You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by ka...@apache.org on 2021/01/21 16:01:20 UTC
[airflow] branch v1-10-test updated (4180803 -> d9c973b)
This is an automated email from the ASF dual-hosted git repository.
kaxilnaik pushed a change to branch v1-10-test
in repository https://gitbox.apache.org/repos/asf/airflow.git.
from 4180803 fixup! Include airflow/contrib/executors in the dist package
new 7d12723 Switch to Apache-owned GitHub actions (#13327)
new 1c9e621 Also add codecov action to apache airflow repo (#13328)
new 52d0f57 Disable persisting credentials in Github Action's checkout (#13389)
new d9c973b Run "third party" github actions from submodules instead (#13514)
The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.github/actions/cancel-workflow-runs | 1 +
.github/actions/checks-action | 1 +
.github/actions/codecov-action | 1 +
.github/actions/configure-aws-credentials | 1 +
.github/actions/get-workflow-origin | 1 +
.github/actions/github-push-action | 1 +
.github/actions/label-when-approved-action | 1 +
.github/workflows/build-images-workflow-run.yml | 62 +++++++++++++++-------
.github/workflows/ci.yml | 59 +++++++++++++++++---
.github/workflows/codeql-analysis.yml | 2 +
.../workflows/label_when_reviewed_workflow_run.yml | 25 +++++----
.github/workflows/scheduled_quarantined.yml | 2 +
.gitmodules | 21 ++++++++
.pre-commit-config.yaml | 2 +-
14 files changed, 145 insertions(+), 35 deletions(-)
create mode 160000 .github/actions/cancel-workflow-runs
create mode 160000 .github/actions/checks-action
create mode 160000 .github/actions/codecov-action
create mode 160000 .github/actions/configure-aws-credentials
create mode 160000 .github/actions/get-workflow-origin
create mode 160000 .github/actions/github-push-action
create mode 160000 .github/actions/label-when-approved-action
create mode 100644 .gitmodules
[airflow] 03/04: Disable persisting credentials in Github Action's
checkout (#13389)
Posted by ka...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
kaxilnaik pushed a commit to branch v1-10-test
in repository https://gitbox.apache.org/repos/asf/airflow.git
commit 52d0f57e3142207973d4f369fb4a8dc2d2f76aaf
Author: Jarek Potiuk <ja...@polidea.com>
AuthorDate: Wed Dec 30 14:25:29 2020 +0100
Disable persisting credentials in Github Action's checkout (#13389)
This PR disables persisting credentials in Github Actions checkout.
This is a result of discussion in builds@apache.org
https://lists.apache.org/thread.html/r435c45dfc28ec74e28314aa9db8a216a2b45ff7f27b15932035d3f65%40%3Cbuilds.apache.org%3E
It turns out that contrary to the documentation actios (specifically
checkout action) can use GITHUB_TOKEN without specifying it as
input in the yaml file and the GitHub checkout action
leaves the repository with credentials stored locally that
enable pushing to Github Repository by any step in the same
job. This was thought to be forbidden initially (and the
documentation clearly says that the action must have the
GITHUB_TOKEN passed to it in .yaml workflow in order to
use it). But apparently it behaves differently.
This leaves open an attack vector where for example
any PIP package installed in the following steps could push
any changes to GitHub Repository of Apache Airflow.
Security incidents have been reported to both GitHub and
Apache Security team, but in the meantime we add configuration
to remove credentials after checkout step.
https://docs.github.com/en/free-pro-team@latest/actions/reference/authentication-in-a-workflow#using-the-github_token-in-a-workflow
> Using the GITHUB_TOKEN in a workflow
> To use the GITHUB_TOKEN secret, you *must* reference it in your workflow
file. Using a token might include passing the token as an input to an
action that requires it, or making authenticated GitHub API calls.
(cherry picked from commit d079b913d283378dca37dc9ea25b04186d3e326c)
---
.github/workflows/build-images-workflow-run.yml | 7 ++++
.github/workflows/ci.yml | 41 +++++++++++++++++++++-
.github/workflows/codeql-analysis.yml | 2 ++
.../workflows/label_when_reviewed_workflow_run.yml | 5 +++
.github/workflows/scheduled_quarantined.yml | 2 ++
5 files changed, 56 insertions(+), 1 deletion(-)
diff --git a/.github/workflows/build-images-workflow-run.yml b/.github/workflows/build-images-workflow-run.yml
index 778ff54..bed5dfc 100644
--- a/.github/workflows/build-images-workflow-run.yml
+++ b/.github/workflows/build-images-workflow-run.yml
@@ -207,6 +207,8 @@ jobs:
if: needs.cancel-workflow-runs.outputs.sourceEvent == 'pull_request'
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: >
Event: ${{ needs.cancel-workflow-runs.outputs.sourceEvent }}
Repo: ${{ needs.cancel-workflow-runs.outputs.sourceHeadRepo }}
@@ -224,10 +226,13 @@ jobs:
with:
ref: ${{ needs.cancel-workflow-runs.outputs.targetCommitSha }}
fetch-depth: 2
+ persist-credentials: false
if: needs.cancel-workflow-runs.outputs.sourceEvent == 'pull_request'
# checkout the master version again, to use the right script in master workflow
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: Selective checks
id: selective-checks
env:
@@ -279,6 +284,7 @@ jobs:
uses: actions/checkout@v2
with:
ref: ${{ needs.cancel-workflow-runs.outputs.targetCommitSha }}
+ persist-credentials: false
- name: "Retrieve DEFAULTS from the _initialization.sh"
# We cannot "source" the script here because that would be a security problem (we cannot run
# any code that comes from the sources coming from the PR. Therefore we extract the
@@ -323,6 +329,7 @@ jobs:
with:
path: "main-airflow"
ref: "${{ needs.cancel-workflow-runs.outputs.targetBranch }}"
+ persist-credentials: false
if: steps.defaults.outputs.proceed == 'true'
- name: "Setup python"
uses: actions/setup-python@v2
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 7902f6c..728dfb0 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -105,6 +105,8 @@ jobs:
token: ${{ secrets.GITHUB_TOKEN }}
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: >
Event: ${{ github.event_name }}
Repo: ${{ steps.source-run-info.outputs.sourceHeadRepo }}
@@ -126,6 +128,7 @@ jobs:
with:
ref: ${{ github.sha }}
fetch-depth: 2
+ persist-credentials: false
if: github.event_name == 'pull_request'
- name: Selective checks
id: selective-checks
@@ -155,6 +158,8 @@ jobs:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v2
if: needs.build-info.outputs.waitForImage == 'true'
+ with:
+ persist-credentials: false
- name: "Setup python"
uses: actions/setup-python@v2
with:
@@ -192,6 +197,8 @@ jobs:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v2
if: needs.build-info.outputs.waitForImage == 'true'
+ with:
+ persist-credentials: false
- name: "Free space"
run: ./scripts/ci/tools/ci_free_space_on_ci.sh
if: needs.build-info.outputs.waitForImage == 'true'
@@ -207,13 +214,15 @@ jobs:
runs-on: ubuntu-20.04
needs: [build-info, ci-images]
env:
- SKIP: "pylint,identity"
+ SKIP: "identity"
MOUNT_LOCAL_SOURCES: "true"
PYTHON_MAJOR_MINOR_VERSION: ${{needs.build-info.outputs.defaultPythonVersion}}
if: needs.build-info.outputs.basic-checks-only == 'false'
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: "Setup python"
uses: actions/setup-python@v2
with:
@@ -250,6 +259,8 @@ jobs:
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: "Setup python"
uses: actions/setup-python@v2
with:
@@ -267,6 +278,7 @@ jobs:
with:
ref: ${{ github.sha }}
fetch-depth: 2
+ persist-credentials: false
- name: "Static checks: basic checks only"
run: |
./scripts/ci/static_checks/run_basic_static_checks.sh "${{ github.sha }}"
@@ -282,6 +294,8 @@ jobs:
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: "Prepare CI image ${{env.PYTHON_MAJOR_MINOR_VERSION}}:${{ env.GITHUB_REGISTRY_PULL_IMAGE_TAG }}"
run: ./scripts/ci/images/ci_prepare_ci_image_on_ci.sh
- name: "Build docs"
@@ -311,6 +325,8 @@ jobs:
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: "Setup python"
uses: actions/setup-python@v2
with:
@@ -367,6 +383,8 @@ jobs:
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: "Setup python"
uses: actions/setup-python@v2
with:
@@ -422,6 +440,8 @@ jobs:
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: "Setup python"
uses: actions/setup-python@v2
with:
@@ -474,6 +494,8 @@ jobs:
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: "Setup python"
uses: actions/setup-python@v2
with:
@@ -531,6 +553,8 @@ jobs:
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: "Setup python"
uses: actions/setup-python@v2
with:
@@ -618,6 +642,8 @@ jobs:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v2
if: needs.build-info.outputs.waitForImage == 'true'
+ with:
+ persist-credentials: false
- name: "Setup python"
uses: actions/setup-python@v2
with:
@@ -649,6 +675,8 @@ jobs:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v2
if: needs.build-info.outputs.waitForImage == 'true'
+ with:
+ persist-credentials: false
- name: "Free space"
run: ./scripts/ci/tools/ci_free_space_on_ci.sh
if: needs.build-info.outputs.waitForImage == 'true'
@@ -683,6 +711,8 @@ jobs:
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: "Setup python"
uses: actions/setup-python@v2
with:
@@ -762,6 +792,8 @@ jobs:
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: "Setup python"
uses: actions/setup-python@v2
with:
@@ -800,6 +832,8 @@ jobs:
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: "Setup python"
uses: actions/setup-python@v2
with:
@@ -830,6 +864,8 @@ jobs:
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: "Setup python"
uses: actions/setup-python@v2
with:
@@ -867,6 +903,8 @@ jobs:
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: "Set constraints branch name"
id: constraints-branch
run: ./scripts/ci/constraints/ci_branch_constraints.sh
@@ -875,6 +913,7 @@ jobs:
with:
path: "repo"
ref: ${{ steps.constraints-branch.outputs.branch }}
+ persist-credentials: false
- name: "Get all artifacts (constraints)"
uses: actions/download-artifact@v2
with:
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 9fa7b94..8bdd809 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -36,6 +36,7 @@ jobs:
uses: actions/checkout@v2
with:
fetch-depth: 2
+ persist-credentials: false
- name: Selective checks
id: selective-checks
env:
@@ -68,6 +69,7 @@ jobs:
# We must fetch at least the immediate parents so that if this is
# a pull request then we can checkout the head.
fetch-depth: 2
+ persist-credentials: false
if: |
matrix.language == 'python' && needs.selective-checks.outputs.needs-python-scans == 'true' ||
matrix.language == 'javascript' && needs.selective-checks.outputs.needs-javascript-scans == 'true'
diff --git a/.github/workflows/label_when_reviewed_workflow_run.yml b/.github/workflows/label_when_reviewed_workflow_run.yml
index d66472b..4400bae 100644
--- a/.github/workflows/label_when_reviewed_workflow_run.yml
+++ b/.github/workflows/label_when_reviewed_workflow_run.yml
@@ -51,6 +51,8 @@ jobs:
"}
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: >
Event: ${{ steps.source-run-info.outputs.sourceEvent }}
Repo: ${{ steps.source-run-info.outputs.sourceHeadRepo }}
@@ -68,9 +70,12 @@ jobs:
with:
ref: ${{ steps.source-run-info.outputs.targetCommitSha }}
fetch-depth: 2
+ persist-credentials: false
# checkout the master version again, to use the right script in master workflow
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- name: Selective checks
id: selective-checks
env:
diff --git a/.github/workflows/scheduled_quarantined.yml b/.github/workflows/scheduled_quarantined.yml
index 9877e4c..3071693 100644
--- a/.github/workflows/scheduled_quarantined.yml
+++ b/.github/workflows/scheduled_quarantined.yml
@@ -79,6 +79,8 @@ jobs:
needs.trigger-tests.outputs.run-tests == 'true' || github.event_name != 'pull_request'
steps:
- uses: actions/checkout@v2
+ with:
+ persist-credentials: false
- uses: actions/setup-python@v2
with:
python-version: '3.7'
[airflow] 02/04: Also add codecov action to apache airflow repo
(#13328)
Posted by ka...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
kaxilnaik pushed a commit to branch v1-10-test
in repository https://gitbox.apache.org/repos/asf/airflow.git
commit 1c9e621671c95109392a005beedf328793367e79
Author: Jarek Potiuk <ja...@polidea.com>
AuthorDate: Sun Dec 27 17:42:45 2020 +0100
Also add codecov action to apache airflow repo (#13328)
Follow up after #13327
(cherry picked from commit 98896e4e327f256fd04087a49a13e16a246022c9)
---
.github/workflows/ci.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 1b337a3..7902f6c 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -600,7 +600,7 @@ jobs:
- name: "Removes unnecessary artifacts"
run: ls ./coverage-files | grep -v coverage | xargs rm -rf
- name: "Upload all coverage reports to codecov"
- uses: codecov/codecov-action@v1
+ uses: apache/airflow-codecov-action@1fc7722ded4708880a5aea49f2bfafb9336f0c8d # v1.1.1
with:
directory: "./coverage-files"
[airflow] 04/04: Run "third party" github actions from submodules
instead (#13514)
Posted by ka...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
kaxilnaik pushed a commit to branch v1-10-test
in repository https://gitbox.apache.org/repos/asf/airflow.git
commit d9c973bda1d14474edb714796366bc0060e4cbbc
Author: Ash Berlin-Taylor <as...@firemirror.com>
AuthorDate: Mon Jan 11 10:38:15 2021 +0000
Run "third party" github actions from submodules instead (#13514)
Rather than having to mirror all the repos we can instead use
git submodules to pull in the third party actions we want to use - with
recent(ish) changes in review for submodules on GitHub we still get the
same "review/audit" visibility for changes, but this way we don't have
to either "pollute" our repo with the actions code, nor do we have to
maintain a fork of the third party action.
(cherry picked from commit f115983550833b1516ce58e66b49fe4fb1a0eff7)
---
.github/actions/cancel-workflow-runs | 1 +
.github/actions/checks-action | 1 +
.github/actions/codecov-action | 1 +
.github/actions/configure-aws-credentials | 1 +
.github/actions/get-workflow-origin | 1 +
.github/actions/github-push-action | 1 +
.github/actions/label-when-approved-action | 1 +
.github/workflows/build-images-workflow-run.yml | 57 ++++++++++++++--------
.github/workflows/ci.yml | 22 ++++++---
.../workflows/label_when_reviewed_workflow_run.yml | 24 ++++-----
.gitmodules | 21 ++++++++
.pre-commit-config.yaml | 2 +-
12 files changed, 94 insertions(+), 39 deletions(-)
diff --git a/.github/actions/cancel-workflow-runs b/.github/actions/cancel-workflow-runs
new file mode 160000
index 0000000..953e057
--- /dev/null
+++ b/.github/actions/cancel-workflow-runs
@@ -0,0 +1 @@
+Subproject commit 953e057dc81d3458935a18d1184c386b0f6b5738
diff --git a/.github/actions/checks-action b/.github/actions/checks-action
new file mode 160000
index 0000000..9f02872
--- /dev/null
+++ b/.github/actions/checks-action
@@ -0,0 +1 @@
+Subproject commit 9f02872da71b6f558c6a6f190f925dde5e4d8798
diff --git a/.github/actions/codecov-action b/.github/actions/codecov-action
new file mode 160000
index 0000000..1fc7722
--- /dev/null
+++ b/.github/actions/codecov-action
@@ -0,0 +1 @@
+Subproject commit 1fc7722ded4708880a5aea49f2bfafb9336f0c8d
diff --git a/.github/actions/configure-aws-credentials b/.github/actions/configure-aws-credentials
new file mode 160000
index 0000000..e97d7fb
--- /dev/null
+++ b/.github/actions/configure-aws-credentials
@@ -0,0 +1 @@
+Subproject commit e97d7fbc8e0e5af69631c13daa0f4b5a8d88165b
diff --git a/.github/actions/get-workflow-origin b/.github/actions/get-workflow-origin
new file mode 160000
index 0000000..588cc14
--- /dev/null
+++ b/.github/actions/get-workflow-origin
@@ -0,0 +1 @@
+Subproject commit 588cc14f9f1cdf1b8be3db816855e96422204fec
diff --git a/.github/actions/github-push-action b/.github/actions/github-push-action
new file mode 160000
index 0000000..40bf560
--- /dev/null
+++ b/.github/actions/github-push-action
@@ -0,0 +1 @@
+Subproject commit 40bf560936a8022e68a3c00e7d2abefaf01305a6
diff --git a/.github/actions/label-when-approved-action b/.github/actions/label-when-approved-action
new file mode 160000
index 0000000..4c5190f
--- /dev/null
+++ b/.github/actions/label-when-approved-action
@@ -0,0 +1 @@
+Subproject commit 4c5190fec5661e98d83f50bbd4ef9ebb48bd1194
diff --git a/.github/workflows/build-images-workflow-run.yml b/.github/workflows/build-images-workflow-run.yml
index bed5dfc..5c85cb4 100644
--- a/.github/workflows/build-images-workflow-run.yml
+++ b/.github/workflows/build-images-workflow-run.yml
@@ -56,14 +56,19 @@ jobs:
cacheDirective: ${{ steps.cache-directive.outputs.docker-cache }}
buildImages: ${{ steps.build-images.outputs.buildImages }}
steps:
+ - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
+ uses: actions/checkout@v2
+ with:
+ persist-credentials: false
+ submodules: recursive
- name: "Get information about the original trigger of the run"
- uses: apache/airflow-get-workflow-origin@588cc14f9f1cdf1b8be3db816855e96422204fec # v1_3
+ uses: ./.github/actions/get-workflow-origin
id: source-run-info
with:
token: ${{ secrets.GITHUB_TOKEN }}
sourceRunId: ${{ github.event.workflow_run.id }}
- name: "Cancel duplicated 'CI Build' runs"
- uses: apache/airflow-cancel-workflow-runs@953e057dc81d3458935a18d1184c386b0f6b5738 # v4_7
+ uses: ./.github/actions/cancel-workflow-runs
with:
token: ${{ secrets.GITHUB_TOKEN }}
cancelMode: allDuplicates
@@ -80,7 +85,7 @@ jobs:
# trick ¯\_(ツ)_/¯. We name the build-info job appropriately
# and then we try to find and cancel all the jobs with the same Event + Repo + Branch as the
# current Event/Repo/Branch combination.
- uses: apache/airflow-cancel-workflow-runs@953e057dc81d3458935a18d1184c386b0f6b5738 # v4_7
+ uses: ./.github/actions/cancel-workflow-runs
with:
cancelMode: namedJobs
token: ${{ secrets.GITHUB_TOKEN }}
@@ -96,7 +101,7 @@ jobs:
# We also produce list of canceled "CI Build' runs as output, so that we
# can cancel all the matching "Build Images" workflow runs in the two following steps.
# Yeah. Adding to the complexity ¯\_(ツ)_/¯.
- uses: apache/airflow-cancel-workflow-runs@953e057dc81d3458935a18d1184c386b0f6b5738 # v4_7
+ uses: ./.github/actions/cancel-workflow-runs
id: cancel-failed
with:
token: ${{ secrets.GITHUB_TOKEN }}
@@ -129,14 +134,14 @@ jobs:
# it to cancel any jobs that have matching names containing Source Run Id:
# followed by one of the run ids. Yes I know it's super complex ¯\_(ツ)_/¯.
if: env.BUILD_IMAGES == 'true' && steps.cancel-failed.outputs.cancelledRuns != '[]'
- uses: apache/airflow-cancel-workflow-runs@953e057dc81d3458935a18d1184c386b0f6b5738 # v4_7
+ uses: ./.github/actions/cancel-workflow-runs
with:
cancelMode: namedJobs
token: ${{ secrets.GITHUB_TOKEN }}
notifyPRCancel: true
jobNameRegexps: ${{ steps.extract-cancelled-failed-runs.outputs.matching-regexp }}
- name: "Cancel duplicated 'CodeQL' runs"
- uses: apache/airflow-cancel-workflow-runs@953e057dc81d3458935a18d1184c386b0f6b5738 # v4_7
+ uses: ./.github/actions/cancel-workflow-runs
id: cancel
with:
token: ${{ secrets.GITHUB_TOKEN }}
@@ -156,7 +161,7 @@ jobs:
# trick ¯\_(ツ)_/¯. We name the build-info job appropriately and then we try to match
# all the jobs with the same Event + Repo + Branch match and cancel all the duplicates for those
# This might cancel own run, so this is the last step in the job
- uses: apache/airflow-cancel-workflow-runs@953e057dc81d3458935a18d1184c386b0f6b5738 # v4_7
+ uses: ./.github/actions/cancel-workflow-runs
with:
cancelMode: allDuplicatedNamedJobs
token: ${{ secrets.GITHUB_TOKEN }}
@@ -307,8 +312,19 @@ jobs:
else
echo "::set-output name=proceed::false"
fi
+ - name: >
+ Checkout "${{ needs.cancel-workflow-runs.outputs.targetBranch }}" branch to 'main-airflow' folder
+ to use ci/scripts from there.
+ uses: actions/checkout@v2
+ with:
+ path: "main-airflow"
+ ref: "${{ needs.cancel-workflow-runs.outputs.targetBranch }}"
+ persist-credentials: false
+ submodules: recursive
+ if: steps.defaults.outputs.proceed == 'true'
- name: Initiate Github Checks for Building image
- uses: apache/airflow-checks-action@9f02872da71b6f558c6a6f190f925dde5e4d8798 # v1.1.0
+ # Use the submodule from main, not the PR branch
+ uses: ./main-airflow/.github/actions/checks-action
id: build-image-check
with:
token: ${{ secrets.GITHUB_TOKEN }}
@@ -322,15 +338,6 @@ jobs:
[Image Build](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})
for details" }
if: steps.defaults.outputs.proceed == 'true'
- - name: >
- Checkout "${{ needs.cancel-workflow-runs.outputs.targetBranch }}" branch to 'main-airflow' folder
- to use ci/scripts from there.
- uses: actions/checkout@v2
- with:
- path: "main-airflow"
- ref: "${{ needs.cancel-workflow-runs.outputs.targetBranch }}"
- persist-credentials: false
- if: steps.defaults.outputs.proceed == 'true'
- name: "Setup python"
uses: actions/setup-python@v2
with:
@@ -363,7 +370,7 @@ jobs:
run: ./scripts/ci/images/ci_push_production_images.sh
if: matrix.image-type == 'PROD' && steps.defaults.outputs.proceed == 'true'
- name: Update Github Checks for Building image with status
- uses: apache/airflow-checks-action@9f02872da71b6f558c6a6f190f925dde5e4d8798 # v1.1.0
+ uses: ./main-airflow/.github/actions/checks-action
if: always() && steps.defaults.outputs.proceed == 'true'
with:
token: ${{ secrets.GITHUB_TOKEN }}
@@ -384,8 +391,13 @@ jobs:
if: cancelled()
needs: [build-images]
steps:
+ - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
+ uses: actions/checkout@v2
+ with:
+ persist-credentials: false
+ submodules: recursive
- name: "Canceling the 'CI Build' source workflow in case of failure!"
