This is an automated email from the ASF dual-hosted git repository. potiuk pushed a commit to branch v1-10-test in repository https://gitbox.apache.org/repos/asf/airflow.git
commit 5ffeab690aac480a6f7ffd9d8c9d8b55ee8a7888 Author: Jarek Potiuk <[email protected]> AuthorDate: Fri Nov 13 14:28:36 2020 +0100 For v1-10-test PRs and pushes, use target branch scripts for images (#12339) Previously, always master scripts were used to build images for workflow_run, because workflow_run always runs from master branch. However that causes some surprising effects becuase the sripts from master had to support both master and 1.10. This change utilises a new feature in the "get-workflow-origin" action - to get the target branch of PR and uses ci scripts from that target branch. This is perfectly secure, because both v1-10-test, v1-10-stable and future 2-0 branches can only be updated by committers, either by direct push or by merge. (cherry picked from commit 7c4fe19e41ae02a1df1c0a217501cae2e0e84819) --- .github/workflows/build-images-workflow-run.yml | 12 +++++-- .github/workflows/ci.yml | 38 +++++++--------------- .../workflows/label_when_reviewed_workflow_run.yml | 2 +- 3 files changed, 22 insertions(+), 30 deletions(-) diff --git a/.github/workflows/build-images-workflow-run.yml b/.github/workflows/build-images-workflow-run.yml index a3277a7..af71710 100644 --- a/.github/workflows/build-images-workflow-run.yml +++ b/.github/workflows/build-images-workflow-run.yml @@ -53,13 +53,14 @@ jobs: targetCommitSha: ${{ steps.source-run-info.outputs.targetCommitSha }} pullRequestNumber: ${{ steps.source-run-info.outputs.pullRequestNumber }} pullRequestLabels: ${{ steps.source-run-info.outputs.pullRequestLabels }} + targetBranch: ${{ steps.source-run-info.outputs.targetBranch }} sourceEvent: ${{ steps.source-run-info.outputs.sourceEvent }} cacheDirective: ${{ steps.cache-directive.outputs.docker-cache }} buildImages: ${{ steps.build-images.outputs.buildImages }} upgradeToLatestConstraints: ${{ steps.upgrade-constraints.outputs.upgradeToLatestConstraints }} steps: - name: "Get information about the original trigger of the run" - uses: potiuk/get-workflow-origin@2ef0b065db6b688a2231f8a7f464df1aac254328 # v1_2 + uses: potiuk/get-workflow-origin@588cc14f9f1cdf1b8be3db816855e96422204fec # v1_3 id: source-run-info with: token: ${{ secrets.GITHUB_TOKEN }} @@ -326,17 +327,22 @@ jobs: [Image Build](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) for details" } if: steps.defaults.outputs.proceed == 'true' - - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} ) to 'main-airflow' to use main scripts" + - name: > + Checkout "${{ needs.cancel-workflow-runs.outputs.targetBranch }}" branch to 'main-airflow' folder + to use ci/scripts from there. uses: actions/checkout@v2 with: path: "main-airflow" + ref: "${{ needs.cancel-workflow-runs.outputs.targetBranch }}" if: steps.defaults.outputs.proceed == 'true' - name: "Setup python" uses: actions/setup-python@v2 with: python-version: ${{ needs.build-info.outputs.defaultPythonVersion }} if: steps.defaults.outputs.proceed == 'true' - - name: "Override 'scripts/ci' with the ${{ github.ref }} version so that the PR cannot override it." + - name: > + Override "scripts/ci" with the "${{ needs.cancel-workflow-runs.outputs.targetBranch }}" branch + so that the PR does not override it # We should not override those scripts which become part of the image as they will not be # changed in the image built - we should only override those that are executed to build # the image. diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 81890a7..df5f53e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -95,27 +95,15 @@ jobs: image-build: ${{ steps.selective-checks.outputs.image-build }} docs-build: ${{ steps.selective-checks.outputs.docs-build }} needs-helm-tests: ${{ steps.selective-checks.outputs.needs-helm-tests }} - needs-api-tests: ${{ steps.selective-checks.outputs.needs-api-tests }} pullRequestNumber: ${{ steps.source-run-info.outputs.pullRequestNumber }} pullRequestLabels: ${{ steps.source-run-info.outputs.pullRequestLabels }} steps: - name: "Get information about the PR" - uses: potiuk/get-workflow-origin@2ef0b065db6b688a2231f8a7f464df1aac254328 # v1_2 + uses: potiuk/get-workflow-origin@588cc14f9f1cdf1b8be3db816855e96422204fec # v1_3 id: source-run-info with: token: ${{ secrets.GITHUB_TOKEN }} - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" - # First fetch the sha of merge commit in case it is pull request so that we can - # Run selective tests - - name: > - Fetch merge commit ${{ github.ref }} ( ${{ github.sha }}: - merge_commit ${{ github.event.pull_request.merge_commit_sha }} ) - uses: actions/checkout@v2 - with: - ref: ${{ github.event.pull_request.merge_commit_sha }} - fetch-depth: 2 - if: github.event_name == 'pull_request' - - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} : merge commit ${{ github.merge_commit_sha }} )" uses: actions/checkout@v2 - name: > Event: ${{ github.event_name }} @@ -123,7 +111,6 @@ jobs: Branch: ${{ github.head_ref }} Run id: ${{ github.run_id }} Sha: ${{ github.sha }} - Merge commit sha: ${{ github.merge_commit_sha }} Ref: ${{ github.ref }} run: printenv - name: Set wait for image @@ -164,7 +151,7 @@ jobs: env: BACKEND: sqlite steps: - - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} : merge commit ${{ github.merge_commit_sha }} )" + - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" uses: actions/checkout@v2 if: needs.build-info.outputs.waitForImage == 'true' - name: "Setup python" @@ -199,7 +186,7 @@ jobs: PYTHON_MAJOR_MINOR_VERSION: ${{needs.build-info.outputs.defaultPythonVersion}} if: needs.build-info.outputs.basic-checks-only == 'false' steps: - - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} : merge commit ${{ github.merge_commit_sha }} )" + - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" uses: actions/checkout@v2 - name: "Setup python" uses: actions/setup-python@v2 @@ -267,7 +254,7 @@ jobs: needs: [build-info, ci-images] if: needs.build-info.outputs.docs-build == 'true' steps: - - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} : merge commit ${{ github.merge_commit_sha }})" + - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" uses: actions/checkout@v2 - name: "Prepare CI image ${{env.PYTHON_MAJOR_MINOR_VERSION}}:${{ env.GITHUB_REGISTRY_PULL_IMAGE_TAG }}" run: ./scripts/ci/images/ci_prepare_ci_image_on_ci.sh @@ -348,7 +335,7 @@ jobs: TEST_TYPE: "" if: needs.build-info.outputs.run-tests == 'true' steps: - - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} : merge commit ${{ github.merge_commit_sha }})" + - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" uses: actions/checkout@v2 - name: "Setup python" uses: actions/setup-python@v2 @@ -400,7 +387,7 @@ jobs: TEST_TYPE: "" if: needs.build-info.outputs.run-tests == 'true' steps: - - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} : merge commit ${{ github.merge_commit_sha }})" + - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" uses: actions/checkout@v2 - name: "Setup python" uses: actions/setup-python@v2 @@ -449,7 +436,7 @@ jobs: TEST_TYPE: "" if: needs.build-info.outputs.run-tests == 'true' steps: - - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} : merge commit ${{ github.merge_commit_sha }})" + - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" uses: actions/checkout@v2 - name: "Setup python" uses: actions/setup-python@v2 @@ -503,7 +490,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} if: needs.build-info.outputs.run-tests == 'true' steps: - - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} : merge commit ${{ github.merge_commit_sha }})" + - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" uses: actions/checkout@v2 - name: "Setup python" uses: actions/setup-python@v2 @@ -628,7 +615,7 @@ jobs: HELM_VERSION: "${{ needs.build-info.outputs.defaultHelmVersion }}" if: needs.build-info.outputs.run-kubernetes-tests == 'true' steps: - - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} : merge commit ${{ github.merge_commit_sha }})" + - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" uses: actions/checkout@v2 - name: "Setup python" uses: actions/setup-python@v2 @@ -736,7 +723,7 @@ jobs: PYTHON_MAJOR_MINOR_VERSION: ${{ matrix.python-version }} GITHUB_REGISTRY_PUSH_IMAGE_TAG: "latest" steps: - - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} : merge commit ${{ github.merge_commit_sha }})" + - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" uses: actions/checkout@v2 - name: "Setup python" uses: actions/setup-python@v2 @@ -764,7 +751,7 @@ jobs: PYTHON_MAJOR_MINOR_VERSION: ${{ matrix.python-version }} if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/v1-10-test' steps: - - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} : merge commit ${{ github.merge_commit_sha }})" + - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" uses: actions/checkout@v2 - name: "Setup python" uses: actions/setup-python@v2 @@ -790,7 +777,6 @@ jobs: - build-info - constraints - static-checks - - static-checks-pylint - tests-sqlite - tests-mysql - tests-postgres @@ -814,7 +800,7 @@ jobs: - name: "Commit changed constraint files for ${{needs.build-info.outputs.pythonVersions}}" run: ./scripts/ci/constraints/ci_commit_constraints.sh - name: "Push changes" - uses: ad-m/github-push-action@master + uses: ad-m/github-push-action@40bf560936a8022e68a3c00e7d2abefaf01305a6 # v0.6.0 with: github_token: ${{ secrets.GITHUB_TOKEN }} branch: ${{ steps.constraints-branch.outputs.branch }} diff --git a/.github/workflows/label_when_reviewed_workflow_run.yml b/.github/workflows/label_when_reviewed_workflow_run.yml index c2359c8..f943609 100644 --- a/.github/workflows/label_when_reviewed_workflow_run.yml +++ b/.github/workflows/label_when_reviewed_workflow_run.yml @@ -30,7 +30,7 @@ jobs: labelSet: ${{ steps.label-when-reviewed.outputs.labelSet }} steps: - name: "Get information about the original trigger of the run" - uses: potiuk/get-workflow-origin@2ef0b065db6b688a2231f8a7f464df1aac254328 # v1_2 + uses: potiuk/get-workflow-origin@588cc14f9f1cdf1b8be3db816855e96422204fec # v1_3 id: source-run-info with: token: ${{ secrets.GITHUB_TOKEN }}
