From 2a6a93a6a74a2078694f91d1ab4d08cfdf352af9 Mon Sep 17 00:00:00 2001 From: Ivana Kellyerova Date: Tue, 7 Nov 2023 15:15:31 +0100 Subject: [PATCH 1/4] Introduce authorize step for external PRs --- .github/workflows/test-common.yml | 1 + .../workflows/test-integration-aiohttp.yml | 1 + .../workflows/test-integration-ariadne.yml | 1 + .github/workflows/test-integration-arq.yml | 1 + .github/workflows/test-integration-asgi.yml | 1 + .../workflows/test-integration-asyncpg.yml | 1 + .../workflows/test-integration-aws_lambda.yml | 13 ++++- .github/workflows/test-integration-beam.yml | 1 + .github/workflows/test-integration-boto3.yml | 1 + .github/workflows/test-integration-bottle.yml | 1 + .github/workflows/test-integration-celery.yml | 1 + .../workflows/test-integration-chalice.yml | 1 + .../test-integration-clickhouse_driver.yml | 1 + ...est-integration-cloud_resource_context.yml | 1 + .github/workflows/test-integration-django.yml | 1 + .github/workflows/test-integration-falcon.yml | 1 + .../workflows/test-integration-fastapi.yml | 1 + .github/workflows/test-integration-flask.yml | 1 + .github/workflows/test-integration-gcp.yml | 1 + .github/workflows/test-integration-gevent.yml | 1 + .github/workflows/test-integration-gql.yml | 1 + .../workflows/test-integration-graphene.yml | 1 + .github/workflows/test-integration-grpc.yml | 1 + .github/workflows/test-integration-httpx.yml | 1 + .github/workflows/test-integration-huey.yml | 1 + .github/workflows/test-integration-loguru.yml | 1 + .../test-integration-opentelemetry.yml | 1 + .../workflows/test-integration-pure_eval.yml | 1 + .../workflows/test-integration-pymongo.yml | 1 + .../workflows/test-integration-pyramid.yml | 1 + .github/workflows/test-integration-quart.yml | 1 + .github/workflows/test-integration-redis.yml | 1 + .../test-integration-rediscluster.yml | 1 + .../workflows/test-integration-requests.yml | 1 + .github/workflows/test-integration-rq.yml | 1 + .github/workflows/test-integration-sanic.yml | 1 + .../workflows/test-integration-sqlalchemy.yml | 1 + .../workflows/test-integration-starlette.yml | 1 + .../workflows/test-integration-starlite.yml | 1 + .../workflows/test-integration-strawberry.yml | 1 + .../workflows/test-integration-tornado.yml | 1 + .../workflows/test-integration-trytond.yml | 1 + scripts/split-tox-gh-actions/ci-yaml.txt | 4 +- .../split-tox-gh-actions.py | 57 ++++++++++++++----- 44 files changed, 98 insertions(+), 17 deletions(-) diff --git a/.github/workflows/test-common.yml b/.github/workflows/test-common.yml index 7204c5d7d7..35bf24387c 100644 --- a/.github/workflows/test-common.yml +++ b/.github/workflows/test-common.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: common, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-aiohttp.yml b/.github/workflows/test-integration-aiohttp.yml index f70d652f2e..002bdbc715 100644 --- a/.github/workflows/test-integration-aiohttp.yml +++ b/.github/workflows/test-integration-aiohttp.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: aiohttp, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-ariadne.yml b/.github/workflows/test-integration-ariadne.yml index 38e0d8271b..054ed19156 100644 --- a/.github/workflows/test-integration-ariadne.yml +++ b/.github/workflows/test-integration-ariadne.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: ariadne, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-arq.yml b/.github/workflows/test-integration-arq.yml index 614e53f390..909fb8f7c8 100644 --- a/.github/workflows/test-integration-arq.yml +++ b/.github/workflows/test-integration-arq.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: arq, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-asgi.yml b/.github/workflows/test-integration-asgi.yml index 9a29398fc2..7ce40e705d 100644 --- a/.github/workflows/test-integration-asgi.yml +++ b/.github/workflows/test-integration-asgi.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: asgi, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-asyncpg.yml b/.github/workflows/test-integration-asyncpg.yml index 4b2ed26671..a6b063a2cf 100644 --- a/.github/workflows/test-integration-asyncpg.yml +++ b/.github/workflows/test-integration-asyncpg.