You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by ru...@apache.org on 2023/04/14 15:23:13 UTC
[superset] branch master updated: fix(ci): Fix GitHub workflow behavior for forks (#23117)
This is an automated email from the ASF dual-hosted git repository.
rusackas pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/superset.git
The following commit(s) were added to refs/heads/master by this push:
new 47fd73255e fix(ci): Fix GitHub workflow behavior for forks (#23117)
47fd73255e is described below
commit 47fd73255ee8b834f11f96d8cf25083864a29267
Author: Josh Soref <21...@users.noreply.github.com>
AuthorDate: Fri Apr 14 11:23:00 2023 -0400
fix(ci): Fix GitHub workflow behavior for forks (#23117)
---
.github/workflows/cancel_duplicates.yml | 9 ++++--
.github/workflows/check_db_migration_confict.yml | 7 ++--
.github/workflows/chromatic-master.yml | 17 +++++++++-
.github/workflows/docker-ephemeral-env.yml | 22 ++++++++++++-
.github/workflows/docker-release.yml | 18 ++++++++++-
.github/workflows/docker.yml | 19 +++++++++--
.github/workflows/embedded-sdk-release.yml | 17 +++++++++-
.github/workflows/embedded-sdk-test.yml | 2 +-
.github/workflows/ephemeral-env-pr-close.yml | 19 ++++++++++-
.github/workflows/ephemeral-env.yml | 32 +++++++++++++++----
.github/workflows/latest-release-tag.yml | 6 ++--
.github/workflows/license-check.yml | 17 +++++++++-
.github/workflows/pr-lint.yml | 7 ++--
.github/workflows/prefer-typescript.yml | 9 ++++--
.github/workflows/release.yml | 37 +++++++++++++++++++---
.github/workflows/superset-applitool-cypress.yml | 17 +++++++++-
.../workflows/superset-applitools-storybook.yml | 15 +++++++++
.github/workflows/superset-cli.yml | 2 +-
.github/workflows/superset-docs.yml | 17 +++++++++-
.github/workflows/superset-e2e.yml | 9 ++++--
.github/workflows/superset-frontend.yml | 2 +-
.github/workflows/superset-helm-lint.yml | 2 +-
.github/workflows/superset-helm-release.yml | 7 ++--
.../workflows/superset-python-integrationtest.yml | 6 ++--
.github/workflows/superset-python-misc.yml | 6 ++--
.github/workflows/superset-python-presto-hive.yml | 4 +--
.github/workflows/superset-python-unittest.yml | 2 +-
.github/workflows/superset-translations.yml | 4 +--
.github/workflows/superset-websocket.yml | 2 +-
.github/workflows/welcome-new-users.yml | 2 +-
30 files changed, 280 insertions(+), 55 deletions(-)
diff --git a/.github/workflows/cancel_duplicates.yml b/.github/workflows/cancel_duplicates.yml
index b3457c7e75..a78ebc07fd 100644
--- a/.github/workflows/cancel_duplicates.yml
+++ b/.github/workflows/cancel_duplicates.yml
@@ -10,11 +10,14 @@ jobs:
cancel-duplicate-runs:
name: Cancel duplicate workflow runs
runs-on: ubuntu-20.04
+ permissions:
+ actions: write
+ contents: read
steps:
- name: Check number of queued tasks
id: check_queued
env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ GITHUB_TOKEN: ${{ github.token }}
GITHUB_REPO: ${{ github.repository }}
run: |
get_count() {
@@ -28,12 +31,12 @@ jobs:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
if: steps.check_queued.outputs.count >= 20
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
- name: Cancel duplicate workflow runs
if: steps.check_queued.outputs.count >= 20
env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ GITHUB_TOKEN: ${{ github.token }}
GITHUB_REPOSITORY: ${{ github.repository }}
run: |
pip install click requests typing_extensions python-dateutil
diff --git a/.github/workflows/check_db_migration_confict.yml b/.github/workflows/check_db_migration_confict.yml
index 0f6c26d90a..8dc7ab0882 100644
--- a/.github/workflows/check_db_migration_confict.yml
+++ b/.github/workflows/check_db_migration_confict.yml
@@ -8,13 +8,16 @@ jobs:
check_db_migration_conflict:
name: Check DB migration conflict
runs-on: ubuntu-20.04
+ permissions:
+ contents: read
+ pull-requests: write
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
- name: Check and notify
uses: actions/github-script@v3
with:
- github-token: ${{ secrets.GITHUB_TOKEN }}
+ github-token: ${{ github.token }}
script: |
// API reference: https://octokit.github.io/rest.js
const currentBranch = context.ref.replace('refs/heads/', '');
diff --git a/.github/workflows/chromatic-master.yml b/.github/workflows/chromatic-master.yml
index 6cdf10506f..67a9dfac69 100644
--- a/.github/workflows/chromatic-master.yml
+++ b/.github/workflows/chromatic-master.yml
@@ -32,12 +32,27 @@ on:
# List of jobs
jobs:
+ config:
+ runs-on: "ubuntu-latest"
+ outputs:
+ has-secrets: ${{ steps.check.outputs.has-secrets }}
+ steps:
+ - name: "Check for secrets"
+ id: check
+ shell: bash
+ run: |
+ if [ -n "${{ (secrets.CHROMATIC_PROJECT_TOKEN != '') || '' }}" ]; then
+ echo "has-secrets=1" >> "$GITHUB_OUTPUT"
+ fi
+
chromatic-deployment:
+ needs: config
+ if: needs.config.outputs.has-secrets
# Operating System
runs-on: ubuntu-latest
# Job steps
steps:
- - uses: actions/checkout@v1
+ - uses: actions/checkout@v3
- name: Install dependencies
run: npm ci
working-directory: superset-frontend
diff --git a/.github/workflows/docker-ephemeral-env.yml b/.github/workflows/docker-ephemeral-env.yml
index bfa2542687..544c1c8b1f 100644
--- a/.github/workflows/docker-ephemeral-env.yml
+++ b/.github/workflows/docker-ephemeral-env.yml
@@ -7,9 +7,29 @@ on:
- completed
jobs:
+ config:
+ runs-on: "ubuntu-latest"
+ if: github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success'
+ outputs:
+ has-secrets: ${{ steps.check.outputs.has-secrets }}
+ steps:
+ - name: "Check for secrets"
+ id: check
+ shell: bash
+ run: |
+ aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+ aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+ if [ -n "${{ (secrets.AWS_ACCESS_KEY_ID != '' &&
+ secrets.AWS_ACCESS_KEY_ID != '' &&
+ secrets.AWS_SECRET_ACCESS_KEY != '' &&
+ secrets.AWS_SECRET_ACCESS_KEY != '') || '' }}" ]; then
+ echo "has-secrets=1" >> "$GITHUB_OUTPUT"
+ fi
+
docker_ephemeral_env:
+ needs: config
+ if: needs.config.outputs.has-secrets
name: Push ephemeral env Docker image to ECR
- if: github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success'
runs-on: ubuntu-latest
steps:
diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml
index d082603be9..cc47c996d3 100644
--- a/.github/workflows/docker-release.yml
+++ b/.github/workflows/docker-release.yml
@@ -4,12 +4,28 @@ on:
release:
types: [published]
jobs:
+ config:
+ runs-on: "ubuntu-latest"
+ if: github.event.pull_request.draft == false
+ outputs:
+ has-secrets: ${{ steps.check.outputs.has-secrets }}
+ steps:
+ - name: "Check for secrets"
+ id: check
+ shell: bash
+ run: |
+ if [ -n "${{ (secrets.DOCKERHUB_USER != '' && secrets.DOCKERHUB_TOKEN != '') || '' }}" ]; then
+ echo "has-secrets=1" >> "$GITHUB_OUTPUT"
+ fi
+
docker-release:
+ needs: config
+ if: needs.config.outputs.has-secrets
name: docker-release
runs-on: ubuntu-latest
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
with:
persist-credentials: false
submodules: recursive
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index cbbb9a8379..5bdb74eb92 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -8,13 +8,28 @@ on:
types: [synchronize, opened, reopened, ready_for_review]
jobs:
- docker-build:
+ config:
+ runs-on: "ubuntu-latest"
if: github.event.pull_request.draft == false
+ outputs:
