fix(githubaction): only run TF on non-forked branches (jsonnet-libs#86)

* fix(githubaction): only run TF on non-forked branches * ensure it runs on master * just check tokens
davidovich · Nov 9, 2021 · bfe4e7c · bfe4e7c
1 parent 23fd6e9
commit bfe4e7c
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 13 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -70,8 +70,6 @@
     "runs-on": "ubuntu-latest"
     "steps":
     - "run": "echo onMaster? ${{ github.ref == 'refs/heads/master' && github.repository == 'jsonnet-libs/k8s' }}"
-    - "run": "echo onPRnotFork? ${{ github.ref != 'refs/heads/master' && github.repository == 'jsonnet-libs/k8s' }}"
-    - "run": "echo onPR? ${{ github.ref != 'refs/heads/master' }}"
     - "run": "echo ${{ github.repository }}"
     - "run": "echo ${{ github.ref }}"
     - "run": "echo ${{ github.event_name }}"
@@ -155,17 +153,19 @@
     - "env":
         "GITHUB_TOKEN": "${{ secrets.PAT }}"
         "TF_IN_AUTOMATION": "1"
+      "if": "${{ secrets.TF_API_TOKEN != '' && secrets.PAT != '' }}"
       "run": "terraform init"
       "working-directory": "tf"
     - "env":
         "GITHUB_TOKEN": "${{ secrets.PAT }}"
         "TF_IN_AUTOMATION": "1"
+      "if": "${{ secrets.TF_API_TOKEN != '' && secrets.PAT != '' }}"
       "run": "terraform validate -no-color"
       "working-directory": "tf"
     - "env":
         "GITHUB_TOKEN": "${{ secrets.PAT }}"
         "TF_IN_AUTOMATION": "1"
-      "if": "${{ github.ref != 'refs/heads/master' && github.repository == 'jsonnet-libs/k8s' }}"
+      "if": "${{ secrets.TF_API_TOKEN != '' && secrets.PAT != '' }}"
       "run": "terraform plan -no-color"
       "working-directory": "tf"
     - "env":
@@ -201,17 +201,19 @@
     - "env":
         "GITHUB_TOKEN": "${{ secrets.PAT }}"
         "TF_IN_AUTOMATION": "1"
+      "if": "${{ secrets.TF_API_TOKEN != '' && secrets.PAT != '' }}"
       "run": "terraform init"
       "working-directory": "tf"
     - "env":
         "GITHUB_TOKEN": "${{ secrets.PAT }}"
         "TF_IN_AUTOMATION": "1"
+      "if": "${{ secrets.TF_API_TOKEN != '' && secrets.PAT != '' }}"
       "run": "terraform validate -no-color"
       "working-directory": "tf"
     - "env":
         "GITHUB_TOKEN": "${{ secrets.PAT }}"
         "TF_IN_AUTOMATION": "1"
-      "if": "${{ github.ref != 'refs/heads/master' && github.repository == 'jsonnet-libs/k8s' }}"
+      "if": "${{ secrets.TF_API_TOKEN != '' && secrets.PAT != '' }}"
       "run": "terraform plan -no-color"
       "working-directory": "tf"
     - "env":

diff --git a/jsonnet/github_action.jsonnet b/jsonnet/github_action.jsonnet
@@ -1,6 +1,7 @@
 local onMaster = { 'if': "${{ github.ref == 'refs/heads/master' && github.repository == 'jsonnet-libs/k8s' }}" };
-local onPR = { 'if': "${{ github.ref != 'refs/heads/master' }}" };
-local onPRnotFork = { 'if': "${{ github.ref != 'refs/heads/master' && github.repository == 'jsonnet-libs/k8s' }}" };
+
+local hasRequiredTokens = { 'if': "${{ secrets.TF_API_TOKEN != '' && secrets.PAT != '' }}" };
+
 local terraform = {
   job: {
     make_env:: {
@@ -29,10 +30,10 @@ local terraform = {
           cli_config_credentials_token: '${{ secrets.TF_API_TOKEN }}',
         },
       },
-      self.tf_env { run: 'terraform init' },
-      self.tf_env { run: 'terraform validate -no-color' },
-      self.tf_env + onPRnotFork { run: 'terraform plan -no-color' },
-      self.tf_env + onMaster { run: 'terraform apply -no-color -auto-approve' },
+      self.tf_env + hasRequiredTokens { run: 'terraform init' },
+      self.tf_env + hasRequiredTokens { run: 'terraform validate -no-color' },
+      self.tf_env + hasRequiredTokens { run: 'terraform plan -no-color' },
+      self.tf_env + hasRequiredTokens + onMaster { run: 'terraform apply -no-color -auto-approve' },
     ],
   },
   withPages(needs): {
@@ -67,7 +68,8 @@ local libJob(name) = {
 
 function(libs) {
   '.github/workflows/main.yml':
-    '# Generated by `make configure`, please do not edit manually.\n' + std.manifestYamlDoc({
+    '# Generated by `make configure`, please do not edit manually.\n'
+    + std.manifestYamlDoc({
       on: {
         push: {
           branches: ['master'],
@@ -87,8 +89,6 @@ function(libs) {
           'runs-on': 'ubuntu-latest',
           steps: [
             { run: 'echo onMaster? ' + onMaster['if'] },
-            { run: 'echo onPRnotFork? ' + onPRnotFork['if'] },
-            { run: 'echo onPR? ' + onPR['if'] },
             { run: 'echo ${{ github.repository }}' },
             { run: 'echo ${{ github.ref }}' },
             { run: 'echo ${{ github.event_name }}' },