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: asyncpg, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-aws_lambda.yml b/.github/workflows/test-integration-aws_lambda.yml index 385bb4b13a..c5aad9305e 100644 --- a/.github/workflows/test-integration-aws_lambda.yml +++ b/.github/workflows/test-integration-aws_lambda.yml @@ -6,7 +6,7 @@ on: - master - release/** - pull_request: + pull_request_target: # Cancel in progress workflows on pull_requests. # https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-a-fallback-value @@ -25,7 +25,18 @@ env: ${{ github.workspace }}/dist-serverless jobs: + authorize: + name: Require approval + environment: + ${{ github.event_name == 'pull_request_target' && + github.event.pull_request.head.repo.full_name != github.repository && + 'external' || 'internal' }} + runs-on: ubuntu-latest + steps: + - run: true + test: + needs: authorize name: aws_lambda, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} timeout-minutes: 30 diff --git a/.github/workflows/test-integration-beam.yml b/.github/workflows/test-integration-beam.yml index a86d6ccd7d..d6fa0b3461 100644 --- a/.github/workflows/test-integration-beam.yml +++ b/.github/workflows/test-integration-beam.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: beam, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-boto3.yml b/.github/workflows/test-integration-boto3.yml index fb246c899e..ebf1b5a80b 100644 --- a/.github/workflows/test-integration-boto3.yml +++ b/.github/workflows/test-integration-boto3.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: boto3, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-bottle.yml b/.github/workflows/test-integration-bottle.yml index 5bbdcaac53..36053829df 100644 --- a/.github/workflows/test-integration-bottle.yml +++ b/.github/workflows/test-integration-bottle.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: bottle, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-celery.yml b/.github/workflows/test-integration-celery.yml index 71623f0e1e..0c15f4d843 100644 --- a/.github/workflows/test-integration-celery.yml +++ b/.github/workflows/test-integration-celery.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: celery, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-chalice.yml b/.github/workflows/test-integration-chalice.yml index 6615aeb75d..3f6df0fa43 100644 --- a/.github/workflows/test-integration-chalice.yml +++ b/.github/workflows/test-integration-chalice.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: chalice, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-clickhouse_driver.yml b/.github/workflows/test-integration-clickhouse_driver.yml index 30561ab5a1..196ae1044b 100644 --- a/.github/workflows/test-integration-clickhouse_driver.yml +++ b/.github/workflows/test-integration-clickhouse_driver.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: clickhouse_driver, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-cloud_resource_context.yml b/.github/workflows/test-integration-cloud_resource_context.yml index f6140d823c..069a4037f9 100644 --- a/.github/workflows/test-integration-cloud_resource_context.yml +++ b/.github/workflows/test-integration-cloud_resource_context.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: cloud_resource_context, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-django.yml b/.github/workflows/test-integration-django.yml index 819fb70f1a..ee2ff3e292 100644 --- a/.github/workflows/test-integration-django.yml +++ b/.github/workflows/test-integration-django.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: django, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-falcon.yml b/.github/workflows/test-integration-falcon.yml index 09d8ff8d80..f9aa94407a 100644 --- a/.github/workflows/test-integration-falcon.yml +++ b/.github/workflows/test-integration-falcon.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: falcon, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-fastapi.yml b/.github/workflows/test-integration-fastapi.yml index 0a330b1401..78e40d791d 100644 --- a/.github/workflows/test-integration-fastapi.yml +++ b/.github/workflows/test-integration-fastapi.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: fastapi, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-flask.yml b/.github/workflows/test-integration-flask.yml index d716df171d..477c355a02 100644 --- a/.github/workflows/test-integration-flask.yml +++ b/.github/workflows/test-integration-flask.