From 165b7c6805ba0c5d3b233fe27ed40a14a03a1745 Mon Sep 17 00:00:00 2001 From: Hibariya Date: Sat, 11 Mar 2023 17:24:35 +0900 Subject: [PATCH 1/3] Abort if the person who triggered the CI is not a maintainer --- .github/workflows/ci.yml | 44 ++++++++++++++++++++++++++++++++++------ 1 file changed, 38 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 318e8b5da5..7bdfb9ec17 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -2,30 +2,52 @@ name: CI on: push: branches: - - '**' - - '!dependabot/**' - pull_request: - # NOTE: does not work for some reasons - # branches: - # - 'dependabot/**' + - 'main' + pull_request_target: env: STRIPE_PUBLISHABLE_KEY: ${{ secrets.TEST_STRIPE_PUBLISHABLE_KEY }} STRIPE_SECRET_KEY: ${{ secrets.TEST_STRIPE_SECRET_KEY }} COMPOSE_FILE: docker-compose.yml:docker-compose.playwright.yml + MAINTAINERS: | + cecilphillip-stripe + charliegerard-stripe + cjavilla-stripe + dependabot[bot] + erinkavanaugh-stripe + hideokamoto-stripe + kevinpeters-stripe + paulasjes-stripe + thorsten-stripe concurrency: group: ci-${{ github.ref }} cancel-in-progress: true jobs: + require-permission: + runs-on: ubuntu-latest + steps: + - name: 'check if the triggering actor is one of the maintainers' + run: | + while read item; do + if [[ "$item" == "${{ github.triggering_actor }}" ]]; then + exit # safe to run tests with write permission + fi + done <<< "$MAINTAINERS" + + echo 'CI have to be re-run by one of the $MAINTAINERS' >> $GITHUB_STEP_SUMMARY + exit 1 + changed_files: runs-on: ubuntu-latest + needs: require-permission outputs: files: ${{ steps.diff.outputs.files }} steps: - uses: actions/checkout@v3 with: + ref: ${{ github.event.after || github.event.pull_request.head.sha }} fetch-depth: 0 - name: 'Collect changed files' @@ -96,6 +118,8 @@ jobs: - uses: actions/checkout@v3 if: ${{ steps.if_running.outputs.running }} + with: + ref: ${{ github.event.after || github.event.pull_request.head.sha }} - uses: actions/checkout@v3 if: ${{ steps.if_running.outputs.running }} @@ -177,6 +201,8 @@ jobs: - uses: actions/checkout@v3 if: ${{ steps.if_running.outputs.running }} + with: + ref: ${{ github.event.after || github.event.pull_request.head.sha }} - uses: actions/checkout@v3 if: ${{ steps.if_running.outputs.running }} @@ -254,6 +280,8 @@ jobs: - uses: actions/checkout@v3 if: ${{ steps.if_running.outputs.running }} + with: + ref: ${{ github.event.after || github.event.pull_request.head.sha }} - uses: actions/checkout@v3 if: ${{ steps.if_running.outputs.running }} @@ -317,6 +345,8 @@ jobs: - uses: actions/checkout@v3 if: ${{ steps.if_running.outputs.running }} + with: + ref: ${{ github.event.after || github.event.pull_request.head.sha }} - name: Build if: ${{ steps.if_running.outputs.running }} @@ -339,6 +369,8 @@ jobs: - uses: actions/checkout@v3 if: ${{ steps.if_running.outputs.running }} + with: + ref: ${{ github.event.after || github.event.pull_request.head.sha }} - name: Build if: ${{ steps.if_running.outputs.running }} From adf3e0594e592bd778367e2f37d232d88f4f16a5 Mon Sep 17 00:00:00 2001 From: Hibariya Date: Sun, 12 Mar 2023 12:17:25 +0900 Subject: [PATCH 2/3] Use the topic branch if its pull request exists --- .github/workflows/ci.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7bdfb9ec17..27defc08a8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -21,7 +21,7 @@ env: thorsten-stripe concurrency: - group: ci-${{ github.ref }} + group: ci-${{ github.event.pull_request.head.ref || github.ref }} cancel-in-progress: true jobs: @@ -111,7 +111,7 @@ jobs: run: | prefix="${{ matrix.target.sample }}/server/${{ matrix.runtime.server_type }}" - if [[ "${{ github.ref }}" = "refs/heads/main" ]] || \ + if [[ "${{ github.event.pull_request.head.ref || github.ref }}" = "refs/heads/main" ]] || \ [[ $(echo "${{ needs.changed_files.outputs.files }}" | grep -E "^${prefix}") ]] then echo 'running=true' >> $GITHUB_OUTPUT fi @@ -194,7 +194,7 @@ jobs: run: | prefix="${{ matrix.target.sample }}/client/${{ matrix.implementation.client_type }}" - if [[ "${{ github.ref }}" = "refs/heads/main" ]] || \ + if [[ "${{ github.event.pull_request.head.ref || github.ref }}" = "refs/heads/main" ]] || \ [[ $(echo "${{ needs.changed_files.outputs.files }}" | grep -E "^${prefix}") ]] then echo 'running=true' >> $GITHUB_OUTPUT fi @@ -273,7 +273,7 @@ jobs: run: | prefix="${{ matrix.target.sample }}/client/${{ matrix.implementation.client_type }}" - if [[ "${{ github.ref }}" = "refs/heads/main" ]] || \ + if [[ "${{ github.event.pull_request.head.ref || github.ref }}" = "refs/heads/main" ]] || \ [[ $(echo "${{ needs.changed_files.outputs.files }}" | grep -E "^${prefix}") ]] then echo 'running=true' >> $GITHUB_OUTPUT fi @@ -338,7 +338,7 @@ jobs: run: | prefix="custom-payment-flow/client/android-kotlin" - if [[ "${{ github.ref }}" = "refs/heads/main" ]] || \ + if [[ "${{ github.event.pull_request.head.ref || github.ref }}" = "refs/heads/main" ]] || \ [[ $(echo "${{ needs.changed_files.outputs.files }}" | grep -E "^${prefix}") ]] then echo 'running=true' >> $GITHUB_OUTPUT fi @@ -362,7 +362,7 @@ jobs: run: | prefix="custom-payment-flow/client/ios-swiftui" - if [[ "${{ github.ref }}" = "refs/heads/main" ]] || \ + if [[ "${{ github.event.pull_request.head.ref || github.ref }}" = "refs/heads/main" ]] || \ [[ $(echo "${{ needs.changed_files.outputs.files }}" | grep -E "^${prefix}") ]] then echo 'running=true' >> $GITHUB_OUTPUT fi From 7723987bd7e5544fc5c06dff58fed75268c43a76 Mon Sep 17 00:00:00 2001 From: Hibariya Date: Thu, 25 May 2023 18:21:15 +0900 Subject: [PATCH 3/3] Update ci.yml --- .github/workflows/ci.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 27defc08a8..a51fc940fd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,13 +12,11 @@ env: MAINTAINERS: | cecilphillip-stripe charliegerard-stripe - cjavilla-stripe dependabot[bot] erinkavanaugh-stripe hideokamoto-stripe kevinpeters-stripe paulasjes-stripe - thorsten-stripe concurrency: group: ci-${{ github.event.pull_request.head.ref || github.ref }}