From a5dacc231540026ab0fd5f12bb2fdd1e82d6ba94 Mon Sep 17 00:00:00 2001 From: Yair <39923744+yaira2@users.noreply.github.com> Date: Thu, 4 Apr 2024 12:58:09 -0400 Subject: [PATCH 1/2] GitHub: Migrate to trusted-signing --- .github/workflows/cd-preview.yml | 2 +- .github/workflows/cd-stable.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cd-preview.yml b/.github/workflows/cd-preview.yml index f3ac13d71cec..0c71957410b3 100644 --- a/.github/workflows/cd-preview.yml +++ b/.github/workflows/cd-preview.yml @@ -102,7 +102,7 @@ jobs: $fileContent | Set-Content $localFilePath - name: Sign files with Azure Code Signing - uses: azure/trusted-signing-action@v0.3.16 + uses: azure/trusted-signing-action@v0.3.15 with: azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} diff --git a/.github/workflows/cd-stable.yml b/.github/workflows/cd-stable.yml index 31975dce4ece..b73795776b15 100644 --- a/.github/workflows/cd-stable.yml +++ b/.github/workflows/cd-stable.yml @@ -102,7 +102,7 @@ jobs: $fileContent | Set-Content $localFilePath - name: Sign files with Azure Code Signing - uses: azure/trusted-signing-action@v0.3.16 + uses: azure/trusted-signing-action@v0.3.15 with: azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} From 013fbf28be7475cacfdf355f0cef0d39afc92483 Mon Sep 17 00:00:00 2001 From: Nikhil B <59918974+heftymouse@users.noreply.github.com> Date: Thu, 4 Apr 2024 22:42:48 +0530 Subject: [PATCH 2/2] add perms to token --- .github/workflows/cd-preview.yml | 2 +- .github/workflows/cd-stable.yml | 2 +- .github/workflows/format-xaml.yml | 14 ++++++++------ 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/.github/workflows/cd-preview.yml b/.github/workflows/cd-preview.yml index 0c71957410b3..f3ac13d71cec 100644 --- a/.github/workflows/cd-preview.yml +++ b/.github/workflows/cd-preview.yml @@ -102,7 +102,7 @@ jobs: $fileContent | Set-Content $localFilePath - name: Sign files with Azure Code Signing - uses: azure/trusted-signing-action@v0.3.15 + uses: azure/trusted-signing-action@v0.3.16 with: azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} diff --git a/.github/workflows/cd-stable.yml b/.github/workflows/cd-stable.yml index b73795776b15..31975dce4ece 100644 --- a/.github/workflows/cd-stable.yml +++ b/.github/workflows/cd-stable.yml @@ -102,7 +102,7 @@ jobs: $fileContent | Set-Content $localFilePath - name: Sign files with Azure Code Signing - uses: azure/trusted-signing-action@v0.3.15 + uses: azure/trusted-signing-action@v0.3.16 with: azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} diff --git a/.github/workflows/format-xaml.yml b/.github/workflows/format-xaml.yml index 3f1604cfd937..f84fd5348a5a 100644 --- a/.github/workflows/format-xaml.yml +++ b/.github/workflows/format-xaml.yml @@ -11,6 +11,8 @@ jobs: defaults: run: shell: pwsh + permissions: + contents: write steps: - name: Generate GitHub Apps token @@ -35,7 +37,7 @@ jobs: run: | if (!(gh pr -R ${{ github.repository }} view ${{ github.event.issue.number }} --json maintainerCanModify -q '.maintainerCanModify' | ConvertFrom-Json)) { - gh pr comment ${{ github.event.issue.number }} -b "This PR cannot be committed to. Ensure that Allow edits from maintainers is enabled." + gh pr comment ${{ github.event.issue.number }} -b "🔒 This PR cannot be committed to. Ensure that Allow edits from maintainers is enabled." "CAN_RUN=0" | Out-File -FilePath $env:GITHUB_ENV -Append } @@ -68,7 +70,7 @@ jobs: $changedFiles = (git diff --name-only pr..$baseRef) -split "\n" | Where-Object {$_ -like "*.xaml"} if ($changedFiles.Count -eq 0) { - gh pr comment ${{ github.event.issue.number }} -b "No XAML files found to format." + gh pr comment ${{ github.event.issue.number }} -b "⛔ No XAML files found to format." "CAN_RUN=0" | Out-File -FilePath $env:GITHUB_ENV -Append } @@ -87,7 +89,7 @@ jobs: git status --porcelain if ((git status --porcelain) -eq $null) { - gh pr comment ${{ github.event.issue.number }} -b "No XAML files changed." + gh pr comment ${{ github.event.issue.number }} -b "⛔ No XAML files changed." "CAN_RUN=0" | Out-File -FilePath $env:GITHUB_ENV -Append } else @@ -125,7 +127,7 @@ jobs: if ($LASTEXITCODE -eq 0) { - gh pr comment ${{ github.event.issue.number }} -b "Successfully formatted XAML files." + gh pr comment ${{ github.event.issue.number }} -b "✅ Successfully formatted XAML files." } else { @@ -134,5 +136,5 @@ jobs: continue-on-error: true - name: Comment if failed - if: failure() && env.CAN_RUN == 1 - run: gh pr comment ${{ github.event.issue.number }} -b "Failed to format XAML files, check logs for more information." + if: failure() && env.CAN_RUN == 0 + run: gh pr comment ${{ github.event.issue.number }} -b "⚠️ Failed to format XAML files, check [the logs](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) for more information."