Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improved projects workflow #37833

Closed
wants to merge 8 commits into from
Closed

Improved projects workflow #37833

wants to merge 8 commits into from

Conversation

justinretzolk
Copy link
Member

Description

This PR improves our workflow for projects by:

  • Combining the relevant parts of issues.yml and pull_request_target.yml, reducing duplicated config
  • Specifying a top-level permissions key that completely limits the permissions of the automatically generated GitHub auth token
  • Using intermediary environment variables for any values that come from the issue/pull request to improve security and readability

Relations

Relates hashicorp/terraform-provider-awscc#1777

Output from Acceptance Testing

N/a, workflow

@github-actions GitHub Actions
Copy link

github-actions bot commented Jun 4, 2024

Community Note

Voting for Prioritization

  • Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions github-actions bot added size/L Managed by automation to categorize the size of a PR. repository Repository modifications; GitHub Actions, developer docs, issue templates, codeowners, changelog. github_actions Pull requests that update Github_actions code labels Jun 4, 2024
@terraform-aws-provider terraform-aws-provider bot added the prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. label Jun 4, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Jun 6, 2024

Thank you for your contribution! 🚀

A new usage of AWS SDK for Go V1 was detected. Please prefer AWS SDK for Go V2 for all net-new services. If this is an enhancement or bug fix to an existing AWS SDK Go V1 based resource, this comment can be safely ignored.

For additional information refer to the AWS SDK for Go Versions page in the contributor guide.

justinretzolk
justinretzolk commented Jun 6, 2024
View reviewed changes
.github/workflows/projects.yml
Comment on lines +16 to +17
env:
ISSUE_URL: ${{ github.event.issue.html_url || github.event.pull_request.html_url }}
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The idea behind separating the ISSUE_URL environment variable is that if we were to add additional jobs (for automating future projects), this URL would be common across them, while the environment variables defined at the job level are job-specific.

justinretzolk
justinretzolk commented Jun 6, 2024
View reviewed changes
.github/workflows/projects.yml
Comment on lines +49 to +56
- name: Check if Author is Maintainer
id: author
if: github.event.action == 'opened'
env:
MAINTAINERS: ${{ secrets.MAINTAINERS }}
AUTHOR_LOGIN: ${{ github.event.pull_request.user.login }}
run: |
echo "is_maintainer=$(echo $MAINTAINERS | base64 --decode | jq --arg u $AUTHOR_LOGIN '. | contains([$u])')" >> "$GITHUB_OUTPUT"
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doing "community check" with this bash one-liner is the same amount of lines as using the reusable workflow (if you don't count the env block that could technically be eliminated, to the detriment of readability, in my opinion).

@justinretzolk
Copy link
Member Author

Closing this after further research and consideration as to how I think we'll organize workflows going forward.

@justinretzolk justinretzolk deleted the improved-projects-workflow branch June 14, 2024 16:15
@github-actions GitHub Actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jul 15, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
github_actions Pull requests that update Github_actions code prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. repository Repository modifications; GitHub Actions, developer docs, issue templates, codeowners, changelog. size/L Managed by automation to categorize the size of a PR.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@justinretzolk