yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-11-14 18:03:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add permissions and approval flow (#8625)

Browse Source
This commit is contained in:
Pere Miquel Brull 2022-11-10 09:03:08 +01:00 committed by GitHub
parent 5d4f4a819f
commit 8a73d7e855
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 76 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.github/workflows/airflow-apis-tests-3_9.yml vendored
View File

@ -23,6 +23,9 @@ on:
paths: paths:
- 'openmetadata-airflow-apis/**' - 'openmetadata-airflow-apis/**'
permissions:
contents: read
concurrency: concurrency:
group: airflow-apis-tests-${{ github.head_ref || github.run_id }} group: airflow-apis-tests-${{ github.head_ref || github.run_id }}
cancel-in-progress: true cancel-in-progress: true
@ -30,6 +33,13 @@ jobs:
airflow-apis-tests: airflow-apis-tests:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Wait for approval
uses: lewagon/wait-on-check-action@v1.2.0
with:
ref: ${{ github.ref }}
check-name: 'approval'
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Checkout - name: Checkout
uses: actions/checkout@v2 uses: actions/checkout@v2
with: with:

10
.github/workflows/cypress-integration-tests-mysql.yml vendored
View File

@ -26,6 +26,9 @@ on:
paths-ignore: paths-ignore:
- 'openmetadata-docs/**' - 'openmetadata-docs/**'
permissions:
contents: read
concurrency: concurrency:
group: cypress-integration-tests-mysql-${{ github.head_ref || github.run_id }} group: cypress-integration-tests-mysql-${{ github.head_ref || github.run_id }}
cancel-in-progress: true cancel-in-progress: true
@ -38,6 +41,13 @@ jobs:
job: [0, 1] job: [0, 1]
environment: cypress environment: cypress
steps: steps:
- name: Wait for approval
uses: lewagon/wait-on-check-action@v1.2.0
with:
ref: ${{ github.ref }}
check-name: 'approval'
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Checkout - name: Checkout
uses: actions/checkout@v2 uses: actions/checkout@v2
with: with:

10
.github/workflows/cypress-integration-tests-postgresql.yml vendored
View File

@ -26,6 +26,9 @@ on:
paths-ignore: paths-ignore:
- 'openmetadata-docs/**' - 'openmetadata-docs/**'
permissions:
contents: read
concurrency: concurrency:
group: cypress-integration-tests-postgresql-${{ github.head_ref || github.run_id }} group: cypress-integration-tests-postgresql-${{ github.head_ref || github.run_id }}
cancel-in-progress: true cancel-in-progress: true
@ -38,6 +41,13 @@ jobs:
job: [0, 1] job: [0, 1]
environment: cypress environment: cypress
steps: steps:
- name: Wait for approval
uses: lewagon/wait-on-check-action@v1.2.0
with:
ref: ${{ github.ref }}
check-name: 'approval'
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Checkout - name: Checkout
uses: actions/checkout@v2 uses: actions/checkout@v2
with: with:

8
.github/workflows/docs-tests.yml vendored
View File

@ -18,11 +18,14 @@ on:
- '0.[0-9]+.[0-9]+' - '0.[0-9]+.[0-9]+'
paths: paths:
- 'openmetadata-docs/**' - 'openmetadata-docs/**'
pull_request_target: pull_request:
types: [labeled, opened, synchronize, reopened] types: [labeled, opened, synchronize, reopened]
paths: paths:
- 'openmetadata-docs/**' - 'openmetadata-docs/**'
permissions:
contents: read
concurrency: concurrency:
group: docs-tests-${{ github.head_ref || github.run_id }} group: docs-tests-${{ github.head_ref || github.run_id }}
cancel-in-progress: true cancel-in-progress: true
@ -32,9 +35,6 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v2 uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0
- name: Run Docs export - name: Run Docs export
run: make docker-docs-validate run: make docker-docs-validate

10
.github/workflows/maven-build.yml vendored
View File

@ -27,6 +27,9 @@ on:
- "openmetadata-service/**" - "openmetadata-service/**"
- "openmetadata-ui/**" - "openmetadata-ui/**"
permissions:
contents: read
concurrency: concurrency:
group: maven-build-${{ github.head_ref || github.run_id }} group: maven-build-${{ github.head_ref || github.run_id }}
cancel-in-progress: true cancel-in-progress: true
@ -42,6 +45,13 @@ jobs:
- 16.x - 16.x
steps: steps:
- name: Wait for approval
uses: lewagon/wait-on-check-action@v1.2.0
with:
ref: ${{ github.ref }}
check-name: 'approval'
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: install libssl - name: install libssl
run: | run: |
sudo su -c "echo 'deb http://security.ubuntu.com/ubuntu xenial-security main' >> /etc/apt/sources.list" sudo su -c "echo 'deb http://security.ubuntu.com/ubuntu xenial-security main' >> /etc/apt/sources.list"

45
.github/workflows/openmetadata-ingestion-core-version-comment.yml vendored
View File

@ -1,45 +0,0 @@
# Copyright 2021 Collate
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: OpenMetadata Ingestion Core Version Check Comment
# read-write repo token
# access to secrets
on:
pull_request_target:
branches:
- main
- '0.[0-9]+.[0-9]+'
types: [ opened ]
paths:
- 'openmetadata-service/src/main/resources/json/schema/**'
concurrency:
group: openmetadata-ingestion-core-version-comment-${{ github.head_ref }}
cancel-in-progress: true
jobs:
py-ingestion-core-comment:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Create a comment in the PR with the instructions
uses: peter-evans/create-or-update-comment@v1
with:
issue-number: ${{ github.event.pull_request.number }}
body: |
**Schema Change Detected. Needs ingestion-core version bump**
Please run `make core_bump_version_dev` in the project's root and commit the changes to _version.py in this PR. Please ignore if this has been handled already.

5
.github/workflows/py-checkstyle.yml vendored
View File

@ -19,6 +19,9 @@ on:
- main - main
- '0.[0-9]+.[0-9]+' - '0.[0-9]+.[0-9]+'
permissions:
contents: read
concurrency: concurrency:
group: py-checkstyle-${{ github.head_ref }} group: py-checkstyle-${{ github.head_ref }}
cancel-in-progress: true cancel-in-progress: true
@ -26,6 +29,8 @@ concurrency:
jobs: jobs:
py-checkstyle: py-checkstyle:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
pull-requests: write
steps: steps:
- name: Checkout - name: Checkout

3
.github/workflows/py-generate.yml vendored
View File

@ -19,6 +19,9 @@ on:
paths: paths:
- 'openmetadata-service/src/main/resources/json/**' - 'openmetadata-service/src/main/resources/json/**'
permissions:
contents: read
concurrency: concurrency:
group: py-generate-${{ github.head_ref }} group: py-generate-${{ github.head_ref }}
cancel-in-progress: true cancel-in-progress: true

10
.github/workflows/py-tests.yml vendored
View File

@ -26,6 +26,9 @@ on:
- ingestion/** - ingestion/**
- openmetadata-service/** - openmetadata-service/**
permissions:
contents: read
jobs: jobs:
py-run-tests: py-run-tests:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -33,6 +36,13 @@ jobs:
matrix: matrix:
py-version: ['3.7', '3.8', '3.9'] py-version: ['3.7', '3.8', '3.9']
steps: steps:
- name: Wait for approval
uses: lewagon/wait-on-check-action@v1.2.0
with:
ref: ${{ github.ref }}
check-name: 'approval'
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Checkout - name: Checkout
uses: actions/checkout@v2 uses: actions/checkout@v2
with: with:

3
.github/workflows/selenium-noIngestion-tests.yml vendored
View File

@ -30,6 +30,9 @@ on:
- 'openmetadata-ui/src/main/resources/ui/**' - 'openmetadata-ui/src/main/resources/ui/**'
- 'openmetadata-ui/src/test/java/org/openmetadata/catalog/selenium/pagesWithoutData/**' - 'openmetadata-ui/src/test/java/org/openmetadata/catalog/selenium/pagesWithoutData/**'
permissions:
contents: read
concurrency: concurrency:
group: selenium-noIngestion-tests-${{ github.head_ref || github.run_id }} group: selenium-noIngestion-tests-${{ github.head_ref || github.run_id }}
cancel-in-progress: true cancel-in-progress: true

11
.github/workflows/yarn-coverage.yml vendored
View File

@ -13,6 +13,10 @@ on:
types: [opened, synchronize, reopened] types: [opened, synchronize, reopened]
paths: paths:
- openmetadata-ui/src/main/resources/ui/** - openmetadata-ui/src/main/resources/ui/**
permissions:
contents: read
env: env:
UI_WORKING_DIRECTORY: openmetadata-ui/src/main/resources/ui UI_WORKING_DIRECTORY: openmetadata-ui/src/main/resources/ui
concurrency: concurrency:
@ -25,6 +29,13 @@ jobs:
node-version: [16.x] node-version: [16.x]
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Wait for approval
uses: lewagon/wait-on-check-action@v1.2.0
with:
ref: ${{ github.ref }}
check-name: 'approval'
repo-token: ${{ secrets.GITHUB_TOKEN }}
- uses: actions/checkout@v2 - uses: actions/checkout@v2
with: with:
ref: ${{ github.event.pull_request.head.sha }} ref: ${{ github.event.pull_request.head.sha }}