Skip to content

Fix the external-prs environment #59

Fix the external-prs environment

Fix the external-prs environment #59

# NOTE: This name appears in GitHub's Checks API and in workflow's status badge.
name: test-deploy-owners
env:
# CI variables
DOCKER_PLATFORM: "amd64"
# Indexer variables
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GOOGLE_PROJECT_ID: "opensource-observer"
PR_TOOLS_GITHUB_APP_PRIVATE_KEY: ${{ secrets.PR_TOOLS_GITHUB_APP_PRIVATE_KEY }}
PR_TOOLS_GITHUB_APP_ID: ${{ secrets.PR_TOOLS_GITHUB_APP_ID }}
# should not be set to a legitimate value for testing. This will use up API
# quota otherwise
DUNE_API_KEY: "none"
# Trigger the workflow when:
on:
pull_request_target:
types: [assigned, opened, synchronize, reopened]
# Cancel in progress jobs on new pushes.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
test-deploy:
name: Test Deployment Initializer
if: ${{ github.event.pull_request }}
environment: external-prs-app
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 1
- name: Setup external pr tools
uses: ./.github/workflows/setup-external-pr-tools
- name: Initialize check
run: |
cd ops/external-prs &&
pnpm tools initialize-check ${{ github.repository }} ${{ github.event.pull_request.head.sha }} ${{ github.event.pull_request.user.login }}
- name: Author association debug
run: |
echo "${{ github.event.pull_request.author_association }}"
- name: Login to google
uses: 'google-github-actions/auth@v2'
with:
credentials_json: '${{ secrets.GOOGLE_BQ_ADMIN_CREDENTIALS_JSON }}'
create_credentials_file: true
if: ${{ contains(fromJson('["OWNER", "MEMBER", "COLLABORATOR", "CONTRIBUTOR"]'), github.event.pull_request.author_association) }}
- name: Run test-deploy
uses: ./.github/workflows/test-deploy
with:
sha: ${{ github.event.pull_request.head.sha }}
pr: ${{ github.event.pull_request.id }}
requester: ${{ github.event.sender.login }}
author: ${{ github.event.sender.login }}
gcp_service_account_path: ${{ env.GOOGLE_APPLICATION_CREDENTIALS }}
# This check isn't for security it's mostly a convenience so this won't
# fail and muddy up the actions UI
if: ${{ contains(fromJson('["OWNER", "MEMBER", "COLLABORATOR", "CONTRIBUTOR"]'), github.event.pull_request.author_association) }}