From 5fd00bc830bebadb8ee08123aa5bff36d4b82bc3 Mon Sep 17 00:00:00 2001
From: Gilberto Bertin <gilberto@isovalent.com>
Date: Tue, 25 Jan 2022 18:37:44 +0100
Subject: [PATCH 1/2] workflows: enable CI for feature branches

[ upstream commit c7d983637515c1010cc7db4d3c0ed75e8abb5a88 ]

This commit enables CI for all feature branches based on the v1.10 one.

The naming convention for the base feature branch is:

  ft/v1.10/<feature>

Signed-off-by: Gilberto Bertin <gilberto@isovalent.com>
---
 .github/workflows/build-images-ci.yaml  | 1 +
 .github/workflows/conformance-kind.yaml | 1 +
 .github/workflows/documentation.yaml    | 1 +
 .github/workflows/lint-bpf-checks.yaml  | 1 +
 .github/workflows/lint-codeql.yaml      | 2 ++
 .github/workflows/lint-go.yaml          | 1 +
 .github/workflows/lint-images-base.yaml | 1 +
 .github/workflows/tests-smoke-ipv6.yaml | 1 +
 .github/workflows/tests-smoke.yaml      | 1 +
 9 files changed, 10 insertions(+)

diff --git a/.github/workflows/build-images-ci.yaml b/.github/workflows/build-images-ci.yaml
index 7d249630c26f..85817e0d454f 100644
--- a/.github/workflows/build-images-ci.yaml
+++ b/.github/workflows/build-images-ci.yaml
@@ -10,6 +10,7 @@ on:
   push:
     branches:
       - v1.10
+      - ft/v1.10/**
 
 permissions: read-all
 
diff --git a/.github/workflows/conformance-kind.yaml b/.github/workflows/conformance-kind.yaml
index e46cab47adb8..f6a3a9e4e037 100644
--- a/.github/workflows/conformance-kind.yaml
+++ b/.github/workflows/conformance-kind.yaml
@@ -9,6 +9,7 @@ on:
   push:
     branches:
       - v1.10
+      - ft/v1.10/**
     paths-ignore:
       - 'Documentation/**'
       - 'test/**'
diff --git a/.github/workflows/documentation.yaml b/.github/workflows/documentation.yaml
index edc695c389cc..c61799f2d0b3 100644
--- a/.github/workflows/documentation.yaml
+++ b/.github/workflows/documentation.yaml
@@ -6,6 +6,7 @@ on:
   push:
     branches:
       - v1.10
+      - ft/v1.10/**
 
 permissions: read-all
 
diff --git a/.github/workflows/lint-bpf-checks.yaml b/.github/workflows/lint-bpf-checks.yaml
index 8b4ec2418d02..8fe7d690b2c2 100644
--- a/.github/workflows/lint-bpf-checks.yaml
+++ b/.github/workflows/lint-bpf-checks.yaml
@@ -6,6 +6,7 @@ on:
   push:
     branches:
       - v1.10
+      - ft/v1.10/**
 
 permissions: read-all
 
diff --git a/.github/workflows/lint-codeql.yaml b/.github/workflows/lint-codeql.yaml
index 565c75b49b0d..d1a2ed9451a9 100644
--- a/.github/workflows/lint-codeql.yaml
+++ b/.github/workflows/lint-codeql.yaml
@@ -4,9 +4,11 @@ on:
   pull_request:
     branches:
       - v1.10
+      - ft/v1.10/**
   push:
     branches:
       - v1.10
+      - ft/v1.10/**
   schedule:
     - cron: "45 6 * * 3"
 
diff --git a/.github/workflows/lint-go.yaml b/.github/workflows/lint-go.yaml
index 2fffa82931b6..2f5857cdc07b 100644
--- a/.github/workflows/lint-go.yaml
+++ b/.github/workflows/lint-go.yaml
@@ -6,6 +6,7 @@ on:
   push:
     branches:
       - v1.10
+      - ft/v1.10/**
 
 permissions: read-all
 
diff --git a/.github/workflows/lint-images-base.yaml b/.github/workflows/lint-images-base.yaml
index bf9a7899c108..83886e4fc4bd 100644
--- a/.github/workflows/lint-images-base.yaml
+++ b/.github/workflows/lint-images-base.yaml
@@ -10,6 +10,7 @@ on:
   push:
     branches:
       - v1.10
+      - ft/v1.10/**
 
 permissions: read-all
 
diff --git a/.github/workflows/tests-smoke-ipv6.yaml b/.github/workflows/tests-smoke-ipv6.yaml
index e52e94576a57..29671780a382 100644
--- a/.github/workflows/tests-smoke-ipv6.yaml
+++ b/.github/workflows/tests-smoke-ipv6.yaml
@@ -6,6 +6,7 @@ on:
   push:
     branches:
       - v1.10
+      - ft/v1.10/**
 
 permissions: read-all
 
diff --git a/.github/workflows/tests-smoke.yaml b/.github/workflows/tests-smoke.yaml
index 79d5134dd594..8642eed5ea70 100644
--- a/.github/workflows/tests-smoke.yaml
+++ b/.github/workflows/tests-smoke.yaml
@@ -6,6 +6,7 @@ on:
   push:
     branches:
       - v1.10
+      - ft/v1.10/**
 
 permissions: read-all
 

From 93832637215d6fb742c07d2bd49448ed8be262cb Mon Sep 17 00:00:00 2001
From: Gilberto Bertin <gilberto@isovalent.com>
Date: Wed, 26 Jan 2022 13:50:30 +0100
Subject: [PATCH 2/2] workflows: allow CI to run on fork repositories

[ upstream commit cc85af87ac65afebf047d1d7a20a7ce2aa16c4d6 ]

Currently CI will run only on the base cilium/cilium repo, due to a
check in most workflows in the form of:

    if: ${{ github.repository == 'cilium/cilium' }}

The original intent of this check was to avoid running CI on forks,
since workflow secrets are usually not configured, resulting in multiple
failures.

It turned out that the ability to run CI on forks is something useful to
have, and as a bonus point it would ease the development and maintenance
of new and existing workflows.

Because of this, this commit removes the aforementioned check.

Signed-off-by: Gilberto Bertin <gilberto@isovalent.com>
---
 .github/workflows/build-images-base.yaml     | 2 --
 .github/workflows/build-images-ci.yaml       | 3 ---
 .github/workflows/build-images-hotfixes.yaml | 2 --
 .github/workflows/build-images-releases.yaml | 2 --
 .github/workflows/lint-codeql.yaml           | 4 ++--
 .github/workflows/lint-images-base.yaml      | 1 -
 .github/workflows/tests-nightly.yaml         | 2 --
 .github/workflows/tests-smoke-ipv6.yaml      | 2 +-
 .github/workflows/tests-smoke.yaml           | 2 +-
 9 files changed, 4 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/build-images-base.yaml b/.github/workflows/build-images-base.yaml
index 25f417cbe958..0d9a5b97230e 100644
--- a/.github/workflows/build-images-base.yaml
+++ b/.github/workflows/build-images-base.yaml
@@ -20,7 +20,6 @@ concurrency:
 jobs:
   build-and-push:
     timeout-minutes: 30
-    if: ${{ github.repository == 'cilium/cilium' }}
     environment: release-base-images
     runs-on: ubuntu-20.04
     strategy:
@@ -112,7 +111,6 @@ jobs:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
 
   image-digests:
-    if: ${{ github.repository == 'cilium/cilium' }}
     name: Display Digests
     runs-on: ubuntu-20.04
     needs: build-and-push
diff --git a/.github/workflows/build-images-ci.yaml b/.github/workflows/build-images-ci.yaml
index 85817e0d454f..5c36adee6f06 100644
--- a/.github/workflows/build-images-ci.yaml
+++ b/.github/workflows/build-images-ci.yaml
@@ -20,7 +20,6 @@ concurrency:
 
 jobs:
   build-and-push-prs:
-    if: ${{ github.repository == 'cilium/cilium' }}
     runs-on: ubuntu-20.04
     strategy:
       matrix:
@@ -181,7 +180,6 @@ jobs:
   # this is caused by running apt while building the image
   # which requires qemu setup in order to avoid x86/arm64 binaries mixups
   build-and-push-with-qemu:
-    if: ${{ github.repository == 'cilium/cilium' }}
     runs-on: ubuntu-20.04
     strategy:
       matrix:
@@ -258,7 +256,6 @@ jobs:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
 
   image-digests:
-    if: ${{ github.repository == 'cilium/cilium' }}
     name: Display Digests
     runs-on: ubuntu-20.04
     needs: [build-and-push-prs, build-and-push-with-qemu]
diff --git a/.github/workflows/build-images-hotfixes.yaml b/.github/workflows/build-images-hotfixes.yaml
index b022e6502a2f..a10056dffed0 100644
--- a/.github/workflows/build-images-hotfixes.yaml
+++ b/.github/workflows/build-images-hotfixes.yaml
@@ -9,7 +9,6 @@ permissions: read-all
 
 jobs:
   build-and-push:
-    if: ${{ github.repository == 'cilium/cilium' }}
     environment: release-developer-images
     runs-on: ubuntu-20.04
     strategy:
@@ -114,7 +113,6 @@ jobs:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
 
   image-digests:
-    if: ${{ github.repository == 'cilium/cilium' }}
     name: Display Digests
     runs-on: ubuntu-20.04
     needs: build-and-push
diff --git a/.github/workflows/build-images-releases.yaml b/.github/workflows/build-images-releases.yaml
index ec73869fe343..472a346a1bd7 100644
--- a/.github/workflows/build-images-releases.yaml
+++ b/.github/workflows/build-images-releases.yaml
@@ -10,7 +10,6 @@ permissions: read-all
 
 jobs:
   build-and-push:
-    if: ${{ github.repository == 'cilium/cilium' }}
     environment: release
     runs-on: ubuntu-20.04
     strategy:
@@ -118,7 +117,6 @@ jobs:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
 
   image-digests:
-    if: ${{ github.repository == 'cilium/cilium' }}
     name: Display Digests
     runs-on: ubuntu-20.04
     needs: build-and-push
diff --git a/.github/workflows/lint-codeql.yaml b/.github/workflows/lint-codeql.yaml
index d1a2ed9451a9..a3f8e42bd96c 100644
--- a/.github/workflows/lint-codeql.yaml
+++ b/.github/workflows/lint-codeql.yaml
@@ -17,7 +17,7 @@ permissions: read-all
 jobs:
   check_changes:
     name: Deduce required tests from code changes
-    if: ${{ github.repository == 'cilium/cilium' && github.event_name == 'pull_request' }}
+    if: ${{ github.event_name == 'pull_request' }}
     runs-on: ubuntu-18.04
     outputs:
       go-changes: ${{ steps.go-changes.outputs.src }}
@@ -42,7 +42,7 @@ jobs:
 
   analyze:
     needs: check_changes
-    if: ${{ github.repository == 'cilium/cilium' && (needs.check_changes.outputs.go-changes == 'true' || github.event_name != 'pull_request') }}
+    if: ${{ needs.check_changes.outputs.go-changes == 'true' || github.event_name != 'pull_request' }}
     runs-on: ubuntu-18.04
     steps:
     - name: Checkout repo
diff --git a/.github/workflows/lint-images-base.yaml b/.github/workflows/lint-images-base.yaml
index 83886e4fc4bd..32c0e3ccb184 100644
--- a/.github/workflows/lint-images-base.yaml
+++ b/.github/workflows/lint-images-base.yaml
@@ -20,7 +20,6 @@ concurrency:
 
 jobs:
   lint:
-    if: github.repository == 'cilium/cilium'
     name: Lint image build logic
     runs-on: ubuntu-20.04
     steps:
diff --git a/.github/workflows/tests-nightly.yaml b/.github/workflows/tests-nightly.yaml
index cc9f99ee8310..1c705b0d84d8 100644
--- a/.github/workflows/tests-nightly.yaml
+++ b/.github/workflows/tests-nightly.yaml
@@ -8,7 +8,6 @@ permissions: read-all
 jobs:
   policy-stress-test:
     name: Start Nightly Policy Stress tests
-    if: github.repository == 'cilium/cilium'
     runs-on: ubuntu-18.04
     steps:
       - name: Request GKE test cluster
@@ -20,7 +19,6 @@ jobs:
           args: --namespace=test-clusters --image=quay.io/cilium/cilium-test-ci:${{ github.sha }} "/usr/local/bin/cilium-test-gke.sh" "quay.io/cilium/cilium-ci:${{ github.sha }}" "quay.io/cilium/operator-generic-ci:${{ github.sha }}" "quay.io/cilium/hubble-relay-ci:${{ github.sha }}" "NightlyPolicyStress"
   baseline-test:
     name: Start performance test
-    if: github.repository == 'cilium/cilium'
     runs-on: ubuntu-20.04
     steps:
       - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
diff --git a/.github/workflows/tests-smoke-ipv6.yaml b/.github/workflows/tests-smoke-ipv6.yaml
index 29671780a382..705a77b535d4 100644
--- a/.github/workflows/tests-smoke-ipv6.yaml
+++ b/.github/workflows/tests-smoke-ipv6.yaml
@@ -44,7 +44,7 @@ jobs:
 
   conformance-test-ipv6:
     needs: check_changes
-    if: ${{ github.repository == 'cilium/cilium' && needs.check_changes.outputs.tested == 'true' }}
+    if: ${{ needs.check_changes.outputs.tested == 'true' }}
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
diff --git a/.github/workflows/tests-smoke.yaml b/.github/workflows/tests-smoke.yaml
index 8642eed5ea70..db8bf40cd36b 100644
--- a/.github/workflows/tests-smoke.yaml
+++ b/.github/workflows/tests-smoke.yaml
@@ -99,7 +99,7 @@ jobs:
 
   conformance-test:
     needs: check_changes
-    if: ${{ github.repository == 'cilium/cilium' && needs.check_changes.outputs.tested == 'true' }}
+    if: ${{ needs.check_changes.outputs.tested == 'true' }}
     runs-on: ubuntu-latest
     steps:
       - name: Checkout