Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build: inline external Github Actions to unblock CI #12241

Merged
merged 5 commits into from
Jan 4, 2021

Conversation

ktmud
Copy link
Member

@ktmud ktmud commented Jan 4, 2021

SUMMARY

Apache changed policy on Github Actions because of security risks. Now official apache repos can only run a list of allowed actions.

CI has been blocked by this error:

styfle/cancel-workflow-action@0.6.0 and apache-superset/cached-dependencies@b90713b are not allowed to be used in apache/incubator-superset. Actions in this workflow must be: created by GitHub, verified in the GitHub Marketplace, within a repository owned by apache or match the following: apache/, dawidd6/action-download-artifact@, gradle/wrapper-validation-action, gradle/wrapper-validation-action@, peter-evans/create-pull-request@, scacap/action-surefire-report@, shivammathur/setup-php@.

This PR unblocks CI by

  1. Remove styfle/cancel-workflow-action, which may soon become obsolete if build: try to speed up Github workflows #11944 gets merged

  2. Move all other external dependencies to be within current repo, including:

    These actions were copied over via downloading them as ZIP files directly from GitHub. All of these actions use the MIT license so I'd assume there is no licensing issue.

  3. Change pull_request_target trigger for the E2E action to pull_request. This is needed for unblocking the CI that runs on existing workflow configs. This will also prevent future Pwn requests and we don't plan to bring it back.

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

N/A

TEST PLAN

CI should pass

ADDITIONAL INFORMATION

  • Has associated issue:
  • Changes UI
  • Requires DB Migration.
  • Confirm DB Migration upgrade and downgrade tested.
  • Introduces new feature or API
  • Removes existing feature or API

Copy link
Member

@villebro villebro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for taking this on. Minor typo, other than that makes sense and LGTM.

.github/actions/cached-dependencies/README.md Show resolved Hide resolved
@ktmud ktmud changed the title build: inline cached-dependencies to unblock CI build: inline external Github Actions to unblock CI Jan 4, 2021
@codecov-io
Copy link

codecov-io commented Jan 4, 2021

Codecov Report

Merging #12241 (9c5ca12) into master (f3ab1f4) will decrease coverage by 6.83%.
The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master   #12241      +/-   ##
==========================================
- Coverage   66.20%   59.37%   -6.84%     
==========================================
  Files         996      946      -50     
  Lines       49174    46561    -2613     
  Branches     4993     4299     -694     
==========================================
- Hits        32554    27644    -4910     
- Misses      16476    18917    +2441     
+ Partials      144        0     -144     
Flag Coverage Δ
cypress 51.31% <100.00%> (+7.21%) ⬆️
javascript ?
python 63.90% <ø> (-0.32%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
...frontend/src/explore/components/DataTablesPane.tsx 58.46% <100.00%> (-4.56%) ⬇️
...uperset-frontend/src/dashboard/util/dnd-reorder.js 0.00% <0.00%> (-100.00%) ⬇️
...rset-frontend/src/dashboard/util/getEmptyLayout.js 0.00% <0.00%> (-100.00%) ⬇️
...dashboard/components/resizable/ResizableHandle.jsx 0.00% <0.00%> (-100.00%) ⬇️
.../src/dashboard/util/getFilterScopeFromNodesTree.js 0.00% <0.00%> (-93.48%) ⬇️
...set-frontend/src/views/CRUD/alert/ExecutionLog.tsx 11.76% <0.00%> (-88.24%) ⬇️
...src/dashboard/components/gridComponents/Header.jsx 10.52% <0.00%> (-86.85%) ⬇️
superset-frontend/src/components/IconTooltip.tsx 13.33% <0.00%> (-86.67%) ⬇️
...rc/dashboard/components/gridComponents/Divider.jsx 13.33% <0.00%> (-86.67%) ⬇️
...end/src/SqlLab/components/ExploreResultsButton.jsx 8.00% <0.00%> (-84.00%) ⬇️
... and 404 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7cc0de1...9c5ca12. Read the comment docs.

@ktmud ktmud force-pushed the inline-github-actions branch from b187d33 to 9c5ca12 Compare January 4, 2021 10:55
@villebro
Copy link
Member

villebro commented Jan 4, 2021

I'm going to merge this to unblock the long list of PRs.

@villebro villebro merged commit a3bbbf8 into apache:master Jan 4, 2021
@junlincc
Copy link
Member

junlincc commented Jan 4, 2021

massive take on! really appreciate your help! @ktmud 🙏

@mistercrunch mistercrunch added 🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels 🚢 1.0.0 labels Mar 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels 🚢 1.0.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants