-
Notifications
You must be signed in to change notification settings - Fork 183
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Create a separate job for events requiring Az CLI (#7845)
* Create a separate job for events requiring Az CLI * Update .github/workflows/event-processor.yml Co-authored-by: Wes Haggard <[email protected]> --------- Co-authored-by: Wes Haggard <[email protected]>
- Loading branch information
1 parent
670ab81
commit 168f10d
Showing
1 changed file
with
63 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -17,26 +17,29 @@ on: | |
| permissions: {} | ||
|
|
||
| jobs: | ||
| event-handler: | ||
| # This event requires the Azure CLI to get the LABEL_SERVICE_API_KEY from the vault. | ||
| # Because the azure/login step adds time costly pre/post Az CLI commands to any every job | ||
| # it's used in, split this into its own job so only the event that needs the Az CLI pays | ||
| # the cost. | ||
| event-handler-with-azure: | ||
| permissions: | ||
| issues: write | ||
| pull-requests: write | ||
| # For OIDC auth | ||
| id-token: write | ||
| contents: read | ||
| name: Handle ${{ github.event_name }} ${{ github.event.action }} event | ||
| name: Handle ${{ github.event_name }} ${{ github.event.action }} event with azure login | ||
| runs-on: ubuntu-latest | ||
| if: ${{ github.event_name == 'issues' && github.event.action == 'opened' }} | ||
| steps: | ||
| - name: 'Az CLI login' | ||
| if: ${{ github.event_name == 'issues' && github.event.action == 'opened' }} | ||
| uses: azure/[email protected] | ||
| uses: azure/login@v1 | ||
| with: | ||
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | ||
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | ||
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | ||
|
|
||
| - name: 'Run Azure CLI commands' | ||
| if: ${{ github.event_name == 'issues' && github.event.action == 'opened' }} | ||
| run: | | ||
| LABEL_SERVICE_API_KEY=$(az keyvault secret show \ | ||
| --vault-name issue-labeler \ | ||
|
|
@@ -94,3 +97,58 @@ jobs: | |
| # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| LABEL_SERVICE_API_KEY: ${{ env.LABEL_SERVICE_API_KEY }} | ||
|
|
||
| event-handler: | ||
| permissions: | ||
| issues: write | ||
| pull-requests: write | ||
| name: Handle ${{ github.event_name }} ${{ github.event.action }} event | ||
| runs-on: ubuntu-latest | ||
| if: ${{ github.event_name != 'issues' || github.event.action != 'opened' }} | ||
| steps: | ||
| # To run github-event-processor built from source, for testing purposes, uncomment everything | ||
| # in between the Start/End-Build From Source comments and comment everything in between the | ||
| # Start/End-Install comments | ||
| # Start-Install | ||
| - name: Install GitHub Event Processor | ||
| run: > | ||
| dotnet tool install | ||
| Azure.Sdk.Tools.GitHubEventProcessor | ||
| --version 1.0.0-dev.20240229.2 | ||
| --add-source https://pkgs.dev.azure.com/azure-sdk/public/_packaging/azure-sdk-for-net/nuget/v3/index.json | ||
| --global | ||
| shell: bash | ||
| # End-Install | ||
|
|
||
| # Testing checkout of sources from the Azure/azure-sdk-tools repository | ||
| # The ref: is the SHA from the pull request in that repository or the | ||
| # refs/pull/<PRNumber>/merge for the latest on any given PR. If the repository | ||
| # is a fork eg. <User>/azure-sdk-tools then the repository down below will | ||
| # need to point to that fork | ||
| # Start-Build | ||
| # - name: Checkout tools repo for GitHub Event Processor sources | ||
| # uses: actions/checkout@v3 | ||
| # with: | ||
| # repository: Azure/azure-sdk-tools | ||
| # path: azure-sdk-tools | ||
| # ref: <refs/pull/<PRNumber>/merge> or <sha> | ||
|
|
||
| # - name: Build and install GitHubEventProcessor from sources | ||
| # run: | | ||
| # dotnet pack | ||
| # dotnet tool install --global --prerelease --add-source ../../../artifacts/packages/Debug Azure.Sdk.Tools.GitHubEventProcessor | ||
| # shell: bash | ||
| # working-directory: azure-sdk-tools/tools/github-event-processor/Azure.Sdk.Tools.GitHubEventProcessor | ||
| # End-Build | ||
|
|
||
| - name: Process Action Event | ||
| run: | | ||
| cat > payload.json << 'EOF' | ||
| ${{ toJson(github.event) }} | ||
| EOF | ||
| github-event-processor ${{ github.event_name }} payload.json | ||
| shell: bash | ||
| env: | ||
| # This is a temporary secret generated by github | ||
| # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||