From 56798fb6771f9fa0130de8e1636ba8364dda4ca3 Mon Sep 17 00:00:00 2001 From: Dan Grebb Date: Fri, 22 Dec 2023 21:32:37 -0500 Subject: [PATCH 1/3] fix: use `github.event.pull_request.head.sha` for checkout@v4 --- .github/workflows/_backstop-docker-ci.yml | 2 +- .github/workflows/backstop-integration-test.yml | 2 +- .github/workflows/backstop-sanity-test.yml | 4 ++-- .github/workflows/backstop-smoke-test.yml | 4 ++-- .github/workflows/docker-build.yml | 4 ++-- .github/workflows/docker-sanity-test.yml | 6 +++--- .github/workflows/docker-smoke-test.yml | 6 +++--- 7 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/_backstop-docker-ci.yml b/.github/workflows/_backstop-docker-ci.yml index f81da740c..21fe378bc 100644 --- a/.github/workflows/_backstop-docker-ci.yml +++ b/.github/workflows/_backstop-docker-ci.yml @@ -18,7 +18,7 @@ permissions: packages: write env: - BRANCH_NAME: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref_name }} + BRANCH_NAME: ${{ github.event.pull_request.head.sha || github.head_ref || github.ref_name }} jobs: backstop-sanity-test: diff --git a/.github/workflows/backstop-integration-test.yml b/.github/workflows/backstop-integration-test.yml index da07a994d..a302a7e61 100644 --- a/.github/workflows/backstop-integration-test.yml +++ b/.github/workflows/backstop-integration-test.yml @@ -20,7 +20,7 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 - ref: ${{ github.event.pull_request.head.ref || github.ref }} + ref: ${{ github.event.pull_request.head.sha || github.ref }} - name: ⬢ Setup Node & Cache uses: actions/setup-node@v4 diff --git a/.github/workflows/backstop-sanity-test.yml b/.github/workflows/backstop-sanity-test.yml index 6e74932f5..870683cdc 100644 --- a/.github/workflows/backstop-sanity-test.yml +++ b/.github/workflows/backstop-sanity-test.yml @@ -20,7 +20,7 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 - ref: ${{ github.event.pull_request.head.ref || github.ref }} + ref: ${{ github.event.pull_request.head.sha || github.ref }} - name: ⬢ Setup Node & Cache uses: actions/setup-node@v4 @@ -43,7 +43,7 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 - ref: ${{ github.event.pull_request.head.ref || github.ref }} + ref: ${{ github.event.pull_request.head.sha || github.ref }} - name: ⬢ Setup Node & Cache uses: actions/setup-node@v4 diff --git a/.github/workflows/backstop-smoke-test.yml b/.github/workflows/backstop-smoke-test.yml index 7157b0fea..614e0a944 100644 --- a/.github/workflows/backstop-smoke-test.yml +++ b/.github/workflows/backstop-smoke-test.yml @@ -20,7 +20,7 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 - ref: ${{ github.event.pull_request.head.ref || github.ref }} + ref: ${{ github.event.pull_request.head.sha || github.ref }} - name: ⬢ Setup Node & Cache uses: actions/setup-node@v4 @@ -44,7 +44,7 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 - ref: ${{ github.event.pull_request.head.ref || github.ref }} + ref: ${{ github.event.pull_request.head.sha || github.ref }} - name: ⬢ Setup Node & Cache uses: actions/setup-node@v4 diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index dd146cdf9..db1179cd9 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -11,7 +11,7 @@ permissions: packages: write env: - BRANCH_NAME: ${{ github.event.pull_request.head_ref || github.event.pull_request.head.ref_name || github.head_ref || github.ref_name }} + BRANCH_NAME: ${{ github.event.pull_request.head_ref || github.event.pull_request.head.sha_name || github.head_ref || github.ref_name }} NODE_VERSION: 20 REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 - ref: ${{ github.event.pull_request.head.ref || github.ref }} + ref: ${{ github.event.pull_request.head.sha || github.ref }} - name: Set Name and Tag Vars env: diff --git a/.github/workflows/docker-sanity-test.yml b/.github/workflows/docker-sanity-test.yml index cd3957fb1..944272109 