admin/n8n-enterprise-unlocked
1
0
Fork 0
mirror of https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git synced 2025-12-16 17:46:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: Fix jobs for secrets inherit (#15532)

Browse Source
This commit is contained in:
shortstacked
2025-05-20 09:57:11 +01:00
committed by GitHub
parent 4d037ca68a
commit cf29b5f188
3 changed files with 88 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
.github/workflows/test-workflows-nightly.yml vendored
View File

@@ -11,35 +11,16 @@ on:
type: string
default: 'master'
permissions:
contents: read
jobs:
run_tests:
run_workflow_tests:
name: Run Workflow Tests
runs-on: blacksmith-2vcpu-ubuntu-2204
timeout-minutes: 10
steps:
- name: Determine Git Ref for Testing
id: determine_ref
shell: bash
run: |
if [[ "${{ github.event_name }}" == "schedule" ]]; then
echo "EFFECTIVE_GIT_REF=master" >> $GITHUB_OUTPUT
echo "Scheduled run: Using 'master' branch."
elif [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
echo "EFFECTIVE_GIT_REF=${{ github.event.inputs.git_ref_to_test }}" >> $GITHUB_OUTPUT
echo "Manual dispatch: Using ref '${{ github.event.inputs.git_ref_to_test }}'."
else
echo "EFFECTIVE_GIT_REF=master" >> $GITHUB_OUTPUT
echo "Warning: Unknown event type '${{ github.event_name }}', defaulting to 'master'."
fi
- name: Call Reusable Test Workflow
uses: ./.github/workflows/run-test-workflows.yml
with:
git_ref: ${{ steps.determine_ref.outputs.EFFECTIVE_GIT_REF }}
send_webhook_report: false
pr_number: ''
secrets: inherit
uses: ./.github/workflows/test-workflows-callable.yml
with:
git_ref: ${{ github.event_name == 'schedule' && 'master' || github.event.inputs.git_ref_to_test }}
send_webhook_report: false
pr_number: ''
secrets: inherit

19
.github/workflows/test-workflows-pr-approved.yml vendored
View File

@@ -9,17 +9,12 @@ permissions:
pull-requests: read
jobs:
run_tests_after_approval:
run_workflow_tests_after_approval:
name: Run Tests on Approved PR
if: github.event.review.state == 'approved'
runs-on: blacksmith-2vcpu-ubuntu-2204
timeout-minutes: 10
steps:
- name: Call Reusable Test Workflow on Approved PR
uses: ./.github/workflows/test-workflows-callable.yml
with:
git_ref: ${{ github.event.pull_request.head.sha }}
send_webhook_report: true
pr_number: ${{ github.event.pull_request.number }}
secrets: inherit
uses: ./.github/workflows/test-workflows-callable.yml
with:
git_ref: ${{ github.event.pull_request.head.sha }}
send_webhook_report: true
pr_number: ${{ github.event.pull_request.number }}
secrets: inherit

