Sync .github/workflows directory with azure-sdk-tools for PR 7845 (#5430)

* Create a separate job for events requiring Az CLI * Update .github/workflows/event-processor.yml Co-authored-by: Wes Haggard <weshaggard@users.noreply.github.com> --------- Co-authored-by: James Suplizio <jasupliz@microsoft.com> Co-authored-by: Wes Haggard <weshaggard@users.noreply.github.com>
2024-03-08 14:09:10 -05:00 · 2024-03-08 14:09:10 -05:00 · e490daaa50
commit e490daaa50
parent 95e85b6025
1 changed files with 63 additions and 5 deletions
--- a/.github/workflows/event-processor.yml
+++ b/.github/workflows/event-processor.yml
@ -17,26 +17,29 @@ on:
 permissions: {}

 jobs:
-  event-handler:
+  # This event requires the Azure CLI to get the LABEL_SERVICE_API_KEY from the vault.
+  # Because the azure/login step adds time costly pre/post Az CLI commands to any every job
+  # it's used in, split this into its own job so only the event that needs the Az CLI pays
+  # the cost.
+  event-handler-with-azure:
    permissions:
      issues: write
      pull-requests: write
      # For OIDC auth
      id-token: write
      contents: read
-    name: Handle ${{ github.event_name }} ${{ github.event.action }} event
+    name: Handle ${{ github.event_name }} ${{ github.event.action }} event with azure login
    runs-on: ubuntu-latest
+    if: ${{ github.event_name == 'issues' && github.event.action == 'opened' }}
    steps:
      - name: 'Az CLI login'
-        if: ${{ github.event_name == 'issues' && github.event.action == 'opened' }}
-        uses: azure/login@v1.5.1
+        uses: azure/login@v1
        with:
            client-id: ${{ secrets.AZURE_CLIENT_ID }}
            tenant-id: ${{ secrets.AZURE_TENANT_ID }}
            subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

      - name: 'Run Azure CLI commands'
-        if: ${{ github.event_name == 'issues' && github.event.action == 'opened' }}
        run: |
          LABEL_SERVICE_API_KEY=$(az keyvault secret show \
            --vault-name issue-labeler \
@ -94,3 +97,58 @@ jobs:
          # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          LABEL_SERVICE_API_KEY: ${{ env.LABEL_SERVICE_API_KEY }}
+
+  event-handler:
+    permissions:
+      issues: write
+      pull-requests: write
+    name: Handle ${{ github.event_name }} ${{ github.event.action }} event
+    runs-on: ubuntu-latest
+    if: ${{ github.event_name != 'issues' || github.event.action != 'opened' }}
+    steps:
+      # To run github-event-processor built from source, for testing purposes, uncomment everything
+      # in between the Start/End-Build From Source comments and comment everything in between the
+      # Start/End-Install comments
+      # Start-Install
+      - name: Install GitHub Event Processor
+        run: >
+          dotnet tool install
+          Azure.Sdk.Tools.GitHubEventProcessor
+          --version 1.0.0-dev.20240229.2
+          --add-source https://pkgs.dev.azure.com/azure-sdk/public/_packaging/azure-sdk-for-net/nuget/v3/index.json
+          --global
+        shell: bash
+      # End-Install
+
+      # Testing checkout of sources from the Azure/azure-sdk-tools repository
+      # The ref: is the SHA from the pull request in that repository or the
+      # refs/pull/<PRNumber>/merge for the latest on any given PR. If the repository
+      # is a fork eg. <User>/azure-sdk-tools then the repository down below will
+      # need to point to that fork
+      # Start-Build
+      # - name: Checkout tools repo for GitHub Event Processor sources
+      #   uses: actions/checkout@v3
+      #   with:
+      #     repository: Azure/azure-sdk-tools
+      #     path: azure-sdk-tools
+      #     ref: <refs/pull/<PRNumber>/merge> or <sha>
+
+      # - name: Build and install GitHubEventProcessor from sources
+      #   run: |
+      #     dotnet pack
+      #     dotnet tool install --global --prerelease --add-source ../../../artifacts/packages/Debug Azure.Sdk.Tools.GitHubEventProcessor
+      #   shell: bash
+      #   working-directory: azure-sdk-tools/tools/github-event-processor/Azure.Sdk.Tools.GitHubEventProcessor
+      # End-Build
+
+      - name: Process Action Event
+        run: |
+          cat > payload.json << 'EOF'
+          ${{ toJson(github.event) }}
+          EOF
+          github-event-processor ${{ github.event_name }} payload.json
+        shell: bash
+        env:
+          # This is a temporary secret generated by github
+          # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}