From 8dbcabe5d4e7cf7e7abd7ec765a2fe683a1b3bc8 Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Wed, 13 Jul 2022 09:47:33 -0700 Subject: [PATCH 1/8] Let createNewVersion be called by any mobile deployer --- .github/workflows/createNewVersion.yml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/.github/workflows/createNewVersion.yml b/.github/workflows/createNewVersion.yml index 2fa033dedd30..8506e1e05963 100644 --- a/.github/workflows/createNewVersion.yml +++ b/.github/workflows/createNewVersion.yml @@ -26,8 +26,21 @@ on: required: true jobs: + validateActor: + runs-on: ubuntu-latest + outputs: + IS_DEPLOYER: ${{ fromJSON(steps.isUserDeployer.outputs.isTeamMember) || github.actor == 'OSBotify' }} + steps: + - id: isUserDeployer + uses: tspascoal/get-user-teams-membership@baf2e6adf4c3b897bd65a7e3184305c165aec872 + with: + GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} + username: ${{ github.actor }} + team: mobile-deployers + createNewVersion: - if: github.actor == 'OSBotify' + needs: validateActor + if: ${{ fromJSON(needs.validateActor.outputs.IS_DEPLOYER) }} runs-on: macos-latest outputs: From 98ca22858af12ac5fbb7dd9c36e74157583d0c4b Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Wed, 13 Jul 2022 09:51:19 -0700 Subject: [PATCH 2/8] Lift restriction completely --- .github/workflows/createNewVersion.yml | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/.github/workflows/createNewVersion.yml b/.github/workflows/createNewVersion.yml index 8506e1e05963..136e8495a006 100644 --- a/.github/workflows/createNewVersion.yml +++ b/.github/workflows/createNewVersion.yml @@ -26,21 +26,7 @@ on: required: true jobs: - validateActor: - runs-on: ubuntu-latest - outputs: - IS_DEPLOYER: ${{ fromJSON(steps.isUserDeployer.outputs.isTeamMember) || github.actor == 'OSBotify' }} - steps: - - id: isUserDeployer - uses: tspascoal/get-user-teams-membership@baf2e6adf4c3b897bd65a7e3184305c165aec872 - with: - GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} - username: ${{ github.actor }} - team: mobile-deployers - createNewVersion: - needs: validateActor - if: ${{ fromJSON(needs.validateActor.outputs.IS_DEPLOYER) }} runs-on: macos-latest outputs: From e994087c9dcc8540fa4ba08c6ba164eb16f1451a Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Wed, 13 Jul 2022 10:04:52 -0700 Subject: [PATCH 3/8] Validate write access --- .github/workflows/createNewVersion.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/createNewVersion.yml b/.github/workflows/createNewVersion.yml index 136e8495a006..7959b4056b15 100644 --- a/.github/workflows/createNewVersion.yml +++ b/.github/workflows/createNewVersion.yml @@ -26,8 +26,19 @@ on: required: true jobs: + validateActor: + runs-on: ubuntu-latest + outputs: + HAS_WRITE_ACCESS: ${{ contains(fromJSON(["write", "admin"]), steps.getUserPermissions.outputs.PERMISSION) }} + steps: + - name: Get user permissions + id: getUserPermissions + run: echo "::set-output name=PERMISSION::$(gh api /repos/Expensify/App/collaborators/roryabraham/permission | jq -r '.permission')" + createNewVersion: runs-on: macos-latest + needs: validateActor + if: ${{ fromJSON(needs.validateActor.outputs.HAS_WRITE_ACCESS) }} outputs: NEW_VERSION: ${{ steps.bumpVersion.outputs.NEW_VERSION }} From 0d676c5722e583b9a102e08fda9c5d7d07e8e9ec Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Wed, 13 Jul 2022 10:08:03 -0700 Subject: [PATCH 4/8] Add GITHUB_TOKEN env var --- .github/workflows/createNewVersion.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/createNewVersion.yml b/.github/workflows/createNewVersion.yml index 7959b4056b15..7cad018fd094 100644 --- a/.github/workflows/createNewVersion.yml +++ b/.github/workflows/createNewVersion.yml @@ -34,6 +34,8 @@ jobs: - name: Get user permissions id: getUserPermissions run: echo "::set-output name=PERMISSION::$(gh api /repos/Expensify/App/collaborators/roryabraham/permission | jq -r '.permission')" + env: + GITHUB_TOKEN: ${{ github.token }} createNewVersion: runs-on: macos-latest From fe15d00bc9a94aa84ad8c2df4aab0cffee128f38 Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Wed, 13 Jul 2022 10:28:05 -0700 Subject: [PATCH 5/8] Use OS_BOTIFY_TOKEN --- .github/workflows/createNewVersion.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/createNewVersion.yml b/.github/workflows/createNewVersion.yml index 7cad018fd094..2efb5fba7a2e 100644 --- a/.github/workflows/createNewVersion.yml +++ b/.github/workflows/createNewVersion.yml @@ -35,7 +35,7 @@ jobs: id: getUserPermissions run: echo "::set-output name=PERMISSION::$(gh api /repos/Expensify/App/collaborators/roryabraham/permission | jq -r '.permission')" env: - GITHUB_TOKEN: ${{ github.token }} + GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} createNewVersion: runs-on: macos-latest From 8db0dd066ff12c158203a21cb661d440875ce715 Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Wed, 13 Jul 2022 10:29:31 -0700 Subject: [PATCH 6/8] Wrap json with single quotes --- .github/workflows/createNewVersion.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/createNewVersion.yml b/.github/workflows/createNewVersion.yml index 2efb5fba7a2e..5fb5721ee8a7 100644 --- a/.github/workflows/createNewVersion.yml +++ b/.github/workflows/createNewVersion.yml @@ -29,7 +29,7 @@ jobs: validateActor: runs-on: ubuntu-latest outputs: - HAS_WRITE_ACCESS: ${{ contains(fromJSON(["write", "admin"]), steps.getUserPermissions.outputs.PERMISSION) }} + HAS_WRITE_ACCESS: ${{ contains(fromJSON('["write", "admin"]'), steps.getUserPermissions.outputs.PERMISSION) }} steps: - name: Get user permissions id: getUserPermissions From b32d72aaeea39d7ec36e1ee9b7aad2560712c9e4 Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Wed, 13 Jul 2022 10:34:27 -0700 Subject: [PATCH 7/8] Use github.actor instead of hardcoded user --- .github/workflows/createNewVersion.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/createNewVersion.yml b/.github/workflows/createNewVersion.yml index 5fb5721ee8a7..653e44a56319 100644 --- a/.github/workflows/createNewVersion.yml +++ b/.github/workflows/createNewVersion.yml @@ -33,7 +33,7 @@ jobs: steps: - name: Get user permissions id: getUserPermissions - run: echo "::set-output name=PERMISSION::$(gh api /repos/Expensify/App/collaborators/roryabraham/permission | jq -r '.permission')" + run: echo "::set-output name=PERMISSION::$(gh api /repos/Expensify/App/collaborators/${{ github.actor }}/permission | jq -r '.permission')" env: GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} From 51d68a178b9778651216d2b491ffede8b44e7435 Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Wed, 13 Jul 2022 10:38:03 -0700 Subject: [PATCH 8/8] Use repo slug from github context --- .github/workflows/createNewVersion.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/createNewVersion.yml b/.github/workflows/createNewVersion.yml index 653e44a56319..5a804c75da3f 100644 --- a/.github/workflows/createNewVersion.yml +++ b/.github/workflows/createNewVersion.yml @@ -33,7 +33,7 @@ jobs: steps: - name: Get user permissions id: getUserPermissions - run: echo "::set-output name=PERMISSION::$(gh api /repos/Expensify/App/collaborators/${{ github.actor }}/permission | jq -r '.permission')" + run: echo "::set-output name=PERMISSION::$(gh api /repos/${{ github.repository }}/collaborators/${{ github.actor }}/permission | jq -r '.permission')" env: GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}