112
.github/workflows/test-workflows-pr-comment.yml vendored
View File

@@ -9,70 +9,104 @@ permissions:
contents: read
jobs:
trigger_tests_on_comment:
name: Handle /test-workflows command
handle_comment_command:
name: Handle /test-workflows Command
if: github.event.issue.pull_request && startsWith(github.event.comment.body, '/test-workflows')
runs-on: ubuntu-latest
outputs:
permission_granted: ${{ steps.pr_check_and_details.outputs.permission_granted }}
git_ref: ${{ steps.pr_check_and_details.outputs.head_sha }}
pr_number: ${{ steps.pr_check_and_details.outputs.pr_number_string }}
steps:
- name: Check User Permission and Get PR Details
id: pr_check
- name: Validate User, Get PR Details, and React
id: pr_check_and_details
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
result-encoding: json
script: |
const commenter = context.actor;
const issue = context.issue;
let hasPermission = false;
let prDetails = null;
const issueOwner = context.repo.owner;
const issueRepo = context.repo.repo;
const commentId = context.payload.comment.id;
const prNumber = context.issue.number; // In issue_comment on a PR, issue.number is the PR number
// Function to add a reaction to the comment
async function addReaction(content) {
try {
await github.rest.reactions.createForIssueComment({
owner: issueOwner,
repo: issueRepo,
comment_id: commentId,
content: content
});
} catch (reactionError) {
// Log if reaction fails but don't fail the script for this
console.log(`Failed to add reaction '${content}': ${reactionError.message}`);
}
}
// Initialize outputs to a non-triggering state
core.setOutput('permission_granted', 'false');
core.setOutput('head_sha', '');
core.setOutput('pr_number_string', '');
// 1. Check user permissions
try {
const { data: permissions } = await github.rest.repos.getCollaboratorPermissionLevel({
owner: issue.owner,
repo: issue.repo,
owner: issueOwner,
repo: issueRepo,
username: commenter
});
const allowedPermissions = ['admin', 'write', 'maintain'];
if (allowedPermissions.includes(permissions.permission)) {
console.log(`User @${commenter} has '${permissions.permission}' permission.`);
hasPermission = true;
} else {
core.setFailed(`User @${commenter} does not have sufficient permissions (admin/write/maintain) to trigger workflows.`);
if (!allowedPermissions.includes(permissions.permission)) {
console.log(`User @${commenter} has '${permissions.permission}' permission. Needs 'admin', 'write', or 'maintain'.`);
await addReaction('-1'); // User does not have permission
return; // Exit script, tests will not be triggered
}
console.log(`User @${commenter} has '${permissions.permission}' permission.`);
} catch (error) {
core.setFailed(`Could not verify permissions for @${commenter}: ${error.message}`);
console.log(`Could not verify permissions for @${commenter}: ${error.message}`);
await addReaction('confused'); // Error checking permissions
return; // Exit script
}
if (!hasPermission) {
return { permission_granted: false };
}
const prNumber = issue.number;
// 2. Fetch PR details (if permission check passed)
let headSha;
try {
const { data: pr } = await github.rest.pulls.get({
owner: context.repo.owner,
repo: context.repo.repo,
owner: issueOwner,
repo: issueRepo,
pull_number: prNumber,
});
prDetails = {
head_sha: pr.head.sha,
pr_number_string: prNumber.toString()
};
console.log(`Workspaceed PR details: SHA - ${prDetails.head_sha}, PR Number - ${prDetails.pr_number_string}`);
headSha = pr.head.sha;
console.log(`Workspaced PR details: SHA - ${headSha}, PR Number - ${prNumber}`);
// Set outputs for the next job
core.setOutput('permission_granted', 'true');
core.setOutput('head_sha', headSha);
core.setOutput('pr_number_string', prNumber.toString());
await addReaction('+1'); // Command accepted, tests will be triggered
} catch (error) {
core.setFailed(`Failed to fetch PR details for PR #${prNumber}: ${error.message}`);
return { permission_granted: true, pr_fetch_error: true };
console.log(`Failed to fetch PR details for PR #${prNumber}: ${error.message}`);
core.setOutput('permission_granted', 'false'); // Ensure this is false if PR fetch fails
await addReaction('confused'); // Error fetching PR details
}
return { permission_granted: true, ...prDetails };
trigger_reusable_tests:
name: Trigger Reusable Test Workflow
needs: handle_comment_command
- name: Call Reusable Test Workflow
if: steps.pr_check.outcome == 'success' && fromJson(steps.pr_check.outputs.result).permission_granted == true && fromJson(steps.pr_check.outputs.result).head_sha
uses: ./.github/workflows/test-workflows-callable.yml
with:
git_ref: ${{ fromJson(steps.pr_check.outputs.result).head_sha }}
send_webhook_report: true
pr_number: ${{ fromJson(steps.pr_check.outputs.result).pr_number_string }}
secrets: inherit
if: >
always() &&
needs.handle_comment_command.result != 'skipped' &&
needs.handle_comment_command.outputs.permission_granted == 'true' &&
needs.handle_comment_command.outputs.git_ref != ''
uses: ./.github/workflows/test-workflows-callable.yml
with:
git_ref: ${{ needs.handle_comment_command.outputs.git_ref }}
send_webhook_report: true
pr_number: ${{ needs.handle_comment_command.outputs.pr_number }}
secrets: inherit