HMS-3141: tests,bib: fix/check that there are no selinux denials #17
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Testing farm tests | |
on: | |
pull_request_target: | |
types: [opened, synchronize, reopened] | |
# To use testing farm we need the TF_API_KEY secret available inside the | |
# forked repo which requires the pull_request_target trigger. To protect | |
# the secrets we need to make sure only people with repo write access | |
# can trigger this workflow. This means that ouside contributors will | |
# get an initial failure when the workflow is run. But once someone from | |
# the team re-triggers it it will work. | |
# | |
# Note that "pull_requqest_target" events are always triggered even | |
# when the "Fork pull request workflows from outside collaborators" | |
# setting is restricted to "Require approval for all outside collaborators" | |
# (see https://docs.github.com/en/actions/managing-workflow-runs/approving-workflow-runs-from-public-forks) | |
# | |
# Note also that this precautions might be overkill because a fork | |
# cannot modify this workflow and all we do is run a branch inside | |
# testing farm. But a) the scope of workflow may expand over time | |
# b) it feels safer this way and is not a big burden in practise. | |
# | |
# This follows https://michaelheap.com/access-secrets-from-forks/ | |
jobs: | |
testingfarm: | |
name: "Run in testing farm" | |
runs-on: ubuntu-latest | |
steps: | |
- name: Get User Permission | |
id: checkAccess | |
uses: actions-cool/check-user-permission@v2 | |
with: | |
require: write | |
username: ${{ github.triggering_actor }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Check User Permission | |
if: steps.checkAccess.outputs.require-result == 'false' | |
run: | | |
echo "${{ github.triggering_actor }} does not have permissions on this repo." | |
echo "Current permission level is ${{ steps.checkAccess.outputs.user-permission }}" | |
echo "Job originally triggered by ${{ github.actor }}" | |
exit 1 | |
- name: Check out code | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Run the tests | |
uses: sclorg/testing-farm-as-github-action@v1 | |
with: | |
api_key: ${{ secrets.TF_API_KEY }} | |
git_url: ${{ github.event.pull_request.head.repo.clone_url }} | |
git_ref: ${{ github.event.pull_request.head.ref }} | |
pull_request_status_name: "Testing farm" |