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: flask, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-gcp.yml b/.github/workflows/test-integration-gcp.yml index c6eb4adcc8..ec79ced946 100644 --- a/.github/workflows/test-integration-gcp.yml +++ b/.github/workflows/test-integration-gcp.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: gcp, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-gevent.yml b/.github/workflows/test-integration-gevent.yml index d879f5c2f5..3777e8f91b 100644 --- a/.github/workflows/test-integration-gevent.yml +++ b/.github/workflows/test-integration-gevent.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: gevent, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-gql.yml b/.github/workflows/test-integration-gql.yml index 9ebd5a16b7..b6bf9369bd 100644 --- a/.github/workflows/test-integration-gql.yml +++ b/.github/workflows/test-integration-gql.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: gql, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-graphene.yml b/.github/workflows/test-integration-graphene.yml index 5236731eb0..ece99bb5da 100644 --- a/.github/workflows/test-integration-graphene.yml +++ b/.github/workflows/test-integration-graphene.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: graphene, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-grpc.yml b/.github/workflows/test-integration-grpc.yml index 0e4f48d423..e220bbba3f 100644 --- a/.github/workflows/test-integration-grpc.yml +++ b/.github/workflows/test-integration-grpc.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: grpc, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-httpx.yml b/.github/workflows/test-integration-httpx.yml index 3c67d2370c..e577d8d22c 100644 --- a/.github/workflows/test-integration-httpx.yml +++ b/.github/workflows/test-integration-httpx.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: httpx, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-huey.yml b/.github/workflows/test-integration-huey.yml index db6c5fcbc4..add301ced6 100644 --- a/.github/workflows/test-integration-huey.yml +++ b/.github/workflows/test-integration-huey.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: huey, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-loguru.yml b/.github/workflows/test-integration-loguru.yml index 885b1534f4..3822091519 100644 --- a/.github/workflows/test-integration-loguru.yml +++ b/.github/workflows/test-integration-loguru.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: loguru, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-opentelemetry.yml b/.github/workflows/test-integration-opentelemetry.yml index 5e2722ed49..57a3a93f71 100644 --- a/.github/workflows/test-integration-opentelemetry.yml +++ b/.github/workflows/test-integration-opentelemetry.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: opentelemetry, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-pure_eval.yml b/.github/workflows/test-integration-pure_eval.yml index 30b5f8cc1b..3f3db64183 100644 --- a/.github/workflows/test-integration-pure_eval.yml +++ b/.github/workflows/test-integration-pure_eval.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: pure_eval, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-pymongo.yml b/.github/workflows/test-integration-pymongo.yml index 2a3d7697f2..7e85408f7c 100644 --- a/.github/workflows/test-integration-pymongo.yml +++ b/.github/workflows/test-integration-pymongo.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: pymongo, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-pyramid.yml b/.github/workflows/test-integration-pyramid.yml index 7a4b327b3f..5ff60c6058 100644 --- a/.github/workflows/test-integration-pyramid.yml +++ b/.github/workflows/test-integration-pyramid.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: pyramid, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-quart.yml b/.github/workflows/test-integration-quart.yml index 838683cf9c..f7027c52e9 100644 --- a/.github/workflows/test-integration-quart.yml +++ b/.github/workflows/test-integration-quart.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: quart, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-redis.yml b/.github/workflows/test-integration-redis.yml index 54ad9abe2a..d06cfc5059 100644 --- a/.github/workflows/test-integration-redis.yml +++ b/.github/workflows/test-integration-redis.