From 168f10d7dbbcee98fe303f5d415870431f348ba7 Mon Sep 17 00:00:00 2001 From: James Suplizio Date: Fri, 8 Mar 2024 11:13:28 -0800 Subject: [PATCH] Create a separate job for events requiring Az CLI (#7845) * Create a separate job for events requiring Az CLI * Update .github/workflows/event-processor.yml Co-authored-by: Wes Haggard --------- Co-authored-by: Wes Haggard --- .github/workflows/event-processor.yml | 68 +++++++++++++++++++++++++-- 1 file changed, 63 insertions(+), 5 deletions(-) diff --git a/.github/workflows/event-processor.yml b/.github/workflows/event-processor.yml index 649b211e925..66442232c93 100644 --- a/.github/workflows/event-processor.yml +++ b/.github/workflows/event-processor.yml @@ -17,26 +17,29 @@ on: permissions: {} jobs: - event-handler: + # This event requires the Azure CLI to get the LABEL_SERVICE_API_KEY from the vault. + # Because the azure/login step adds time costly pre/post Az CLI commands to any every job + # it's used in, split this into its own job so only the event that needs the Az CLI pays + # the cost. + event-handler-with-azure: permissions: issues: write pull-requests: write # For OIDC auth id-token: write contents: read - name: Handle ${{ github.event_name }} ${{ github.event.action }} event + name: Handle ${{ github.event_name }} ${{ github.event.action }} event with azure login runs-on: ubuntu-latest + if: ${{ github.event_name == 'issues' && github.event.action == 'opened' }} steps: - name: 'Az CLI login' - if: ${{ github.event_name == 'issues' && github.event.action == 'opened' }} - uses: azure/login@v1.5.1 + uses: azure/login@v1 with: client-id: ${{ secrets.AZURE_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: 'Run Azure CLI commands' - if: ${{ github.event_name == 'issues' && github.event.action == 'opened' }} run: | LABEL_SERVICE_API_KEY=$(az keyvault secret show \ --vault-name issue-labeler \ @@ -94,3 +97,58 @@ jobs: # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} LABEL_SERVICE_API_KEY: ${{ env.LABEL_SERVICE_API_KEY }} + + event-handler: + permissions: + issues: write + pull-requests: write + name: Handle ${{ github.event_name }} ${{ github.event.action }} event + runs-on: ubuntu-latest + if: ${{ github.event_name != 'issues' || github.event.action != 'opened' }} + steps: + # To run github-event-processor built from source, for testing purposes, uncomment everything + # in between the Start/End-Build From Source comments and comment everything in between the + # Start/End-Install comments + # Start-Install + - name: Install GitHub Event Processor + run: > + dotnet tool install + Azure.Sdk.Tools.GitHubEventProcessor + --version 1.0.0-dev.20240229.2 + --add-source https://pkgs.dev.azure.com/azure-sdk/public/_packaging/azure-sdk-for-net/nuget/v3/index.json + --global + shell: bash + # End-Install + + # Testing checkout of sources from the Azure/azure-sdk-tools repository + # The ref: is the SHA from the pull request in that repository or the + # refs/pull//merge for the latest on any given PR. If the repository + # is a fork eg. /azure-sdk-tools then the repository down below will + # need to point to that fork + # Start-Build + # - name: Checkout tools repo for GitHub Event Processor sources + # uses: actions/checkout@v3 + # with: + # repository: Azure/azure-sdk-tools + # path: azure-sdk-tools + # ref: /merge> or + + # - name: Build and install GitHubEventProcessor from sources + # run: | + # dotnet pack + # dotnet tool install --global --prerelease --add-source ../../../artifacts/packages/Debug Azure.Sdk.Tools.GitHubEventProcessor + # shell: bash + # working-directory: azure-sdk-tools/tools/github-event-processor/Azure.Sdk.Tools.GitHubEventProcessor + # End-Build + + - name: Process Action Event + run: | + cat > payload.json << 'EOF' + ${{ toJson(github.event) }} + EOF + github-event-processor ${{ github.event_name }} payload.json + shell: bash + env: + # This is a temporary secret generated by github + # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}