Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sync .github/workflows directory with azure-sdk-tools for PR 7845 #22561

Merged
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
68 changes: 63 additions & 5 deletions .github/workflows/event-processor.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,26 +17,29 @@ on:
permissions: {}

jobs:
event-handler:
# This event requires the Azure CLI to get the LABEL_SERVICE_API_KEY from the vault.
# Because the azure/login step adds time costly pre/post Az CLI commands to any every job
# it's used in, split this into its own job so only the event that needs the Az CLI pays
# the cost.
event-handler-with-azure:
permissions:
issues: write
pull-requests: write
# For OIDC auth
id-token: write
contents: read
name: Handle ${{ github.event_name }} ${{ github.event.action }} event
name: Handle ${{ github.event_name }} ${{ github.event.action }} event with azure login
runs-on: ubuntu-latest
if: ${{ github.event_name == 'issues' && github.event.action == 'opened' }}
steps:
- name: 'Az CLI login'
if: ${{ github.event_name == 'issues' && github.event.action == 'opened' }}
uses: azure/login@v1.5.1
uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

- name: 'Run Azure CLI commands'
if: ${{ github.event_name == 'issues' && github.event.action == 'opened' }}
run: |
LABEL_SERVICE_API_KEY=$(az keyvault secret show \
--vault-name issue-labeler \
Expand Down Expand Up @@ -94,3 +97,58 @@ jobs:
# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
LABEL_SERVICE_API_KEY: ${{ env.LABEL_SERVICE_API_KEY }}

event-handler:
permissions:
issues: write
pull-requests: write
name: Handle ${{ github.event_name }} ${{ github.event.action }} event
runs-on: ubuntu-latest
if: ${{ github.event_name != 'issues' || github.event.action != 'opened' }}
steps:
# To run github-event-processor built from source, for testing purposes, uncomment everything
# in between the Start/End-Build From Source comments and comment everything in between the
# Start/End-Install comments
# Start-Install
- name: Install GitHub Event Processor
run: >
dotnet tool install
Azure.Sdk.Tools.GitHubEventProcessor
--version 1.0.0-dev.20240229.2
--add-source https://pkgs.dev.azure.com/azure-sdk/public/_packaging/azure-sdk-for-net/nuget/v3/index.json
--global
shell: bash
# End-Install

# Testing checkout of sources from the Azure/azure-sdk-tools repository
# The ref: is the SHA from the pull request in that repository or the
# refs/pull/<PRNumber>/merge for the latest on any given PR. If the repository
# is a fork eg. <User>/azure-sdk-tools then the repository down below will
# need to point to that fork
# Start-Build
# - name: Checkout tools repo for GitHub Event Processor sources
# uses: actions/checkout@v3
# with:
# repository: Azure/azure-sdk-tools
# path: azure-sdk-tools
# ref: <refs/pull/<PRNumber>/merge> or <sha>

# - name: Build and install GitHubEventProcessor from sources
# run: |
# dotnet pack
# dotnet tool install --global --prerelease --add-source ../../../artifacts/packages/Debug Azure.Sdk.Tools.GitHubEventProcessor
# shell: bash
# working-directory: azure-sdk-tools/tools/github-event-processor/Azure.Sdk.Tools.GitHubEventProcessor
# End-Build

- name: Process Action Event
run: |
cat > payload.json << 'EOF'
${{ toJson(github.event) }}
EOF
github-event-processor ${{ github.event_name }} payload.json
shell: bash
env:
# This is a temporary secret generated by github
# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}