e490daaa50
* Create a separate job for events requiring Az CLI * Update .github/workflows/event-processor.yml Co-authored-by: Wes Haggard <weshaggard@users.noreply.github.com> --------- Co-authored-by: James Suplizio <jasupliz@microsoft.com> Co-authored-by: Wes Haggard <weshaggard@users.noreply.github.com>
155 lines
6.5 KiB
YAML
155 lines
6.5 KiB
YAML
name: GitHub Event Processor
|
|
|
|
on:
|
|
issues:
|
|
types: [edited, labeled, opened, reopened, unlabeled]
|
|
# issue_comment is used for both issues and pull_requests
|
|
# github.event.issue.pull_request will be non-null on pull request comments
|
|
issue_comment:
|
|
types: [created]
|
|
# synchronize is the pull_request_target event when changes are pushed
|
|
# pull request merged is the closed event with github.event.pull_request.merged = true
|
|
pull_request_target:
|
|
types: [closed, labeled, opened, reopened, review_requested, synchronize, unlabeled]
|
|
|
|
# This removes all unnecessary permissions, the ones needed will be set below.
|
|
# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
|
|
permissions: {}
|
|
|
|
jobs:
|
|
# This event requires the Azure CLI to get the LABEL_SERVICE_API_KEY from the vault.
|
|
# Because the azure/login step adds time costly pre/post Az CLI commands to any every job
|
|
# it's used in, split this into its own job so only the event that needs the Az CLI pays
|
|
# the cost.
|
|
event-handler-with-azure:
|
|
permissions:
|
|
issues: write
|
|
pull-requests: write
|
|
# For OIDC auth
|
|
id-token: write
|
|
contents: read
|
|
name: Handle ${{ github.event_name }} ${{ github.event.action }} event with azure login
|
|
runs-on: ubuntu-latest
|
|
if: ${{ github.event_name == 'issues' && github.event.action == 'opened' }}
|
|
steps:
|
|
- name: 'Az CLI login'
|
|
uses: azure/login@v1
|
|
with:
|
|
client-id: ${{ secrets.AZURE_CLIENT_ID }}
|
|
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
|
|
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
|
|
|
- name: 'Run Azure CLI commands'
|
|
run: |
|
|
LABEL_SERVICE_API_KEY=$(az keyvault secret show \
|
|
--vault-name issue-labeler \
|
|
-n issue-labeler-func-key \
|
|
-o tsv \
|
|
--query value)
|
|
|
|
echo "::add-mask::$LABEL_SERVICE_API_KEY"
|
|
echo "LABEL_SERVICE_API_KEY=$LABEL_SERVICE_API_KEY" >> $GITHUB_ENV
|
|
|
|
# To run github-event-processor built from source, for testing purposes, uncomment everything
|
|
# in between the Start/End-Build From Source comments and comment everything in between the
|
|
# Start/End-Install comments
|
|
# Start-Install
|
|
- name: Install GitHub Event Processor
|
|
run: >
|
|
dotnet tool install
|
|
Azure.Sdk.Tools.GitHubEventProcessor
|
|
--version 1.0.0-dev.20240229.2
|
|
--add-source https://pkgs.dev.azure.com/azure-sdk/public/_packaging/azure-sdk-for-net/nuget/v3/index.json
|
|
--global
|
|
shell: bash
|
|
# End-Install
|
|
|
|
# Testing checkout of sources from the Azure/azure-sdk-tools repository
|
|
# The ref: is the SHA from the pull request in that repository or the
|
|
# refs/pull/<PRNumber>/merge for the latest on any given PR. If the repository
|
|
# is a fork eg. <User>/azure-sdk-tools then the repository down below will
|
|
# need to point to that fork
|
|
# Start-Build
|
|
# - name: Checkout tools repo for GitHub Event Processor sources
|
|
# uses: actions/checkout@v3
|
|
# with:
|
|
# repository: Azure/azure-sdk-tools
|
|
# path: azure-sdk-tools
|
|
# ref: <refs/pull/<PRNumber>/merge> or <sha>
|
|
|
|
# - name: Build and install GitHubEventProcessor from sources
|
|
# run: |
|
|
# dotnet pack
|
|
# dotnet tool install --global --prerelease --add-source ../../../artifacts/packages/Debug Azure.Sdk.Tools.GitHubEventProcessor
|
|
# shell: bash
|
|
# working-directory: azure-sdk-tools/tools/github-event-processor/Azure.Sdk.Tools.GitHubEventProcessor
|
|
# End-Build
|
|
|
|
- name: Process Action Event
|
|
run: |
|
|
cat > payload.json << 'EOF'
|
|
${{ toJson(github.event) }}
|
|
EOF
|
|
github-event-processor ${{ github.event_name }} payload.json
|
|
shell: bash
|
|
env:
|
|
# This is a temporary secret generated by github
|
|
# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
LABEL_SERVICE_API_KEY: ${{ env.LABEL_SERVICE_API_KEY }}
|
|
|
|
event-handler:
|
|
permissions:
|
|
issues: write
|
|
pull-requests: write
|
|
name: Handle ${{ github.event_name }} ${{ github.event.action }} event
|
|
runs-on: ubuntu-latest
|
|
if: ${{ github.event_name != 'issues' || github.event.action != 'opened' }}
|
|
steps:
|
|
# To run github-event-processor built from source, for testing purposes, uncomment everything
|
|
# in between the Start/End-Build From Source comments and comment everything in between the
|
|
# Start/End-Install comments
|
|
# Start-Install
|
|
- name: Install GitHub Event Processor
|
|
run: >
|
|
dotnet tool install
|
|
Azure.Sdk.Tools.GitHubEventProcessor
|
|
--version 1.0.0-dev.20240229.2
|
|
--add-source https://pkgs.dev.azure.com/azure-sdk/public/_packaging/azure-sdk-for-net/nuget/v3/index.json
|
|
--global
|
|
shell: bash
|
|
# End-Install
|
|
|
|
# Testing checkout of sources from the Azure/azure-sdk-tools repository
|
|
# The ref: is the SHA from the pull request in that repository or the
|
|
# refs/pull/<PRNumber>/merge for the latest on any given PR. If the repository
|
|
# is a fork eg. <User>/azure-sdk-tools then the repository down below will
|
|
# need to point to that fork
|
|
# Start-Build
|
|
# - name: Checkout tools repo for GitHub Event Processor sources
|
|
# uses: actions/checkout@v3
|
|
# with:
|
|
# repository: Azure/azure-sdk-tools
|
|
# path: azure-sdk-tools
|
|
# ref: <refs/pull/<PRNumber>/merge> or <sha>
|
|
|
|
# - name: Build and install GitHubEventProcessor from sources
|
|
# run: |
|
|
# dotnet pack
|
|
# dotnet tool install --global --prerelease --add-source ../../../artifacts/packages/Debug Azure.Sdk.Tools.GitHubEventProcessor
|
|
# shell: bash
|
|
# working-directory: azure-sdk-tools/tools/github-event-processor/Azure.Sdk.Tools.GitHubEventProcessor
|
|
# End-Build
|
|
|
|
- name: Process Action Event
|
|
run: |
|
|
cat > payload.json << 'EOF'
|
|
${{ toJson(github.event) }}
|
|
EOF
|
|
github-event-processor ${{ github.event_name }} payload.json
|
|
shell: bash
|
|
env:
|
|
# This is a temporary secret generated by github
|
|
# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|