[pull] main from Azure:main #7068
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: GitHub Event Processor | |
on: | |
issues: | |
types: [edited, labeled, opened, reopened, unlabeled] | |
# issue_comment is used for both issues and pull_requests | |
# github.event.issue.pull_request will be non-null on pull request comments | |
issue_comment: | |
types: [created] | |
# synchronize is the pull_request_target event when changes are pushed | |
# pull request merged is the closed event with github.event.pull_request.merged = true | |
pull_request_target: | |
types: [closed, labeled, opened, reopened, review_requested, synchronize, unlabeled] | |
# This removes all unnecessary permissions, the ones needed will be set below. | |
# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token | |
permissions: {} | |
jobs: | |
# This event requires the Azure CLI to get the LABEL_SERVICE_API_KEY from the vault. | |
# Because the azure/login step adds time costly pre/post Az CLI commands to any every job | |
# it's used in, split this into its own job so only the event that needs the Az CLI pays | |
# the cost. | |
event-handler-with-azure: | |
permissions: | |
issues: write | |
pull-requests: write | |
# For OIDC auth | |
id-token: write | |
contents: read | |
name: Handle ${{ github.event_name }} ${{ github.event.action }} event with azure login | |
runs-on: ubuntu-latest | |
if: ${{ github.event_name == 'issues' && github.event.action == 'opened' }} | |
steps: | |
- name: 'Az CLI login' | |
uses: azure/login@v2 | |
with: | |
client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
- name: 'Run Azure CLI commands' | |
run: | | |
LABEL_SERVICE_API_KEY=$(az keyvault secret show \ | |
--vault-name issue-labeler \ | |
-n issue-labeler-func-key \ | |
-o tsv \ | |
--query value) | |
echo "::add-mask::$LABEL_SERVICE_API_KEY" | |
echo "LABEL_SERVICE_API_KEY=$LABEL_SERVICE_API_KEY" >> $GITHUB_ENV | |
# To run github-event-processor built from source, for testing purposes, uncomment everything | |
# in between the Start/End-Build From Source comments and comment everything in between the | |
# Start/End-Install comments | |
# Start-Install | |
- name: Install GitHub Event Processor | |
run: > | |
dotnet tool install | |
Azure.Sdk.Tools.GitHubEventProcessor | |
--version 1.0.0-dev.20241206.2 | |
--add-source https://pkgs.dev.azure.com/azure-sdk/public/_packaging/azure-sdk-for-net/nuget/v3/index.json | |
--global | |
shell: bash | |
# End-Install | |
# Testing checkout of sources from the Azure/azure-sdk-tools repository | |
# The ref: is the SHA from the pull request in that repository or the | |
# refs/pull/<PRNumber>/merge for the latest on any given PR. If the repository | |
# is a fork eg. <User>/azure-sdk-tools then the repository down below will | |
# need to point to that fork | |
# Start-Build | |
# - name: Checkout tools repo for GitHub Event Processor sources | |
# uses: actions/checkout@v3 | |
# with: | |
# repository: Azure/azure-sdk-tools | |
# path: azure-sdk-tools | |
# ref: <refs/pull/<PRNumber>/merge> or <sha> | |
# - name: Build and install GitHubEventProcessor from sources | |
# run: | | |
# dotnet pack | |
# dotnet tool install --global --prerelease --add-source ../../../artifacts/packages/Debug Azure.Sdk.Tools.GitHubEventProcessor | |
# shell: bash | |
# working-directory: azure-sdk-tools/tools/github-event-processor/Azure.Sdk.Tools.GitHubEventProcessor | |
# End-Build | |
- name: Process Action Event | |
run: | | |
github-event-processor ${{ github.event_name }} ${{ github.event_path }} | |
shell: bash | |
env: | |
# This is a temporary secret generated by github | |
# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
LABEL_SERVICE_API_KEY: ${{ env.LABEL_SERVICE_API_KEY }} | |
- name: Archive github event data | |
uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: event | |
path: ${{ github.event_path }} | |
event-handler: | |
permissions: | |
issues: write | |
pull-requests: write | |
name: Handle ${{ github.event_name }} ${{ github.event.action }} event | |
runs-on: ubuntu-latest | |
if: ${{ github.event_name != 'issues' || github.event.action != 'opened' }} | |
steps: | |
# To run github-event-processor built from source, for testing purposes, uncomment everything | |
# in between the Start/End-Build From Source comments and comment everything in between the | |
# Start/End-Install comments | |
# Start-Install | |
- name: Install GitHub Event Processor | |
run: > | |
dotnet tool install | |
Azure.Sdk.Tools.GitHubEventProcessor | |
--version 1.0.0-dev.20241206.2 | |
--add-source https://pkgs.dev.azure.com/azure-sdk/public/_packaging/azure-sdk-for-net/nuget/v3/index.json | |
--global | |
shell: bash | |
# End-Install | |
# Testing checkout of sources from the Azure/azure-sdk-tools repository | |
# The ref: is the SHA from the pull request in that repository or the | |
# refs/pull/<PRNumber>/merge for the latest on any given PR. If the repository | |
# is a fork eg. <User>/azure-sdk-tools then the repository down below will | |
# need to point to that fork | |
# Start-Build | |
# - name: Checkout tools repo for GitHub Event Processor sources | |
# uses: actions/checkout@v3 | |
# with: | |
# repository: Azure/azure-sdk-tools | |
# path: azure-sdk-tools | |
# ref: <refs/pull/<PRNumber>/merge> or <sha> | |
# - name: Build and install GitHubEventProcessor from sources | |
# run: | | |
# dotnet pack | |
# dotnet tool install --global --prerelease --add-source ../../../artifacts/packages/Debug Azure.Sdk.Tools.GitHubEventProcessor | |
# shell: bash | |
# working-directory: azure-sdk-tools/tools/github-event-processor/Azure.Sdk.Tools.GitHubEventProcessor | |
# End-Build | |
- name: Process Action Event | |
run: | | |
github-event-processor ${{ github.event_name }} ${{ github.event_path }} | |
shell: bash | |
env: | |
# This is a temporary secret generated by github | |
# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Archive github event data | |
uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: event | |
path: ${{ github.event_path }} |