testing pull requst target trigger with checking out the fork repo #4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test Library CI | |
| on: | |
| # Trigger the workflow on push to the specific branch | |
| push: | |
| branches: | |
| - dev | |
| - main | |
| - CAD-22795-restore-changes # Temp | |
| # Trigger the workflow on pull requests targeting the specific branch | |
| pull_request_target: # Note: `pull_request_target` ensures that the tests run in the context of the `main` branch, not in the user's fork. This has important security implications and should not be changed to `pull_request` | |
| # types: [opened, synchronize] # Triggered when PR is open or updated with new commit | |
| branches: | |
| - dev | |
| - main | |
| - CAD-22795-restore-changes # Temp | |
| # Add a manual trigger option for running the workflow | |
| workflow_dispatch: | |
| jobs: | |
| test: | |
| permissions: | |
| id-token: write | |
| contents: read | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| # Check if it's a pull request and if it is from a fork | |
| - name: Checkout the pull request (from fork) | |
| if: ${{ github.event.pull_request.head.repo.full_name != github.repository }} # This checks if it's from a fork | |
| run: | | |
| echo "PR from a fork detected. Checking out the fork's branch." | |
| git remote add fork https://github.com/${{ github.event.pull_request.head.repo.full_name }}.git | |
| git fetch fork ${{ github.event.pull_request.head.ref }} | |
| # Force checkout the fork's branch to a generic 'ci-testing-branch' | |
| git checkout -B ci-testing-branch FETCH_HEAD | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| # A bunch of if-else. Might move to an action | |
| # Decide environment based on the target branch (for both push and PR events) | |
| - name: Set environment based on target branch | |
| run: | | |
| set -ex | |
| if [[ "${{ github.event_name }}" == "pull_request" ]]; then | |
| # Use the target branch of the pull request | |
| target_branch="${{ github.event.pull_request.base.ref }}" | |
| else | |
| # Use the branch of the push event | |
| # todo: verify that dispatch works | |
| target_branch="${{ github.ref_name }}" | |
| fi | |
| if [[ "$target_branch" == "main" ]]; then | |
| echo "Running on prod environment." | |
| echo "M2M_SECRET_ARN=${{ secrets.PROD_M2M_SECRET_ARN }}" >> $GITHUB_ENV | |
| echo "CLASSIQ_IDE=https://platform.classiq.io" >> $GITHUB_ENV | |
| echo "CLASSIQ_HOST=https://api.classiq.io" >> $GITHUB_ENV | |
| echo "IS_DEV=false" >> $GITHUB_ENV | |
| else | |
| echo "Running on dev environment." | |
| echo "M2M_SECRET_ARN=${{ secrets.NIGHTLY_M2M_SECRET_ARN }}" >> $GITHUB_ENV | |
| echo "CLASSIQ_IDE=https://nightly.platform.classiq.io" >> $GITHUB_ENV | |
| echo "CLASSIQ_HOST=https://staging.api.classiq.io" >> $GITHUB_ENV | |
| echo "IS_DEV=true" >> $GITHUB_ENV | |
| fi | |
| shell: bash | |
| # The following 2 steps can also be grouped into one action | |
| # Step to detect changed .ipynb files | |
| - name: Get changed notebook files | |
| id: changed-files-ipynb | |
| uses: tj-actions/changed-files@v44 | |
| with: | |
| files: | | |
| **/*.ipynb | |
| - name: Print changed notebook files | |
| run: | | |
| echo "Changed notebook files: ${{ steps.changed-files-ipynb.outputs.all_changed_files }}" | |
| - name: Set changed notebook into environment variables | |
| run: | | |
| set -ex | |
| if [ "${{ github.event_name }}" == 'pull_request' ]; then | |
| echo "SHOULD_TEST_ALL_FILES=false" >> $GITHUB_ENV | |
| elif [[ "${{ github.event_name }}" == 'workflow_dispatch' || "${{ github.head_ref || github.ref_name }}" == "dev" ]]; then | |
| echo "SHOULD_TEST_ALL_FILES=true" >> $GITHUB_ENV | |
| fi | |
| - name: Install dependencies | |
| run: | | |
| set -e | |
| # Pre is needed for Dev pre releases | |
| python -m pip install --extra-index-url https://pypi.org/simple --pre -U -r requirements.txt | |
| python -m pip install --extra-index-url https://pypi.org/simple -U -r requirements_tests.txt | |
| # Run notebook tests if any changed notebooks are detected | |
| - name: Run notebook tests | |
| if: steps.changed-files-ipynb.outputs.any_changed == 'true' | |
| uses: ./.github/actions/run-tests # Calls your composite action | |
| with: | |
| # diff files - set to python inside pytest | |
| should_test_all_files: ${{ env.SHOULD_TEST_ALL_FILES }} | |
| list_of_ipynb_changed: ${{ steps.changed-files-ipynb.outputs.all_changed_files }} | |
| # aws environment | |
| m2m_secret_arn: ${{ env.M2M_SECRET_ARN }} | |
| aws_role: ${{ secrets.AWS_ROLE }} | |
| is_dev: ${{ env.IS_DEV }} | |
| # environment | |
| classiq_ide: ${{ env.CLASSIQ_IDE }} | |
| classiq_host: ${{ env.CLASSIQ_HOST }} |