Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: secure hermetic_library_generation workflow #2317

Merged
merged 13 commits into from
Sep 3, 2024
Merged

chore: secure hermetic_library_generation workflow #2317

Show file tree
Hide file tree
Changes from 12 commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
9fabd65
chore: secure hermetic_library_generation workflow
diegomarquezp Aug 19, 2024
73df830
fix github object reference
diegomarquezp Aug 19, 2024
562c68a
Update hermetic_library_generation.yaml
diegomarquezp Aug 19, 2024
77fdb6a
Update hermetic_library_generation.yaml
diegomarquezp Aug 19, 2024
97357de
fix env reference
diegomarquezp Aug 22, 2024
66f644d
use vars instead of env
diegomarquezp Aug 22, 2024
0d4c5ee
workaround for indirectly referencing env in jobs.if
diegomarquezp Aug 22, 2024
5995691
rename job
diegomarquezp Aug 22, 2024
37f1f9e
test job without steps
diegomarquezp Aug 22, 2024
0ff6689
cleaner no-op step
diegomarquezp Aug 22, 2024
cb0d36e
rewording
diegomarquezp Aug 26, 2024
c405e99
🦉 Updates from OwlBot post-processor
gcf-owl-bot[bot] Aug 26, 2024
7525b57
simplify conditional generation
diegomarquezp Aug 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 16 additions & 2 deletions .github/workflows/hermetic_library_generation.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,25 @@ on:

env:
HEAD_REF: ${{ github.head_ref }}
REPO_FULL_NAME: ${{ github.event.pull_request.head.repo.full_name }}

jobs:
# This step is meant to inline the the repo full name env var in the `jobs.if` entry
# of the next step "library_generation".
# Unfortunately, we can't directly reference `env` in jobs.if
# (see https://github.com/actions/runner/issues/2372)
# The chosen workaround is to declare an intermediate step that will output the env var
prepare-repo-full-name:
name: Prepare environment
runs-on: ubuntu-latest
outputs:
REPO_FULL_NAME: ${{ env.REPO_FULL_NAME }}
steps:
- run: exit 0 # no op - we just need to declare the env var as output
library_generation:
# skip pull requests come from a forked repository
if: github.event.pull_request.head.repo.full_name == github.repository
# skip pull requests coming from a forked repository
if: needs.prepare-repo-full-name.outputs.REPO_FULL_NAME == github.repository
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if we move this if condition to the run section? Did we consider the approach before @JoeWang1127 ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I modified it to just have an if inside run. I'll try a fork PR into this branch

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried raising a PR from a fork
image

I tried setting the missing token in my fork without luck.
However I could confirm that the generation was properly triggered in this PR because it doesn't come from a fork.
https://github.com/googleapis/java-bigtable/actions/runs/10562926017/job/29261969452?pr=2317

needs: [prepare-repo-full-name]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
Expand Down
6 changes: 3 additions & 3 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,13 +57,13 @@ implementation 'com.google.cloud:google-cloud-bigtable'
If you are using Gradle without BOM, add this to your dependencies:

```Groovy
implementation 'com.google.cloud:google-cloud-bigtable:2.42.0'
implementation 'com.google.cloud:google-cloud-bigtable:2.43.0'
```

If you are using SBT, add this to your dependencies:

```Scala
libraryDependencies += "com.google.cloud" % "google-cloud-bigtable" % "2.42.0"
libraryDependencies += "com.google.cloud" % "google-cloud-bigtable" % "2.43.0"
```
<!-- {x-version-update-end} -->

Expand Down Expand Up @@ -542,7 +542,7 @@ Java is a registered trademark of Oracle and/or its affiliates.
[kokoro-badge-link-5]: http://storage.googleapis.com/cloud-devrel-public/java/badges/java-bigtable/java11.html
[stability-image]: https://img.shields.io/badge/stability-stable-green
[maven-version-image]: https://img.shields.io/maven-central/v/com.google.cloud/google-cloud-bigtable.svg
[maven-version-link]: https://central.sonatype.com/artifact/com.google.cloud/google-cloud-bigtable/2.42.0
[maven-version-link]: https://central.sonatype.com/artifact/com.google.cloud/google-cloud-bigtable/2.43.0
[authentication]: https://github.com/googleapis/google-cloud-java#authentication
[auth-scopes]: https://developers.google.com/identity/protocols/oauth2/scopes
[predefined-iam-roles]: https://cloud.google.com/iam/docs/understanding-roles#predefined_roles
Expand Down
Loading