From dc486e0ca44ced44d5ec0f6b447601ceeb4f8a68 Mon Sep 17 00:00:00 2001 From: Armand Grillet <2117580+armandgrillet@users.noreply.github.com> Date: Fri, 28 Jul 2023 13:21:34 +0200 Subject: [PATCH] Revert "Only run workflows if they might be able to work" (#72506) Revert "Only run workflows if they might be able to work (#63164)" This reverts commit 234b5c8c21fd385ce04cb331a2ab82b91df97504. --- .github/workflows/backport.yml | 1 - .github/workflows/bump-version.yml | 1 - .github/workflows/close-milestone.yml | 1 - .github/workflows/codeql-analysis.yml | 3 -- .github/workflows/commands.yml | 15 ---------- .../detect-breaking-changes-report.yml | 20 ++++--------- ...epic-add-to-platform-ux-parent-project.yml | 28 +++++-------------- .github/workflows/github-release.yml | 15 ---------- .github/workflows/issue-labeled.yml | 15 ---------- .github/workflows/metrics-collector.yml | 15 ---------- .github/workflows/milestone.yml | 16 ----------- .github/workflows/pr-checks.yml | 5 ---- .github/workflows/pr-codeql-analysis-go.yml | 3 -- .../pr-codeql-analysis-javascript.yml | 3 -- .../workflows/pr-codeql-analysis-python.yml | 3 -- .github/workflows/pr-commands-closed.yml | 6 ++-- .github/workflows/pr-commands.yml | 15 ---------- .../publish-technical-documentation-next.yml | 2 +- ...ublish-technical-documentation-release.yml | 2 +- .github/workflows/remove-milestone.yml | 17 ----------- .github/workflows/stale.yml | 15 ---------- 21 files changed, 16 insertions(+), 185 deletions(-) diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index f78609bfe91..dce8ecd1d70 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -7,7 +7,6 @@ on: jobs: main: - if: github.repository == 'grafana/grafana' runs-on: ubuntu-latest steps: - name: Checkout Actions diff --git a/.github/workflows/bump-version.yml b/.github/workflows/bump-version.yml index ec203011eed..92979c76523 100644 --- a/.github/workflows/bump-version.yml +++ b/.github/workflows/bump-version.yml @@ -9,7 +9,6 @@ env: YARN_ENABLE_IMMUTABLE_INSTALLS: false jobs: main: - if: github.repository == 'grafana/grafana' runs-on: ubuntu-latest steps: # This is a basic workflow to help you get started with Actions diff --git a/.github/workflows/close-milestone.yml b/.github/workflows/close-milestone.yml index dd865387c64..ca7dc261a68 100644 --- a/.github/workflows/close-milestone.yml +++ b/.github/workflows/close-milestone.yml @@ -14,7 +14,6 @@ on: jobs: main: - if: github.repository == 'grafana/grafana' runs-on: ubuntu-latest steps: - name: Checkout Actions diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 2f2830945e0..f681447a4b7 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -18,9 +18,6 @@ on: schedule: - cron: '0 4 * * 6' -permissions: - security-events: write - jobs: analyze: name: Analyze diff --git a/.github/workflows/commands.yml b/.github/workflows/commands.yml index c22117f7bc0..534418d1178 100644 --- a/.github/workflows/commands.yml +++ b/.github/workflows/commands.yml @@ -7,22 +7,7 @@ on: concurrency: group: issue-commands-${{ github.event.issue.number }} jobs: - config: - runs-on: "ubuntu-latest" - outputs: - has-secrets: ${{ steps.check.outputs.has-secrets }} - steps: - - name: "Check for secrets" - id: check - shell: bash - run: | - if [ -n "${{ (secrets.GRAFANA_MISC_STATS_API_KEY != '' && secrets.GH_BOT_ACCESS_TOKEN != '') || '' }}" ]; then - echo "has-secrets=1" >> "$GITHUB_OUTPUT" - fi - main: - needs: config - if: needs.config.outputs.has-secrets runs-on: ubuntu-latest steps: - name: Checkout Actions diff --git a/.github/workflows/detect-breaking-changes-report.yml b/.github/workflows/detect-breaking-changes-report.yml index 94d605333ce..f69a58417f7 100644 --- a/.github/workflows/detect-breaking-changes-report.yml +++ b/.github/workflows/detect-breaking-changes-report.yml @@ -15,11 +15,6 @@ jobs: env: ARTIFACT_NAME: 'levitate' # The name of the artifact that we would like to download ARTIFACT_FOLDER: '${{ github.workspace }}/tmp' # The name of the folder where we will download the artifact to - permissions: - contents: write - issues: write - pull-requests: write - artifacts: read steps: - uses: actions/checkout@v3 @@ -124,7 +119,7 @@ jobs: # Posts a notification to Slack if a PR has a breaking change and it did not have a breaking change before - name: Post to Slack id: slack - if: steps.levitate-run.outputs.exit_code == 1 && steps.does-label-exist.outputs.result == 0 && steps.levitate-run.outputs.shouldSkip != 'true' && env.HAS_SECRETS + if: steps.levitate-run.outputs.exit_code == 1 && steps.does-label-exist.outputs.result == 0 && steps.levitate-run.outputs.shouldSkip != 'true' uses: slackapi/slack-github-action@v1.24.0 with: payload: | @@ -137,15 +132,13 @@ jobs: } env: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_LEVITATE_WEBHOOK_URL }} - HAS_SECRETS: ${{ (github.repository == "grafana/grafana" || secrets.SLACK_LEVITATE_WEBHOOK_URL != '') || '' }} # Add the label - name: Add "levitate breaking change" label - if: steps.levitate-run.outputs.exit_code == 1 && steps.does-label-exist.outputs.result == 0 && steps.levitate-run.outputs.shouldSkip != 'true' && env.HAS_SECRETS + if: steps.levitate-run.outputs.exit_code == 1 && steps.does-label-exist.outputs.result == 0 && steps.levitate-run.outputs.shouldSkip != 'true' uses: actions/github-script@v6 env: PR_NUMBER: ${{ steps.levitate-run.outputs.pr_number }} - HAS_SECRETS: ${{ (secrets.GH_BOT_ACCESS_TOKEN != '') || '' }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -158,11 +151,10 @@ jobs: # Remove label (no more breaking changes) - name: Remove "levitate breaking change" label - if: steps.levitate-run.outputs.exit_code == 0 && steps.does-label-exist.outputs.result == 1 && steps.levitate-run.outputs.shouldSkip != 'true' && env.HAS_SECRETS + if: steps.levitate-run.outputs.exit_code == 0 && steps.does-label-exist.outputs.result == 1 && steps.levitate-run.outputs.shouldSkip != 'true' uses: actions/github-script@v6 env: PR_NUMBER: ${{ steps.levitate-run.outputs.pr_number }} - HAS_SECRETS: ${{ (secrets.GH_BOT_ACCESS_TOKEN != '') || '' }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -177,11 +169,10 @@ jobs: # This is very weird, the actual request goes through (comes back with a 201), but does not assign the team. # Related issue: https://github.com/renovatebot/renovate/issues/1908 - name: Add "grafana/plugins-platform-frontend" as a reviewer - if: steps.levitate-run.outputs.exit_code && steps.levitate-run.outputs.shouldSkip != 'true' && env.HAS_SECRETS + if: steps.levitate-run.outputs.exit_code && steps.levitate-run.outputs.shouldSkip != 'true' uses: actions/github-script@v6 env: PR_NUMBER: ${{ steps.levitate-run.outputs.pr_number }} - HAS_SECRETS: ${{ (secrets.GH_BOT_ACCESS_TOKEN != '') || '' }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -195,11 +186,10 @@ jobs: # Remove reviewers (no more breaking changes) - name: Remove "grafana/plugins-platform-frontend" from the list of reviewers - if: steps.levitate-run.outputs.exit_code == 0 && steps.levitate-run.outputs.shouldSkip != 'true' && env.HAS_SECRETS + if: steps.levitate-run.outputs.exit_code == 0 && steps.levitate-run.outputs.shouldSkip != 'true' uses: actions/github-script@v6 env: PR_NUMBER: ${{ steps.levitate-run.outputs.pr_number }} - HAS_SECRETS: ${{ (secrets.GH_BOT_ACCESS_TOKEN != '') || '' }} with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/epic-add-to-platform-ux-parent-project.yml