+ has-secrets: ${{ steps.check.outputs.has-secrets }}
+ steps:
+ - name: "Check for secrets"
+ id: check
+ shell: bash
+ run: |
+ if [ -n "${{ (secrets.DOCKERHUB_USER != '' && secrets.DOCKERHUB_TOKEN != '') || '' }}" ]; then
+ echo "has-secrets=1" >> "$GITHUB_OUTPUT"
+ fi
+
+ docker-build:
+ needs: config
+ if: needs.config.outputs.has-secrets
name: docker-build
runs-on: ubuntu-latest
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
with:
persist-credentials: false
diff --git a/.github/workflows/embedded-sdk-release.yml b/.github/workflows/embedded-sdk-release.yml
index be130759f9..60a2819e89 100644
--- a/.github/workflows/embedded-sdk-release.yml
+++ b/.github/workflows/embedded-sdk-release.yml
@@ -6,13 +6,28 @@ on:
- 'master'
jobs:
+ config:
+ runs-on: "ubuntu-latest"
+ outputs:
+ has-secrets: ${{ steps.check.outputs.has-secrets }}
+ steps:
+ - name: "Check for secrets"
+ id: check
+ shell: bash
+ run: |
+ if [ -n "${{ (secrets.NPM_TOKEN != '') || '' }}" ]; then
+ echo "has-secrets=1" >> "$GITHUB_OUTPUT"
+ fi
+
build:
+ needs: config
+ if: needs.config.outputs.has-secrets
runs-on: ubuntu-20.04
defaults:
run:
working-directory: superset-embedded-sdk
steps:
- - uses: actions/checkout@v2
+ - uses: actions/checkout@v3
- uses: actions/setup-node@v2
with:
node-version: "16"
diff --git a/.github/workflows/embedded-sdk-test.yml b/.github/workflows/embedded-sdk-test.yml
index cb312907b7..f849ae637a 100644
--- a/.github/workflows/embedded-sdk-test.yml
+++ b/.github/workflows/embedded-sdk-test.yml
@@ -14,7 +14,7 @@ jobs:
run:
working-directory: superset-embedded-sdk
steps:
- - uses: actions/checkout@v2
+ - uses: actions/checkout@v3
- uses: actions/setup-node@v2
with:
node-version: "16"
diff --git a/.github/workflows/ephemeral-env-pr-close.yml b/.github/workflows/ephemeral-env-pr-close.yml
index 3c5209fca8..7430950b45 100644
--- a/.github/workflows/ephemeral-env-pr-close.yml
+++ b/.github/workflows/ephemeral-env-pr-close.yml
@@ -5,9 +5,26 @@ on:
types: [closed]
jobs:
+ config:
+ runs-on: "ubuntu-latest"
+ outputs:
+ has-secrets: ${{ steps.check.outputs.has-secrets }}
+ steps:
+ - name: "Check for secrets"
+ id: check
+ shell: bash
+ run: |
+ if [ -n "${{ (secrets.AWS_ACCESS_KEY_ID != '' && secrets.AWS_SECRET_ACCESS_KEY != '') || '' }}" ]; then
+ echo "has-secrets=1" >> "$GITHUB_OUTPUT"
+ fi
+
ephemeral-env-cleanup:
+ needs: config
+ if: needs.config.outputs.has-secrets
name: Cleanup ephemeral envs
runs-on: ubuntu-latest
+ permissions:
+ pull-requests: write
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
@@ -48,7 +65,7 @@ jobs:
if: steps.describe-services.outputs.active == 'true'
uses: actions/github-script@v3
with:
- github-token: ${{secrets.GITHUB_TOKEN}}
+ github-token: ${{github.token}}
script: |
github.issues.createComment({
issue_number: ${{ github.event.number }},
diff --git a/.github/workflows/ephemeral-env.yml b/.github/workflows/ephemeral-env.yml
index c1945b3c20..08e3a998c3 100644
--- a/.github/workflows/ephemeral-env.yml
+++ b/.github/workflows/ephemeral-env.yml
@@ -5,10 +5,27 @@ on:
types: [created]
jobs:
- ephemeral_env_comment:
+ config:
+ runs-on: "ubuntu-latest"
if: github.event.issue.pull_request
+ outputs:
+ has-secrets: ${{ steps.check.outputs.has-secrets }}
+ steps:
+ - name: "Check for secrets"
+ id: check
+ shell: bash
+ run: |
+ if [ -n "${{ (secrets.AWS_ACCESS_KEY_ID != '' && secrets.AWS_SECRET_ACCESS_KEY != '') || '' }}" ]; then
+ echo "has-secrets=1" >> "$GITHUB_OUTPUT"
+ fi
+
+ ephemeral_env_comment:
+ needs: config
+ if: needs.config.outputs.has-secrets
name: Evaluate ephemeral env comment trigger (/testenv)
runs-on: ubuntu-latest
