Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding external runner for doing a one-time full-sync #604

Open
wants to merge 2 commits into
base: main-enterprise
Choose a base branch
from

Conversation

pydolan
Copy link
Contributor

@pydolan pydolan commented Feb 28, 2024

Summary:

This is a potential way of addressing #378 and #379.

As noted on #378, I'm using this along with the following for triggering safe-settings via GHA:

name: Safe Settings Sync
on:
  schedule:
    # daily run:
    - cron:  '0 0 * * *'
  workflow_dispatch: {}

jobs:
  safeSettingsSync:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          repository: pydolan/safe-settings
          ref: gha-runner
      - uses: actions/setup-node@v4
      - run: npm install
      - run: npm run full-sync
        env:
          GH_ORG: my-org
          APP_ID: my-app-id
          PRIVATE_KEY: ${{ secrets.SAFE_SETTINGS_PRIVATE_KEY }}
          GITHUB_CLIENT_ID: ${{ secrets.SAFE_SETTINGS_GITHUB_CLIENT_ID }}
          GITHUB_CLIENT_SECRET: ${{ secrets.SAFE_SETTINGS_GITHUB_CLIENT_SECRET }}

Additional comments:

  • My Commit history is a mess, so if you weren't going to do a Squash Merge of this PR, I will clean this up.
  • If there's a more javascript-y way of calling syncInstallation using index.js/package.json, I'm happy to change this.
  • Regarding Probot's GHA Adapter -- I initially used this in my separate script (similar to what handler.js does with the Serverless adapter), but this adapter uses the Action's GITHUB_TOKEN, which is limited to the current repo, so it offers no benefit that I can see.
  • Regarding my use of actions/checkout -- I would prefer to run safe-settings as an action using the Dockerfile, but GHA targets a different WORKDIR when doing so. There's an allow overriding workdir for container jobs actions/runner#878 about allowing workdir overrides with GHA.
  • [As noted in comments] I realized that my initial version of full-sync did not return a non-zero exit code when errors occurred, so I updated it to check settings.errors. I didn't see a way to check the errors from my syncInstallation call, so I modified Settings.syncAll to return its settings object. If someone has a cleaner option for this error checking, please let me know.

@pydolan
Copy link
Contributor Author

pydolan commented Mar 6, 2024

I realized that my initial version of full-sync did not return a non-zero exit code when errors occurred, so I updated it to check settings.errors. I didn't see a way to check the errors from my syncInstallation call, so I modified Settings.syncAll to return its settings object.

If someone has a cleaner option for this error checking, please let me know

@decyjphr
Copy link
Collaborator

decyjphr commented Mar 8, 2024

We could look into using checks to communicate errors back to the Actions workflow.

@pydolan
Copy link
Contributor Author

pydolan commented Mar 9, 2024

Yea, tying into Checks would make things cleaner. I'm not familiar with the feature or code in detail, so if anyone has tips/suggestions, let me know.

The other question I had was if the probot gha adapter would help with error collecting, but it doesn't look like the Settings class is sending probot error info, so maybe it wouldn't help

Copy link
Collaborator

@decyjphr decyjphr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pydolan I think this is a cool addition. Would you be able to add information about this in the README?

@pydolan
Copy link
Contributor Author

pydolan commented Jul 24, 2024

@decyjphr - this is still on my radar; will try to get to it soon!

@willejs
Copy link

willejs commented Oct 15, 2024

@decyjphr @decyjphr it would be great to see this merged in! ❤️

@dolan-antenucci-imprivata

@decyjphr and others – thanks for your patience on me getting back to this. I rebased my branch and updated the documentation with details on running safe-settings with GHA.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants