-
Notifications
You must be signed in to change notification settings - Fork 16
132 lines (119 loc) · 6.21 KB
/
branch_dispatch_repository_dispatch.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: Branch Dispatch
on:
repository_dispatch:
run-name: "${{ github.event.client_payload.run_name }}"
permissions:
actions: read
contents: read
pull-requests: read
jobs:
branch_dispatch:
runs-on: ubuntu-latest
steps:
# See token.md
- name: Generate a token
if: always()
id: generate_token
uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
with:
app_id: ${{ secrets.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}
# !!!!!! CRITICAL: PLEASE READ !!!!!!
# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions- settings-for-a-repository#controlling-changes-from-forks-to-workflows-in-public-repositories
# "Note: Workflows triggered by pull_request_target events are run in the context of the base
# branch. Since the base branch is considered trusted, workflows triggered by these events will always run,
# REGARDLESS OF APPROVAL SETTINGS."
#
# Note: 1. To use this repository's private action, you must check out the repository
# 2. Although repository-dispatch is run in the context of the default branch (master/main)
# and the checked out actions in this workflow run should be trustworthy, it does not
# guarantee the subsequent workflows after workflow dispatch don't checkout altered actions.
# Therefore, membership must be checked to authorize the repository dispatch to run workflows.
- name: Checkout
uses: actions/checkout@v3
# Note: It is the initial sender of the series of cross-repo CI who needs to verified, not the
# sender of the current event. For example, the repository_dispatch event could be triggered by a
# PR opened on mm-workflows from an external account. In such case, the 'github.event.sender.login'
# would be the owner of the upstream repo, not the external actor.
- name: Check Membership
uses: ./.github/my_actions/check_membership/ # Must start with ./
with:
account_name: ${{ github.event.client_payload.owner }}
access_token: ${{ steps.generate_token.outputs.token }}
- name: Check existence of wic
uses: ./.github/my_actions/check_existence/ # Must start with ./
id: ce_wic
with:
repository: workflow-inference-compiler
sender_repo_owner: ${{ github.event.client_payload.owner }}
sender_repo_ref: ${{ github.event.client_payload.ref_name }}
default_owner: PolusAI
default_branch: master
access_token: ${{ steps.generate_token.outputs.token }}
- name: Check existence of dispatch ref in wic
uses: ./.github/my_actions/check_existence/ # Must start with ./
id: ce_wic_dispatch
with:
repository: workflow-inference-compiler
sender_repo_owner: ${{ github.repository_owner }}
sender_repo_ref: ${{ github.event.client_payload.ref_name }}
default_owner: PolusAI
default_branch: master
access_token: ${{ steps.generate_token.outputs.token }}
- name: Check existence of mm-workflows
uses: ./.github/my_actions/check_existence/ # Must start with ./
id: ce_mm-workflows
with:
repository: mm-workflows
sender_repo_owner: ${{ github.event.client_payload.owner }}
sender_repo_ref: ${{ github.event.client_payload.ref_name }}
default_owner: PolusAI
default_branch: main
access_token: ${{ steps.generate_token.outputs.token }}
# For other repositories, the entire step below should be copied and edited to make new steps.
- name: Check existence of image-workflows
uses: ./.github/my_actions/check_existence/ # Must start with ./
id: ce_image-workflows
with:
repository: image-workflows
sender_repo_owner: ${{ github.event.client_payload.owner }}
sender_repo_ref: ${{ github.event.client_payload.ref_name }}
default_owner: PolusAI
default_branch: main
access_token: ${{ steps.generate_token.outputs.token }}
- name: Branch dispatch lint_and_test.yml
uses: ./.github/my_actions/branch_dispatch/ # Must start with ./
id: bd_lint_and_test
with:
repository: workflow-inference-compiler
workflow_yml: lint_and_test.yml
sender_repo: ${{ github.event.client_payload.repository }}
sender_repo_owner: ${{ github.event.client_payload.owner }}
dispatch_ref: ${{ steps.ce_wic_dispatch.outputs.ref }}
wic_owner: ${{ steps.ce_wic.outputs.owner }}
wic_ref: ${{ steps.ce_wic.outputs.ref }}
event_type: ${{ github.event_name }}
commit_message: ${{ github.event.client_payload.commit_message }}
mm_workflows_owner: ${{ steps.ce_mm-workflows.outputs.owner }}
mm_workflows_ref: ${{ steps.ce_mm-workflows.outputs.ref }}
image_workflows_owner: ${{ steps.ce_image-workflows.outputs.owner }}
image_workflows_ref: ${{ steps.ce_image-workflows.outputs.ref }}
access_token: ${{ steps.generate_token.outputs.token }}
- name: Branch dispatch run_workflows.yml
uses: ./.github/my_actions/branch_dispatch/ # Must start with ./
id: bd_run_workflows
with:
repository: workflow-inference-compiler
workflow_yml: run_workflows.yml
sender_repo: ${{ github.event.client_payload.repository }}
sender_repo_owner: ${{ github.event.client_payload.owner }}
dispatch_ref: ${{ steps.ce_wic_dispatch.outputs.ref }}
wic_owner: ${{ steps.ce_wic.outputs.owner }}
wic_ref: ${{ steps.ce_wic.outputs.ref }}
event_type: ${{ github.event_name }}
commit_message: ${{ github.event.client_payload.commit_message }}
mm_workflows_owner: ${{ steps.ce_mm-workflows.outputs.owner }}
mm_workflows_ref: ${{ steps.ce_mm-workflows.outputs.ref }}
image_workflows_owner: ${{ steps.ce_image-workflows.outputs.owner }}
image_workflows_ref: ${{ steps.ce_image-workflows.outputs.ref }}
access_token: ${{ steps.generate_token.outputs.token }}