+ permissions:
+ pull-requests: write
outputs:
slash-command: ${{ steps.eval-body.outputs.result }}
feature-flags: ${{ steps.eval-feature-flags.outputs.result }}
@@ -51,7 +68,7 @@ jobs:
github.event.comment.author_association != 'OWNER'
uses: actions/github-script@v3
with:
- github-token: ${{secrets.GITHUB_TOKEN}}
+ github-token: ${{github.token}}
script: |
const errMsg = '@${{ github.event.comment.user.login }} Ephemeral environment creation is currently limited to committers.'
github.issues.createComment({
@@ -67,9 +84,12 @@ jobs:
if: needs.ephemeral_env_comment.outputs.slash-command == 'up'
name: Spin up an ephemeral environment
runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ pull-requests: write
steps:
- - uses: actions/checkout@v2
+ - uses: actions/checkout@v3
with:
persist-credentials: false
@@ -97,7 +117,7 @@ jobs:
if: steps.check-image.outcome == 'failure'
uses: actions/github-script@v3
with:
- github-token: ${{secrets.GITHUB_TOKEN}}
+ github-token: ${{github.token}}
script: |
const errMsg = '@${{ github.event.comment.user.login }} Container image not yet published for this PR. Please try again when build is complete.'
github.issues.createComment({
@@ -171,7 +191,7 @@ jobs:
if: ${{ success() }}
uses: actions/github-script@v3
with:
- github-token: ${{secrets.GITHUB_TOKEN}}
+ github-token: ${{github.token}}
script: |
github.issues.createComment({
issue_number: ${{ github.event.issue.number }},
@@ -184,7 +204,7 @@ jobs:
if: ${{ failure() }}
uses: actions/github-script@v3
with:
- github-token: ${{secrets.GITHUB_TOKEN}}
+ github-token: ${{github.token}}
script: |
github.issues.createComment({
issue_number: ${{ github.event.issue.number }},
diff --git a/.github/workflows/latest-release-tag.yml b/.github/workflows/latest-release-tag.yml
index ae3703af74..ccb941178a 100644
--- a/.github/workflows/latest-release-tag.yml
+++ b/.github/workflows/latest-release-tag.yml
@@ -7,10 +7,12 @@ jobs:
latest-release:
name: Add/update tag to new release
runs-on: ubuntu-latest
+ permissions:
+ contents: write
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
with:
persist-credentials: false
submodules: recursive
@@ -27,4 +29,4 @@ jobs:
description: Superset latest release
tag-name: latest
env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ GITHUB_TOKEN: ${{ github.token }}
diff --git a/.github/workflows/license-check.yml b/.github/workflows/license-check.yml
index 9ae633bdc4..8e2b9bbed3 100644
--- a/.github/workflows/license-check.yml
+++ b/.github/workflows/license-check.yml
@@ -7,12 +7,27 @@ on:
pull_request:
jobs:
+ config:
+ runs-on: "ubuntu-latest"
+ outputs:
+ has-secrets: ${{ steps.check.outputs.has-secrets }}
+ steps:
+ - name: "Check for secrets"
+ id: check
+ shell: bash
+ run: |
+ if [ -n "${{ (secrets.FOSSA_API_KEY != '' ) || '' }}" ]; then
+ echo "has-secrets=1" >> "$GITHUB_OUTPUT"
+ fi
+
license_check:
+ needs: config
+ if: needs.config.outputs.has-secrets
name: License Check
runs-on: ubuntu-20.04
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
with:
persist-credentials: false
submodules: recursive
diff --git a/.github/workflows/pr-lint.yml b/.github/workflows/pr-lint.yml
index 5f91522cfa..5283e138c1 100644
--- a/.github/workflows/pr-lint.yml
+++ b/.github/workflows/pr-lint.yml
@@ -11,9 +11,12 @@ on:
jobs:
check:
runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ pull-requests: write
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
with:
persist-credentials: false
submodules: recursive
@@ -25,4 +28,4 @@ jobs:
on-failed-regex-create-review: false
on-failed-regex-comment:
"Please format your PR title to match: `%regex%`!"