- uses: apache/airflow-cancel-workflow-runs@953e057dc81d3458935a18d1184c386b0f6b5738 # v4_7
+ uses: ./.github/actions/cancel-workflow-runs
with:
token: ${{ secrets.GITHUB_TOKEN }}
cancelMode: self
@@ -399,8 +411,13 @@ jobs:
if: failure()
needs: [build-images]
steps:
+ - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
+ uses: actions/checkout@v2
+ with:
+ persist-credentials: false
+ submodules: recursive
- name: "Canceling the 'CI Build' source workflow in case of failure!"
- uses: apache/airflow-cancel-workflow-runs@953e057dc81d3458935a18d1184c386b0f6b5738 # v4_7
+ uses: ./.github/actions/cancel-workflow-runs
with:
token: ${{ secrets.GITHUB_TOKEN }}
cancelMode: self
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 728dfb0..e87564d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -98,15 +98,16 @@ jobs:
pullRequestNumber: ${{ steps.source-run-info.outputs.pullRequestNumber }}
pullRequestLabels: ${{ steps.source-run-info.outputs.pullRequestLabels }}
steps:
- - name: "Get information about the PR"
- uses: apache/airflow-get-workflow-origin@588cc14f9f1cdf1b8be3db816855e96422204fec # v1_3
- id: source-run-info
- with:
- token: ${{ secrets.GITHUB_TOKEN }}
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v2
with:
persist-credentials: false
+ submodules: recursive
+ - name: "Get information about the PR"
+ uses: ./.github/actions/get-workflow-origin
+ id: source-run-info
+ with:
+ token: ${{ secrets.GITHUB_TOKEN }}
- name: >
Event: ${{ github.event_name }}
Repo: ${{ steps.source-run-info.outputs.sourceHeadRepo }}
@@ -296,6 +297,7 @@ jobs:
uses: actions/checkout@v2
with:
persist-credentials: false
+ submodules: recursive
- name: "Prepare CI image ${{env.PYTHON_MAJOR_MINOR_VERSION}}:${{ env.GITHUB_REGISTRY_PULL_IMAGE_TAG }}"
run: ./scripts/ci/images/ci_prepare_ci_image_on_ci.sh
- name: "Build docs"
@@ -617,6 +619,11 @@ jobs:
- tests-mysql
- tests-quarantined
steps:
+ - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
+ uses: actions/checkout@v2
+ with:
+ persist-credentials: false
+ submodules: recursive
- name: "Download all artifacts from the current build"
uses: actions/download-artifact@v2
with:
@@ -624,7 +631,7 @@ jobs:
- name: "Removes unnecessary artifacts"
run: ls ./coverage-files | grep -v coverage | xargs rm -rf
- name: "Upload all coverage reports to codecov"
- uses: apache/airflow-codecov-action@1fc7722ded4708880a5aea49f2bfafb9336f0c8d # v1.1.1
+ uses: ./.github/actions/codecov-action
with:
directory: "./coverage-files"
@@ -905,6 +912,7 @@ jobs:
uses: actions/checkout@v2
with:
persist-credentials: false
+ submodules: recursive
- name: "Set constraints branch name"
id: constraints-branch
run: ./scripts/ci/constraints/ci_branch_constraints.sh
@@ -921,7 +929,7 @@ jobs:
- name: "Commit changed constraint files for ${{needs.build-info.outputs.pythonVersions}}"
run: ./scripts/ci/constraints/ci_commit_constraints.sh
- name: "Push changes"
- uses: apache/airflow-github-push-action@40bf560936a8022e68a3c00e7d2abefaf01305a6 # v0.6.0
+ uses: ./.github/actions/github-push-action
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
branch: ${{ steps.constraints-branch.outputs.branch }}
diff --git a/.github/workflows/label_when_reviewed_workflow_run.yml b/.github/workflows/label_when_reviewed_workflow_run.yml
index 4400bae..1ed50dd 100644
--- a/.github/workflows/label_when_reviewed_workflow_run.yml
+++ b/.github/workflows/label_when_reviewed_workflow_run.yml
@@ -29,14 +29,19 @@ jobs:
outputs:
labelSet: ${{ steps.label-when-reviewed.outputs.labelSet }}
steps:
+ - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
+ uses: actions/checkout@v2
+ with:
+ persist-credentials: false
+ submodules: recursive
- name: "Get information about the original trigger of the run"
- uses: apache/airflow-get-workflow-origin@588cc14f9f1cdf1b8be3db816855e96422204fec # v1_3
+ uses: ./.github/actions/get-workflow-origin
id: source-run-info
with:
token: ${{ secrets.GITHUB_TOKEN }}
sourceRunId: ${{ github.event.workflow_run.id }}
- name: Initiate Selective Build check
- uses: apache/airflow-checks-action@9f02872da71b6f558c6a6f190f925dde5e4d8798 # v1.1.0
+ uses: ./.github/actions/checks-action
id: selective-build-check
with:
token: ${{ secrets.GITHUB_TOKEN }}
@@ -49,10 +54,6 @@ jobs:
"Checking selective status of the build in
[the run](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})
"}
- - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@v2
- with:
- persist-credentials: false
- name: >
Event: ${{ steps.source-run-info.outputs.sourceEvent }}
Repo: ${{ steps.source-run-info.outputs.sourceHeadRepo }}
@@ -76,6 +77,7 @@ jobs:
uses: actions/checkout@v2
with:
persist-credentials: false
+ submodules: recursive
- name: Selective checks
id: selective-checks
env:
@@ -91,7 +93,7 @@ jobs:
./scripts/ci/selective_ci_checks.sh
fi
- name: "Label when approved by committers for PRs that require full tests"
- uses: apache/airflow-label-when-approved@4c5190fec5661e98d83f50bbd4ef9ebb48bd1194 # v1.3
+ uses: ./.github/actions/label-when-approved-action
id: label-full-test-prs-when-approved-by-commiters
if: >
steps.selective-checks.outputs.run-tests == 'true' &&
@@ -107,7 +109,7 @@ jobs:
If they don't merge it quickly - please rebase it to the latest master at your convenience,
or amend the last commit of the PR, and push it with --force-with-lease.
- name: "Initiate GitHub Check forcing rerun of SH ${{ github.event.pull_request.head.sha }}"
- uses: apache/airflow-checks-action@9f02872da71b6f558c6a6f190f925dde5e4d8798 # v1.1.0
+ uses: ./.github/actions/checks-action
id: full-test-check
if: steps.label-full-test-prs-when-approved-by-commiters.outputs.labelSet == 'true'
with:
@@ -122,7 +124,7 @@ jobs:
[the run](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})
"}
- name: "Label when approved by committers for PRs that do not require full tests"
- uses: apache/airflow-label-when-approved@4c5190fec5661e98d83f50bbd4ef9ebb48bd1194 # v1.3
+ uses: ./.github/actions/label-when-approved-action
id: label-simple-test-prs-when-approved-by-commiters
if: >
steps.selective-checks.outputs.run-tests == 'true' &&
@@ -139,7 +141,7 @@ jobs:
'full tests needed'. Then you should rebase to the latest master or amend the last commit
of the PR, and push it with --force-with-lease.
- name: "Label when approved by committers for PRs that do not require tests at all"
- uses: apache/airflow-label-when-approved@4c5190fec5661e98d83f50bbd4ef9ebb48bd1194 # v1.3
+ uses: ./.github/actions/label-when-approved-action
id: label-no-test-prs-when-approved-by-commiters
if: steps.selective-checks.outputs.run-tests != 'true'
with:
@@ -153,7 +155,7 @@ jobs:
needed and add the 'full tests needed' label. Then you should rebase it to the latest master
or amend the last commit of the PR, and push it with --force-with-lease.
- name: Update Selective Build check
- uses: apache/airflow-checks-action@9f02872da71b6f558c6a6f190f925dde5e4d8798 # v1.1.0
+ uses: ./.github/actions/checks-action
if: always()
with:
token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000..1779ddd
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,21 @@
+[submodule ".github/actions/get-workflow-origin"]
+ path = .github/actions/get-workflow-origin
+ url = https://github.com/potiuk/get-workflow-origin
+[submodule ".github/actions/cancel-workflow-runs"]
+ path = .github/actions/cancel-workflow-runs
+ url = https://github.com/potiuk/cancel-workflow-runs
+[submodule ".github/actions/checks-action"]
+ path = .github/actions/checks-action
+ url = https://github.com/LouisBrunner/checks-action
+[submodule ".github/actions/configure-aws-credentials"]
+ path = .github/actions/configure-aws-credentials
+ url = https://github.com/aws-actions/configure-aws-credentials
+[submodule ".github/actions/codecov-action"]
+ path = .github/actions/codecov-action
+ url = https://github.com/codecov/codecov-action
+[submodule ".github/actions/github-push-action"]
+ path = .github/actions/github-push-action
+ url = https://github.com/ad-m/github-push-action
+[submodule ".github/actions/label-when-approved-action"]
+ path = .github/actions/label-when-approved-action
+ url = https://github.com/TobKed/label-when-approved-action
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 2e6207d..a98b0ea 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -29,7 +29,7 @@ repos:
rev: v1.1.9
hooks:
- id: forbid-tabs
- exclude: ^docs/Makefile$|^clients/gen/go.sh
+ exclude: ^docs/Makefile$|^clients/gen/go.sh|\.gitmodules$
- id: insert-license
name: Add license for all SQL files
files: \.sql$
[airflow] 01/04: Switch to Apache-owned GitHub actions (#13327)
Posted by ka...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
kaxilnaik pushed a commit to branch v1-10-test
in repository https://gitbox.apache.org/repos/asf/airflow.git
commit 7d12723d70e757a6c388552267ae50f42d123c76
Author: Jarek Potiuk <ja...@polidea.com>
AuthorDate: Sun Dec 27 17:13:50 2020 +0100
Switch to Apache-owned GitHub actions (#13327)
There was a change in Policy of ASF that only "Made by GitHub"
actions and actions residing in Apache-owned repositories
are allowed to be used for ASF projects. This was in
response to a security incident.
