admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity

workflows/vendor-gem: remove use of pull_request target.

Browse Source 
Maintainers no longer need this run on their forks and maintainers can
manually run this from `workflow_dispatch` after reviewing the changes
if needed.
This commit is contained in:
Mike McQuaid 2024-07-14 10:38:31 -04:00
parent 7193dc0944
commit 652eafc966
No known key found for this signature in database
1 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
.github/workflows/vendor-gems.yml vendored
View File

@ -10,7 +10,6 @@ on:
- .github/workflows/vendor-gems.yml - .github/workflows/vendor-gems.yml
branches-ignore: branches-ignore:
- master - master
pull_request_target:
workflow_dispatch: workflow_dispatch:
inputs: inputs:
pull_request: pull_request:
@ -43,20 +42,20 @@ jobs:
test-bot: false test-bot: false
- name: Configure Git user - name: Configure Git user
if: github.event_name == 'pull_request_target' || github.event_name == 'workflow_dispatch' if: github.event_name == 'workflow_dispatch'
uses: Homebrew/actions/git-user-config@master uses: Homebrew/actions/git-user-config@master
with: with:
username: BrewTestBot username: BrewTestBot
- name: Set up commit signing - name: Set up commit signing
if: github.event_name == 'pull_request_target' || github.event_name == 'workflow_dispatch' if: github.event_name == 'workflow_dispatch'
uses: Homebrew/actions/setup-commit-signing@master uses: Homebrew/actions/setup-commit-signing@master
with: with:
signing_key: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY }} signing_key: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY }}
- name: Check out pull request - name: Check out pull request
id: checkout id: checkout
if: github.event_name == 'pull_request_target' || github.event_name == 'workflow_dispatch' if: github.event_name == 'workflow_dispatch'
run: | run: |
gh pr checkout "${PR}" gh pr checkout "${PR}"
@ -74,7 +73,7 @@ jobs:
env: env:
HOMEBREW_GPG_PASSPHRASE: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY_PASSPHRASE }} HOMEBREW_GPG_PASSPHRASE: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY_PASSPHRASE }}
run: | run: |
if [[ "${GITHUB_EVENT_NAME}" == "pull_request_target" || "${GITHUB_EVENT_NAME}" == "workflow_dispatch" ]] if [[ "${GITHUB_EVENT_NAME}" == "workflow_dispatch" ]]
then then
brew vendor-gems --non-bundler-gems brew vendor-gems --non-bundler-gems
else else
@ -85,7 +84,7 @@ jobs:
run: brew typecheck --update run: brew typecheck --update
- name: Commit RBI changes - name: Commit RBI changes
if: github.event_name == 'pull_request_target' || github.event_name == 'workflow_dispatch' if: github.event_name == 'workflow_dispatch'
env: env:
GEM_NAME: ${{ steps.checkout.outputs.gem_name }} GEM_NAME: ${{ steps.checkout.outputs.gem_name }}
HOMEBREW_GPG_PASSPHRASE: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY_PASSPHRASE }} HOMEBREW_GPG_PASSPHRASE: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY_PASSPHRASE }}
@ -101,13 +100,13 @@ jobs:
- name: Generate push token - name: Generate push token
uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1 uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1
id: app-token id: app-token
if: github.event_name == 'pull_request_target' || github.event_name == 'workflow_dispatch' if: github.event_name == 'workflow_dispatch'
with: with:
app-id: ${{ vars.BREW_COMMIT_APP_ID }} app-id: ${{ vars.BREW_COMMIT_APP_ID }}
private-key: ${{ secrets.BREW_COMMIT_APP_KEY }} private-key: ${{ secrets.BREW_COMMIT_APP_KEY }}
- name: Push to pull request - name: Push to pull request
if: github.event_name == 'pull_request_target' || github.event_name == 'workflow_dispatch' if: github.event_name == 'workflow_dispatch'
uses: Homebrew/actions/git-try-push@master uses: Homebrew/actions/git-try-push@master
with: with:
token: ${{ steps.app-token.outputs.token }} token: ${{ steps.app-token.outputs.token }}