- repo-token: "${{ secrets.GITHUB_TOKEN }}"
+ repo-token: "${{ github.token }}"
diff --git a/.github/workflows/prefer-typescript.yml b/.github/workflows/prefer-typescript.yml
index 8005cf36a3..49ab90fb6f 100644
--- a/.github/workflows/prefer-typescript.yml
+++ b/.github/workflows/prefer-typescript.yml
@@ -11,9 +11,12 @@ jobs:
if: github.ref == 'ref/heads/master' && github.event_name == 'pull_request'
name: Prefer Typescript
runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ pull-requests: write
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
with:
persist-credentials: false
submodules: recursive
@@ -21,7 +24,7 @@ jobs:
id: changed
uses: ./.github/actions/file-changes-action
with:
- githubToken: ${{ secrets.GITHUB_TOKEN }}
+ githubToken: ${{ github.token }}
- name: Determine if a .js or .jsx file was added
id: check
@@ -42,7 +45,7 @@ jobs:
uses: ./.github/actions/comment-on-pr
continue-on-error: true
env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ GITHUB_TOKEN: ${{ github.token }}
with:
msg: |
### WARNING: Prefer TypeScript
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 5d716fc2d4..ea3a75a42e 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -6,7 +6,22 @@ on:
- 'master'
jobs:
+ config:
+ runs-on: "ubuntu-latest"
+ outputs:
+ has-secrets: ${{ steps.check.outputs.has-secrets }}
+ steps:
+ - name: "Check for secrets"
+ id: check
+ shell: bash
+ run: |
+ if [ -n "${{ (secrets.NPM_TOKEN != '' && secrets.GH_PERSONAL_ACCESS_TOKEN != '') || '' }}" ]; then
+ echo "has-secrets=1" >> "$GITHUB_OUTPUT"
+ fi
+
build:
+ needs: config
+ if: needs.config.outputs.has-secrets
name: Bump version and publish package(s)
runs-on: ubuntu-20.04
@@ -16,22 +31,28 @@ jobs:
node-version: [16]
steps:
- - uses: actions/checkout@v2
+ - uses: actions/checkout@v3
with:
# pulls all commits (needed for lerna / semantic release to correctly version)
fetch-depth: 0
- name: Get tags and filter trigger tags
run: |
- git fetch --depth=1 origin "+refs/tags/*:refs/tags/*"
+ if ! git fetch --depth=1 origin "+refs/tags/*:refs/tags/*"; then
+ echo "::notice title=Workflow skipped::No tags present in repository"
+ exit
+ fi
+ echo "HAS_TAGS=1" >> $GITHUB_ENV"
git fetch --prune --unshallow
git tag -d `git tag | grep -E '^trigger-'`
- name: Use Node.js ${{ matrix.node-version }}
+ if: env.HAS_TAGS
uses: actions/setup-node@v1
with:
node-version: ${{ matrix.node-version }}
- name: Cache npm
+ if: env.HAS_TAGS
uses: actions/cache@v1
with:
path: ~/.npm # npm cache files are stored in `~/.npm` on Linux/macOS
@@ -41,9 +62,11 @@ jobs:
${{ runner.OS }}-
- name: Get npm cache directory path
+ if: env.HAS_TAGS
id: npm-cache-dir-path
run: echo "::set-output name=dir::$(npm config get cache)"
- name: Cache npm
+ if: env.HAS_TAGS
uses: actions/cache@v1
id: npm-cache # use this to check for `cache-hit` (`steps.npm-cache.outputs.cache-hit != 'true'`)
with:
@@ -53,16 +76,20 @@ jobs:
${{ runner.os }}-npm-
- name: Install dependencies
+ if: env.HAS_TAGS
working-directory: ./superset-frontend
run: npm ci
- name: Run unit tests
+ if: env.HAS_TAGS
working-directory: ./superset-frontend
run: npm run test -- plugins packages
- name: Build packages
+ if: env.HAS_TAGS
working-directory: ./superset-frontend
run: npm run plugins:build
- name: Configure npm and git
+ if: env.HAS_TAGS
run: |
echo "@superset-ui:registry=https://registry.npmjs.org/" > .npmrc
