From 1687512641e8cd2e74b476649d58ac250248ae1c Mon Sep 17 00:00:00 2001 From: Saga4 Date: Sat, 12 Apr 2025 00:16:23 +0530 Subject: [PATCH] recieve request only when workflow file changed --- .github/workflows/codeflash-optimize.yaml | 14 ++++++++++---- .../end-to-end-test-bubblesort-pytest-no-git.yaml | 11 +++++++++-- .../end-to-end-test-bubblesort-unittest.yaml | 11 +++++++++-- .github/workflows/end-to-end-test-coverage.yaml | 11 +++++++++-- .github/workflows/end-to-end-test-futurehouse.yaml | 11 +++++++++-- .github/workflows/end-to-end-test-init-optim.yaml | 11 +++++++++-- .../workflows/end-to-end-test-tracer-replay.yaml | 11 +++++++++-- .../end-to-end-topological-sort-test.yaml | 9 ++++++++- 8 files changed, 72 insertions(+), 17 deletions(-) diff --git a/.github/workflows/codeflash-optimize.yaml b/.github/workflows/codeflash-optimize.yaml index ab2453154..df4fef892 100644 --- a/.github/workflows/codeflash-optimize.yaml +++ b/.github/workflows/codeflash-optimize.yaml @@ -1,7 +1,6 @@ name: CodeFlash on: - # Use pull_request_target for everything to ensure access to secrets pull_request_target: paths: - '**' # Trigger for all paths @@ -15,7 +14,14 @@ concurrency: jobs: optimize: name: Optimize new Python code - environment: external-trusted-contributors + # Dynamically determine if environment is needed only when workflow files change and contributor is external + environment: ${{ + github.event_name == 'workflow_dispatch' || + contains(toJSON(github.event.pull_request.files.*.filename), '.github/workflows/') && + github.event.pull_request.user.login != 'misrasaurabh1' && + github.event.pull_request.user.login != 'KRRT7' + ? 'external-trusted-contributors' : '' + }} if: ${{ github.actor != 'codeflash-ai[bot]' }} runs-on: ubuntu-latest env: @@ -42,8 +48,8 @@ jobs: # Allowlist check if [[ "$AUTHOR" == "misrasaurabh1" || "$AUTHOR" == "KRRT7" ]]; then echo "✅ Authorized user ($AUTHOR). Proceeding." - elif [[ "${{ github.event_name }}" == "pull_request_target" && "${{ github.event.pull_request.state }}" == "open" ]]; then - echo "✅ PR triggered by 'pull_request_target' and is open. Assuming protection rules are in place. Proceeding." + elif [[ "${{ github.event.pull_request.state }}" == "open" ]]; then + echo "✅ PR is open. Proceeding with appropriate protections." else echo "⛔ Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." exit 1 diff --git a/.github/workflows/end-to-end-test-bubblesort-pytest-no-git.yaml b/.github/workflows/end-to-end-test-bubblesort-pytest-no-git.yaml index a5d6ad42d..d03ae9085 100644 --- a/.github/workflows/end-to-end-test-bubblesort-pytest-no-git.yaml +++ b/.github/workflows/end-to-end-test-bubblesort-pytest-no-git.yaml @@ -10,7 +10,14 @@ on: jobs: bubble-sort-optimization-pytest-no-git: - environment: external-trusted-contributors + # Dynamically determine if environment is needed only when workflow files change and contributor is external + environment: ${{ + github.event_name == 'workflow_dispatch' || + contains(toJSON(github.event.pull_request.files.*.filename), '.github/workflows/') && + github.event.pull_request.user.login != 'misrasaurabh1' && + github.event.pull_request.user.login != 'KRRT7' + ? 'external-trusted-contributors': '' + }} runs-on: ubuntu-latest env: CODEFLASH_AIS_SERVER: prod @@ -39,7 +46,7 @@ jobs: # Allowlist check if [[ "$AUTHOR" == "misrasaurabh1" || "$AUTHOR" == "KRRT7" ]]; then echo "✅ Authorized user ($AUTHOR). Proceeding." - elif [[ "${{ github.event_name }}" == "pull_request_target" && "${{ github.event.pull_request.state }}" == "open" ]]; then + elif [[ "${{ github.event.pull_request.state }}" == "open" ]]; then echo "✅ PR triggered by 'pull_request_target' and is open. Assuming protection rules are in place. Proceeding." else echo "⛔ Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." diff --git a/.github/workflows/end-to-end-test-bubblesort-unittest.yaml b/.github/workflows/end-to-end-test-bubblesort-unittest.yaml index 521bc41d4..4ff2d4f1e 100644 --- a/.github/workflows/end-to-end-test-bubblesort-unittest.yaml +++ b/.github/workflows/end-to-end-test-bubblesort-unittest.yaml @@ -10,7 +10,14 @@ on: jobs: bubble-sort-optimization-unittest: - environment: external-trusted-contributors + # Dynamically determine if environment is needed only when workflow files change and contributor is external + environment: ${{ + github.event_name == 'workflow_dispatch' || + contains(toJSON(github.event.pull_request.files.*.filename), '.github/workflows/') && + github.event.pull_request.user.login != 'misrasaurabh1' && + github.event.pull_request.user.login != 'KRRT7' + ? 'external-trusted-contributors': '' + }} runs-on: ubuntu-latest env: CODEFLASH_AIS_SERVER: prod @@ -39,7 +46,7 @@ jobs: # Allowlist check if [[ "$AUTHOR" == "misrasaurabh1" || "$AUTHOR" == "KRRT7" ]]; then echo "✅ Authorized user ($AUTHOR). Proceeding." - elif [[ "${{ github.event_name }}" == "pull_request_target" && "${{ github.event.pull_request.state }}" == "open" ]]; then + elif [["${{ github.event.pull_request.state }}" == "open" ]]; then echo "✅ PR triggered by 'pull_request_target' and is open. Assuming protection rules are in place. Proceeding." else echo "⛔ Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." diff --git a/.github/workflows/end-to-end-test-coverage.yaml b/.github/workflows/end-to-end-test-coverage.yaml index 93ffb4b46..23117a797 100644 --- a/.github/workflows/end-to-end-test-coverage.yaml +++ b/.github/workflows/end-to-end-test-coverage.yaml @@ -10,7 +10,14 @@ on: jobs: end-to-end-test-coverage: - environment: external-trusted-contributors + # Dynamically determine if environment is needed only when workflow files change and contributor is external + environment: ${{ + github.event_name == 'workflow_dispatch' || + contains(toJSON(github.event.pull_request.files.*.filename), '.github/workflows/') && + github.event.pull_request.user.login != 'misrasaurabh1' && + github.event.pull_request.user.login != 'KRRT7' + ? 'external-trusted-contributors': '' + }} runs-on: ubuntu-latest env: CODEFLASH_AIS_SERVER: prod @@ -37,7 +44,7 @@ jobs: # Allowlist check if [[ "$AUTHOR" == "misrasaurabh1" || "$AUTHOR" == "KRRT7" ]]; then echo "✅ Authorized user ($AUTHOR). Proceeding." - elif [[ "${{ github.event_name }}" == "pull_request_target" && "${{ github.event.pull_request.state }}" == "open" ]]; then + elif [["${{ github.event.pull_request.state }}" == "open" ]]; then echo "✅ PR triggered by 'pull_request_target' and is open. Assuming protection rules are in place. Proceeding." else echo "⛔ Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." diff --git a/.github/workflows/end-to-end-test-futurehouse.yaml b/.github/workflows/end-to-end-test-futurehouse.yaml index 349753bf3..af4b9a3a8 100644 --- a/.github/workflows/end-to-end-test-futurehouse.yaml +++ b/.github/workflows/end-to-end-test-futurehouse.yaml @@ -10,7 +10,14 @@ on: jobs: futurehouse-structure: - environment: external-trusted-contributors + # Dynamically determine if environment is needed only when workflow files change and contributor is external + environment: ${{ + github.event_name == 'workflow_dispatch' || + contains(toJSON(github.event.pull_request.files.*.filename), '.github/workflows/') && + github.event.pull_request.user.login != 'misrasaurabh1' && + github.event.pull_request.user.login != 'KRRT7' + ? 