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: redis, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-rediscluster.yml b/.github/workflows/test-integration-rediscluster.yml index 73ed5c1733..7fc24206d4 100644 --- a/.github/workflows/test-integration-rediscluster.yml +++ b/.github/workflows/test-integration-rediscluster.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: rediscluster, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-requests.yml b/.github/workflows/test-integration-requests.yml index bc8e4a990c..fef4be85fe 100644 --- a/.github/workflows/test-integration-requests.yml +++ b/.github/workflows/test-integration-requests.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: requests, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-rq.yml b/.github/workflows/test-integration-rq.yml index b0812c36e6..c0d846c57c 100644 --- a/.github/workflows/test-integration-rq.yml +++ b/.github/workflows/test-integration-rq.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: rq, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-sanic.yml b/.github/workflows/test-integration-sanic.yml index 27ca05eb6a..4371071fcb 100644 --- a/.github/workflows/test-integration-sanic.yml +++ b/.github/workflows/test-integration-sanic.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: sanic, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-sqlalchemy.yml b/.github/workflows/test-integration-sqlalchemy.yml index 70cbb7ff79..c06b670af7 100644 --- a/.github/workflows/test-integration-sqlalchemy.yml +++ b/.github/workflows/test-integration-sqlalchemy.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: sqlalchemy, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-starlette.yml b/.github/workflows/test-integration-starlette.yml index ad3e269075..cd3c29eef1 100644 --- a/.github/workflows/test-integration-starlette.yml +++ b/.github/workflows/test-integration-starlette.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: starlette, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-starlite.yml b/.github/workflows/test-integration-starlite.yml index 01715e1c66..dc9c98db58 100644 --- a/.github/workflows/test-integration-starlite.yml +++ b/.github/workflows/test-integration-starlite.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: starlite, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-strawberry.yml b/.github/workflows/test-integration-strawberry.yml index 16b42ec2a2..2460bfa35e 100644 --- a/.github/workflows/test-integration-strawberry.yml +++ b/.github/workflows/test-integration-strawberry.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: strawberry, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-tornado.yml b/.github/workflows/test-integration-tornado.yml index c9ccec4f38..4b4ca94dab 100644 --- a/.github/workflows/test-integration-tornado.yml +++ b/.github/workflows/test-integration-tornado.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: tornado, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/.github/workflows/test-integration-trytond.yml b/.github/workflows/test-integration-trytond.yml index 137cec7ef4..9b97004820 100644 --- a/.github/workflows/test-integration-trytond.yml +++ b/.github/workflows/test-integration-trytond.yml @@ -23,6 +23,7 @@ env: ${{ github.workspace }}/dist-serverless jobs: + test: name: trytond, python ${{ matrix.python-version }}, ${{ matrix.os }} runs-on: ${{ matrix.os }} diff --git a/scripts/split-tox-gh-actions/ci-yaml.txt b/scripts/split-tox-gh-actions/ci-yaml.txt index 90bd5c61ce..5d644f31b2 100644 --- a/scripts/split-tox-gh-actions/ci-yaml.txt +++ b/scripts/split-tox-gh-actions/ci-yaml.txt @@ -6,7 +6,7 @@ on: - master - release/** - pull_request: +{{ on_pull_request }} # Cancel in progress workflows on pull_requests. # https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-a-fallback-value @@ -24,6 +24,8 @@ env: ${{ github.workspace }}/dist-serverless jobs: +{{ authorize }} + {{ test }} {{ test_py27 }} diff --git a/scripts/split-tox-gh-actions/split-tox-gh-actions.py b/scripts/split-tox-gh-actions/split-tox-gh-actions.py index ea187475db..3923b5d341 100755 --- a/scripts/split-tox-gh-actions/split-tox-gh-actions.py +++ b/scripts/split-tox-gh-actions/split-tox-gh-actions.py @@ -29,6 +29,7 @@ TEMPLATE_FILE_SERVICES = TEMPLATE_DIR / "ci-yaml-services.txt" TEMPLATE_FILE_SETUP_DB = TEMPLATE_DIR / "ci-yaml-setup-db.txt" TEMPLATE_FILE_AWS_CREDENTIALS = TEMPLATE_DIR / "ci-yaml-aws-credentials.txt" +TEMPLATE_SNIPPET_AUTHORIZE = TEMPLATE_DIR / "ci-yaml-authorize-snippet.txt" TEMPLATE_SNIPPET_TEST = TEMPLATE_DIR / "ci-yaml-test-snippet.txt" TEMPLATE_SNIPPET_TEST_PY27 = TEMPLATE_DIR / "ci-yaml-test-py27-snippet.txt" @@ -45,6 +46,10 @@ "aws_lambda", ] +FRAMEWORKS_NEEDING_SECRETS = [ + "aws_lambda", +] + MATRIX_DEFINITION = """ strategy: fail-fast: false @@ -77,29 +82,51 @@ """ -def write_yaml_file( - template, - current_framework, - python_versions, -): +def write_yaml_file(template, current_framework, python_versions): """Write the YAML configuration file for one framework to disk.""" py_versions = [py.replace("py", "") for py in python_versions] py27_supported = "2.7" in py_versions + template = [line for line in template] + + on_pull_request_loc = template.index("{{ on_pull_request }}\n") + if current_framework in FRAMEWORKS_NEEDING_SECRETS: + on_pull_request = " pull_request_target:\n" + else: + on_pull_request = " pull_request:\n" + + template[on_pull_request_loc] = on_pull_request + + authorize_loc = template.index("{{ authorize }}\n") + if current_framework in FRAMEWORKS_NEEDING_SECRETS: + with open(TEMPLATE_SNIPPET_AUTHORIZE, "r") as f: + authorize_snippet = f.readlines() + template = ( + template[:authorize_loc] + + authorize_snippet + + template[authorize_loc + 1 :] + ) + else: + template.pop(authorize_loc) + test_loc = template.index("{{ test }}\n") - f = open(TEMPLATE_SNIPPET_TEST, "r") - test_snippet = f.readlines() - template = template[:test_loc] + test_snippet + template[test_loc + 1 :] - f.close() + with open(TEMPLATE_SNIPPET_TEST, "r") as f: + test_snippet = f.readlines() + if current_framework in FRAMEWORKS_NEEDING_SECRETS: + test_snippet.insert(1, " needs: authorize\n") + template = template[:test_loc] + test_snippet + template[test_loc + 1 :] test_py27_loc = template.index("{{ test_py27 }}\n") if py27_supported: - f = open(TEMPLATE_SNIPPET_TEST_PY27, "r") - test_py27_snippet = f.readlines() - template = ( - template[:test_py27_loc] + test_py27_snippet + template[test_py27_loc + 1 :] - ) - f.close() + with open(TEMPLATE_SNIPPET_TEST_PY27, "r") as f: + test_py27_snippet = f.readlines() + if current_framework in FRAMEWORKS_NEEDING_SECRETS: + test_py27_snippet.insert(1, " needs: authorize\n") + template = ( + template[:test_py27_loc] + + test_py27_snippet + + template[test_py27_loc + 1 :] + ) py_versions.remove("2.7") else: From 29ce84483e10fa0fe69365826b95f1bd6bdcc245 Mon Sep 17 00:00:00 2001 From: Ivana Kellyerova Date: Tue, 7 Nov 2023 15:56:53 +0100 Subject: [PATCH 2/4] add missing file --- .../split-tox-gh-actions/ci-yaml-authorize-snippet.txt | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 scripts/split-tox-gh-actions/ci-yaml-authorize-snippet.txt diff --git a/scripts/split-tox-gh-actions/ci-yaml-authorize-snippet.txt b/scripts/split-tox-gh-actions/ci-yaml-authorize-snippet.txt new file mode 100644 index 0000000000..c842b6775c --- /dev/null +++ b/scripts/split-tox-gh-actions/ci-yaml-authorize-snippet.txt @@ -0,0 +1,9 @@ + authorize: + name: Require approval + environment: + ${{ github.event_name == 'pull_request_target' && + github.event.pull_request.head.repo.full_name != github.repository && + 'external' || 'internal' }} + runs-on: ubuntu-latest + steps: + - run: true From 32666b940bcc877bde09305c5833119e078f2f5b Mon Sep 17 00:00:00 2001 From: Ivana Kellyerova Date: Tue, 7 Nov 2023 16:20:07 +0100 Subject: [PATCH 3/4] check out pr commit --- .../workflows/test-integration-aws_lambda.yml | 2 + .../ci-yaml-test-py27-snippet.txt | 1 + .../ci-yaml-test-snippet.txt | 1 + .../split-tox-gh-actions.py | 46 +++++++++++++------ 4 files changed, 35 insertions(+), 15 deletions(-) diff --git a/.github/workflows/test-integration-aws_lambda.yml b/.github/workflows/test-integration-aws_lambda.yml index c5aad9305e..ca2ae82999 100644 --- a/.github/workflows/test-integration-aws_lambda.yml +++ b/.github/workflows/test-integration-aws_lambda.yml @@ -53,6 +53,8 @@ jobs: steps: - uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.head.sha || github.ref }} - uses: actions/setup-python@v4 with: python-version: ${{ matrix.python-version }} diff --git a/scripts/split-tox-gh-actions/ci-yaml-test-py27-snippet.txt b/scripts/split-tox-gh-actions/ci-yaml-test-py27-snippet.txt index 94723c1658..25707bef14 100644 --- a/scripts/split-tox-gh-actions/ci-yaml-test-py27-snippet.txt +++ b/scripts/split-tox-gh-actions/ci-yaml-test-py27-snippet.txt @@ -7,6 +7,7 @@ steps: - uses: actions/checkout@v4 +{{ checkout_with }} - name: Setup Test Env run: | diff --git a/scripts/split-tox-gh-actions/ci-yaml-test-snippet.txt b/scripts/split-tox-gh-actions/ci-yaml-test-snippet.txt index c2d10596ea..f7c4e7225c 100644 --- a/scripts/split-tox-gh-actions/ci-yaml-test-snippet.txt +++ b/scripts/split-tox-gh-actions/ci-yaml-test-snippet.txt @@ -7,6 +7,7 @@ steps: - uses: actions/checkout@v4 +{{ checkout_with }} - uses: actions/setup-python@v4 with: python-version: ${{ matrix.python-version }} diff --git a/scripts/split-tox-gh-actions/split-tox-gh-actions.py b/scripts/split-tox-gh-actions/split-tox-gh-actions.py index 3923b5d341..3b3a38038f 100755 --- a/scripts/split-tox-gh-actions/split-tox-gh-actions.py +++ b/scripts/split-tox-gh-actions/split-tox-gh-actions.py @@ -81,6 +81,11 @@ echo "One of the dependent jobs has failed. You may need to re-run it." && exit 1 """ +CHECKOUT_WITH = """\ + with: + ref: ${{ github.event.pull_request.head.sha || github.ref }} +""" + def write_yaml_file(template, current_framework, python_versions): """Write the YAML configuration file for one framework to disk.""" @@ -101,32 +106,43 @@ def write_yaml_file(template, current_framework, python_versions): if current_framework in FRAMEWORKS_NEEDING_SECRETS: with open(TEMPLATE_SNIPPET_AUTHORIZE, "r") as f: authorize_snippet = f.readlines() - template = ( - template[:authorize_loc] - + authorize_snippet - + template[authorize_loc + 1 :] - ) + template = ( + template[:authorize_loc] + authorize_snippet + template[authorize_loc + 1 :] + ) else: template.pop(authorize_loc) test_loc = template.index("{{ test }}\n") with open(TEMPLATE_SNIPPET_TEST, "r") as f: test_snippet = f.readlines() - if current_framework in FRAMEWORKS_NEEDING_SECRETS: - test_snippet.insert(1, " needs: authorize\n") - template = template[:test_loc] + test_snippet + template[test_loc + 1 :] + + if current_framework in FRAMEWORKS_NEEDING_SECRETS: + test_snippet.insert(1, " needs: authorize\n") + + checkout_with_loc = test_snippet.index("{{ checkout_with }}\n") + if current_framework in FRAMEWORKS_NEEDING_SECRETS: + test_snippet[checkout_with_loc] = CHECKOUT_WITH + else: + test_snippet.pop(checkout_with_loc) + template = template[:test_loc] + test_snippet + template[test_loc + 1 :] test_py27_loc = template.index("{{ test_py27 }}\n") if py27_supported: with open(TEMPLATE_SNIPPET_TEST_PY27, "r") as f: test_py27_snippet = f.readlines() - if current_framework in FRAMEWORKS_NEEDING_SECRETS: - test_py27_snippet.insert(1, " needs: authorize\n") - template = ( - template[:test_py27_loc] - + test_py27_snippet - + template[test_py27_loc + 1 :] - ) + + if current_framework in FRAMEWORKS_NEEDING_SECRETS: + test_py27_snippet.insert(1, " needs: authorize\n") + + checkout_with_loc = test_py27_snippet.index("{{ checkout_with }}\n") + if current_framework in FRAMEWORKS_NEEDING_SECRETS: + test_py27_snippet[checkout_with_loc] = CHECKOUT_WITH + else: + test_py27_snippet.pop(checkout_with_loc) + + template = ( + template[:test_py27_loc] + test_py27_snippet + template[test_py27_loc + 1 :] + ) py_versions.remove("2.7") else: From efa2bf7efbdfb4e67b5e6454f59a935156235593 Mon Sep 17 00:00:00 2001 From: Ivana Kellyerova Date: Tue, 7 Nov 2023 16:23:45 +0100 Subject: [PATCH 4/4] rename --- .github/workflows/test-integration-aws_lambda.yml | 2 +- scripts/split-tox-gh-actions/ci-yaml-authorize-snippet.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-integration-aws_lambda.yml b/.github/workflows/test-integration-aws_lambda.yml index ca2ae82999..e6b3264b06 100644 --- a/.github/workflows/test-integration-aws_lambda.yml +++ b/.github/workflows/test-integration-aws_lambda.yml @@ -26,7 +26,7 @@ env: jobs: authorize: - name: Require approval + name: Determine environment environment: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && diff --git a/scripts/split-tox-gh-actions/ci-yaml-authorize-snippet.txt b/scripts/split-tox-gh-actions/ci-yaml-authorize-snippet.txt index c842b6775c..b53fae0b11 100644 --- a/scripts/split-tox-gh-actions/ci-yaml-authorize-snippet.txt +++ b/scripts/split-tox-gh-actions/ci-yaml-authorize-snippet.txt @@ -1,5 +1,5 @@ authorize: - name: Require approval + name: Determine environment environment: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository &&