From 2c6c5f2ea62e5a3d08f08d3034bb0f65b83f10cc Mon Sep 17 00:00:00 2001 From: Marek Winkler Date: Mon, 5 Aug 2024 10:19:37 +0200 Subject: [PATCH] fix: support github actor with brackets and enable Dependabot (#1016) The org membership test failed on a github actor name containing brackets, such as 'dependabot[bot]'. --- .github/workflows/downstream_benchmarks.yml | 5 +++-- .github/workflows/downstream_enterprise.yml | 5 +++-- .github/workflows/downstream_python_enterprise.yml | 5 +++-- .github/workflows/sonarcloud.yml | 5 +++-- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/.github/workflows/downstream_benchmarks.yml b/.github/workflows/downstream_benchmarks.yml index 71953ec084..8a8be2cfbb 100644 --- a/.github/workflows/downstream_benchmarks.yml +++ b/.github/workflows/downstream_benchmarks.yml @@ -28,7 +28,8 @@ jobs: GH_TOKEN: ${{ secrets.JRELEASER_GITHUB_TOKEN }} # Release account is a Solver Gatekeeper. shell: bash run: | - ORG_MEMBERSHIP=`curl -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $GH_TOKEN" "https://api.github.com/orgs/TimefoldAI/memberships/${{ github.actor }}" | jq -r '.state == "active"'` + # -g to allow actors such as dependabot[bot] + ORG_MEMBERSHIP=`curl -g -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $GH_TOKEN" "https://api.github.com/orgs/TimefoldAI/memberships/${{ github.actor }}" | jq -r '.state == "active"'` echo "authorized=$ORG_MEMBERSHIP" >> "$GITHUB_OUTPUT" - id: validation shell: bash @@ -41,7 +42,7 @@ jobs: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && - needs.known_user.outputs.is_member_of_org != 'true' && + (needs.known_user.outputs.is_member_of_org != 'true' || github.actor == 'dependabot[bot]') && 'external' || 'internal' }} runs-on: ubuntu-latest diff --git a/.github/workflows/downstream_enterprise.yml b/.github/workflows/downstream_enterprise.yml index b614b9fa37..99e950a653 100644 --- a/.github/workflows/downstream_enterprise.yml +++ b/.github/workflows/downstream_enterprise.yml @@ -28,7 +28,8 @@ jobs: GH_TOKEN: ${{ secrets.JRELEASER_GITHUB_TOKEN }} # Release account is a Solver Gatekeeper. shell: bash run: | - ORG_MEMBERSHIP=`curl -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $GH_TOKEN" "https://api.github.com/orgs/TimefoldAI/memberships/${{ github.actor }}" | jq -r '.state == "active"'` + # -g to allow actors such as dependabot[bot] + ORG_MEMBERSHIP=`curl -g -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $GH_TOKEN" "https://api.github.com/orgs/TimefoldAI/memberships/${{ github.actor }}" | jq -r '.state == "active"'` echo "authorized=$ORG_MEMBERSHIP" >> "$GITHUB_OUTPUT" - id: validation shell: bash @@ -41,7 +42,7 @@ jobs: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && - needs.known_user.outputs.is_member_of_org != 'true' && + (needs.known_user.outputs.is_member_of_org != 'true' || github.actor == 'dependabot[bot]') && 'external' || 'internal' }} runs-on: ubuntu-latest diff --git a/.github/workflows/downstream_python_enterprise.yml b/.github/workflows/downstream_python_enterprise.yml index eefaed0f93..99e3fa7688 100644 --- a/.github/workflows/downstream_python_enterprise.yml +++ b/.github/workflows/downstream_python_enterprise.yml @@ -33,7 +33,8 @@ jobs: GH_TOKEN: ${{ secrets.JRELEASER_GITHUB_TOKEN }} # Release account is a Solver Gatekeeper. shell: bash run: | - ORG_MEMBERSHIP=`curl -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $GH_TOKEN" "https://api.github.com/orgs/TimefoldAI/memberships/${{ github.actor }}" | jq -r '.state == "active"'` + # -g to allow actors such as dependabot[bot] + ORG_MEMBERSHIP=`curl -g -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $GH_TOKEN" "https://api.github.com/orgs/TimefoldAI/memberships/${{ github.actor }}" | jq -r '.state == "active"'` echo "authorized=$ORG_MEMBERSHIP" >> "$GITHUB_OUTPUT" - id: validation shell: bash @@ -46,7 +47,7 @@ jobs: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && - needs.known_user.outputs.is_member_of_org != 'true' && + (needs.known_user.outputs.is_member_of_org != 'true' || github.actor == 'dependabot[bot]') && 'external' || 'internal' }} runs-on: ubuntu-latest diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index ebf0f4e47a..d58144ad7b 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -23,7 +23,8 @@ jobs: GH_TOKEN: ${{ secrets.JRELEASER_GITHUB_TOKEN }} # Release account is a Solver Gatekeeper. shell: bash run: | - ORG_MEMBERSHIP=`curl -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $GH_TOKEN" "https://api.github.com/orgs/TimefoldAI/memberships/${{ github.actor }}" | jq -r '.state == "active"'` + # -g to allow actors such as dependabot[bot] + ORG_MEMBERSHIP=`curl -g -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $GH_TOKEN" "https://api.github.com/orgs/TimefoldAI/memberships/${{ github.actor }}" | jq -r '.state == "active"'` echo "authorized=$ORG_MEMBERSHIP" >> "$GITHUB_OUTPUT" - id: validation shell: bash @@ -36,7 +37,7 @@ jobs: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && - needs.known_user.outputs.is_member_of_org != 'true' && + (needs.known_user.outputs.is_member_of_org != 'true' || github.actor == 'dependabot[bot]') && 'external' || 'internal' }} runs-on: ubuntu-latest