From c286bc7d1519c3f4441c1f77362c397fd3d764c8 Mon Sep 17 00:00:00 2001 From: Elio Di Nino <52972357+ElioDiNino@users.noreply.github.com> Date: Fri, 1 Mar 2024 13:10:54 -0500 Subject: [PATCH 1/5] feat: add RH_ADMIN_CHECK flag --- jupyter_releaser/cli.py | 6 ++++++ jupyter_releaser/util.py | 2 +- tests/test_cli.py | 1 + 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/jupyter_releaser/cli.py b/jupyter_releaser/cli.py index 40055651..2a5dd305 100644 --- a/jupyter_releaser/cli.py +++ b/jupyter_releaser/cli.py @@ -192,6 +192,12 @@ def main(force): # noqa: ARG001 auth_options: t.Any = [ click.option("--auth", envvar="GITHUB_ACCESS_TOKEN", help="The GitHub auth token"), + click.option( + "--admin-check", + envvar="RH_ADMIN_CHECK", + default=True, + help="Check if the triggering user is a repo admin", + ), ] username_options: t.Any = [ diff --git a/jupyter_releaser/util.py b/jupyter_releaser/util.py index 56c2ffd4..4fb3b328 100644 --- a/jupyter_releaser/util.py +++ b/jupyter_releaser/util.py @@ -603,7 +603,7 @@ def prepare_environment(fetch_draft_release=True): gh = get_gh_object(dry_run=dry_run, owner=owner, repo=repo_name, token=auth) # Ensure the user is an admin. - if not dry_run: + if os.environ.get("RH_ADMIN_CHECK") and not dry_run: user = os.environ["GITHUB_ACTOR"] log(f"Getting permission level for {user}") try: diff --git a/tests/test_cli.py b/tests/test_cli.py index 7d2ccf0f..c28f49b9 100644 --- a/tests/test_cli.py +++ b/tests/test_cli.py @@ -152,6 +152,7 @@ def test_list_envvars(runner): assert ( result.output.strip() == """ +admin-check: RH_ADMIN_CHECK auth: GITHUB_ACCESS_TOKEN branch: RH_BRANCH changelog-path: RH_CHANGELOG From 60928ac85b651d356081bc70bdbb9fa145a1b789 Mon Sep 17 00:00:00 2001 From: Elio Di Nino <52972357+ElioDiNino@users.noreply.github.com> Date: Fri, 1 Mar 2024 14:57:27 -0500 Subject: [PATCH 2/5] fix: correct env variable parsing and comparison --- jupyter_releaser/util.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyter_releaser/util.py b/jupyter_releaser/util.py index 4fb3b328..643c8ddb 100644 --- a/jupyter_releaser/util.py +++ b/jupyter_releaser/util.py @@ -603,7 +603,7 @@ def prepare_environment(fetch_draft_release=True): gh = get_gh_object(dry_run=dry_run, owner=owner, repo=repo_name, token=auth) # Ensure the user is an admin. - if os.environ.get("RH_ADMIN_CHECK") and not dry_run: + if os.environ.get("RH_ADMIN_CHECK", "").lower() == "true" and not dry_run: user = os.environ["GITHUB_ACTOR"] log(f"Getting permission level for {user}") try: From 25ca1254012fef8a7f9b3fbe23a595f7535fc798 Mon Sep 17 00:00:00 2001 From: Elio Di Nino <52972357+ElioDiNino@users.noreply.github.com> Date: Fri, 1 Mar 2024 15:17:48 -0500 Subject: [PATCH 3/5] fix: don't add to cli options --- jupyter_releaser/cli.py | 6 ------ tests/test_cli.py | 1 - 2 files changed, 7 deletions(-) diff --git a/jupyter_releaser/cli.py b/jupyter_releaser/cli.py index 2a5dd305..40055651 100644 --- a/jupyter_releaser/cli.py +++ b/jupyter_releaser/cli.py @@ -192,12 +192,6 @@ def main(force): # noqa: ARG001 auth_options: t.Any = [ click.option("--auth", envvar="GITHUB_ACCESS_TOKEN", help="The GitHub auth token"), - click.option( - "--admin-check", - envvar="RH_ADMIN_CHECK", - default=True, - help="Check if the triggering user is a repo