diff --git a/.github/workflows/bump-python-package.yml b/.github/workflows/bump-python-package.yml index 4ce0e761b87..d69b17d09e5 100644 --- a/.github/workflows/bump-python-package.yml +++ b/.github/workflows/bump-python-package.yml @@ -51,27 +51,31 @@ jobs: - name: supersetbot bump-python -p "${{ github.event.inputs.package }}" env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + INPUT_PACKAGE: ${{ github.event.inputs.package }} + INPUT_GROUP: ${{ github.event.inputs.group }} + INPUT_EXTRA_FLAGS: ${{ github.event.inputs.extra-flags }} + INPUT_LIMIT: ${{ github.event.inputs.limit }} run: | git config --global user.email "action@github.com" git config --global user.name "GitHub Action" PACKAGE_OPT="" - if [ -n "${{ github.event.inputs.package }}" ]; then - PACKAGE_OPT="-p ${{ github.event.inputs.package }}" + if [ -n "${INPUT_PACKAGE}" ]; then + PACKAGE_OPT="-p ${INPUT_PACKAGE}" fi GROUP_OPT="" - if [ -n "${{ github.event.inputs.group }}" ]; then - GROUP_OPT="-g ${{ github.event.inputs.group }}" + if [ -n "${INPUT_GROUP}" ]; then + GROUP_OPT="-g ${INPUT_GROUP}" fi - EXTRA_FLAGS="${{ github.event.inputs.extra-flags }}" + EXTRA_FLAGS="${INPUT_EXTRA_FLAGS}" supersetbot bump-python \ --verbose \ --use-current-repo \ --include-subpackages \ - --limit ${{ github.event.inputs.limit }} \ + --limit ${INPUT_LIMIT} \ $PACKAGE_OPT \ $GROUP_OPT \ $EXTRA_FLAGS diff --git a/.github/workflows/embedded-sdk-release.yml b/.github/workflows/embedded-sdk-release.yml index 7fd99d22a38..ad6c8a485b7 100644 --- a/.github/workflows/embedded-sdk-release.yml +++ b/.github/workflows/embedded-sdk-release.yml @@ -16,10 +16,12 @@ jobs: id: check shell: bash run: | - if [ -n "${{ (secrets.NPM_TOKEN != '') || '' }}" ]; then + if [ -n "${NPM_TOKEN}" ]; then echo "has-secrets=1" >> "$GITHUB_OUTPUT" fi + env: + NPM_TOKEN: ${{ (secrets.NPM_TOKEN != '') || '' }} build: needs: config if: needs.config.outputs.has-secrets diff --git a/.github/workflows/ephemeral-env-pr-close.yml b/.github/workflows/ephemeral-env-pr-close.yml index ac155bc1bd9..3db8b75a5a9 100644 --- a/.github/workflows/ephemeral-env-pr-close.yml +++ b/.github/workflows/ephemeral-env-pr-close.yml @@ -20,10 +20,12 @@ jobs: id: check shell: bash run: | - if [ -n "${{ (secrets.AWS_ACCESS_KEY_ID != '' && secrets.AWS_SECRET_ACCESS_KEY != '') || '' }}" ]; then + if [ -n "${AWS_ACCESS_KEY_ID}" ]; then echo "has-secrets=1" >> "$GITHUB_OUTPUT" fi + env: + AWS_ACCESS_KEY_ID: ${{ (secrets.AWS_ACCESS_KEY_ID != '' && secrets.AWS_SECRET_ACCESS_KEY != '') || '' }} ephemeral-env-cleanup: needs: config if: needs.config.outputs.has-secrets @@ -33,7 +35,7 @@ jobs: pull-requests: write steps: - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v6 + uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} @@ -56,7 +58,7 @@ jobs: - name: Login to Amazon ECR if: steps.describe-services.outputs.active == 'true' id: login-ecr - uses: aws-actions/amazon-ecr-login@v2 + uses: aws-actions/amazon-ecr-login@183a1442edf41672e66566b7fc560e297a290896 # v2 - name: Delete ECR image tag if: steps.describe-services.outputs.active == 'true' diff --git a/.github/workflows/ephemeral-env.yml b/.github/workflows/ephemeral-env.yml index a26394de601..b9529096f52 100644 --- a/.github/workflows/ephemeral-env.yml +++ b/.github/workflows/ephemeral-env.yml @@ -47,7 +47,7 @@ jobs: id: eval-label run: | if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then - LABEL_NAME="${{ github.event.inputs.label_name }}" + LABEL_NAME="${INPUT_LABEL_NAME}" else LABEL_NAME="${{ github.event.label.name }}" fi @@ -60,6 +60,8 @@ jobs: echo "result=noop" >> $GITHUB_OUTPUT fi + env: + INPUT_LABEL_NAME: ${{ github.event.inputs.label_name }} - name: Get event SHA id: get-sha if: steps.eval-label.outputs.result == 'up' @@ -276,7 +278,9 @@ jobs: - name: Describe ECS service id: describe-services run: | - echo "active=$(aws ecs describe-services --cluster superset-ci --services pr-${{ github.event.inputs.issue_number || github.event.pull_request.number }}-service | jq '.services[] | select(.status == "ACTIVE") | any')" >> $GITHUB_OUTPUT + echo "active=$(aws ecs describe-services --cluster superset-ci --services pr-${INPUT_ISSUE_NUMBER}-service | jq '.services[] | select(.status == "ACTIVE") | any')" >> $GITHUB_OUTPUT + env: + INPUT_ISSUE_NUMBER: ${{ github.event.inputs.issue_number || github.event.pull_request.number }} - name: Create ECS service id: create-service if: steps.describe-services.outputs.active != 'true' @@ -307,7 +311,9 @@ jobs: - name: List tasks id: list-tasks run: | - echo "task=$(aws ecs list-tasks --cluster superset-ci --service-name pr-${{ github.event.inputs.issue_number || github.event.pull_request.number }}-service | jq '.taskArns | first')" >> $GITHUB_OUTPUT + echo "task=$(aws ecs list-tasks --cluster superset-ci --service-name pr-${INPUT_ISSUE_NUMBER}-service | jq '.taskArns | first')" >> $GITHUB_OUTPUT + env: + INPUT_ISSUE_NUMBER: ${{ github.event.inputs.issue_number || github.event.pull_request.number }} - name: Get network interface id: get-eni run: | diff --git a/.github/workflows/generate-FOSSA-report.yml b/.github/workflows/generate-FOSSA-report.yml index 0c10521cc8d..1962626100d 100644 --- a/.github/workflows/generate-FOSSA-report.yml +++ b/.github/workflows/generate-FOSSA-report.yml @@ -16,10 +16,12 @@ jobs: id: check shell: bash run: | - if [ -n "${{ (secrets.FOSSA_API_KEY != '' ) || '' }}" ]; then + if [ -n "${FOSSA_API_KEY}" ]; then echo "has-secrets=1" >> "$GITHUB_OUTPUT" fi + env: + FOSSA_API_KEY: ${{ (secrets.FOSSA_API_KEY != '' ) || '' }} license_check: needs: config if: needs.config.outputs.has-secrets diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8fdeb9770a9..3cc46538afa 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,10 +16,12 @@ jobs: id: check shell: bash run: | - if [ -n "${{ (secrets.NPM_TOKEN != '' && secrets.GH_PERSONAL_ACCESS_TOKEN != '') || '' }}" ]; then + if [ -n "${NPM_TOKEN}" ]; then echo "has-secrets=1" >> "$GITHUB_OUTPUT" fi + env: + NPM_TOKEN: ${{ (secrets.NPM_TOKEN != '' && secrets.GH_PERSONAL_ACCESS_TOKEN != '') || '' }} build: needs: config if: needs.config.outputs.has-secrets diff --git a/.github/workflows/showtime-trigger.yml b/.github/workflows/showtime-trigger.yml index b8e1bca5e74..c90e64c303d 100644 --- a/.github/workflows/showtime-trigger.yml +++ b/.github/workflows/showtime-trigger.yml @@ -102,10 +102,12 @@ jobs: - name: Install Superset Showtime if: steps.auth.outputs.authorized == 'true' run: | - echo "::notice::Maintainer ${{ github.actor }} triggered deploy for PR ${{ github.event.pull_request.number || github.event.inputs.pr_number }}" + echo "::notice::Maintainer ${{ github.actor }} triggered deploy for PR ${PULL_REQUEST_NUMBER}" pip install --upgrade superset-showtime showtime version + env: + PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number || github.event.inputs.pr_number }} - name: Check what actions are needed if: steps.auth.outputs.authorized == 'true' id: check @@ -113,12 +115,14 @@ jobs: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + INPUT_PR_NUMBER: ${{ github.event.inputs.pr_number }} + INPUT_SHA: ${{ github.event.inputs.sha }} run: | # Bulletproof PR number extraction if [[ -n "${{ github.event.pull_request.number }}" ]]; then PR_NUM="${{ github.event.pull_request.number }}" - elif [[ -n "${{ github.event.inputs.pr_number }}" ]]; then - PR_NUM="${{ github.event.inputs.pr_number }}" + elif [[ -n "${INPUT_PR_NUMBER}" ]]; then + PR_NUM="${INPUT_PR_NUMBER}" else echo "❌ No PR number found in event or inputs" exit 1 @@ -127,8 +131,8 @@ jobs: echo "Using PR number: $PR_NUM" # Run sync check-only with optional SHA override - if [[ -n "${{ github.event.inputs.sha }}" ]]; then - OUTPUT=$(python -m showtime sync $PR_NUM --check-only --sha "${{ github.event.inputs.sha }}") + if [[ -n "${INPUT_SHA}" ]]; then + OUTPUT=$(python -m showtime sync $PR_NUM --check-only --sha "${INPUT_SHA}") else OUTPUT=$(python -m showtime sync $PR_NUM --check-only) fi diff --git a/.github/workflows/superset-docs-deploy.yml b/.github/workflows/superset-docs-deploy.yml index 08b34307b9b..5c90f2d4180 100644 --- a/.github/workflows/superset-docs-deploy.yml +++ b/.github/workflows/superset-docs-deploy.yml @@ -27,10 +27,12 @@ jobs: id: check shell: bash run: | - if [ -n "${{ (secrets.SUPERSET_SITE_BUILD != '' && secrets.SUPERSET_SITE_BUILD != '') || '' }}" ]; then + if [ -n "${SUPERSET_SITE_BUILD}" ]; then echo "has-secrets=1" >> "$GITHUB_OUTPUT" fi + env: + SUPERSET_SITE_BUILD: ${{ (secrets.SUPERSET_SITE_BUILD != '' && secrets.SUPERSET_SITE_BUILD != '') || '' }} build-deploy: needs: config if: needs.config.outputs.has-secrets diff --git a/.github/workflows/tag-release.yml b/.github/workflows/tag-release.yml index 4b2df15d219..cbbe1d46283 100644 --- a/.github/workflows/tag-release.yml +++ b/.github/workflows/tag-release.yml @@ -31,10 +31,12 @@ jobs: id: check shell: bash run: | - if [ -n "${{ (secrets.DOCKERHUB_USER != '' && secrets.DOCKERHUB_TOKEN != '') || '' }}" ]; then + if [ -n "${DOCKERHUB_USER}" ]; then echo "has-secrets=1" >> "$GITHUB_OUTPUT" fi + env: + DOCKERHUB_USER: ${{ (secrets.DOCKERHUB_USER != '' && secrets.DOCKERHUB_TOKEN != '') || '' }} docker-release: needs: config if: needs.config.outputs.has-secrets @@ -72,17 +74,20 @@ jobs: DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }} DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + INPUT_RELEASE: ${{ github.event.inputs.release }} + INPUT_FORCE_LATEST: ${{ github.event.inputs.force-latest }} + INPUT_GIT_REF: ${{ github.event.inputs.git-ref }} run: | RELEASE="${{ github.event.release.tag_name }}" FORCE_LATEST="" EVENT="${{github.event_name}}" if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then # in the case of a manually-triggered run, read release from input - RELEASE="${{ github.event.inputs.release }}" - if [ "${{ github.event.inputs.force-latest }}" = "true" ]; then + RELEASE="${INPUT_RELEASE}" + if [ "${INPUT_FORCE_LATEST}" = "true" ]; then FORCE_LATEST="--force-latest" fi - git checkout "${{ github.event.inputs.git-ref }}" + git checkout "${INPUT_GIT_REF}" EVENT="release" fi @@ -122,6 +127,7 @@ jobs: - name: Label the PRs with the right release-related labels env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + INPUT_RELEASE: ${{ github.event.inputs.release }} run: | export GITHUB_ACTOR="" git fetch --all --tags @@ -129,6 +135,6 @@ jobs: RELEASE="${{ github.event.release.tag_name }}" if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then # in the case of a manually-triggered run, read release from input - RELEASE="${{ github.event.inputs.release }}" + RELEASE="${INPUT_RELEASE}" fi supersetbot release-label $RELEASE diff --git a/.github/workflows/tech-debt.yml b/.github/workflows/tech-debt.yml index f73a8b12cdc..20c9e4f35ac 100644 --- a/.github/workflows/tech-debt.yml +++ b/.github/workflows/tech-debt.yml @@ -19,10 +19,12 @@ jobs: id: check shell: bash run: | - if [ -n "${{ (secrets.GSHEET_KEY != '' ) || '' }}" ]; then + if [ -n "${GSHEET_KEY}" ]; then echo "has-secrets=1" >> "$GITHUB_OUTPUT" fi + env: + GSHEET_KEY: ${{ (secrets.GSHEET_KEY != '' ) || '' }} process-and-upload: needs: config if: needs.config.outputs.has-secrets