From 980748662e207e45038ea7041b1cbec3ea64a6d6 Mon Sep 17 00:00:00 2001 From: Saga4 Date: Thu, 10 Apr 2025 11:35:45 +0530 Subject: [PATCH 1/2] fix PR approved state --- .github/workflows/codeflash-optimize.yaml | 23 ++++++++++------ ...-to-end-test-bubblesort-pytest-no-git.yaml | 23 ++++++++++------ .../end-to-end-test-bubblesort-unittest.yaml | 23 ++++++++++------ .../workflows/end-to-end-test-coverage.yaml | 23 ++++++++++------ .../end-to-end-test-futurehouse.yaml | 23 ++++++++++------ .../workflows/end-to-end-test-init-optim.yaml | 23 ++++++++++------ .../end-to-end-test-tracer-replay.yaml | 23 ++++++++++------ .../end-to-end-topological-sort-test.yaml | 26 +++++++++++-------- 8 files changed, 120 insertions(+), 67 deletions(-) diff --git a/.github/workflows/codeflash-optimize.yaml b/.github/workflows/codeflash-optimize.yaml index 2e619dd4d..bdfab8c25 100644 --- a/.github/workflows/codeflash-optimize.yaml +++ b/.github/workflows/codeflash-optimize.yaml @@ -29,18 +29,25 @@ jobs: fetch-depth: 0 - name: Validate PR run: | - # Checking for any workflow changes for security risks - if git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -q "^.github/workflows/"; then - echo "Workflow changes detected." + # Check for any workflow changes + if git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.sha }}" | grep -q "^.github/workflows/"; then + echo "⚠️ Workflow changes detected." - # Check if the PR author is allowed + # Get the PR author AUTHOR="${{ github.event.pull_request.user.login }}" - if [[ "$AUTHOR" != "misrasaurabh1" && "$AUTHOR" != "KRRT7" ]]; then - echo "Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." - exit 1 + echo "PR Author: $AUTHOR" + + # Allowlist check + if [[ "$AUTHOR" == "misrasaurabh1" || "$AUTHOR" == "KRRT7" ]]; then + echo "✅ Authorized user ($AUTHOR). Proceeding." + elif [[ "${{ github.event_name }}" == "pull_request_target" && "${{ github.event.pull_request.state }}" == "open" ]]; then + echo "✅ PR triggered by 'pull_request_target' and is open. Assuming protection rules are in place. Proceeding." else - echo "Authorized user ($AUTHOR). Proceeding." + echo "⛔ Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." + exit 1 fi + else + echo "✅ No workflow file changes detected. Proceeding." fi - name: 🐍 Set up Python 3.11 for CLI diff --git a/.github/workflows/end-to-end-test-bubblesort-pytest-no-git.yaml b/.github/workflows/end-to-end-test-bubblesort-pytest-no-git.yaml index e8fb9947e..ef0dc5149 100644 --- a/.github/workflows/end-to-end-test-bubblesort-pytest-no-git.yaml +++ b/.github/workflows/end-to-end-test-bubblesort-pytest-no-git.yaml @@ -24,18 +24,25 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} - name: Validate PR run: | - # Checking for any workflow changes for security risks - if git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -q "^.github/workflows/"; then - echo "Workflow changes detected." + # Check for any workflow changes + if git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.sha }}" | grep -q "^.github/workflows/"; then + echo "⚠️ Workflow changes detected." - # Check if the PR author is allowed + # Get the PR author AUTHOR="${{ github.event.pull_request.user.login }}" - if [[ "$AUTHOR" != "misrasaurabh1" && "$AUTHOR" != "KRRT7" ]]; then - echo "Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." - exit 1 + echo "PR Author: $AUTHOR" + + # Allowlist check + if [[ "$AUTHOR" == "misrasaurabh1" || "$AUTHOR" == "KRRT7" ]]; then + echo "✅ Authorized user ($AUTHOR). Proceeding." + elif [[ "${{ github.event_name }}" == "pull_request_target" && "${{ github.event.pull_request.state }}" == "open" ]]; then + echo "✅ PR triggered by 'pull_request_target' and is open. Assuming protection rules are in place. Proceeding." else - echo "Authorized user ($AUTHOR). Proceeding." + echo "⛔ Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." + exit 1 fi + else + echo "✅ No workflow file changes detected. Proceeding." fi - name: Set up Python 3.11 for CLI diff --git a/.github/workflows/end-to-end-test-bubblesort-unittest.yaml b/.github/workflows/end-to-end-test-bubblesort-unittest.yaml index d0fd8a8e6..e8c367ee2 100644 --- a/.github/workflows/end-to-end-test-bubblesort-unittest.yaml +++ b/.github/workflows/end-to-end-test-bubblesort-unittest.yaml @@ -24,18 +24,25 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} - name: Validate PR run: | - # Checking for any workflow changes for security risks - if git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -q "^.github/workflows/"; then - echo "Workflow changes detected." + # Check for any workflow changes + if git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.sha }}" | grep -q "^.github/workflows/"; then + echo "⚠️ Workflow changes detected." - # Check if the PR author is allowed + # Get the PR author AUTHOR="${{ github.event.pull_request.user.login }}" - if [[ "$AUTHOR" != "misrasaurabh1" && "$AUTHOR" != "KRRT7" ]]; then - echo "Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." - exit 1 + echo "PR Author: $AUTHOR" + + # Allowlist check + if [[ "$AUTHOR" == "misrasaurabh1" || "$AUTHOR" == "KRRT7" ]]; then + echo "✅ Authorized user ($AUTHOR). Proceeding." + elif [[ "${{ github.event_name }}" == "pull_request_target" && "${{ github.event.pull_request.state }}" == "open" ]]; then + echo "✅ PR triggered by 'pull_request_target' and is open. Assuming protection rules are in place. Proceeding." else - echo "Authorized user ($AUTHOR). Proceeding." + echo "⛔ Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." + exit 1 fi + else + echo "✅ No workflow file changes detected. Proceeding." fi - name: Set up Python 3.11 for CLI diff --git a/.github/workflows/end-to-end-test-coverage.yaml b/.github/workflows/end-to-end-test-coverage.yaml index aeb62787b..5bdbde9e6 100644 --- a/.github/workflows/end-to-end-test-coverage.yaml +++ b/.github/workflows/end-to-end-test-coverage.yaml @@ -22,18 +22,25 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} - name: Validate PR run: | - # Checking for any workflow changes for security risks - if git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -q "^.github/workflows/"; then - echo "Workflow changes detected." + # Check for any workflow changes + if git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.sha }}" | grep -q "^.github/workflows/"; then + echo "⚠️ Workflow changes detected." - # Check if the PR author is allowed + # Get the PR author AUTHOR="${{ github.event.pull_request.user.login }}" - if [[ "$AUTHOR" != "misrasaurabh1" && "$AUTHOR" != "KRRT7" ]]; then - echo "Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." - exit 1 + echo "PR Author: $AUTHOR" + + # Allowlist check + if [[ "$AUTHOR" == "misrasaurabh1" || "$AUTHOR" == "KRRT7" ]]; then + echo "✅ Authorized user ($AUTHOR). Proceeding." + elif [[ "${{ github.event_name }}" == "pull_request_target" && "${{ github.event.pull_request.state }}" == "open" ]]; then + echo "✅ PR triggered by 'pull_request_target' and is open. Assuming protection rules are in place. Proceeding." else - echo "Authorized user ($AUTHOR). Proceeding." + echo "⛔ Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." + exit 1 fi + else + echo "✅ No workflow file changes detected. Proceeding." fi - name: Set up Python 3.11 for CLI diff --git a/.github/workflows/end-to-end-test-futurehouse.yaml b/.github/workflows/end-to-end-test-futurehouse.yaml index 7fb7ea2bc..86b654152 100644 --- a/.github/workflows/end-to-end-test-futurehouse.yaml +++ b/.github/workflows/end-to-end-test-futurehouse.yaml @@ -24,18 +24,25 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} - name: Validate PR run: | - # Checking for any workflow changes for security risks - if git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -q "^.github/workflows/"; then - echo "Workflow changes detected." + # Check for any workflow changes + if git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.sha }}" | grep -q "^.github/workflows/"; then + echo "⚠️ Workflow changes detected." - # Check if the PR author is allowed + # Get the PR author AUTHOR="${{ github.event.pull_request.user.login }}" - if [[ "$AUTHOR" != "misrasaurabh1" && "$AUTHOR" != "KRRT7" ]]; then - echo "Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." - exit 1 + echo "PR Author: $AUTHOR" + + # Allowlist check + if [[ "$AUTHOR" == "misrasaurabh1" || "$AUTHOR" == "KRRT7" ]]; then + echo "✅ Authorized user ($AUTHOR). Proceeding." + elif [[ "${{ github.event_name }}" == "pull_request_target" && "${{ github.event.pull_request.state }}" == "open" ]]; then + echo "✅ PR triggered by 'pull_request_target' and is open. Assuming protection rules are in place. Proceeding." else - echo "Authorized user ($AUTHOR). Proceeding." + echo "⛔ Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." + exit 1 fi + else + echo "✅ No workflow file changes detected. Proceeding." fi - name: Set up Python 3.11 for CLI diff --git a/.github/workflows/end-to-end-test-init-optim.yaml b/.github/workflows/end-to-end-test-init-optim.yaml index 24f563840..9e35d171f 100644 --- a/.github/workflows/end-to-end-test-init-optim.yaml +++ b/.github/workflows/end-to-end-test-init-optim.yaml @@ -24,18 +24,25 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} - name: Validate PR run: | - # Checking for any workflow changes for security risks - if git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -q "^.github/workflows/"; then - echo "Workflow changes detected." + # Check for any workflow changes + if git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.sha }}" | grep -q "^.github/workflows/"; then + echo "⚠️ Workflow changes detected." - # Check if the PR author is allowed + # Get the PR author AUTHOR="${{ github.event.pull_request.user.login }}" - if [[ "$AUTHOR" != "misrasaurabh1" && "$AUTHOR" != "KRRT7" ]]; then - echo "Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." - exit 1 + echo "PR Author: $AUTHOR" + + # Allowlist check + if [[ "$AUTHOR" == "misrasaurabh1" || "$AUTHOR" == "KRRT7" ]]; then + echo "✅ Authorized user ($AUTHOR). Proceeding." + elif [[ "${{ github.event_name }}" == "pull_request_target" && "${{ github.event.pull_request.state }}" == "open" ]]; then + echo "✅ PR triggered by 'pull_request_target' and is open. Assuming protection rules are in place. Proceeding." else - echo "Authorized user ($AUTHOR). Proceeding." + echo "⛔ Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." + exit 1 fi + else + echo "✅ No workflow file changes detected. Proceeding." fi - name: Set up Python 3.11 for CLI diff --git a/.github/workflows/end-to-end-test-tracer-replay.yaml b/.github/workflows/end-to-end-test-tracer-replay.yaml index 853e73341..e999b8f32 100644 --- a/.github/workflows/end-to-end-test-tracer-replay.yaml +++ b/.github/workflows/end-to-end-test-tracer-replay.yaml @@ -24,18 +24,25 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} - name: Validate PR run: | - # Checking for any workflow changes for security risks - if git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -q "^.github/workflows/"; then - echo "Workflow changes detected." + # Check for any workflow changes + if git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.sha }}" | grep -q "^.github/workflows/"; then + echo "⚠️ Workflow changes detected." - # Check