More details:
Policy:
* https://infra.apache.org/github-actions-secrets.html
Discussion builds@apache.org:
* https://lists.apache.org/thread.html/r435c45dfc28ec74e28314aa9db8a216a2b45ff7f27b15932035d3f65%40%3Cbuilds.apache.org%3E
Discussion users@infra.apache.org:
* https://lists.apache.org/thread.html/r900f8f9a874006ed8121bdc901a0d1acccbb340882c1f94dad61a5e9%40%3Cusers.infra.apache.org%3E
(cherry picked from commit c6d66cd15fe85d3bca357c9e60ac8434b843e5d6)
---
.github/workflows/build-images-workflow-run.yml | 22 +++++++++++-----------
.github/workflows/ci.yml | 4 ++--
.../workflows/label_when_reviewed_workflow_run.yml | 14 +++++++-------
3 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/.github/workflows/build-images-workflow-run.yml b/.github/workflows/build-images-workflow-run.yml
index ee9c48c..778ff54 100644
--- a/.github/workflows/build-images-workflow-run.yml
+++ b/.github/workflows/build-images-workflow-run.yml
@@ -57,13 +57,13 @@ jobs:
buildImages: ${{ steps.build-images.outputs.buildImages }}
steps:
- name: "Get information about the original trigger of the run"
- uses: potiuk/get-workflow-origin@588cc14f9f1cdf1b8be3db816855e96422204fec # v1_3
+ uses: apache/airflow-get-workflow-origin@588cc14f9f1cdf1b8be3db816855e96422204fec # v1_3
id: source-run-info
with:
token: ${{ secrets.GITHUB_TOKEN }}
sourceRunId: ${{ github.event.workflow_run.id }}
- name: "Cancel duplicated 'CI Build' runs"
- uses: potiuk/cancel-workflow-runs@953e057dc81d3458935a18d1184c386b0f6b5738 # v4_7
+ uses: apache/airflow-cancel-workflow-runs@953e057dc81d3458935a18d1184c386b0f6b5738 # v4_7
with:
token: ${{ secrets.GITHUB_TOKEN }}
cancelMode: allDuplicates
@@ -80,7 +80,7 @@ jobs:
# trick ¯\_(ツ)_/¯. We name the build-info job appropriately
# and then we try to find and cancel all the jobs with the same Event + Repo + Branch as the
# current Event/Repo/Branch combination.
- uses: potiuk/cancel-workflow-runs@953e057dc81d3458935a18d1184c386b0f6b5738 # v4_7
+ uses: apache/airflow-cancel-workflow-runs@953e057dc81d3458935a18d1184c386b0f6b5738 # v4_7
with:
cancelMode: namedJobs
token: ${{ secrets.GITHUB_TOKEN }}
@@ -96,7 +96,7 @@ jobs:
# We also produce list of canceled "CI Build' runs as output, so that we
# can cancel all the matching "Build Images" workflow runs in the two following steps.
# Yeah. Adding to the complexity ¯\_(ツ)_/¯.
- uses: potiuk/cancel-workflow-runs@953e057dc81d3458935a18d1184c386b0f6b5738 # v4_7
+ uses: apache/airflow-cancel-workflow-runs@953e057dc81d3458935a18d1184c386b0f6b5738 # v4_7
id: cancel-failed
with:
token: ${{ secrets.GITHUB_TOKEN }}
@@ -129,14 +129,14 @@ jobs:
# it to cancel any jobs that have matching names containing Source Run Id:
# followed by one of the run ids. Yes I know it's super complex ¯\_(ツ)_/¯.
if: env.BUILD_IMAGES == 'true' && steps.cancel-failed.outputs.cancelledRuns != '[]'
- uses: potiuk/cancel-workflow-runs@953e057dc81d3458935a18d1184c386b0f6b5738 # v4_7
+ uses: apache/airflow-cancel-workflow-runs@953e057dc81d3458935a18d1184c386b0f6b5738 # v4_7
with:
cancelMode: namedJobs
token: ${{ secrets.GITHUB_TOKEN }}
notifyPRCancel: true
jobNameRegexps: ${{ steps.extract-cancelled-failed-runs.outputs.matching-regexp }}
- name: "Cancel duplicated 'CodeQL' runs"
- uses: potiuk/cancel-workflow-runs@953e057dc81d3458935a18d1184c386b0f6b5738 # v4_7
+ uses: apache/airflow-cancel-workflow-runs@953e057dc81d3458935a18d1184c386b0f6b5738 # v4_7
id: cancel
with:
token: ${{ secrets.GITHUB_TOKEN }}
@@ -156,7 +156,7 @@ jobs:
# trick ¯\_(ツ)_/¯. We name the build-info job appropriately and then we try to match
# all the jobs with the same Event + Repo + Branch match and cancel all the duplicates for those
# This might cancel own run, so this is the last step in the job
- uses: potiuk/cancel-workflow-runs@953e057dc81d3458935a18d1184c386b0f6b5738 # v4_7
+ uses: apache/airflow-cancel-workflow-runs@953e057dc81d3458935a18d1184c386b0f6b5738 # v4_7
with:
cancelMode: allDuplicatedNamedJobs
token: ${{ secrets.GITHUB_TOKEN }}
@@ -302,7 +302,7 @@ jobs:
echo "::set-output name=proceed::false"
fi
- name: Initiate Github Checks for Building image
- uses: LouisBrunner/checks-action@9f02872da71b6f558c6a6f190f925dde5e4d8798 # v1.1.0
+ uses: apache/airflow-checks-action@9f02872da71b6f558c6a6f190f925dde5e4d8798 # v1.1.0
id: build-image-check
with:
token: ${{ secrets.GITHUB_TOKEN }}
@@ -356,7 +356,7 @@ jobs:
run: ./scripts/ci/images/ci_push_production_images.sh
if: matrix.image-type == 'PROD' && steps.defaults.outputs.proceed == 'true'
- name: Update Github Checks for Building image with status
- uses: LouisBrunner/checks-action@9f02872da71b6f558c6a6f190f925dde5e4d8798 # v1.1.0
+ uses: apache/airflow-checks-action@9f02872da71b6f558c6a6f190f925dde5e4d8798 # v1.1.0
if: always() && steps.defaults.outputs.proceed == 'true'
with:
token: ${{ secrets.GITHUB_TOKEN }}
@@ -378,7 +378,7 @@ jobs:
needs: [build-images]
steps:
- name: "Canceling the 'CI Build' source workflow in case of failure!"
- uses: potiuk/cancel-workflow-runs@953e057dc81d3458935a18d1184c386b0f6b5738 # v4_7
+ uses: apache/airflow-cancel-workflow-runs@953e057dc81d3458935a18d1184c386b0f6b5738 # v4_7
with:
token: ${{ secrets.GITHUB_TOKEN }}
cancelMode: self
@@ -393,7 +393,7 @@ jobs:
needs: [build-images]
steps:
- name: "Canceling the 'CI Build' source workflow in case of failure!"
- uses: potiuk/cancel-workflow-runs@953e057dc81d3458935a18d1184c386b0f6b5738 # v4_7
+ uses: apache/airflow-cancel-workflow-runs@953e057dc81d3458935a18d1184c386b0f6b5738 # v4_7
with:
token: ${{ secrets.GITHUB_TOKEN }}
cancelMode: self
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index a449d2c..1b337a3 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -99,7 +99,7 @@ jobs:
pullRequestLabels: ${{ steps.source-run-info.outputs.pullRequestLabels }}
steps:
- name: "Get information about the PR"
- uses: potiuk/get-workflow-origin@588cc14f9f1cdf1b8be3db816855e96422204fec # v1_3
+ uses: apache/airflow-get-workflow-origin@588cc14f9f1cdf1b8be3db816855e96422204fec # v1_3
id: source-run-info
with:
token: ${{ secrets.GITHUB_TOKEN }}
@@ -882,7 +882,7 @@ jobs:
- name: "Commit changed constraint files for ${{needs.build-info.outputs.pythonVersions}}"
run: ./scripts/ci/constraints/ci_commit_constraints.sh
- name: "Push changes"
- uses: ad-m/github-push-action@40bf560936a8022e68a3c00e7d2abefaf01305a6 # v0.6.0
+ uses: apache/airflow-github-push-action@40bf560936a8022e68a3c00e7d2abefaf01305a6 # v0.6.0
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
branch: ${{ steps.constraints-branch.outputs.branch }}
diff --git a/.github/workflows/label_when_reviewed_workflow_run.yml b/.github/workflows/label_when_reviewed_workflow_run.yml
index e47d774..d66472b 100644
--- a/.github/workflows/label_when_reviewed_workflow_run.yml
+++ b/.github/workflows/label_when_reviewed_workflow_run.yml
@@ -30,13 +30,13 @@ jobs:
labelSet: ${{ steps.label-when-reviewed.outputs.labelSet }}
steps:
- name: "Get information about the original trigger of the run"
- uses: potiuk/get-workflow-origin@588cc14f9f1cdf1b8be3db816855e96422204fec # v1_3
+ uses: apache/airflow-get-workflow-origin@588cc14f9f1cdf1b8be3db816855e96422204fec # v1_3
id: source-run-info
with:
token: ${{ secrets.GITHUB_TOKEN }}
sourceRunId: ${{ github.event.workflow_run.id }}
- name: Initiate Selective Build check
- uses: LouisBrunner/checks-action@9f02872da71b6f558c6a6f190f925dde5e4d8798 # v1.1.0
+ uses: apache/airflow-checks-action@9f02872da71b6f558c6a6f190f925dde5e4d8798 # v1.1.0
id: selective-build-check
with:
token: ${{ secrets.GITHUB_TOKEN }}
@@ -86,7 +86,7 @@ jobs:
./scripts/ci/selective_ci_checks.sh
fi
- name: "Label when approved by committers for PRs that require full tests"
- uses: TobKed/label-when-approved-action@4c5190fec5661e98d83f50bbd4ef9ebb48bd1194 # v1.3
+ uses: apache/airflow-label-when-approved@4c5190fec5661e98d83f50bbd4ef9ebb48bd1194 # v1.3
id: label-full-test-prs-when-approved-by-commiters
if: >
steps.selective-checks.outputs.run-tests == 'true' &&
@@ -102,7 +102,7 @@ jobs:
If they don't merge it quickly - please rebase it to the latest master at your convenience,
or amend the last commit of the PR, and push it with --force-with-lease.
- name: "Initiate GitHub Check forcing rerun of SH ${{ github.event.pull_request.head.sha }}"
- uses: LouisBrunner/checks-action@9f02872da71b6f558c6a6f190f925dde5e4d8798 # v1.1.0
+ uses: apache/airflow-checks-action@9f02872da71b6f558c6a6f190f925dde5e4d8798 # v1.1.0
id: full-test-check
if: steps.label-full-test-prs-when-approved-by-commiters.outputs.labelSet == 'true'
with:
@@ -117,7 +117,7 @@ jobs:
[the run](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})
"}
- name: "Label when approved by committers for PRs that do not require full tests"
- uses: TobKed/label-when-approved-action@4c5190fec5661e98d83f50bbd4ef9ebb48bd1194 # v1.3
+ uses: apache/airflow-label-when-approved@4c5190fec5661e98d83f50bbd4ef9ebb48bd1194 # v1.3
id: label-simple-test-prs-when-approved-by-commiters
if: >
steps.selective-checks.outputs.run-tests == 'true' &&
@@ -134,7 +134,7 @@ jobs:
'full tests needed'. Then you should rebase to the latest master or amend the last commit
of the PR, and push it with --force-with-lease.
- name: "Label when approved by committers for PRs that do not require tests at all"
- uses: TobKed/label-when-approved-action@4c5190fec5661e98d83f50bbd4ef9ebb48bd1194 # v1.3
+ uses: apache/airflow-label-when-approved@4c5190fec5661e98d83f50bbd4ef9ebb48bd1194 # v1.3
id: label-no-test-prs-when-approved-by-commiters
if: steps.selective-checks.outputs.run-tests != 'true'
with:
@@ -148,7 +148,7 @@ jobs:
needed and add the 'full tests needed' label. Then you should rebase it to the latest master
or amend the last commit of the PR, and push it with --force-with-lease.
- name: Update Selective Build check
- uses: LouisBrunner/checks-action@9f02872da71b6f558c6a6f190f925dde5e4d8798 # v1.1.0
+ uses: apache/airflow-checks-action@9f02872da71b6f558c6a6f190f925dde5e4d8798 # v1.1.0
if: always()
with:
token: ${{ secrets.GITHUB_TOKEN }}