From 2c58dcd2f967272a8e4f8481a7ec46ab30bb6932 Mon Sep 17 00:00:00 2001 From: Adam Ross Date: Fri, 19 Jul 2024 12:00:18 -0700 Subject: [PATCH] ci: remove use of pull_request_target (part 1) (#3747) * ci: remove use of pull_request_target (part 1) * CONTRIBUTING: Second => Multiple times * CONTRIBUTING: Cleanup guidance polish * Update .github/workflows/remove-label.yaml * Update CONTRIBUTING.md * swap live example implementation --- .github/workflows/functions-env_vars.yaml | 11 +++++---- .github/workflows/remove-label.yaml | 25 +++------------------ .github/workflows/utils/ci-matrix.yaml.njk | 10 ++++----- .github/workflows/utils/ci-secrets.yaml.njk | 10 ++++----- .github/workflows/utils/ci.yaml.njk | 20 +++++------------ CONTRIBUTING.md | 14 +++++++++++- 6 files changed, 36 insertions(+), 54 deletions(-) diff --git a/.github/workflows/functions-env_vars.yaml b/.github/workflows/functions-env_vars.yaml index 7171a60833..2049260f4d 100644 --- a/.github/workflows/functions-env_vars.yaml +++ b/.github/workflows/functions-env_vars.yaml @@ -22,12 +22,11 @@ on: - '.github/workflows/functions-env_vars.yaml' - '.github/workflows/test.yaml' pull_request: - paths: - - 'functions/env_vars/**' - - '.github/workflows/functions-env_vars.yaml' - - '.github/workflows/test.yaml' - pull_request_target: - types: [labeled] + types: + - opened + - reopened + - synchronize + - labeled paths: - 'functions/env_vars/**' - '.github/workflows/functions-env_vars.yaml' diff --git a/.github/workflows/remove-label.yaml b/.github/workflows/remove-label.yaml index 27279e3b97..c2913e8740 100644 --- a/.github/workflows/remove-label.yaml +++ b/.github/workflows/remove-label.yaml @@ -17,30 +17,11 @@ name: Remove Label on: workflow_call: +permissions: {} + jobs: remove_label: - permissions: - contents: 'read' - id-token: 'write' runs-on: ubuntu-latest timeout-minutes: 5 steps: - - uses: actions/github-script@v6 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - try { - const event = JSON.parse( - require("fs").readFileSync(process.env.GITHUB_EVENT_PATH, "utf8") - ); - await github.rest.issues.removeLabel({ - name: "actions:force-run", - owner: "GoogleCloudPlatform", - repo: "nodejs-docs-samples", - issue_number: event.pull_request.number, - }); - } catch (e) { - if (!e.message.includes("Label does not exist")) { - throw e; - } - } + - run: echo "Label removal is currently skipped. Please remove the 'actions:force-run' label manually. See b/354216420" diff --git a/.github/workflows/utils/ci-matrix.yaml.njk b/.github/workflows/utils/ci-matrix.yaml.njk index bc26f44612..1322315ef4 100644 --- a/.github/workflows/utils/ci-matrix.yaml.njk +++ b/.github/workflows/utils/ci-matrix.yaml.njk @@ -21,11 +21,11 @@ on: - '{{path}}/**' - '.github/workflows/{{name}}.yaml' pull_request: - paths: - - '{{path}}/**' - - '.github/workflows/{{name}}.yaml' - pull_request_target: - types: [labeled] + types: + - opened + - reopened + - synchronize + - labeled paths: - '{{path}}/**' - '.github/workflows/{{name}}.yaml' diff --git a/.github/workflows/utils/ci-secrets.yaml.njk b/.github/workflows/utils/ci-secrets.yaml.njk index 730b02968e..6589360010 100644 --- a/.github/workflows/utils/ci-secrets.yaml.njk +++ b/.github/workflows/utils/ci-secrets.yaml.njk @@ -21,11 +21,11 @@ on: - '{{ path }}/**' - '.github/workflows/{{ name }}.yaml' pull_request: - paths: - - '{{ path }}/**' - - '.github/workflows/{{ name }}.yaml' - pull_request_target: - types: [labeled] + types: + - opened + - reopened + - synchronize + - labeled paths: - '{{ path }}/**' - '.github/workflows/{{ name }}.yaml' diff --git a/.github/workflows/utils/ci.yaml.njk b/.github/workflows/utils/ci.yaml.njk index ca6d3c37fb..bee213a157 100644 --- a/.github/workflows/utils/ci.yaml.njk +++ b/.github/workflows/utils/ci.yaml.njk @@ -21,11 +21,11 @@ on: - '{{path}}/**' - '.github/workflows/{{name}}.yaml' pull_request: - paths: - - '{{path}}/**' - - '.github/workflows/{{name}}.yaml' - pull_request_target: - types: [labeled] + types: + - opened + - reopened + - synchronize + - labeled paths: - '{{path}}/**' - '.github/workflows/{{name}}.yaml' @@ -42,16 +42,6 @@ jobs: with: name: '{{name}}' path: '{{path}}' - remove_label: - # Ref: https://github.com/google-github-actions/auth#usage - permissions: - contents: 'read' - id-token: 'write' - if: | - github.event.action == 'labeled' && - github.event.label.name == 'actions:force-run' && - always() - uses: ./.github/workflows/remove-label.yaml flakybot: # Ref: https://github.com/google-github-actions/auth#usage permissions: diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 47058afa9c..67e1b44307 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -9,7 +9,9 @@ a great sample but it is not used in Google's official documentation, there are better suited places to publish it such as a [community tutorial](https://cloud.google.com/community/). -## Run the tests for a single sample +## Run the tests + +### Run the tests locally for a single sample 1. Obtain authentication credentials. Depending on the sample, you need to enable the appropriate APIs in the [Cloud @@ -29,6 +31,16 @@ Console](https://console.cloud.google.com/apis/library). npm test +### Running the tests for a Pull Request + +When a Pull Request is opened, reopened, or has new commits pushed the sample tests (unit, integration, end-to-end) will be run. + +If the tests for a sample change do not run, they can be triggered by adding the `actions:force-run` label. + +If tests need to be triggered multiple times, manually remove `actions:force-run` and then re-add this label. + +The automatic clean-up of labels is currently disabled. Please remove the actions:force-run before merging the Pull Request. + ## Adding new samples All samples must have tests. We use `mocha` as testing framework. The