From 82371f6c429baad02d1423b204e79fc6d2d1a1b5 Mon Sep 17 00:00:00 2001 From: Sean Preston Date: Thu, 18 Nov 2021 11:23:54 +0000 Subject: [PATCH 01/11] trigger workflows to run for pull_request_target event --- .github/workflows/pr_checks.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pr_checks.yml b/.github/workflows/pr_checks.yml index 6cef39dd6..2ac473219 100644 --- a/.github/workflows/pr_checks.yml +++ b/.github/workflows/pr_checks.yml @@ -1,5 +1,8 @@ name: Run CI -on: [push] +on: [ + push, + pull_request_target +] jobs: Autoformat: From 4daa46ba388305d3d97812c0e50b7117ad6e76fb Mon Sep 17 00:00:00 2001 From: Sean Preston Date: Thu, 18 Nov 2021 17:04:42 +0000 Subject: [PATCH 02/11] change to only pull_request --- .github/workflows/pr_checks.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr_checks.yml b/.github/workflows/pr_checks.yml index 2ac473219..ad5683fe6 100644 --- a/.github/workflows/pr_checks.yml +++ b/.github/workflows/pr_checks.yml @@ -1,7 +1,7 @@ name: Run CI on: [ push, - pull_request_target + pull_request ] jobs: From 1f7cd637e3ffe61d381923a05a74a64838b30d09 Mon Sep 17 00:00:00 2001 From: Sean Preston Date: Fri, 19 Nov 2021 12:16:27 +0000 Subject: [PATCH 03/11] check safe to test label --- .github/workflows/pr_checks.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/pr_checks.yml b/.github/workflows/pr_checks.yml index ad5683fe6..2b6aa9308 100644 --- a/.github/workflows/pr_checks.yml +++ b/.github/workflows/pr_checks.yml @@ -1,8 +1,8 @@ name: Run CI -on: [ - push, - pull_request -] +on: + push: + pull_request: + types: [labeled] jobs: Autoformat: @@ -71,6 +71,7 @@ jobs: Integration-Tests-External: runs-on: ubuntu-latest + if: contains(github.event.pull_request.labels.*.name, 'safe to test') steps: - run: echo "Running CI for branch ${{ github.ref }}." - name: Check out repository code From d2057f504fe1785dcc5a4820871b13f018914c1f Mon Sep 17 00:00:00 2001 From: Sean Preston Date: Fri, 19 Nov 2021 12:59:47 +0000 Subject: [PATCH 04/11] what happens when a PR with the safe-to-test label is pushed to --- src/fidesops/main.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/fidesops/main.py b/src/fidesops/main.py index fc4b2ca37..61321616b 100644 --- a/src/fidesops/main.py +++ b/src/fidesops/main.py @@ -26,6 +26,8 @@ app.include_router(api_router) +# abritrary change + def start_webserver() -> None: """Run any pending DB migrations and start the webserver.""" From e007cdbd02cf547b1e34d658abd3e92208551df1 Mon Sep 17 00:00:00 2001 From: Sean Preston Date: Fri, 19 Nov 2021 13:08:05 +0000 Subject: [PATCH 05/11] split pr_checks into safe + unsafe --- .../{pr_checks.yml => safe_pr_checks.yml} | 18 +---------------- .github/workflows/unsafe_pr_checks.yml | 20 +++++++++++++++++++ 2 files changed, 21 insertions(+), 17 deletions(-) rename .github/workflows/{pr_checks.yml => safe_pr_checks.yml} (77%) create mode 100644 .github/workflows/unsafe_pr_checks.yml diff --git a/.github/workflows/pr_checks.yml b/.github/workflows/safe_pr_checks.yml similarity index 77% rename from .github/workflows/pr_checks.yml rename to .github/workflows/safe_pr_checks.yml index 2b6aa9308..0e9bce951 100644 --- a/.github/workflows/pr_checks.yml +++ b/.github/workflows/safe_pr_checks.yml @@ -1,8 +1,6 @@ -name: Run CI +name: Run Safe CI Checks on: push: - pull_request: - types: [labeled] jobs: Autoformat: @@ -68,17 +66,3 @@ jobs: uses: actions/checkout@v2 - run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner." - run: make pytest-integration-erasure - - Integration-Tests-External: - runs-on: ubuntu-latest - if: contains(github.event.pull_request.labels.*.name, 'safe to test') - steps: - - run: echo "Running CI for branch ${{ github.ref }}." - - name: Check out repository code - uses: actions/checkout@v2 - - run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner." - - name: Run unit tests that connect to an external db - env: - REDSHIFT_TEST_URI: ${{ secrets.REDSHIFT_TEST_URI }} - SNOWFLAKE_TEST_URI: ${{ secrets.SNOWFLAKE_TEST_URI }} - run: make pytest-external-integration diff --git a/.github/workflows/unsafe_pr_checks.yml b/.github/workflows/unsafe_pr_checks.yml new file mode 100644 index 000000000..a0af2c083 --- /dev/null +++ b/.github/workflows/unsafe_pr_checks.yml @@ -0,0 +1,20 @@ +name: Run Unsafe CI Checks +on: + push: + pull_request: + types: [labeled] + +jobs: + Integration-Tests-External: + runs-on: ubuntu-latest + if: contains(github.event.pull_request.labels.