Skip to content

Commit

Permalink
Pass secrets to approved workflow jobs (#258)
Browse files Browse the repository at this point in the history
  • Loading branch information
zimeg authored Dec 2, 2023
1 parent 9f58ecc commit 197d9be
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 1 deletion.
6 changes: 6 additions & 0 deletions .github/maintainers_guide.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,12 @@ When testing locally, ensure at least linting and unit tests pass by running `np
Additionally, sending a PR is highly recommended with every change as there are several GitHub
Actions jobs that execute what are effectively integration tests for this GitHub Action.

#### Checks on PRs

Actions that run the integration tests on PRs from a fork will require approval before running.
These checks use stored secrets so the changes should be reviewed before approving the workflow to
avoid accidently leaking tokens!

### Releasing

* Check the status of this project's GitHub Milestone to be released for issues that should be shipped with the release.
Expand Down
24 changes: 23 additions & 1 deletion .github/workflows/main.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
name: Tests
on:
pull_request:
pull_request_target:
types: [opened, synchronize]
push:
branches:
- main
Expand All @@ -13,10 +14,22 @@ jobs:
- run: npm ci && npm run build
- run: npm test

access_check:
runs-on: ubuntu-latest
steps:
- name: Check user permissions
if: ${{ github.event_name == 'pull_request' && github.event.pull_request.author_association != 'MEMBER' }}
run: |
echo "Action was not triggered by an organization member. Exiting now."
exit 1
integration_test_botToken:
runs-on: ubuntu-latest
needs: access_check
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- run: npm ci && npm run build
- name: Post message to Slack via botToken
id: slackToken
Expand Down Expand Up @@ -47,8 +60,11 @@ jobs:

integration_test_webhook:
runs-on: ubuntu-latest
needs: access_check
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- run: npm ci && npm run build
- run: echo "${{ github.event_name }}"
- name: push trigger
Expand Down Expand Up @@ -80,8 +96,11 @@ jobs:

integration_test_incoming_webhook:
runs-on: ubuntu-latest
needs: access_check
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- run: npm ci && npm run build
- run: echo "${{ github.event_name }}"
- name: Post message to Slack via incoming webhook
Expand All @@ -100,8 +119,11 @@ jobs:

integration_test_file_payload:
runs-on: ubuntu-latest
needs: access_check
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- run: npm ci && npm run build
- name: Dump out GitHub Context
run: echo $JSON
Expand Down

0 comments on commit 197d9be

Please sign in to comment.