100644 --- a/.github/workflows/docker-sanity-test.yml +++ b/.github/workflows/docker-sanity-test.yml @@ -11,7 +11,7 @@ permissions: packages: write env: - BRANCH_NAME: ${{ github.event.pull_request.head_ref || github.event.pull_request.head.ref_name || github.head_ref || github.ref_name }} + BRANCH_NAME: ${{ github.event.pull_request.head_ref || github.event.pull_request.head.sha_name || github.head_ref || github.ref_name }} NODE_VERSION: 20 REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} @@ -30,7 +30,7 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 - ref: ${{ github.event.pull_request.head.ref || github.ref }} + ref: ${{ github.event.pull_request.head.sha || github.ref }} - name: Set Name and Tag Vars env: @@ -78,7 +78,7 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 - ref: ${{ github.event.pull_request.head.ref || github.ref }} + ref: ${{ github.event.pull_request.head.sha || github.ref }} - name: Set Name and Tag Vars env: diff --git a/.github/workflows/docker-smoke-test.yml b/.github/workflows/docker-smoke-test.yml index 20bf5d7c3..2aba76ce3 100644 --- a/.github/workflows/docker-smoke-test.yml +++ b/.github/workflows/docker-smoke-test.yml @@ -11,7 +11,7 @@ permissions: packages: write env: - BRANCH_NAME: ${{ github.event.pull_request.head_ref || github.event.pull_request.head.ref_name || github.head_ref || github.ref_name }} + BRANCH_NAME: ${{ github.event.pull_request.head_ref || github.event.pull_request.head.sha_name || github.head_ref || github.ref_name }} NODE_VERSION: 20 REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} @@ -30,7 +30,7 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 - ref: ${{ github.event.pull_request.head.ref || github.ref }} + ref: ${{ github.event.pull_request.head.sha || github.ref }} - name: Set Name and Tag Vars env: @@ -78,7 +78,7 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 - ref: ${{ github.event.pull_request.head.ref || github.ref }} + ref: ${{ github.event.pull_request.head.sha || github.ref }} - name: Set Name and Tag Vars env: From 525b238c8c32c5e9aad005ad28bffccfea633644 Mon Sep 17 00:00:00 2001 From: Dan Grebb Date: Fri, 22 Dec 2023 22:23:24 -0500 Subject: [PATCH 2/3] fix: adjust bad find/replace for `ref_name` --- .github/workflows/docker-build.yml | 2 +- .github/workflows/docker-sanity-test.yml | 2 +- .github/workflows/docker-smoke-test.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index db1179cd9..b54e95826 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -11,7 +11,7 @@ permissions: packages: write env: - BRANCH_NAME: ${{ github.event.pull_request.head_ref || github.event.pull_request.head.sha_name || github.head_ref || github.ref_name }} + BRANCH_NAME: ${{ github.event.pull_request.head_ref || github.event.pull_request.head.ref_name || github.head_ref || github.ref_name }} NODE_VERSION: 20 REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} diff --git a/.github/workflows/docker-sanity-test.yml b/.github/workflows/docker-sanity-test.yml index 944272109..b17febc9f 100644 --- a/.github/workflows/docker-sanity-test.yml +++ b/.github/workflows/docker-sanity-test.yml @@ -11,7 +11,7 @@ permissions: packages: write env: - BRANCH_NAME: ${{ github.event.pull_request.head_ref || github.event.pull_request.head.sha_name || github.head_ref || github.ref_name }} + BRANCH_NAME: ${{ github.event.pull_request.head_ref || github.event.pull_request.head.ref_name || github.head_ref || github.ref_name }} NODE_VERSION: 20 REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} diff --git a/.github/workflows/docker-smoke-test.yml b/.github/workflows/docker-smoke-test.yml index 2aba76ce3..3ce70f261 100644 --- a/.github/workflows/docker-smoke-test.yml +++ b/.github/workflows/docker-smoke-test.yml @@ -11,7 +11,7 @@ permissions: packages: write env: - BRANCH_NAME: ${{ github.event.pull_request.head_ref || github.event.pull_request.head.sha_name || github.head_ref || github.ref_name }} + BRANCH_NAME: ${{ github.event.pull_request.head_ref || github.event.pull_request.head.ref_name || github.head_ref || github.ref_name }} NODE_VERSION: 20 REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} From 78d21d36f8e3c8d881f9d360495096ac47724f78 Mon Sep 17 00:00:00 2001 From: Dan Grebb Date: Sat, 23 Dec 2023 02:02:31 -0500 Subject: [PATCH 3/3] ci(github): add `actions: write` permission to workflows --- .github/workflows/_backstop-docker-ci.yml | 1 + .github/workflows/backstop-integration-test.yml | 1 + .github/workflows/backstop-sanity-test.yml | 1 + .github/workflows/backstop-smoke-test.yml | 1 + .github/workflows/docker-build.yml | 1 + .github/workflows/docker-sanity-test.yml | 1 + .github/workflows/docker-smoke-test.yml | 1 + .github/workflows/test-backstop.yml | 1 + .github/workflows/test-docker.yml | 1 + 9 files changed, 9 insertions(+) diff --git a/.github/workflows/_backstop-docker-ci.yml b/.github/workflows/_backstop-docker-ci.yml index 21fe378bc..2c89b1587 100644 --- a/.github/workflows/_backstop-docker-ci.yml +++ b/.github/workflows/_backstop-docker-ci.yml @@ -12,6 +12,7 @@ on: branches: [master, develop] permissions: + actions: write checks: write contents: write pull-requests: write diff --git a/.github/workflows/backstop-integration-test.yml b/.github/workflows/backstop-integration-test.yml index a302a7e61..dc780ab6b 100644 --- a/.github/workflows/backstop-integration-test.yml +++ b/.github/workflows/backstop-integration-test.yml @@ -5,6 +5,7 @@ on: workflow_call: permissions: + actions: write contents: write pull-requests: write diff --git a/.github/workflows/backstop-sanity-test.yml b/.github/workflows/backstop-sanity-test.yml index 870683cdc..f6877aa8e 100644 --- a/.github/workflows/backstop-sanity-test.yml +++ b/.github/workflows/backstop-sanity-test.yml @@ -5,6 +5,7 @@ on: workflow_call: permissions: + actions: write contents: write pull-requests: write diff --git a/.github/workflows/backstop-smoke-test.yml b/.github/workflows/backstop-smoke-test.yml index 614e0a944..f71e1c42c 100644 --- a/.github/workflows/backstop-smoke-test.yml +++ b/.github/workflows/backstop-smoke-test.yml @@ -5,6 +5,7 @@ on: workflow_call: permissions: + actions: write contents: write pull-requests: write diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index b54e95826..7c539b7b3 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -5,6 +5,7 @@ on: workflow_call: permissions: + actions: write checks: write contents: write pull-requests: write diff --git a/.github/workflows/docker-sanity-test.yml b/.github/workflows/docker-sanity-test.yml index b17febc9f..bff8160b7 100644 --- a/.github/workflows/docker-sanity-test.yml +++ b/.github/workflows/docker-sanity-test.yml @@ -5,6 +5,7 @@ on: workflow_call: permissions: + actions: write checks: write contents: write pull-requests: write diff --git a/.github/workflows/docker-smoke-test.yml b/.github/workflows/docker-smoke-test.yml index 3ce70f261..46cf131da 100644 --- a/.github/workflows/docker-smoke-test.yml +++ b/.github/workflows/docker-smoke-test.yml @@ -5,6 +5,7 @@ on: workflow_call: permissions: + actions: write checks: write contents: write pull-requests: write diff --git a/.github/workflows/test-backstop.yml b/.github/workflows/test-backstop.yml index 3345ce5e7..af4d16c60 100644 --- a/.github/workflows/test-backstop.yml +++ b/.github/workflows/test-backstop.yml @@ -5,6 +5,7 @@ on: workflow_call: permissions: + actions: write checks: write contents: write pull-requests: write diff --git a/.github/workflows/test-docker.yml b/.github/workflows/test-docker.yml index 772be000b..57c88e88c 100644 --- a/.github/workflows/test-docker.yml +++ b/.github/workflows/test-docker.yml @@ -5,6 +5,7 @@ on: workflow_call: permissions: + actions: write checks: write contents: write pull-requests: write