'external-trusted-contributors': '' + }} runs-on: ubuntu-latest env: CODEFLASH_AIS_SERVER: prod @@ -39,7 +46,7 @@ jobs: # Allowlist check if [[ "$AUTHOR" == "misrasaurabh1" || "$AUTHOR" == "KRRT7" ]]; then echo "✅ Authorized user ($AUTHOR). Proceeding." - elif [[ "${{ github.event_name }}" == "pull_request_target" && "${{ github.event.pull_request.state }}" == "open" ]]; then + elif [["${{ github.event.pull_request.state }}" == "open" ]]; then echo "✅ PR triggered by 'pull_request_target' and is open. Assuming protection rules are in place. Proceeding." else echo "⛔ Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." diff --git a/.github/workflows/end-to-end-test-init-optim.yaml b/.github/workflows/end-to-end-test-init-optim.yaml index f3c1f7a4c..69a3a8dee 100644 --- a/.github/workflows/end-to-end-test-init-optim.yaml +++ b/.github/workflows/end-to-end-test-init-optim.yaml @@ -9,7 +9,14 @@ on: jobs: init-optimization: - environment: external-trusted-contributors + # Dynamically determine if environment is needed only when workflow files change and contributor is external + environment: ${{ + github.event_name == 'workflow_dispatch' || + contains(toJSON(github.event.pull_request.files.*.filename), '.github/workflows/') && + github.event.pull_request.user.login != 'misrasaurabh1' && + github.event.pull_request.user.login != 'KRRT7' + ? 'external-trusted-contributors': '' + }} runs-on: ubuntu-latest env: CODEFLASH_AIS_SERVER: prod @@ -38,7 +45,7 @@ jobs: # Allowlist check if [[ "$AUTHOR" == "misrasaurabh1" || "$AUTHOR" == "KRRT7" ]]; then echo "✅ Authorized user ($AUTHOR). Proceeding." - elif [[ "${{ github.event_name }}" == "pull_request_target" && "${{ github.event.pull_request.state }}" == "open" ]]; then + elif [["${{ github.event.pull_request.state }}" == "open" ]]; then echo "✅ PR triggered by 'pull_request_target' and is open. Assuming protection rules are in place. Proceeding." else echo "⛔ Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." diff --git a/.github/workflows/end-to-end-test-tracer-replay.yaml b/.github/workflows/end-to-end-test-tracer-replay.yaml index 82d11b9cd..5dd8f975a 100644 --- a/.github/workflows/end-to-end-test-tracer-replay.yaml +++ b/.github/workflows/end-to-end-test-tracer-replay.yaml @@ -9,7 +9,14 @@ on: jobs: tracer-replay: - environment: external-trusted-contributors + # Dynamically determine if environment is needed only when workflow files change and contributor is external + environment: ${{ + github.event_name == 'workflow_dispatch' || + contains(toJSON(github.event.pull_request.files.*.filename), '.github/workflows/') && + github.event.pull_request.user.login != 'misrasaurabh1' && + github.event.pull_request.user.login != 'KRRT7' + ? 'external-trusted-contributors': '' + }} runs-on: ubuntu-latest env: CODEFLASH_AIS_SERVER: prod @@ -38,7 +45,7 @@ jobs: # Allowlist check if [[ "$AUTHOR" == "misrasaurabh1" || "$AUTHOR" == "KRRT7" ]]; then echo "✅ Authorized user ($AUTHOR). Proceeding." - elif [[ "${{ github.event_name }}" == "pull_request_target" && "${{ github.event.pull_request.state }}" == "open" ]]; then + elif [["${{ github.event.pull_request.state }}" == "open" ]]; then echo "✅ PR triggered by 'pull_request_target' and is open. Assuming protection rules are in place. Proceeding." else echo "⛔ Unauthorized user ($AUTHOR) attempting to modify workflows. Exiting." diff --git a/.github/workflows/end-to-end-topological-sort-test.yaml b/.github/workflows/end-to-end-topological-sort-test.yaml index 0e65c51c6..81ebe31ae 100644 --- a/.github/workflows/end-to-end-topological-sort-test.yaml +++ b/.github/workflows/end-to-end-topological-sort-test.yaml @@ -10,7 +10,14 @@ on: jobs: topological-sort-optimization: - environment: external-trusted-contributors + # Dynamically determine if environment is needed only when workflow files change and contributor is external + environment: ${{ + github.event_name == 'workflow_dispatch' || + contains(toJSON(github.event.pull_request.files.*.filename), '.github/workflows/') && + github.event.pull_request.user.login != 'misrasaurabh1' && + github.event.pull_request.user.login != 'KRRT7' + ? 'external-trusted-contributors': '' + }} runs-on: ubuntu-latest env: CODEFLASH_AIS_SERVER: prod