echo "registry=https://registry.npmjs.org/" >> .npmrc
@@ -70,17 +97,17 @@ jobs:
npm whoami
git config --local user.email "action@github.com"
git config --local user.name "GitHub Action"
- git remote set-url origin "https://${GITHUB_TOKEN}@github.com/apache-superset/superset-ui.git" > /dev/null 2>&1
env:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ GITHUB_TOKEN: ${{ github.token }}
- name: Bump version and publish package(s)
+ if: env.HAS_TAGS
working-directory: ./superset-frontend
run: |
git tag -d `git tag | grep -E '^trigger-'`
npm run plugins:release-from-tag
env:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ GITHUB_TOKEN: ${{ github.token }}
GH_TOKEN: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
diff --git a/.github/workflows/superset-applitool-cypress.yml b/.github/workflows/superset-applitool-cypress.yml
index 47fc1a24e4..8485dfb201 100644
--- a/.github/workflows/superset-applitool-cypress.yml
+++ b/.github/workflows/superset-applitool-cypress.yml
@@ -5,7 +5,22 @@ on:
- cron: "0 1 * * *"
jobs:
+ config:
+ runs-on: "ubuntu-latest"
+ outputs:
+ has-secrets: ${{ steps.check.outputs.has-secrets }}
+ steps:
+ - name: "Check for secrets"
+ id: check
+ shell: bash
+ run: |
+ if [ -n "${{ (secrets.APPLITOOLS_API_KEY != '' && secrets.APPLITOOLS_API_KEY != '') || '' }}" ]; then
+ echo "has-secrets=1" >> "$GITHUB_OUTPUT"
+ fi
+
cypress-applitools:
+ needs: config
+ if: needs.config.outputs.has-secrets
runs-on: ubuntu-20.04
strategy:
fail-fast: false
@@ -18,7 +33,7 @@ jobs:
SUPERSET__SQLALCHEMY_DATABASE_URI: postgresql+psycopg2://superset:superset@127.0.0.1:15432/superset
PYTHONPATH: ${{ github.workspace }}
REDIS_PORT: 16379
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ GITHUB_TOKEN: ${{ github.token }}
APPLITOOLS_APP_NAME: Superset
APPLITOOLS_API_KEY: ${{ secrets.APPLITOOLS_API_KEY }}
APPLITOOLS_BATCH_ID: ${{ github.sha }}
diff --git a/.github/workflows/superset-applitools-storybook.yml b/.github/workflows/superset-applitools-storybook.yml
index 5e50c6fd88..4225509e3a 100644
--- a/.github/workflows/superset-applitools-storybook.yml
+++ b/.github/workflows/superset-applitools-storybook.yml
@@ -11,7 +11,22 @@ env:
APPLITOOLS_BATCH_NAME: Superset Storybook
jobs:
+ config:
+ runs-on: "ubuntu-latest"
+ outputs:
+ has-secrets: ${{ steps.check.outputs.has-secrets }}
+ steps:
+ - name: "Check for secrets"
+ id: check
+ shell: bash
+ run: |
+ if [ -n "${{ (secrets.APPLITOOLS_API_KEY != '' && secrets.APPLITOOLS_API_KEY != '') || '' }}" ]; then
+ echo "has-secrets=1" >> "$GITHUB_OUTPUT"
+ fi
+
cron:
+ needs: config
+ if: needs.config.outputs.has-secrets
runs-on: ubuntu-20.04
strategy:
matrix:
diff --git a/.github/workflows/superset-cli.yml b/.github/workflows/superset-cli.yml
index 65ec8b018f..14810f3317 100644
--- a/.github/workflows/superset-cli.yml
+++ b/.github/workflows/superset-cli.yml
@@ -35,7 +35,7 @@ jobs:
- 16379:6379
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
with:
persist-credentials: false
submodules: recursive
diff --git a/.github/workflows/superset-docs.yml b/.github/workflows/superset-docs.yml
index f1cc08f9f1..6a47df4400 100644
--- a/.github/workflows/superset-docs.yml
+++ b/.github/workflows/superset-docs.yml
@@ -9,7 +9,22 @@ on:
- "docs/**"
jobs:
+ config:
+ runs-on: "ubuntu-latest"
+ outputs:
+ has-secrets: ${{ steps.check.outputs.has-secrets }}
+ steps:
+ - name: "Check for secrets"
+ id: check
+ shell: bash
