|
17 | 17 | permissions: {}
|
18 | 18 |
|
19 | 19 | jobs:
|
20 |
| - event-handler: |
| 20 | + # This event requires the Azure CLI to get the LABEL_SERVICE_API_KEY from the vault. |
| 21 | + # Because the azure/login step adds time costly pre/post Az CLI commands to any every job |
| 22 | + # it's used in, split this into its own job so only the event that needs the Az CLI pays |
| 23 | + # the cost. |
| 24 | + event-handler-with-azure: |
21 | 25 | permissions:
|
22 | 26 | issues: write
|
23 | 27 | pull-requests: write
|
24 | 28 | # For OIDC auth
|
25 | 29 | id-token: write
|
26 | 30 | contents: read
|
27 |
| - name: Handle ${{ github.event_name }} ${{ github.event.action }} event |
| 31 | + name: Handle ${{ github.event_name }} ${{ github.event.action }} event with azure login |
28 | 32 | runs-on: ubuntu-latest
|
| 33 | + if: ${{ github.event_name == 'issues' && github.event.action == 'opened' }} |
29 | 34 | steps:
|
30 | 35 | - name: 'Az CLI login'
|
31 |
| - if: ${{ github.event_name == 'issues' && github.event.action == 'opened' }} |
32 |
| - |
| 36 | + uses: azure/login@v1 |
33 | 37 | with:
|
34 | 38 | client-id: ${{ secrets.AZURE_CLIENT_ID }}
|
35 | 39 | tenant-id: ${{ secrets.AZURE_TENANT_ID }}
|
36 | 40 | subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
|
37 | 41 |
|
38 | 42 | - name: 'Run Azure CLI commands'
|
39 |
| - if: ${{ github.event_name == 'issues' && github.event.action == 'opened' }} |
40 | 43 | run: |
|
41 | 44 | LABEL_SERVICE_API_KEY=$(az keyvault secret show \
|
42 | 45 | --vault-name issue-labeler \
|
|
94 | 97 | # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret
|
95 | 98 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
96 | 99 | LABEL_SERVICE_API_KEY: ${{ env.LABEL_SERVICE_API_KEY }}
|
| 100 | + |
| 101 | + event-handler: |
| 102 | + permissions: |
| 103 | + issues: write |
| 104 | + pull-requests: write |
| 105 | + name: Handle ${{ github.event_name }} ${{ github.event.action }} event |
| 106 | + runs-on: ubuntu-latest |
| 107 | + if: ${{ github.event_name != 'issues' || github.event.action != 'opened' }} |
| 108 | + steps: |
| 109 | + # To run github-event-processor built from source, for testing purposes, uncomment everything |
| 110 | + # in between the Start/End-Build From Source comments and comment everything in between the |
| 111 | + # Start/End-Install comments |
| 112 | + # Start-Install |
| 113 | + - name: Install GitHub Event Processor |
| 114 | + run: > |
| 115 | + dotnet tool install |
| 116 | + Azure.Sdk.Tools.GitHubEventProcessor |
| 117 | + --version 1.0.0-dev.20240229.2 |
| 118 | + --add-source https://pkgs.dev.azure.com/azure-sdk/public/_packaging/azure-sdk-for-net/nuget/v3/index.json |
| 119 | + --global |
| 120 | + shell: bash |
| 121 | + # End-Install |
| 122 | + |
| 123 | + # Testing checkout of sources from the Azure/azure-sdk-tools repository |
| 124 | + # The ref: is the SHA from the pull request in that repository or the |
| 125 | + # refs/pull/<PRNumber>/merge for the latest on any given PR. If the repository |
| 126 | + # is a fork eg. <User>/azure-sdk-tools then the repository down below will |
| 127 | + # need to point to that fork |
| 128 | + # Start-Build |
| 129 | + # - name: Checkout tools repo for GitHub Event Processor sources |
| 130 | + # uses: actions/checkout@v3 |
| 131 | + # with: |
| 132 | + # repository: Azure/azure-sdk-tools |
| 133 | + # path: azure-sdk-tools |
| 134 | + # ref: <refs/pull/<PRNumber>/merge> or <sha> |
| 135 | + |
| 136 | + # - name: Build and install GitHubEventProcessor from sources |
| 137 | + # run: | |
| 138 | + # dotnet pack |
| 139 | + # dotnet tool install --global --prerelease --add-source ../../../artifacts/packages/Debug Azure.Sdk.Tools.GitHubEventProcessor |
| 140 | + # shell: bash |
| 141 | + # working-directory: azure-sdk-tools/tools/github-event-processor/Azure.Sdk.Tools.GitHubEventProcessor |
| 142 | + # End-Build |
| 143 | + |
| 144 | + - name: Process Action Event |
| 145 | + run: | |
| 146 | + cat > payload.json << 'EOF' |
| 147 | + ${{ toJson(github.event) }} |
| 148 | + EOF |
| 149 | + github-event-processor ${{ github.event_name }} payload.json |
| 150 | + shell: bash |
| 151 | + env: |
| 152 | + # This is a temporary secret generated by github |
| 153 | + # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret |
| 154 | + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
0 commit comments