Change trigger to pull_request_target #487
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test Library CI | |
| # This workflow always run in the context of Classiq/classiq-library (base repo) but might use a branch from a fork to test its contribution | |
| # PRs from users (should be from a fork) need to targePrint repository namet `main` branch which runs against `prod` environment | |
| # PRs from maintainers team (might be from the base repo) need to target `dev` branch and runs against `dev` environment (nightly) | |
| on: | |
| # Trigger the workflow on push to the specific branch | |
| push: | |
| branches: | |
| - dev | |
| - main | |
| # Trigger the workflow on pull requests targeting the specific branch | |
| pull_request_target: # Note: `pull_request_target` ensures that the tests run in the context of the `main` branch, not in the user's fork. | |
| branches: | |
| - dev | |
| - main | |
| workflow_dispatch: | |
| jobs: | |
| test: | |
| permissions: | |
| id-token: write | |
| contents: read | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Checkout the target branch | |
| id: checkout | |
| run: | | |
| set -ex | |
| # Debugging: initial git status | |
| echo "==== Git status before checkout ====" | |
| git status | |
| # Handle different GitHub Actions events | |
| if [[ "${{ github.event_name }}" == "pull_request_target" ]]; then | |
| echo "Handling pull_request_target event" | |
| echo "SHOULD_TEST_ALL_FILES=false" >> $GITHUB_ENV | |
| target_branch="${{ github.event.pull_request.base.ref }}" | |
| if [ "${{ github.event.pull_request.head.repo.full_name }}" != "${{ github.repository }}" ]; then | |
| echo "PR from a fork detected. Checking out the fork's branch." | |
| git remote add fork https://github.com/${{ github.event.pull_request.head.repo.full_name }}.git | |
| git fetch fork ${{ github.event.pull_request.head.ref }} | |
| git checkout -B ci-testing-branch FETCH_HEAD # Tested code is comming from this branch (contributer's) | |
| else | |
| echo "PR from the same repository detected. Checking out the branch." | |
| git fetch origin ${{ github.event.pull_request.head.ref }} | |
| git checkout ${{ github.event.pull_request.head.ref }} | |
| fi | |
| elif [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then | |
| echo "Handling workflow_dispatch event: No checkout needed" | |
| target_branch="${{ github.ref_name }}" | |
| echo "SHOULD_TEST_ALL_FILES=true" >> $GITHUB_ENV | |
| echo "list_of_ipynb_changed=**/*.ipynb" >> $GITHUB_ENV | |
| elif [[ "${{ github.event_name }}" == "push" ]]; then | |
| echo "Handling push event: No checkout needed" | |
| target_branch="${{ github.ref_name }}" | |
| else | |
| echo "Unsupported event type: ${github.event_name}. Exiting." | |
| exit 1 | |
| fi | |
| echo "target_branch=$target_branch" >> $GITHUB_OUTPUT | |
| # Debugging: final git status | |
| echo "==== Git status after checkout ====" | |
| git status | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| # A bunch of if-else. Might move to an action | |
| # Decide environment based on the target branch (for both push and PR events) | |
| - name: Set environment based on target branch | |
| run: | | |
| target_branch=${{ steps.checkout.outputs.target_branch }} | |
| set -ex | |
| if [[ "$target_branch" == "main" ]]; then | |
| echo "Running on prod environment." | |
| echo "M2M_SECRET_ARN=${{ secrets.PROD_M2M_SECRET_ARN }}" >> $GITHUB_ENV | |
| echo "CLASSIQ_IDE=https://platform.classiq.io" >> $GITHUB_ENV | |
| echo "CLASSIQ_HOST=https://api.classiq.io" >> $GITHUB_ENV | |
| echo "IS_DEV=false" >> $GITHUB_ENV | |
| else | |
| echo "Running on dev environment." | |
| echo "M2M_SECRET_ARN=${{ secrets.NIGHTLY_M2M_SECRET_ARN }}" >> $GITHUB_ENV | |
| echo "CLASSIQ_IDE=https://nightly.platform.classiq.io" >> $GITHUB_ENV | |
| echo "CLASSIQ_HOST=https://staging.api.classiq.io" >> $GITHUB_ENV | |
| echo "IS_DEV=true" >> $GITHUB_ENV | |
| fi | |
| shell: bash | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| # The following 2 steps can also be grouped into one action | |
| # Step to detect changed .ipynb files | |
| - name: Get changed notebook files | |
| id: changed-files-ipynb | |
| uses: tj-actions/changed-files@v44 | |
| with: | |
| files: | | |
| **/*.ipynb | |
| - name: Print changed notebook files | |
| run: | | |
| echo "Changed notebook files: ${{ steps.changed-files-ipynb.outputs.all_changed_files }}" | |
| - name: Install dependencies | |
| run: | | |
| set -e | |
| # The `--pre` allows the installation of pre-release versions of packages (needed for Dev) | |
| python -m pip install --extra-index-url https://pypi.org/simple --pre -U -r requirements.txt | |
| python -m pip install --extra-index-url https://pypi.org/simple -U -r requirements_tests.txt | |
| # Configure AWS credentials | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4.0.2 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_ROLE }} | |
| aws-region: us-east-1 | |
| mask-aws-account-id: true | |
| # Set authentication with M2M token | |
| - name: Set authentication | |
| run: .github/scripts/get_m2m_token.sh | |
| shell: bash | |
| env: | |
| IS_DEV: "${{ env.IS_DEV }}" | |
| M2M_SECRET_ARN: "${{ env.M2M_SECRET_ARN }}" | |
| # Run Notebook Tests | |
| - name: Run Notebooks | |
| run: python -m pytest --log-cli-level=INFO tests | |
| env: | |
| JUPYTER_PLATFORM_DIRS: "1" | |
| SHOULD_TEST_ALL_FILES: "${{ env.SHOULD_TEST_ALL_FILES }}" | |
| LIST_OF_IPYNB_CHANGED: "${{ steps.changed-files-ipynb.outputs.all_changed_files }}" | |
| CLASSIQ_IDE: "${{ env.CLASSIQ_IDE }}" | |
| CLASSIQ_HOST: "${{ env.CLASSIQ_HOST }}" | |
| shell: bash |