b/.github/workflows/epic-add-to-platform-ux-parent-project.yml index 97462269fce..f9e6967ada2 100644 --- a/.github/workflows/epic-add-to-platform-ux-parent-project.yml +++ b/.github/workflows/epic-add-to-platform-ux-parent-project.yml @@ -5,35 +5,21 @@ on: types: [opened, closed, edited, reopened, assigned, unassigned, labeled, unlabeled] labels: - 'type/epic' - + env: - GH_TOKEN: ${{ secrets.GH_BOT_PROJECTS_ACCESS_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GH_BOT_PROJECTS_ACCESS_TOKEN }} ORGANIZATION: ${{ github.repository_owner }} REPO: ${{ github.event.repository.name }} PARENT_PROJECT: 304 CHILD_PROJECT_1: 78 CHILD_PROJECT_2: 111 CHILD_PROJECT_3: 202 - + concurrency: group: issue-add-to-parent-project-${{ github.event.number }} jobs: - config: - runs-on: "ubuntu-latest" - outputs: - has-secrets: ${{ steps.check.outputs.has-secrets }} - steps: - - name: "Check for secrets" - id: check - shell: bash - run: | - if [ -n "${{ (secrets.GH_BOT_PROJECTS_ACCESS_TOKEN != '') || '' }}" ]; then - echo "has-secrets=1" >> "$GITHUB_OUTPUT" - fi - main: - needs: config - if: needs.config.outputs.has-secrets && contains(github.event.issue.labels.*.name, 'type/epic') + if: contains(github.event.issue.labels.*.name, 'type/epic') runs-on: ubuntu-latest steps: - name: Check if issue is in child or parent projects @@ -60,7 +46,7 @@ jobs: } } }' -f org=$ORGANIZATION -f repo=$REPO > projects_data.json - + echo 'IN_PARENT_PROJ='$(jq '.data.repository.issue.projectItems.nodes[] | select(.project.number==${{ env.PARENT_PROJECT }}) | .project != null' projects_data.json) >> $GITHUB_ENV echo 'PARENT_PROJ_STATUS_ID='$(jq '.data.repository.issue.projectItems.nodes[] | select(.project.number==${{ env.PARENT_PROJECT }}) | select(.fieldValueByName != null) | .fieldValueByName.optionId' projects_data.json) >> $GITHUB_ENV echo 'ITEM_ID='$(jq '.data.repository.issue.projectItems.nodes[] | select(.project.number==${{ env.PARENT_PROJECT }}) | .id' projects_data.json) >> $GITHUB_ENV @@ -110,7 +96,7 @@ jobs: } } }' -f project=$PROJECT_ID -f issue=${{ github.event.issue.node_id }} --jq '.data.addProjectV2ItemById.item.id')" - + echo 'ITEM_ID='$item_id >> $GITHUB_ENV - name: Set parent project status Done if: contains(env.CHILD_PROJ_STATUS, 'Done') @@ -138,7 +124,7 @@ jobs: projectId: $project itemId: $item fieldId: $status_field - value: { + value: { singleSelectOptionId: $status_value } }) { diff --git a/.github/workflows/github-release.yml b/.github/workflows/github-release.yml index d532a1dfe8a..b7a73865264 100644 --- a/.github/workflows/github-release.yml +++ b/.github/workflows/github-release.yml @@ -9,22 +9,7 @@ on: required: false description: Mark this release as latest (`1`) or not (`0`, default) jobs: - config: - runs-on: "ubuntu-latest" - outputs: - has-secrets: ${{ steps.check.outputs.has-secrets }} - steps: - - name: "Check for secrets" - id: check - shell: bash - run: | - if [ -n "${{ (secrets.GRAFANA_MISC_STATS_API_KEY != '' && secrets.GH_BOT_ACCESS_TOKEN != '') || '' }}" ]; then - echo "has-secrets=1" >> "$GITHUB_OUTPUT" - fi - main: - needs: config - if: needs.config.outputs.has-secrets runs-on: ubuntu-latest steps: - name: "Generate token" diff --git a/.github/workflows/issue-labeled.yml b/.github/workflows/issue-labeled.yml index 66d4ff6aac4..3538b04b154 100644 --- a/.github/workflows/issue-labeled.yml +++ b/.github/workflows/issue-labeled.yml @@ -5,22 +5,7 @@ on: types: [labeled] jobs: - config: - runs-on: "ubuntu-latest" - outputs: - has-secrets: ${{ steps.check.outputs.has-secrets }} - steps: - - name: "Check for secrets" - id: check - shell: bash - run: | - if [ -n "${{ (secrets.SLACK_WEBHOOK_URL != '') || '' }}" ]; then - echo "has-secrets=1" >> "$GITHUB_OUTPUT" - fi - notify: - needs: config - if: needs.config.outputs.has-secrets runs-on: ubuntu-latest steps: - name: "Download teams.yml to know which label is for which team" diff --git a/.github/workflows/metrics-collector.yml b/.github/workflows/metrics-collector.yml index 8b7e53715bf..874ccc4c3e7 100644 --- a/.github/workflows/metrics-collector.yml +++ b/.github/workflows/metrics-collector.yml @@ -16,22 +16,7 @@ on: types: [opened, closed] jobs: - config: - runs-on: "ubuntu-latest" - outputs: - has-secrets: ${{ steps.check.outputs.has-secrets }} - steps: - - name: "Check for secrets" - id: check - shell: bash - run: | - if [ -n "${{ (secrets.GRAFANA_MISC_STATS_API_KEY != '' && secrets.GH_BOT_ACCESS_TOKEN != '') || '' }}" ]; then - echo "has-secrets=1" >> "$GITHUB_OUTPUT" - fi - main: - needs: config - if: needs.config.outputs.has-secrets runs-on: ubuntu-latest steps: - name: Checkout Actions diff --git a/.github/workflows/milestone.yml b/.github/workflows/milestone.yml index dda36dbad17..f686dee7d55 100644 --- a/.github/workflows/milestone.yml +++ b/.github/workflows/milestone.yml @@ -6,28 +6,12 @@ on: description: 'The version to be released please respect: major.minor.patch, major.minor.patch-preview or major.minor.patch-preview format. example: 7.4.3, 7.4.3-preview or 7.4.3-preview1' required: true jobs: - config: - runs-on: "ubuntu-latest" - outputs: - has-secrets: ${{ steps.check.outputs.has-secrets }} - steps: - - name: "Check for secrets" - id: check - shell: bash - run: | - if [ -n "${{ (secrets.GH_BOT_ACCESS_TOKEN != '') || '' }}" ]; then - echo "has-secrets=1" >> "$GITHUB_OUTPUT" - fi - call-remove-milestone: - needs: config - if: needs.config.outputs.has-secrets uses: grafana/grafana/.github/workflows/remove-milestone.yml@main with: version_call: ${{ github.event.inputs.version_input }} secrets: inherit call-close-milestone: - if: needs.config.outputs.has-secrets uses: grafana/grafana/.github/workflows/close-milestone.yml@main with: version_call: ${{ github.event.inputs.version_input }} diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index af1a5b19f6b..ee978b31931 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -15,13 +15,8 @@ on: - demilestoned concurrency: group: pr-checks-${{ github.event.number }} -permissions: - contents: write jobs: main: - permissions: - actions: write - contents: read runs-on: ubuntu-latest if: github.event.pull_request.draft == false steps: diff --git a/.github/workflows/pr-codeql-analysis-go.yml b/.github/workflows/pr-codeql-analysis-go.yml index 6441ff80a69..6f44dbc45ea 100644 --- a/.github/workflows/pr-codeql-analysis-go.yml +++ b/.github/workflows/pr-codeql-analysis-go.yml @@ -7,9 +7,6 @@ on: paths: - '**/*.go' -permissions: - security-events: write - jobs: analyze: name: Analyze diff --git a/.github/workflows/pr-codeql-analysis-javascript.yml b/.github/workflows/pr-codeql-analysis-javascript.yml index 1947231df8d..d8f187b309c 100644 --- a/.github/workflows/pr-codeql-analysis-javascript.yml +++ b/.github/workflows/pr-codeql-analysis-javascript.yml @@ -9,9 +9,6 @@ on: - '**/*.ts' - '**/*.tsx' -permissions: - security-events: write - jobs: analyze: name: Analyze diff --git a/.github/workflows/pr-codeql-analysis-python.yml b/.github/workflows/pr-codeql-analysis-python.yml index 00307370f4e..d6505de955f 100644 --- a/.github/workflows/pr-codeql-analysis-python.yml +++ b/.github/workflows/pr-codeql-analysis-python.yml @@ -7,9 +7,6 @@ on: paths: - '**/*.py' -permissions: - security-events: write - jobs: analyze: name: Analyze diff --git a/.github/workflows/pr-commands-closed.yml b/.github/workflows/pr-commands-closed.yml index f13475ef5d6..76719c6c009 100644 --- a/.github/workflows/pr-commands-closed.yml +++ b/.github/workflows/pr-commands-closed.yml @@ -2,13 +2,11 @@ name: Run when PRs are closed on: pull_request: types: - - closed + - closed concurrency: group: pr-commands-closed-${{ github.event.number }} jobs: close_job: - permissions: - pull-requests: write # this job will only run if the PR has been closed without being merged if: github.event.pull_request.merged == false runs-on: ubuntu-latest @@ -17,4 +15,4 @@ jobs: echo PR #${{ github.event.number }} has been closed without being merged, removing milestone. gh pr edit ${{ github.event.number }} --milestone "" --repo $GITHUB_REPOSITORY env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/pr-commands.yml b/.github/workflows/pr-commands.yml index cead914128b..d868efb6926 100644 --- a/.github/workflows/pr-commands.yml +++ b/.github/workflows/pr-commands.yml @@ -8,22 +8,7 @@ on: concurrency: group: pr-commands-${{ github.event.number }} jobs: - config: - runs-on: "ubuntu-latest" - outputs: - has-secrets: ${{ steps.check.outputs.has-secrets }} - steps: - - name: "Check for secrets" - id: check - shell: bash - run: | - if [ -n "${{ (secrets.GRAFANA_MISC_STATS_API_KEY != '' && secrets.GH_BOT_ACCESS_TOKEN != '') || '' }}" ]; then - echo "has-secrets=1" >> "$GITHUB_OUTPUT" - fi - main: - needs: config - if: needs.config.outputs.has-secrets runs-on: ubuntu-latest steps: - name: Checkout Actions diff --git a/.github/workflows/publish-technical-documentation-next.yml b/.github/workflows/publish-technical-documentation-next.yml index b5d1927d3c5..56b133ac867 100644 --- a/.github/workflows/publish-technical-documentation-next.yml +++ b/.github/workflows/publish-technical-documentation-next.yml @@ -9,7 +9,7 @@ on: workflow_dispatch: jobs: sync: - if: github.repository == 'grafana/grafana' + if: "github.repository == 'grafana/grafana'" runs-on: "ubuntu-latest" steps: - name: "Checkout Grafana repo" diff --git a/.github/workflows/publish-technical-documentation-release.yml b/.github/workflows/publish-technical-documentation-release.yml index f1069d2b8e2..69fafd1d0e8 100644 --- a/.github/workflows/publish-technical-documentation-release.yml +++ b/.github/workflows/publish-technical-documentation-release.yml @@ -11,7 +11,7 @@ on: workflow_dispatch: jobs: sync: - if: github.repository == 'grafana/grafana' + if: "github.repository == 'grafana/grafana'" runs-on: "ubuntu-latest" steps: - name: "Checkout Grafana repo" diff --git a/.github/workflows/remove-milestone.yml b/.github/workflows/remove-milestone.yml index 81d9d93783c..44f42b5d757 100644 --- a/.github/workflows/remove-milestone.yml +++ b/.github/workflows/remove-milestone.yml @@ -13,24 +13,7 @@ on: type: string jobs: - config: - runs-on: "ubuntu-latest" - outputs: - has-secrets: ${{ steps.check.outputs.has-secrets }} - steps: - - name: "Check for secrets" - id: check - shell: bash - run: | - if [ -n "${{ (secrets.GH_BOT_ACCESS_TOKEN != '') || '' }}" ]; then - echo "has-secrets=1" >> "$GITHUB_OUTPUT" - fi - main: - needs: config - if: needs.config.outputs.has-secrets - permissions: - issues: write runs-on: ubuntu-latest steps: - name: Checkout Actions diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 8f0bf228f94..de50fe2f26b 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -7,22 +7,7 @@ permissions: pull-requests: write jobs: - config: - runs-on: "ubuntu-latest" - outputs: - has-secrets: ${{ steps.check.outputs.has-secrets }} - steps: - - name: "Check for secrets" - id: check - shell: bash - run: | - if [ -n "${{ (secrets.GH_BOT_ACCESS_TOKEN != '') || '' }}" ]; then - echo "has-secrets=1" >> "$GITHUB_OUTPUT" - fi - stale: - needs: config - if: needs.config.outputs.has-secrets runs-on: ubuntu-latest steps: - uses: actions/stale@v8