+ run: |
+ if [ -n "${{ (secrets.SUPERSET_SITE_BUILD != '' && secrets.SUPERSET_SITE_BUILD != '') || '' }}" ]; then
+ echo "has-secrets=1" >> "$GITHUB_OUTPUT"
+ fi
+
build-deploy:
+ needs: config
+ if: needs.config.outputs.has-secrets
name: Build & Deploy
runs-on: ubuntu-20.04
defaults:
@@ -17,7 +32,7 @@ jobs:
working-directory: docs
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
with:
persist-credentials: false
submodules: recursive
diff --git a/.github/workflows/superset-e2e.yml b/.github/workflows/superset-e2e.yml
index ab82731ac4..b49622c85f 100644
--- a/.github/workflows/superset-e2e.yml
+++ b/.github/workflows/superset-e2e.yml
@@ -13,6 +13,9 @@ jobs:
cypress-matrix:
if: github.event.pull_request.draft == false
runs-on: ubuntu-20.04
+ permissions:
+ contents: read
+ pull-requests: read
strategy:
# when one test fails, DO NOT cancel the other
# containers, because this will kill Cypress processes
@@ -28,7 +31,7 @@ jobs:
SUPERSET__SQLALCHEMY_DATABASE_URI: postgresql+psycopg2://superset:superset@127.0.0.1:15432/superset
PYTHONPATH: ${{ github.workspace }}
REDIS_PORT: 16379
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ GITHUB_TOKEN: ${{ github.token }}
services:
postgres:
image: postgres:14-alpine
@@ -43,13 +46,13 @@ jobs:
- 16379:6379
steps:
- name: "Checkout (pull) ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
if: github.event_name == 'push'
with:
persist-credentials: false
submodules: recursive
- name: "Checkout (pull_request) ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
with:
ref: "refs/pull/${{ github.event.number }}/merge"
diff --git a/.github/workflows/superset-frontend.yml b/.github/workflows/superset-frontend.yml
index bf09d293c6..63b16cd3af 100644
--- a/.github/workflows/superset-frontend.yml
+++ b/.github/workflows/superset-frontend.yml
@@ -14,7 +14,7 @@ jobs:
runs-on: ubuntu-20.04
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
with:
persist-credentials: false
submodules: recursive
diff --git a/.github/workflows/superset-helm-lint.yml b/.github/workflows/superset-helm-lint.yml
index d0e650839f..5f8051c22a 100644
--- a/.github/workflows/superset-helm-lint.yml
+++ b/.github/workflows/superset-helm-lint.yml
@@ -9,7 +9,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
with:
persist-credentials: false
submodules: recursive
diff --git a/.github/workflows/superset-helm-release.yml b/.github/workflows/superset-helm-release.yml
index 1559432eb2..e75186609c 100644
--- a/.github/workflows/superset-helm-release.yml
+++ b/.github/workflows/superset-helm-release.yml
@@ -10,9 +10,12 @@ on:
jobs:
release:
runs-on: ubuntu-latest
+ permissions:
+ contents: write
+
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
with:
persist-credentials: false
submodules: recursive
@@ -36,5 +39,5 @@ jobs:
with:
charts_dir: helm
env:
- CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+ CR_TOKEN: "${{ github.token }}"
CR_RELEASE_NAME_TEMPLATE: "superset-helm-chart-{{ .Version }}"
diff --git a/.github/workflows/superset-python-integrationtest.yml b/.github/workflows/superset-python-integrationtest.yml
index eae19b234c..aa61a1c9ac 100644
--- a/.github/workflows/superset-python-integrationtest.yml
+++ b/.github/workflows/superset-python-integrationtest.yml
@@ -35,7 +35,7 @@ jobs:
- 16379:6379
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
with:
persist-credentials: false
submodules: recursive