*.name, 'safe to test') + steps: + - run: echo "Running CI for branch ${{ github.ref }}." + - name: Check out repository code + uses: actions/checkout@v2 + - run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner." + - name: Run unit tests that connect to an external db + env: + REDSHIFT_TEST_URI: ${{ secrets.REDSHIFT_TEST_URI }} + SNOWFLAKE_TEST_URI: ${{ secrets.SNOWFLAKE_TEST_URI }} + run: make pytest-external-integration From 785162c553b4eba9c2d28deca77b301f4a1b1eac Mon Sep 17 00:00:00 2001 From: Sean Preston Date: Fri, 19 Nov 2021 13:25:23 +0000 Subject: [PATCH 06/11] update names of jobs --- .github/workflows/safe_pr_checks.yml | 2 +- .github/workflows/unsafe_pr_checks.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/safe_pr_checks.yml b/.github/workflows/safe_pr_checks.yml index 0e9bce951..86b35e344 100644 --- a/.github/workflows/safe_pr_checks.yml +++ b/.github/workflows/safe_pr_checks.yml @@ -1,4 +1,4 @@ -name: Run Safe CI Checks +name: CI Checks - Safe on: push: diff --git a/.github/workflows/unsafe_pr_checks.yml b/.github/workflows/unsafe_pr_checks.yml index a0af2c083..a87779c27 100644 --- a/.github/workflows/unsafe_pr_checks.yml +++ b/.github/workflows/unsafe_pr_checks.yml @@ -1,4 +1,4 @@ -name: Run Unsafe CI Checks +name: CI Checks - Unsafe on: push: pull_request: From 478ea612782f5c0ad365cddaccfd3944934f8f0f Mon Sep 17 00:00:00 2001 From: Sean Preston Date: Fri, 19 Nov 2021 13:32:22 +0000 Subject: [PATCH 07/11] try removing push trigger --- .github/workflows/unsafe_pr_checks.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/unsafe_pr_checks.yml b/.github/workflows/unsafe_pr_checks.yml index a87779c27..4ea5176d4 100644 --- a/.github/workflows/unsafe_pr_checks.yml +++ b/.github/workflows/unsafe_pr_checks.yml @@ -1,6 +1,5 @@ name: CI Checks - Unsafe on: - push: pull_request: types: [labeled] From 912f1d402acb4e228cba69b1841bd6d75265b9a1 Mon Sep 17 00:00:00 2001 From: Sean Preston Date: Fri, 19 Nov 2021 13:39:21 +0000 Subject: [PATCH 08/11] add push trigger back so we can see the check as skipped, change label name to better reflect the action --- .github/workflows/unsafe_pr_checks.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/unsafe_pr_checks.yml b/.github/workflows/unsafe_pr_checks.yml index 4ea5176d4..6f12affe3 100644 --- a/.github/workflows/unsafe_pr_checks.yml +++ b/.github/workflows/unsafe_pr_checks.yml @@ -1,12 +1,13 @@ name: CI Checks - Unsafe on: + push: pull_request: types: [labeled] jobs: Integration-Tests-External: runs-on: ubuntu-latest - if: contains(github.event.pull_request.labels.*.name, 'safe to test') + if: contains(github.event.pull_request.labels.*.name, 'run unsafe ci checks') steps: - run: echo "Running CI for branch ${{ github.ref }}." - name: Check out repository code From 910fc09a5096192a183ba994e534c0619b283338 Mon Sep 17 00:00:00 2001 From: Sean Preston Date: Fri, 19 Nov 2021 13:51:09 +0000 Subject: [PATCH 09/11] add pull_request back to safe checks --- .github/workflows/safe_pr_checks.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/safe_pr_checks.yml b/.github/workflows/safe_pr_checks.yml index 86b35e344..b07e26ffb 100644 --- a/.github/workflows/safe_pr_checks.yml +++ b/.github/workflows/safe_pr_checks.yml @@ -1,6 +1,8 @@ name: CI Checks - Safe -on: - push: +on: [ + push, + pull_request +] jobs: Autoformat: From 3a97b35d2bf062b7badff04ac69fe94418406ae3 Mon Sep 17 00:00:00 2001 From: Sean Preston Date: Fri, 19 Nov 2021 14:00:03 +0000 Subject: [PATCH 10/11] remove push because pull_request synchronize should cover it --- .github/workflows/safe_pr_checks.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/safe_pr_checks.yml b/.github/workflows/safe_pr_checks.yml index b07e26ffb..6225371fc 100644 --- a/.github/workflows/safe_pr_checks.yml +++ b/.github/workflows/safe_pr_checks.yml @@ -1,6 +1,5 @@ name: CI Checks - Safe on: [ - push, pull_request ] From 884239c8a69179cd0e26a6301040df4b5a3760d1 Mon Sep 17 00:00:00 2001 From: Sean Preston Date: Fri, 19 Nov 2021 15:31:44 +0000 Subject: [PATCH 11/11] remove arbitrary change --- src/fidesops/main.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/fidesops/main.py b/src/fidesops/main.py index 61321616b..fc4b2ca37 100644 --- a/src/fidesops/main.py +++ b/src/fidesops/main.py @@ -26,8 +26,6 @@ app.include_router(api_router) -# abritrary change - def start_webserver() -> None: """Run any pending DB migrations and start the webserver."""