Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci(secrets): allow ci to use gh package secrets #149

Merged
merged 4 commits into from
Jun 15, 2023
Merged

ci(secrets): allow ci to use gh package secrets #149

merged 4 commits into from
Jun 15, 2023

Conversation

maxcao13
Copy link
Member

@maxcao13 maxcao13 commented Jun 13, 2023
edited
Loading

Fixes #126

Not sure if it works because my fork doesn't own a gh repo token that is authenticated for use for pulling a -core dependency - does the fix make sense?

ebaron
ebaron reviewed Jun 13, 2023
View reviewed changes
Copy link
Member

@ebaron ebaron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This makes sense, but we'll want to guard against unauthorized access to secrets using the safe-to-test label used in other repos:
https://github.com/cryostatio/cryostat/blob/7ec485552750296463d19ad9075347badc60c312/.github/workflows/pr-ci.yml#L29

We'll also need to revise the repo and ref that gets checked out for PRs:
https://github.com/cryostatio/cryostat-operator/blob/1a02ba82282cec37931b9993970dc416c0e1d08a/.github/workflows/ci.yaml#L45-L46

@maxcao13
checkout correct -core + safe-to-test label
f0cf952 
Signed-off-by: Max Cao <macao@redhat.com>
@maxcao13
revert
4060734 
Signed-off-by: Max Cao <macao@redhat.com>
@maxcao13
checkout pr head
de02505 
Signed-off-by: Max Cao <macao@redhat.com>
@andrewazores andrewazores merged commit f0744e9 into cryostatio:main Jun 15, 2023
6 checks passed
@andrewazores
Copy link
Member

Whoops:

https://github.com/cryostatio/cryostat-agent/actions/runs/5279418179/jobs/9550060578

The safe-to-test label needs to be checked only for PR CI runs, not on push (merge) to main.

This repo doesn't currently have a split definition for push-ci vs pr-ci, so I think it'll need that done too.

@andrewazores andrewazores mentioned this pull request Jun 15, 2023
Closed
@ebaron
Copy link
Member

ebaron commented Jun 15, 2023

Whoops:

https://github.com/cryostatio/cryostat-agent/actions/runs/5279418179/jobs/9550060578

The safe-to-test label needs to be checked only for PR CI runs, not on push (merge) to main.

This repo doesn't currently have a split definition for push-ci vs pr-ci, so I think it'll need that done too.

This is how @tthvo worked around it in the operator CI: https://github.com/cryostatio/cryostat-operator/blob/1a02ba82282cec37931b9993970dc416c0e1d08a/.github/workflows/ci.yaml#L41

@andrewazores
Copy link
Member

That's a good solution too, that way it keeps the single definition but has that conditional check only when applied to a PR run.

@maxcao13 maxcao13 deleted the ci-download-core branch June 16, 2023 17:33
@tthvo tthvo mentioned this pull request Jun 20, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ebaron ebaron ebaron left review comments

@andrewazores andrewazores andrewazores approved these changes

Assignees
No one assigned
Labels
ci fix
Projects
No open projects
2.4.0 release
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Task] CI fails to download cryostat-core dependency
3 participants
@maxcao13 @andrewazores @ebaron