@@ -102,7 +102,7 @@ jobs:
- 16379:6379
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
with:
persist-credentials: false
submodules: recursive
@@ -161,7 +161,7 @@ jobs:
- 16379:6379
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
with:
persist-credentials: false
submodules: recursive
diff --git a/.github/workflows/superset-python-misc.yml b/.github/workflows/superset-python-misc.yml
index 739869a7bb..dfd6ce7b72 100644
--- a/.github/workflows/superset-python-misc.yml
+++ b/.github/workflows/superset-python-misc.yml
@@ -17,7 +17,7 @@ jobs:
python-version: [3.8]
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
with:
persist-credentials: false
submodules: recursive
@@ -57,7 +57,7 @@ jobs:
python-version: [3.8]
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
with:
persist-credentials: false
submodules: recursive
@@ -98,7 +98,7 @@ jobs:
python-version: [3.8]
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
with:
persist-credentials: false
submodules: recursive
diff --git a/.github/workflows/superset-python-presto-hive.yml b/.github/workflows/superset-python-presto-hive.yml
index 875901b1ec..6798842c1e 100644
--- a/.github/workflows/superset-python-presto-hive.yml
+++ b/.github/workflows/superset-python-presto-hive.yml
@@ -46,7 +46,7 @@ jobs:
- 16379:6379
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
with:
persist-credentials: false
submodules: recursive
@@ -115,7 +115,7 @@ jobs:
- 16379:6379
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
with:
persist-credentials: false
submodules: recursive
diff --git a/.github/workflows/superset-python-unittest.yml b/.github/workflows/superset-python-unittest.yml
index 8c94d0f458..1ba1ee2589 100644
--- a/.github/workflows/superset-python-unittest.yml
+++ b/.github/workflows/superset-python-unittest.yml
@@ -19,7 +19,7 @@ jobs:
PYTHONPATH: ${{ github.workspace }}
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
with:
persist-credentials: false
submodules: recursive
diff --git a/.github/workflows/superset-translations.yml b/.github/workflows/superset-translations.yml
index 6b2a6aa3c6..9f735518fd 100644
--- a/.github/workflows/superset-translations.yml
+++ b/.github/workflows/superset-translations.yml
@@ -13,7 +13,7 @@ jobs:
runs-on: ubuntu-20.04
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
with:
persist-credentials: false
submodules: recursive
@@ -38,7 +38,7 @@ jobs:
python-version: [3.8]
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
with:
persist-credentials: false
submodules: recursive
diff --git a/.github/workflows/superset-websocket.yml b/.github/workflows/superset-websocket.yml
index 2f4b0aea04..770ec54df4 100644
--- a/.github/workflows/superset-websocket.yml
+++ b/.github/workflows/superset-websocket.yml
@@ -13,7 +13,7 @@ jobs:
runs-on: ubuntu-20.04
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
with:
persist-credentials: false
- name: Install dependencies
diff --git a/.github/workflows/welcome-new-users.yml b/.github/workflows/welcome-new-users.yml
index ae16bf49c6..0144e20892 100644
--- a/.github/workflows/welcome-new-users.yml
+++ b/.github/workflows/welcome-new-users.yml
@@ -15,7 +15,7 @@ jobs:
uses: actions/first-interaction@v1
continue-on-error: true
with:
- repo-token: ${{ secrets.GITHUB_TOKEN }}
+ repo-token: ${{ github.token }}
pr-message: |-
Congrats on making your first PR and thank you for contributing to Superset! :tada: :heart: