[GitHub] [beam] damccorm commented on a diff in pull request #27321: updated go precommit with new condition, re-run action, pull_req_targ…

Mon, 03 Jul 2023 08:17:43 -0700 


damccorm commented on code in PR #27321:
URL: https://github.com/apache/beam/pull/27321#discussion_r1251026041


##########
.github/workflows/beam_PreCommit_Go.yml:
##########
@@ -1,37 +1,69 @@
-name: beam_PreCommit_Go
+name: Go Precommit
 
 on:
   push:
     tags: ['v*']
     branches: ['master', 'release-*']
-  pull_request:
-    branches: ['master']
+  pull_request_target:
+    branches: ['master', 'release-*' ]
     paths: ['model/**', 'sdks/go.**', 'release/**']
   issue_comment:
     types: [created]
   schedule:
     - cron: '* */6 * * *'
+#Setting explicit permissions for the action to avoid the default permissions 
which are `write-all` in case of pull_request_target event
+permissions:
+  actions: write
+  pull-requests: read
+  checks: read
+  contents: read
+  deployments: read
+  id-token: read
+  issues: read
+  discussions: read
+  packages: read
+  pages: read
+  repository-projects: read
+  security-events: read
+  statuses: read
+
 
 jobs:
   beam_PreCommit_Go:
-        if: ${{github.event.issue.pull_request}} || 
${{github.event.comment.body == 'Run Go PreCommit'}} || 
${{github.event.schedule}}
-        runs-on: [self-hosted, ubuntu-20.04]
-        name: beam_PreCommit_Go
-        steps:       
-          - name: Git checkout
-            uses: actions/checkout@v3
-          - name: Install Java
-            uses: actions/setup-java@v3.8.0
-            with:
-              distribution: 'zulu'
-              java-version: '8'
-          - name: Install Go
-            uses: actions/setup-go@v4
-            with:
-              go-version: '1.20'
-          - name: Setup Gradle
-            uses: gradle/gradle-build-action@v2
-            with:
-              cache-read-only: false
-          - name: run goPreCommit script
-            run: ./gradlew :goPreCommit
\ No newline at end of file
+    if: |
+      github.event_name == 'push' ||
+      github.event_name == 'pull_request_target' ||
+      github.event_name == 'schedule' ||
+      github.event.comment.body == 'Run Go PreCommit'
+    runs-on: [self-hosted, ubuntu-20.04]
+    name: beam_PreCommit_Go
+    steps:       
+      - uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+      - name: Install GH CLI
+        uses: dev-hanz-ops/install-gh-cli-action@v0.1.0

Review Comment:
   A script might be simpler vs asking infra to approve the action.
   
   I do still think it makes sense to include this as part of 
`rerun-job-action` instead of this workflow since each workflow that uses 
`rerun-job-action` will need this though. That is my main concern



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscr...@beam.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to