-
Notifications
You must be signed in to change notification settings - Fork 0
fix: Sync Workflow Lives in Chronon #743
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
19 commits
Select commit
Hold shift + click to select a range
7108056
Create workflow to trigger platform subtree pull
chewy-zlai bbe248a
Test on push
chewy-zlai 22e1b7b
whitespace change for testing
chewy-zlai 3a5f3ed
Delete duplicate push_to_canary to avoid conflicts
chewy-zlai d8dd6b6
Whitespace change for testing
chewy-zlai 9886a58
Test with direct workflow
chewy-zlai 9acb060
remove persist-credentials: false
chewy-zlai 8a78d64
remove test workflow
chewy-zlai 9544ad4
Test with copy of reusable workflow
chewy-zlai 35c1a2f
Remove test workflow
chewy-zlai 857c769
Run on pushes to main
chewy-zlai e119156
Stop using reusable workflow and copy it over here
chewy-zlai 4962870
specify repository and test
chewy-zlai 460c552
Tests successful. Renaming to Push to Platform
chewy-zlai 267a4dc
Security test, see if secret key gets revealed
chewy-zlai 651ebe1
Security test passed, ready to merge
chewy-zlai e51b82e
Merge branch 'main' of https://github.com/zipline-ai/chronon into che…
chewy-zlai b8aec5b
Merge branch 'main' of https://github.com/zipline-ai/chronon into che…
chewy-zlai 08cd05c
Merge branch 'main' of https://github.com/zipline-ai/chronon into che…
chewy-zlai File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| name: Push to Platform | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - main | ||
|
|
||
| jobs: | ||
| subtree-pull: | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Checkout platform repo | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| repository: "zipline-ai/platform" | ||
| ssh-key: ${{ secrets.PLATFORM_REPO_DEPLOY_KEY }} | ||
| fetch-depth: 0 # Required for subtree operations | ||
| ref: main # Ensure we're on the main branch | ||
|
|
||
| - name: Set up Git config | ||
| run: | | ||
| git config user.name "GitHub Actions" | ||
| git config user.email "[email protected]" | ||
|
|
||
| - name: Set up SSH key for Chronon access and pull subtree | ||
| env: | ||
| SSH_PRIVATE_KEY: ${{ secrets.CHRONON_REPO_DEPLOY_KEY }} | ||
| run: | | ||
| mkdir -p ~/.ssh | ||
| echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa | ||
| chmod 600 ~/.ssh/id_rsa | ||
|
|
||
| # Add GitHub's SSH key to known_hosts | ||
| ssh-keyscan github.com >> ~/.ssh/known_hosts | ||
|
|
||
| # Set up SSH agent | ||
| eval "$(ssh-agent -s)" | ||
| ssh-add ~/.ssh/id_rsa | ||
|
|
||
| # Create basic SSH config | ||
| cat > ~/.ssh/config << EOF | ||
| Host github.com | ||
| User git | ||
| IdentityFile ~/.ssh/id_rsa | ||
| StrictHostKeyChecking no | ||
| EOF | ||
|
|
||
| # Add the SSH remote | ||
| git remote add chronon [email protected]:zipline-ai/chronon.git || true | ||
|
|
||
| git fetch chronon main | ||
| git subtree pull --prefix=chronon chronon main --message="chore: update chronon subtree" | ||
|
|
||
| - name: Push changes to platform | ||
| run: git push origin main | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is this going to show the private key in the CI logs? Or is it possible a simple followup change could expose that?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here is it running: https://github.com/zipline-ai/platform/actions/runs/14843383331/job/41671413678 It doesn't expose the secret data.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I confirmed here that a simple change won't expose the secret SSH key: https://github.com/zipline-ai/chronon/actions/runs/14872732013/job/41764246277?pr=743. Github is good about keeping secrets from getting exposed.