admin", - ), ] username_options: t.Any = [ diff --git a/tests/test_cli.py b/tests/test_cli.py index c28f49b9..7d2ccf0f 100644 --- a/tests/test_cli.py +++ b/tests/test_cli.py @@ -152,7 +152,6 @@ def test_list_envvars(runner): assert ( result.output.strip() == """ -admin-check: RH_ADMIN_CHECK auth: GITHUB_ACCESS_TOKEN branch: RH_BRANCH changelog-path: RH_CHANGELOG From 6d4cae1dd0eab445b50214ea60d57694e3b1e1e2 Mon Sep 17 00:00:00 2001 From: Elio Di Nino <52972357+ElioDiNino@users.noreply.github.com> Date: Fri, 1 Mar 2024 15:30:41 -0500 Subject: [PATCH 4/5] ci: modify actions to add admin check input --- .github/actions/check-release/action.yml | 7 +++++++ .github/actions/finalize-release/action.yml | 5 +++++ .github/actions/populate-release/action.yml | 5 +++++ .github/actions/prep-release/action.yml | 6 +++++- .github/actions/publish-changelog/action.yml | 5 +++++ 5 files changed, 27 insertions(+), 1 deletion(-) diff --git a/.github/actions/check-release/action.yml b/.github/actions/check-release/action.yml index 1e1258ce..1eae9495 100644 --- a/.github/actions/check-release/action.yml +++ b/.github/actions/check-release/action.yml @@ -11,6 +11,10 @@ inputs: steps_to_skip: description: "Comma separated list of steps to skip" required: false + admin_check: + description: "Check if the user is a repo admin" + required: false + default: "true" shell: description: "The shell being used for the action steps" required: false @@ -31,6 +35,7 @@ runs: export GITHUB_ACCESS_TOKEN=${{ inputs.token }} export RH_VERSION_SPEC=${{ inputs.version_spec }} export RH_STEPS_TO_SKIP=${{ inputs.steps_to_skip }} + export RH_ADMIN_CHECK=${{ inputs.admin_check }} python -m jupyter_releaser.actions.prep_release - id: populate-release @@ -40,6 +45,7 @@ runs: export GITHUB_ACCESS_TOKEN=${{ inputs.token }} export RH_RELEASE_URL=${{ steps.prep-release.outputs.release_url }} export RH_STEPS_TO_SKIP=${{ inputs.steps_to_skip }} + export RH_ADMIN_CHECK=${{ inputs.admin_check }} export YARN_UNSAFE_HTTP_WHITELIST=0.0.0.0 python -m jupyter_releaser.actions.populate_release @@ -50,4 +56,5 @@ runs: export GITHUB_ACCESS_TOKEN=${{ inputs.token }} export RH_RELEASE_URL=${{ steps.populate-release.outputs.release_url }} export RH_STEPS_TO_SKIP=${{ inputs.steps_to_skip }} + export RH_ADMIN_CHECK=${{ inputs.admin_check }} python -m jupyter_releaser.actions.finalize_release diff --git a/.github/actions/finalize-release/action.yml b/.github/actions/finalize-release/action.yml index a55d97ec..12a7422c 100644 --- a/.github/actions/finalize-release/action.yml +++ b/.github/actions/finalize-release/action.yml @@ -20,6 +20,10 @@ inputs: steps_to_skip: description: "Comma separated list of steps to skip" required: false + admin_check: + description: "Check if the user is a repo admin" + required: false + default: "true" shell: description: "The shell being used for the action steps" required: false @@ -52,6 +56,7 @@ runs: export RH_RELEASE_URL=${{ inputs.release_url }} export RH_STEPS_TO_SKIP=${{ inputs.steps_to_skip }} export RH_BRANCH=${{ inputs.branch }} + export RH_ADMIN_CHECK=${{ inputs.admin_check }} python -m jupyter_releaser.actions.finalize_release - if: ${{ success() }} diff --git a/.github/actions/populate-release/action.yml b/.github/actions/populate-release/action.yml index 32c1499f..f185fa57 