[llvm] workflows: Unsplit pr-subscriber (PR #69748)
Tom Stellard via llvm-commits
llvm-commits at lists.llvm.org
Fri Oct 20 11:14:03 PDT 2023
https://github.com/tstellar created https://github.com/llvm/llvm-project/pull/69748
This is essentially a revert of 1ed710836a77a5a29f3649da87f9f3e8ae3aa086. It is safe to use the pull_request_target event for pr-subscriber, because it does not checkout any code from the pull request branch.
>From 0cfba0ad1277b2d34855ae6b902fbb235c5491eb Mon Sep 17 00:00:00 2001
From: Tom Stellard <tstellar at redhat.com>
Date: Wed, 18 Oct 2023 21:08:52 -0700
Subject: [PATCH] workflows: Unsplit pr-subscriber
This is essentially a revert of 1ed710836a77a5a29f3649da87f9f3e8ae3aa086.
It is safe to use the pull_request_target event for pr-subscriber, because it
does not checkout any code from the pull request branch.
---
.github/workflows/pr-receive-label.yml | 26 -------------
.github/workflows/pr-subscriber-wait.py | 27 -------------
.github/workflows/pr-subscriber.yml | 52 +++----------------------
3 files changed, 5 insertions(+), 100 deletions(-)
delete mode 100644 .github/workflows/pr-receive-label.yml
delete mode 100644 .github/workflows/pr-subscriber-wait.py
diff --git a/.github/workflows/pr-receive-label.yml b/.github/workflows/pr-receive-label.yml
deleted file mode 100644
index c9085c44b983611..000000000000000
--- a/.github/workflows/pr-receive-label.yml
+++ /dev/null
@@ -1,26 +0,0 @@
-# See https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
-
-name: PR Receive Label
-on:
- pull_request:
- types:
- - labeled
-
-permissions:
- contents: read
-
-jobs:
- pr-subscriber:
- runs-on: ubuntu-latest
- if: github.repository == 'llvm/llvm-project'
- steps:
- - name: Store PR Information
- run: |
- mkdir -p ./pr
- echo ${{ github.event.number }} > ./pr/NR
- echo ${{ github.event.label.name }} > ./pr/LABEL
-
- - uses: actions/upload-artifact at v3
- with:
- name: pr
- path: pr/
diff --git a/.github/workflows/pr-subscriber-wait.py b/.github/workflows/pr-subscriber-wait.py
deleted file mode 100644
index 633f78c147707fc..000000000000000
--- a/.github/workflows/pr-subscriber-wait.py
+++ /dev/null
@@ -1,27 +0,0 @@
-import github
-import os
-import sys
-import time
-
-
-def needs_to_wait(repo):
- workflow_name = os.environ.get("GITHUB_WORKFLOW")
- run_number = os.environ.get("GITHUB_RUN_NUMBER")
- print("Workflow Name:", workflow_name, "Run Number:", run_number)
- for status in ["in_progress", "queued"]:
- for workflow in repo.get_workflow_runs(status=status):
- print("Looking at ", workflow.name, "#", workflow.run_number)
- if workflow.name != workflow_name:
- continue
- if workflow.run_number < int(run_number):
- print("Workflow {} still {} ".format(workflow.run_number, status))
- return True
- return False
-
-
-repo_name = os.environ.get("GITHUB_REPOSITORY")
-token = os.environ.get("GITHUB_TOKEN")
-gh = github.Github(token)
-repo = gh.get_repo(repo_name)
-while needs_to_wait(repo):
- time.sleep(30)
diff --git a/.github/workflows/pr-subscriber.yml b/.github/workflows/pr-subscriber.yml
index 1fc3bfed3a66b19..ef2ef7b9e4a35c1 100644
--- a/.github/workflows/pr-subscriber.yml
+++ b/.github/workflows/pr-subscriber.yml
@@ -1,22 +1,17 @@
name: PR Subscriber
on:
- workflow_run:
- workflows: ["PR Receive Label"]
+ pull_request_target:
types:
- - completed
+ - labeled
permissions:
- actions: read
contents: read
jobs:
auto-subscribe:
runs-on: ubuntu-latest
- if: >
- github.repository == 'llvm/llvm-project' &&
- github.event.workflow_run.event == 'pull_request' &&
- github.event.workflow_run.conclusion == 'success'
+ if: github.repository == 'llvm/llvm-project'
steps:
- name: Setup Automation Script
run: |
@@ -26,47 +21,10 @@ jobs:
chmod a+x github-automation.py
pip install -r requirements.txt
- - name: 'Wait for other actions'
- # We can't use the concurrency tag for these jobs, because it will
- # cancel pending jobs if another job is running.
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- run: |
- python3 pr-subscriber-wait.py
-
-
- # From: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
- # Updated version here: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#using-data-from-the-triggering-workflow
- - name: 'Download artifact'
- uses: actions/github-script at v6
- with:
- script: |
- const artifacts = await github.rest.actions.listWorkflowRunArtifacts({
- owner: context.repo.owner,
- repo: context.repo.repo,
- run_id: context.payload.workflow_run.id
- });
- const matchArtifact = artifacts.data.artifacts.find((artifact) =>
- artifact.name === 'pr'
- );
- const download = await github.rest.actions.downloadArtifact({
- owner: context.repo.owner,
- repo: context.repo.repo,
- artifact_id: matchArtifact.id,
- archive_format: 'zip'
- });
- const { writeFileSync } = require('node:fs');
- writeFileSync('${{ github.workspace }}/pr.zip', Buffer.from(download.data));
-
- - run: unzip pr.zip
-
- name: Update watchers
- # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
run: |
- PR_NUMBER=$(cat NR)
- LABEL_NAME=$(cat LABEL)
./github-automation.py \
--token '${{ secrets.ISSUE_SUBSCRIBER_TOKEN }}' \
pr-subscriber \
- --issue-number "$PR_NUMBER" \
- --label-name "$LABEL_NAME"
+ --issue-number "${{ github.event.number }}" \
+ --label-name "${{ github.event.label.name }}"
More information about the llvm-commits
mailing list