if the PR author is allowed + # Get the PR author AUTHOR="${{ github.event.pull_request.user.login }}" - if [[ "$AUTHOR" != "misrasaurabh1" && "$AUTHOR" != "KRRT7" ]]; then - echo "Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." - exit 1 + echo "PR Author: $AUTHOR" + + # Allowlist check + if [[ "$AUTHOR" == "misrasaurabh1" || "$AUTHOR" == "KRRT7" ]]; then + echo "✅ Authorized user ($AUTHOR). Proceeding." + elif [[ "${{ github.event_name }}" == "pull_request_target" && "${{ github.event.pull_request.state }}" == "open" ]]; then + echo "✅ PR triggered by 'pull_request_target' and is open. Assuming protection rules are in place. Proceeding." else - echo "Authorized user ($AUTHOR). Proceeding." + echo "⛔ Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." + exit 1 fi + else + echo "✅ No workflow file changes detected. Proceeding." fi diff --git a/.github/workflows/end-to-end-topological-sort-test.yaml b/.github/workflows/end-to-end-topological-sort-test.yaml index 6ead46031..f580543ac 100644 --- a/.github/workflows/end-to-end-topological-sort-test.yaml +++ b/.github/workflows/end-to-end-topological-sort-test.yaml @@ -24,21 +24,25 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} - name: Validate PR run: | - # Checking for any workflow changes for security risks - if git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -q "^.github/workflows/"; then - echo "Workflow changes detected." + # Check for any workflow changes + if git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.sha }}" | grep -q "^.github/workflows/"; then + echo "⚠️ Workflow changes detected." - # Check if the PR author is allowed + # Get the PR author AUTHOR="${{ github.event.pull_request.user.login }}" - if [[ "$AUTHOR" != "misrasaurabh1" && "$AUTHOR" != "KRRT7" ]]; then - echo "Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." - exit 1 + echo "PR Author: $AUTHOR" + + # Allowlist check + if [[ "$AUTHOR" == "misrasaurabh1" || "$AUTHOR" == "KRRT7" ]]; then + echo "✅ Authorized user ($AUTHOR). Proceeding." + elif [[ "${{ github.event_name }}" == "pull_request_target" && "${{ github.event.pull_request.state }}" == "open" ]]; then + echo "✅ PR triggered by 'pull_request_target' and is open. Assuming protection rules are in place. Proceeding." else - echo "Authorized user ($AUTHOR). Proceeding." + echo "⛔ Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." + exit 1 fi - fiif git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} | grep -q "end-to-end-topological-sort-test.yaml"; then - echo "This workflow file has been modified. Exiting for security." - exit 1 + else + echo "✅ No workflow file changes detected. Proceeding." fi - name: Set up Python 3.11 for CLI From edaede16425feb53c8a2e0fadccbfbcea700a69a Mon Sep 17 00:00:00 2001 From: Saga4 Date: Thu, 10 Apr 2025 21:00:23 +0530 Subject: [PATCH 2/2] fix topological sort wf --- .github/workflows/end-to-end-topological-sort-test.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/end-to-end-topological-sort-test.yaml b/.github/workflows/end-to-end-topological-sort-test.yaml index f580543ac..e8a1ac519 100644 --- a/.github/workflows/end-to-end-topological-sort-test.yaml +++ b/.github/workflows/end-to-end-topological-sort-test.yaml @@ -22,16 +22,15 @@ jobs: with: fetch-depth: 0 token: ${{ secrets.GITHUB_TOKEN }} + - name: Validate PR run: | # Check for any workflow changes if git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.sha }}" | grep -q "^.github/workflows/"; then echo "⚠️ Workflow changes detected." - # Get the PR author AUTHOR="${{ github.event.pull_request.user.login }}" echo "PR Author: $AUTHOR" - # Allowlist check if [[ "$AUTHOR" == "misrasaurabh1" || "$AUTHOR" == "KRRT7" ]]; then echo "✅ Authorized user ($AUTHOR). Proceeding."