zecfoundation
/
zebra
mirror of https://github.com/ZcashFoundation/zebra.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

refactor(ci): do not run workflows tied to `ZcashFoundation` infra in forks (#9257) 

* Fix GitHub workflows

There are two workflows that have bugs in them:
- cd-deploy-nodes-gcp is missing a job name, which is then depended-on
  later
- sub-ci-integration-tests-gcp changed the name of a job without
  changing its dependents

* Stop certain CI jobs from running on forks

There are various GitHub CI jobs that won’t work on forks. E.g., some
need credentials for ZF’s DockerHub or GCP accounts.

Unfortunately, you can’t prevent entire workflows from running this way,
but this disables a minimal number of jobs to keep forks from failing
whenever `main` is pushed to.
This commit is contained in:
Greg Pfeil 2025-02-18 04:21:49 -07:00 committed by GitHub
parent 9591c003ee
commit 5953f8a2c7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 16 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.github/workflows/cd-deploy-nodes-gcp.yml vendored
View File

@ -227,12 +227,9 @@ jobs:
# - on every push to the `main` branch
# - on every release, when it's published
# - on workflow_dispatch for manual deployments
# Determine which networks to deploy based on the trigger
:
set-matrix:
runs-on: ubuntu-latest
outputs:
networks: ${{ steps.set-networks.outputs.matrix }}
@ -268,7 +265,7 @@ jobs:
permissions:
contents: "read"
id-token: "write"
if: ${{ !cancelled() && !failure() && ((github.event_name == 'push' && github.ref_name == 'main') || github.event_name == 'release' || github.event_name == 'workflow_dispatch') }}
if: ${{ !cancelled() && !failure() && github.repository_owner == 'ZcashFoundation' && ((github.event_name == 'push' && github.ref_name == 'main') || github.event_name == 'release' || github.event_name == 'workflow_dispatch') }}
steps:
- uses: actions/checkout@v4.2.2

2
.github/workflows/chore-delete-gcp-resources.yml vendored
View File

@ -34,6 +34,7 @@ env:
jobs:
delete-resources:
name: Delete old GCP resources
if: github.repository_owner == 'ZcashFoundation'
runs-on: ubuntu-latest
permissions:
contents: 'read'
@ -105,6 +106,7 @@ jobs:
# The same artifacts are used for both mainnet and testnet.
clean-registries:
name: Delete unused artifacts in registry
if: github.repository_owner == 'ZcashFoundation''
runs-on: ubuntu-latest
permissions:
contents: 'read'

2
.github/workflows/ci-unit-tests-os.yml vendored
View File

@ -309,7 +309,7 @@ jobs:
needs: [ test, install-from-lockfile-no-cache, check-cargo-lock, cargo-deny, unused-deps ]
# Only open tickets for failed or cancelled jobs that are not coming from PRs.
# (PR statuses are already reported in the PR jobs list, and checked by GitHub's Merge Queue.)
if: (failure() && github.event.pull_request == null) || (cancelled() && github.event.pull_request == null)
if: (failure() || cancelled()) && github.repository_owner == 'ZcashFoundation' && github.event.pull_request == null
runs-on: ubuntu-latest
steps:
- uses: jayqi/failed-build-issue-action@v1

6
.github/workflows/docs-deploy-firebase.yml vendored
View File

@ -105,6 +105,7 @@ jobs:
# Setup gcloud CLI
- name: Authenticate to Google Cloud
if: github.repository_owner == 'ZcashFoundation'
id: auth
uses: google-github-actions/auth@v2.1.8
with:
@ -114,11 +115,13 @@ jobs:
# TODO: remove this step after issue https://github.com/FirebaseExtended/action-hosting-deploy/issues/174 is fixed
- name: Add $GCP_FIREBASE_SA_PATH to env
if: github.repository_owner == 'ZcashFoundation'
run: |
# shellcheck disable=SC2002
echo "GCP_FIREBASE_SA_PATH=$(cat ${{ steps.auth.outputs.credentials_file_path }} | tr -d '\n')" >> "$GITHUB_ENV"
- name: Deploy Zebra book to firebase
if: github.repository_owner == 'ZcashFoundation'
uses: FirebaseExtended/action-hosting-deploy@v0.9.0
with:
firebaseServiceAccount: ${{ env.GCP_FIREBASE_SA_PATH }}
@ -163,6 +166,7 @@ jobs:
# Setup gcloud CLI
- name: Authenticate to Google Cloud
if: github.repository_owner == 'ZcashFoundation'
id: auth
uses: google-github-actions/auth@v2.1.8
with:
@ -171,11 +175,13 @@ jobs:
# TODO: remove this step after issue https://github.com/FirebaseExtended/action-hosting-deploy/issues/174 is fixed
- name: Add $GCP_FIREBASE_SA_PATH to env
if: github.repository_owner == 'ZcashFoundation'
run: |
# shellcheck disable=SC2002
echo "GCP_FIREBASE_SA_PATH=$(cat ${{ steps.auth.outputs.credentials_file_path }} | tr -d '\n')" >> "$GITHUB_ENV"
- name: Deploy internal docs to firebase
if: github.repository_owner == 'ZcashFoundation'
uses: FirebaseExtended/action-hosting-deploy@v0.9.0
with:
firebaseServiceAccount: ${{ env.GCP_FIREBASE_SA_PATH }}

1
.github/workflows/docs-dockerhub-description.yml vendored
View File

@ -15,6 +15,7 @@ on:
jobs:
dockerHubDescription:
if: github.repository_owner == 'ZcashFoundation'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4.2.2

3
.github/workflows/sub-build-docker-image.yml vendored
View File

@ -61,6 +61,7 @@ env:
jobs:
build:
name: Build images
if: github.repository_owner == 'ZcashFoundation'
timeout-minutes: 210
runs-on: ubuntu-latest
environment: ${{ github.event_name == 'release' && 'prod' || 'dev' }}
@ -111,7 +112,7 @@ jobs:
# DockerHub release and CI tags.
# This tag makes sure tests are using exactly the right image, even when multiple PRs run at the same time.
type=sha,event=push
# These CI-only tags support CI on PRs, the main branch, and scheduled full syncs.
# These CI-only tags support CI on PRs, the main branch, and scheduled full syncs.
# These tags do not appear on DockerHub, because DockerHub images are only published on the release event.
type=ref,event=pr
type=ref,event=branch

2
.github/workflows/sub-ci-integration-tests-gcp.yml vendored
View File

@ -523,7 +523,7 @@ jobs:
lightwalletd-grpc-test,
get-block-template-test,
submit-block-test,
scan-task-commands-test,
test-scanner,
]
# Only open tickets for failed scheduled jobs, manual workflow runs, or `main` branch merges.
# (PR statuses are already reported in the PR jobs list, and checked by GitHub's Merge Queue.)