100644 --- a/.github/actions/populate-release/action.yml +++ b/.github/actions/populate-release/action.yml @@ -20,6 +20,10 @@ inputs: steps_to_skip: description: "Comma separated list of steps to skip" required: false + admin_check: + description: "Check if the user is a repo admin" + required: false + default: "true" shell: description: "The shell being used for the action steps" required: false @@ -49,6 +53,7 @@ runs: export RH_STEPS_TO_SKIP=${{ inputs.steps_to_skip }} export RH_RELEASE_URL=${{ inputs.release_url }} export RH_BRANCH=${{ inputs.branch }} + export RH_ADMIN_CHECK=${{ inputs.admin_check }} python -m jupyter_releaser.actions.populate_release - if: ${{ failure() }} diff --git a/.github/actions/prep-release/action.yml b/.github/actions/prep-release/action.yml index 9770de20..ceb8a98f 100644 --- a/.github/actions/prep-release/action.yml +++ b/.github/actions/prep-release/action.yml @@ -24,13 +24,16 @@ inputs: silent: description: "Set a placeholder in the changelog and don't publish the release." required: false - type: boolean since: description: "Use PRs with activity since this date or git reference" required: false since_last_stable: description: "Use PRs with activity since the last stable git tag" required: false + admin_check: + description: "Check if the user is a repo admin" + required: false + default: "true" shell: description: "The shell being used for the action steps" required: false @@ -63,6 +66,7 @@ runs: export RH_SILENT=${{ inputs.silent }} export RH_SINCE=${{ inputs.since }} export RH_SINCE_LAST_STABLE=${{ inputs.since_last_stable }} + export RH_ADMIN_CHECK=${{ inputs.admin_check }} python -m jupyter_releaser.actions.prep_release diff --git a/.github/actions/publish-changelog/action.yml b/.github/actions/publish-changelog/action.yml index d6e42f0f..5023364f 100644 --- a/.github/actions/publish-changelog/action.yml +++ b/.github/actions/publish-changelog/action.yml @@ -14,6 +14,10 @@ inputs: description: "If set, do not make a PR" default: "false" required: false + admin_check: + description: "Check if the user is a repo admin" + required: false + default: "true" shell: description: "The shell being used for the action steps" required: false @@ -41,6 +45,7 @@ runs: export RH_BRANCH=${{ inputs.branch }} fi export RH_DRY_RUN=${{ inputs.dry_run }} + export RH_ADMIN_CHECK=${{ inputs.admin_check }} python -m jupyter_releaser.actions.publish_changelog From 62d732ab5109cb92de034149ce850620e8a1b689 Mon Sep 17 00:00:00 2001 From: Elio Di Nino <52972357+ElioDiNino@users.noreply.github.com> Date: Fri, 1 Mar 2024 15:43:51 -0500 Subject: [PATCH 5/5] fix: properly default to true --- jupyter_releaser/util.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jupyter_releaser/util.py b/jupyter_releaser/util.py index 643c8ddb..464bdb5a 100644 --- a/jupyter_releaser/util.py +++ b/jupyter_releaser/util.py @@ -603,7 +603,7 @@ def prepare_environment(fetch_draft_release=True): gh = get_gh_object(dry_run=dry_run, owner=owner, repo=repo_name, token=auth) # Ensure the user is an admin. - if os.environ.get("RH_ADMIN_CHECK", "").lower() == "true" and not dry_run: + if os.environ.get("RH_ADMIN_CHECK", "true").lower() == "true" and not dry_run: user = os.environ["GITHUB_ACTOR"] log(f"Getting permission level for {user}") try: