
Run id: ${{ github.run_id }}
Sha: ${{ github.sha }}
Merge commit sha: ${{ github.merge_commit_sha }}
Ref: ${{ github.ref }}
run: printenv
- name: Set wait for image
Expand Down Expand Up @@ -164,7 +151,7 @@ jobs:
env:
BACKEND: sqlite
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} : merge commit ${{ github.merge_commit_sha }} )"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v2
if: needs.build-info.outputs.waitForImage == 'true'
- name: "Setup python"
Expand Down Expand Up @@ -199,7 +186,7 @@ jobs:
PYTHON_MAJOR_MINOR_VERSION: ${{needs.build-info.outputs.defaultPythonVersion}}
if: needs.build-info.outputs.basic-checks-only == 'false'
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} : merge commit ${{ github.merge_commit_sha }} )"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v2
- name: "Setup python"
uses: actions/setup-python@v2
Expand Down Expand Up @@ -267,7 +254,7 @@ jobs:
needs: [build-info, ci-images]
if: needs.build-info.outputs.docs-build == 'true'
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} : merge commit ${{ github.merge_commit_sha }})"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v2
- name: "Prepare CI image ${{env.PYTHON_MAJOR_MINOR_VERSION}}:${{ env.GITHUB_REGISTRY_PULL_IMAGE_TAG }}"
run: ./scripts/ci/images/ci_prepare_ci_image_on_ci.sh
Expand Down Expand Up @@ -348,7 +335,7 @@ jobs:
TEST_TYPE: ""
if: needs.build-info.outputs.run-tests == 'true'
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} : merge commit ${{ github.merge_commit_sha }})"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v2
- name: "Setup python"
uses: actions/setup-python@v2
Expand Down Expand Up @@ -400,7 +387,7 @@ jobs:
TEST_TYPE: ""
if: needs.build-info.outputs.run-tests == 'true'
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} : merge commit ${{ github.merge_commit_sha }})"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v2
- name: "Setup python"
uses: actions/setup-python@v2
Expand Down Expand Up @@ -449,7 +436,7 @@ jobs:
TEST_TYPE: ""
if: needs.build-info.outputs.run-tests == 'true'
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} : merge commit ${{ github.merge_commit_sha }})"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v2
- name: "Setup python"
uses: actions/setup-python@v2
Expand Down Expand Up @@ -503,7 +490,7 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
if: needs.build-info.outputs.run-tests == 'true'
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} : merge commit ${{ github.merge_commit_sha }})"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v2
- name: "Setup python"
uses: actions/setup-python@v2
Expand Down Expand Up @@ -628,7 +615,7 @@ jobs:
HELM_VERSION: "${{ needs.build-info.outputs.defaultHelmVersion }}"
if: needs.build-info.outputs.run-kubernetes-tests == 'true'
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} : merge commit ${{ github.merge_commit_sha }})"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v2
- name: "Setup python"
uses: actions/setup-python@v2
Expand Down Expand Up @@ -736,7 +723,7 @@ jobs:
PYTHON_MAJOR_MINOR_VERSION: ${{ matrix.python-version }}
GITHUB_REGISTRY_PUSH_IMAGE_TAG: "latest"
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} : merge commit ${{ github.merge_commit_sha }})"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v2
- name: "Setup python"
uses: actions/setup-python@v2
Expand Down Expand Up @@ -764,7 +751,7 @@ jobs:
PYTHON_MAJOR_MINOR_VERSION: ${{ matrix.python-version }}
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/v1-10-test'
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} : merge commit ${{ github.merge_commit_sha }})"
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v2
- name: "Setup python"
uses: actions/setup-python@v2
Expand All @@ -790,7 +777,6 @@ jobs:
- build-info
- constraints
- static-checks
- static-checks-pylint
- tests-sqlite
- tests-mysql
- tests-postgres
Expand All @@ -814,7 +800,7 @@ jobs:
- name: "Commit changed constraint files for ${{needs.build-info.outputs.pythonVersions}}"
run: ./scripts/ci/constraints/ci_commit_constraints.sh
- name: "Push changes"
uses: ad-m/github-push-action@master
uses: ad-m/github-push-action@40bf560936a8022e68a3c00e7d2abefaf01305a6 # v0.6.0
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
branch: ${{ steps.constraints-branch.outputs.branch }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/label_when_reviewed_workflow_run.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ jobs:
labelSet: ${{ steps.label-when-reviewed.outputs.labelSet }}
steps:
- name: "Get information about the original trigger of the run"
uses: potiuk/get-workflow-origin@2ef0b065db6b688a2231f8a7f464df1aac254328 # v1_2
uses: potiuk/get-workflow-origin@588cc14f9f1cdf1b8be3db816855e96422204fec # v1_3
id: source-run-info
with:
token: ${{ secrets.GITHUB_TOKEN }}
Expand Down

0 comments on commit ee92e47

Please sign in to comment.