damccorm commented on code in PR #27321:
URL: https://github.com/apache/beam/pull/27321#discussion_r1248277606
##########
.github/workflows/beam_PreCommit_Go.yml:
##########
@@ -1,37 +1,69 @@
-name: beam_PreCommit_Go
+name: Go Precommit
on:
push:
tags: ['v*']
branches: ['master', 'release-*']
- pull_request:
- branches: ['master']
+ pull_request_target:
+ branches: ['master', 'release-*' ]
paths: ['model/**', 'sdks/go.**', 'release/**']
issue_comment:
types: [created]
schedule:
- cron: '* */6 * * *'
+#Setting explicit permissions for the action to avoid the default permissions
which are `write-all` in case of pull_request_target event
+permissions:
+ actions: write
+ pull-requests: read
+ checks: read
+ contents: read
+ deployments: read
+ id-token: read
+ issues: read
+ discussions: read
+ packages: read
+ pages: read
+ repository-projects: read
+ security-events: read
+ statuses: read
+
jobs:
beam_PreCommit_Go:
- if: ${{github.event.issue.pull_request}} ||
${{github.event.comment.body == 'Run Go PreCommit'}} ||
${{github.event.schedule}}
- runs-on: [self-hosted, ubuntu-20.04]
- name: beam_PreCommit_Go
- steps:
- - name: Git checkout
- uses: actions/checkout@v3
- - name: Install Java
- uses: actions/[email protected]
- with:
- distribution: 'zulu'
- java-version: '8'
- - name: Install Go
- uses: actions/setup-go@v4
- with:
- go-version: '1.20'
- - name: Setup Gradle
- uses: gradle/gradle-build-action@v2
- with:
- cache-read-only: false
- - name: run goPreCommit script
- run: ./gradlew :goPreCommit
\ No newline at end of file
+ if: |
+ github.event_name == 'push' ||
+ github.event_name == 'pull_request_target' ||
+ github.event_name == 'schedule' ||
+ github.event.comment.body == 'Run Go PreCommit'
+ runs-on: [self-hosted, ubuntu-20.04]
+ name: beam_PreCommit_Go
+ steps:
+ - uses: actions/checkout@v3
+ with:
+ ref: ${{ github.event.pull_request.head.sha }}
+ - name: Install GH CLI
+ uses: dev-hanz-ops/[email protected]
Review Comment:
Do we need this for the rerun-job-action? If so, should it just be part of
the action itself instead of each workflow doing it? Or, maybe it should just
be part of the image? I'd lean towards that since its going to be common to
pretty much every workflow.
Also, we'll need infra approval to use this action unfortunately if we
decide to use it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
