From 936b1557f86b292b65d93b1f084ef6519d6da2c7 Mon Sep 17 00:00:00 2001 From: Rin Kuryloski Date: Mon, 22 Apr 2024 14:43:09 +0200 Subject: [PATCH 1/2] Make the OCI workflows conditional on push access When dependabot creates PRs, secrets are not injected, and the OCI workflow can't push the image (cherry picked from commit 07c97580bde6725ea2e1e2b9c8dc716842683979) # Conflicts: # .github/workflows/rabbitmq_peer_discovery_aws.yaml --- .github/workflows/oci-make.yaml | 18 ++++++++++++++- .../rabbitmq_peer_discovery_aws.yaml | 22 ++++++++++++++++++- .github/workflows/test-authnz.yaml | 7 ------ .github/workflows/test-selenium.yaml | 7 ------ 4 files changed, 38 insertions(+), 16 deletions(-) diff --git a/.github/workflows/oci-make.yaml b/.github/workflows/oci-make.yaml index fb39ef0f49a0..88d168bbbfae 100644 --- a/.github/workflows/oci-make.yaml +++ b/.github/workflows/oci-make.yaml @@ -15,18 +15,32 @@ concurrency: jobs: build-package-generic-unix: runs-on: ubuntu-latest + outputs: + authorized: ${{ steps.authorized.outputs.authorized }} steps: + - name: CHECK IF IMAGE WILL PUSH + id: authorized + run: | + if [ -n "${{ secrets.DOCKERHUB_PASSWORD }}" ]; then + echo "authorized=true" | tee -a $GITHUB_OUTPUT + else + echo "authorized=false" | tee -a $GITHUB_OUTPUT + fi - name: Checkout + if: steps.authorized.outputs.authorized == 'true' uses: actions/checkout@v4 - name: Configure Erlang + if: steps.authorized.outputs.authorized == 'true' uses: erlef/setup-beam@v1 with: otp-version: 26.2 elixir-version: 1.15 - name: make package-generic-unix + if: steps.authorized.outputs.authorized == 'true' run: | make package-generic-unix PROJECT_VERSION=3.13.0 - name: Upload package-generic-unix + if: steps.authorized.outputs.authorized == 'true' uses: actions/upload-artifact@v4.3.1 with: name: package-generic-unix @@ -35,6 +49,7 @@ jobs: build: needs: build-package-generic-unix runs-on: ubuntu-latest + if: ${{ needs.build-package-generic-unix.outputs.authorized }} == 'true' strategy: fail-fast: false matrix: @@ -106,9 +121,10 @@ jobs: retention-days: 1 merge: - runs-on: ubuntu-latest needs: - build + runs-on: ubuntu-latest + if: ${{ needs.build-package-generic-unix.outputs.authorized }} == 'true' steps: - name: Download digests uses: actions/download-artifact@v4 diff --git a/.github/workflows/rabbitmq_peer_discovery_aws.yaml b/.github/workflows/rabbitmq_peer_discovery_aws.yaml index 9e9acb5a3c82..644897d2c0ce 100644 --- a/.github/workflows/rabbitmq_peer_discovery_aws.yaml +++ b/.github/workflows/rabbitmq_peer_discovery_aws.yaml @@ -19,24 +19,43 @@ jobs: - 26_2 timeout-minutes: 45 steps: + - name: CHECK IF IMAGE WILL PUSH + id: authorized + run: | + if [ -n "${{ secrets.DOCKERHUB_PASSWORD }}" ]; then + echo "authorized=true" | tee -a $GITHUB_OUTPUT + else + echo "authorized=false" | tee -a $GITHUB_OUTPUT + fi - name: CHECKOUT REPOSITORY + if: steps.authorized.outputs.authorized == 'true' uses: actions/checkout@v4 +<<<<<<< HEAD - uses: docker/metadata-action@v4 +======= + - uses: docker/metadata-action@v5 + if: steps.authorized.outputs.authorized == 'true' +>>>>>>> 07c97580bd (Make the OCI workflows conditional on push access) id: metadata with: images: pivotalrabbitmq/rabbitmq tags: | type=sha,format=long - uses: int128/wait-for-docker-image-action@v1 + if: steps.authorized.outputs.authorized == 'true' with: tags: ${{ steps.metadata.outputs.tags }} timeout-seconds: 3600 polling-seconds: 60 - name: CONFIGURE BAZEL + if: steps.authorized.outputs.authorized == 'true' run: | + if [ -n "${{ secrets.BUILDBUDDY_API_KEY }}" ]; then cat << EOF >> user.bazelrc build:buildbuddy --remote_header=x-buildbuddy-api-key=${{ secrets.BUILDBUDDY_API_KEY }} - + EOF + fi + cat << EOF >> user.bazelrc build:buildbuddy --build_metadata=ROLE=CI build:buildbuddy --build_metadata=VISIBILITY=PRIVATE build:buildbuddy --color=yes @@ -44,6 +63,7 @@ jobs: #! - name: Setup tmate session #! uses: mxschmitt/action-tmate@v3 - name: RUN INTEGRATION TESTS + if: steps.authorized.outputs.authorized == 'true' run: | sudo sysctl -w net.ipv4.tcp_keepalive_time=60 sudo ethtool -K eth0 tso off gso off gro off tx off rx off lro off diff --git a/.github/workflows/test-authnz.yaml b/.github/workflows/test-authnz.yaml index 8c9fd8ca6d59..e471c39dd3e7 100644 --- a/.github/workflows/test-authnz.yaml +++ b/.github/workflows/test-authnz.yaml @@ -48,13 +48,6 @@ jobs: - name: Checkout uses: actions/checkout@v4 - - name: 'Login to GitHub Container Registry' - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Configure OTP & Elixir uses: erlef/setup-beam@v1.17 with: diff --git a/.github/workflows/test-selenium.yaml b/.github/workflows/test-selenium.yaml index 110485d44b86..1810971932d7 100644 --- a/.github/workflows/test-selenium.yaml +++ b/.github/workflows/test-selenium.yaml @@ -44,13 +44,6 @@ jobs: - name: Checkout uses: actions/checkout@v4 - - name: 'Login to GitHub Container Registry' - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Configure OTP & Elixir uses: erlef/setup-beam@v1.17 with: From 6c78144a86092d6ec2f56f1038b2402672b269f5 Mon Sep 17 00:00:00 2001 From: Rin Kuryloski Date: Wed, 24 Apr 2024 10:02:45 +0200 Subject: [PATCH 2/2] resolve conflicts --- .github/workflows/rabbitmq_peer_discovery_aws.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/rabbitmq_peer_discovery_aws.yaml b/.github/workflows/rabbitmq_peer_discovery_aws.yaml index 644897d2c0ce..4a72a44b76e5 100644 --- a/.github/workflows/rabbitmq_peer_discovery_aws.yaml +++ b/.github/workflows/rabbitmq_peer_discovery_aws.yaml @@ -30,12 +30,8 @@ jobs: - name: CHECKOUT REPOSITORY if: steps.authorized.outputs.authorized == 'true' uses: actions/checkout@v4 -<<<<<<< HEAD - - uses: docker/metadata-action@v4 -======= - uses: docker/metadata-action@v5 if: steps.authorized.outputs.authorized == 'true' ->>>>>>> 07c97580bd (Make the OCI workflows conditional on push access) id: metadata with: images: pivotalrabbitmq/rabbitmq