8000 Skip attach static libs if required secret is missing for external PRs by aaronbuchwald · Pull Request #908 · ava-labs/firewood · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Skip attach static libs if required secret is missing for external PRs #908

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 28, 2025
Merged

Skip attach static libs if required secret is missing for external PRs #908

merged 2 commits into from
May 28, 2025

Conversation

aaronbuchwald
Copy link
Collaborator
@aaronbuchwald aaronbuchwald commented May 27, 2025
edited
Loading

This PR fixes the attach static libraries workflow to ensure that it skips the first job (and subsequent jobs) that depend on the ability to push a firewood go library to an external repo if secrets are not available.

PRs made from external forks and via dependabot (special case where secrets are not made available) will fail on this workflow because it depends on GitHub secrets to push to a separate repo.

To handle this, we

  1. Add a step to the first job that checks if the required secret is available
  2. Push an output based on the result
  3. Skip the next job if the secret is not available (automatically skips subsequent jobs, which need push)

This fixes the issue for the following dependabot PRs:

Skipping runs from external forks is a common pattern as described here and we may even opt to run this job less frequently in the future, so disabling for all external forks seems like the best choice here (possible alternative would be to push an artifact including the source code and pull that instead of cloning the repo in order to run the same tests using the artifact instead of checking out a branch).

@aaronbuchwald aaronbuchwald self-assigned this May 27, 2025
@aaronbuchwald aaronbuchwald added the bug Something isn't working label May 27, 2025
@aaronbuchwald aaronbuchwald mentioned this pull request May 27, 2025
Closed
@aaronbuchwald
Copy link
Collaborator Author

This PR passes CI running the full workflow as expected: https://github.com/ava-labs/firewood/actions/runs/15277833414?pr=908

On an external fork, it's skipped correctly: https://github.com/ava-labs/firewood/actions/runs/15277955699?pr=909

@aaronbuchwald aaronbuchwald marked this pull request as ready for review May 27, 2025 15:23
@aaronbuchwald aaronbuchwald requested a review from rkuris as a code owner May 27, 2025 15:23
@aaronbuchwald aaronbuchwald merged commit c962db9 into main May 28, 2025
19 checks passed
@aaronbuchwald aaronbuchwald deleted the aaronbuchwald/attach-static-libs-skip-external branch May 28, 2025 15:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rkuris rkuris rkuris approved these changes

Assignees

@aaronbuchwald aaronbuchwald

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@aaronbuchwald @rkuris
0