Skip to content

Update directly executed scripts inside workflows #1107

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 26, 2023
Merged

Update directly executed scripts inside workflows #1107

merged 2 commits into from
Apr 26, 2023
+9 −9

Conversation

thepetk
Copy link
Contributor

@thepetk thepetk commented Apr 17, 2023
edited
Loading

What does this PR do?

It ensures that all script executions, inside .github/workflows are not directly executed and that the script file is passed to the appropriate shell defined by the scripts shebang. For example. in the case of a bash script ./build.sh would become bash ./build.sh.

Which issue(s) does this PR fix

fixes #973

PR acceptance criteria

Testing and documentation do not need to be complete in order for this PR to be approved. We just need to ensure tracking issues are opened.

  • Open new test/doc issues under the devfile/api repo
  • Check each criteria if:
  • There is a separate tracking issue. Add the issue link under the criteria
    or
  • test/doc updates are made as part of this PR
  • If unchecked, explain why it's not needed

How to test changes / Special notes to the reviewer

Sorry, something went wrong.

@thepetk
Update directly executed scripts on workflows

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode
cd2ef8a 
Signed-off-by: thepetk <[email protected]>
@thepetk thepetk requested a review from michael-valdron April 17, 2023 15:52
@thepetk thepetk self-assigned this Apr 17, 2023
@thepetk thepetk mentioned this pull request Apr 17, 2023
Closed
@codecov
Copy link

codecov bot commented Apr 17, 2023
edited
Loading

Codecov Report

Patch and project coverage have no change.

Comparison is base (a6c32fc) 35.79% compared to head (1d99754) 35.79%.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1107   +/-   ##
=======================================
  Coverage   35.79%   35.79%           
=======================================
  Files          52       52           
  Lines        6679     6679           
=======================================
  Hits         2391     2391           
  Misses       4144     4144           
  Partials      144      144

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

michael-valdron
michael-valdron requested changes Apr 18, 2023
View reviewed changes
Copy link
Member

@michael-valdron michael-valdron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Your changes looks good, just found these two lines missed:

Sorry, something went wrong.

amisevsk
amisevsk reviewed Apr 18, 2023
View reviewed changes
Copy link
Contributor

@amisevsk amisevsk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO file permissions are a part of the repo and should be maintained in PRs (this allows e.g. someone committing a non-executable ./docker-run.sh, which isn't ideal) but I won't block merge.

@thepetk
Copy link
Contributor Author

thepetk commented Apr 18, 2023

Your changes looks good, just found these two lines missed:

@michael-valdron maybe my bad I've checked only the .github/workflows/ dir. I'll go through once more.

Sorry, something went wrong.

@thepetk thepetk requested a review from michael-valdron April 18, 2023 16:20
michael-valdron
michael-valdron approved these changes Apr 21, 2023
View reviewed changes
Copy link
Member

@michael-valdron michael-valdron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Apr 21, 2023
@openshift-ci
Copy link

openshift-ci bot commented Apr 21, 2023

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: michael-valdron, thepetk

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@michael-valdron
Copy link
Member

IMO file permissions are a part of the repo and should be maintained in PRs (this allows e.g. someone committing a non-executable ./docker-run.sh, which isn't ideal) but I won't block merge.

@amisevsk I agree that we should be maintaining our UNIX permissions. There is however an issue with the reliability of the Windows filesystem and results in core.filemode setting for git being set to false. This sometimes results in the removal of the UNIX execution permission during commits in Windows. Another discussion about this be found here: https://stackoverflow.com/questions/68281828/how-can-i-keep-the-execution-permissions-when-cloning-a-repository-in-windows

The changes here are to allow required scripts for the CI to execute without having the UNIX execution permission set so that PRs from Windows contributors no longer have unintended permissions changes. This comes with an additional good and bad side, the good is that the permissions are being reduced so there is no security concerns here, the bad is that UNIX-based users will have a slight inconvenience of executing these scripts like build.sh using bash ./build.sh instead of ./build.sh.

In addition to the current changes, we are planning to:

  1. Update any permissions that are 755 to 644 and maintain these permissions in all PRs
  2. Update the documentation to instruct how these script should be run with the bash command
    • Additionally, any existing instructions will be updated to reflect this

@thepetk thepetk merged commit 35306e9 into devfile:main Apr 26, 2023
yangcao77 added a commit that referenced this pull request Oct 11, 2023
@yangcao77 @kim-tsao
@schultzp2020 @michael-valdron @johnmcollier @feloy @thepetk
2.2.1 release (#1287)
1ae41b5 
* 2.2.0 release cut

Signed-off-by: Stephanie <[email protected]>

* enable gosec (#969)

* enable gosec

Signed-off-by: Kim Tsao <[email protected]>

* Fix G601 errors

Signed-off-by: Kim Tsao <[email protected]>

* Fix warnings

Signed-off-by: Kim Tsao <[email protected]>

* Add newline

Signed-off-by: Kim Tsao <[email protected]>

Signed-off-by: Kim Tsao <[email protected]>

* Update the devfile spec to 2.2.1 alpha (#980)

Signed-off-by: Paul Schultz <[email protected]>

* Bump kubernetes-client/gen revision to fix git dubious ownership error (#1045)

* bump kubernetes-client/gen revision to fix git dubious ownership error

Signed-off-by: Michael Valdron <[email protected]>

* whitespace changes.

Signed-off-by: Michael Valdron <[email protected]>

* set openapi generator ref to version which supports typescript generation.

Signed-off-by: Michael Valdron <[email protected]>

---------

Signed-off-by: Michael Valdron <[email protected]>

* Fix Dependabot issues (#1047)

* fix dependabot issues, requires a bump in k8s versions

Signed-off-by: Kim Tsao <[email protected]>

* re-generated devworkspace files

Signed-off-by: Kim Tsao <[email protected]>

* Vendor updates

Signed-off-by: Kim Tsao <[email protected]>

---------

Signed-off-by: Kim Tsao <[email protected]>

* fix gosec v2.14.0 (#1034)

Signed-off-by: Michael Valdron <[email protected]>

* Update python runtime version for `release-typescript-models` job (#1051)

* bump python runtime version for 'release-typescript-models' job.

Signed-off-by: Michael Valdron <[email protected]>

* bump setup-python action to v4 for 'release-typescript-models' job.

Signed-off-by: Michael Valdron <[email protected]>

---------

Signed-off-by: Michael Valdron <[email protected]>

* Add workflow for managing stale issues & PRs (#1055)

Adds a GitHub workflow for managing stale & rotten issues and PRs. 

Issues & PRs are marked stale after 90 days of inactivity. After 60 further days, they are marked as rotten and closed.

* Clarify hotReloadCapable field (#1091)

* Clarify hotReloadCapable field

Signed-off-by: Philippe Martin <[email protected]>

* Auto-generated

Signed-off-by: Philippe Martin <[email protected]>

* Specify isDefault

Signed-off-by: Philippe Martin <[email protected]>

* Clarify description

Signed-off-by: Philippe Martin <[email protected]>

---------

Signed-off-by: Philippe Martin <[email protected]>

* update kubernetes/openshift endpoint validation (#1098)

* update endpoint validation

Signed-off-by: Stephanie <[email protected]>

* update unit test

Signed-off-by: Stephanie <[email protected]>

* update the test error check to be more clear

Signed-off-by: Stephanie <[email protected]>

* add unit test for two kube components

Signed-off-by: Stephanie <[email protected]>

---------

Signed-off-by: Stephanie <[email protected]>

* Update release doc (#1110)

Signed-off-by: Kim Tsao <[email protected]>

* Update directly executed scripts inside workflows (#1107)

* Update directly executed scripts on workflows

Signed-off-by: thepetk <[email protected]>

* Update directly executed scripts on bash scripts

Signed-off-by: thepetk <[email protected]>

---------

Signed-off-by: thepetk <[email protected]>

* Add area alizer label to all issue templates (#1149)

Signed-off-by: thepetk <[email protected]>

* Update deprecated github actions to latest version (#1231)

* Update deprecated github actions

Signed-off-by: thepetk <[email protected]>

* Remove jsonschema dep from validate samples

Signed-off-by: thepetk <[email protected]>

---------

Signed-off-by: thepetk <[email protected]>

* Add license header file and script (#1256)

* add license header file

Signed-off-by: Michael Valdron <[email protected]>

* addlicense script

Signed-off-by: Michael Valdron <[email protected]>

* update README with instructions on adding license headers

Signed-off-by: Michael Valdron <[email protected]>

* update license headers under source files

Signed-off-by: Michael Valdron <[email protected]>

* remove license header from generated source

Signed-off-by: Michael Valdron <[email protected]>

* add_license.sh ignores zz_generated.* source files

Signed-off-by: Michael Valdron <[email protected]>

* check license headers script added

Signed-off-by: Michael Valdron <[email protected]>

* check license headers script added to CI workflow

Signed-off-by: Michael Valdron <[email protected]>

---------

Signed-off-by: Michael Valdron <[email protected]>

* add signoff

Signed-off-by: Stephanie <[email protected]>

---------

Signed-off-by: Stephanie <[email protected]>
Signed-off-by: Kim Tsao <[email protected]>
Signed-off-by: Paul Schultz <[email protected]>
Signed-off-by: Michael Valdron <[email protected]>
Signed-off-by: Philippe Martin <[email protected]>
Signed-off-by: thepetk <[email protected]>
Co-authored-by: Kim Tsao <[email protected]>
Co-authored-by: Paul Schultz <[email protected]>
Co-authored-by: Michael Valdron <[email protected]>
Co-authored-by: Michael Valdron <[email protected]>
Co-authored-by: John Collier <[email protected]>
Co-authored-by: Philippe Martin <[email protected]>
Co-authored-by: Theofanis Petkos <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@amisevsk amisevsk

@michael-valdron michael-valdron

@yangcao77 yangcao77

@johnmcollier johnmcollier

Assignees

@thepetk thepetk

@michael-valdron michael-valdron

Labels
lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

UNIX permissions causing unwanted failures
3 participants
@thepetk @michael-valdron @amisevsk