From 0c7338d86bff56731473606cc7b7564517e64c4d Mon Sep 17 00:00:00 2001 From: Jie Chen Date: Mon, 17 Feb 2025 21:47:29 -0800 Subject: [PATCH 1/4] Change trigger event to pr target Signed-off-by: Jie Chen --- .github/workflows/ci.yml | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index abd0b23cc6..959a7a6a91 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,7 +1,8 @@ name: CI +permissions: read-all on: - - push - - pull_request + pull_request_target: + branches: ["jiechen3/github_runner"] env: GO_BUILD_CMD: 'go build "-ldflags=-s -w" -trimpath' @@ -19,8 +20,25 @@ env: LINUX_BOOT_FILES_PATH: ${{ github.workspace }}/LinuxBootFiles jobs: + check-access: + runs-on: + - ubuntu-latest + steps: + - name: Check access + run: | + if [[ "${{ github.event.pull_request.author_association }}" != "COLLABORATOR" && \ + "${{ github.event.pull_request.author_association }}" != "CONTRIBUTOR" && \ + "${{ github.event.pull_request.author_association }}" != "OWNER" ]]; then + echo "Author association: ${{ github.event.pull_request.author_association }}" + echo "Event not triggered by a collaborator/contributor/owner. Will not continue CI." + exit 1 + else + echo "Author is a collaborator/contributor/owner. Continuing CI." + fi + lint: runs-on: "windows-2022" + needs: [check-access] strategy: fail-fast: false matrix: @@ -57,6 +75,8 @@ jobs: protos: runs-on: "windows-2022" + needs: [check-access] + env: # translating from github.com/Microsoft/hcsshim/ (via `go list`) to is easier if hcsshim is in GOPATH/src GOPATH: '${{ github.workspace }}\go' @@ -118,6 +138,7 @@ jobs: working-directory: "${{ github.workspace }}/go/src/github.com/Microsoft/hcsshim" verify-vendor: + needs: [check-access] runs-on: "windows-2022" env: GOPROXY: "https://proxy.golang.org,direct" @@ -185,6 +206,7 @@ jobs: go-gen: name: Go Generate + needs: [check-access] runs-on: "windows-2022" steps: - name: Checkout @@ -242,6 +264,7 @@ jobs: # create the rootfs containing the local Linux-GCS. It needs to be run on # the 1ES github runner pool in order to access the Azure Artifact feed. create-linux-boot-files: + needs: [check-access] runs-on: - self-hosted - 1ES.Pool=containerplat-github-runner-pool-east-us-2 From 66dd6bcbf8b315f69e5a8c1e2338bb249288f529 Mon Sep 17 00:00:00 2001 From: Jie Chen Date: Mon, 17 Feb 2025 21:57:39 -0800 Subject: [PATCH 2/4] test if it stops CI --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 959a7a6a91..d43b71faae 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,9 +31,9 @@ jobs: "${{ github.event.pull_request.author_association }}" != "OWNER" ]]; then echo "Author association: ${{ github.event.pull_request.author_association }}" echo "Event not triggered by a collaborator/contributor/owner. Will not continue CI." - exit 1 else - echo "Author is a collaborator/contributor/owner. Continuing CI." + echo "Author is a ${{ github.event.pull_request.author_association }}. Continuing CI." + exit 1 fi lint: From 196cbb91f15be5e5f1ea45eaf6fe2c83c140c555 Mon Sep 17 00:00:00 2001 From: Jie Chen Date: Mon, 17 Feb 2025 21:53:00 -0800 Subject: [PATCH 3/4] test 1 --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d43b71faae..e7298679bb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,3 +1,4 @@ +# test 1 name: CI permissions: read-all on: From 0d1fcfa5a023a839827de54bcffb604ef6f93c16 Mon Sep 17 00:00:00 2001 From: Jie Chen Date: Mon, 17 Feb 2025 21:59:32 -0800 Subject: [PATCH 4/4] test 2 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e7298679bb..d53f928629 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,4 +1,4 @@ -# test 1 +# test 2 name: CI permissions: read-all on: