diff --git a/.github/workflows/cancel_duplicates.yml b/.github/workflows/cancel_duplicates.yml index b3457c7e75..a78ebc07fd 100644 --- a/.github/workflows/cancel_duplicates.yml +++ b/.github/workflows/cancel_duplicates.yml @@ -10,11 +10,14 @@ jobs: cancel-duplicate-runs: name: Cancel duplicate workflow runs runs-on: ubuntu-20.04 + permissions: + actions: write + contents: read steps: - name: Check number of queued tasks id: check_queued env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ github.token }} GITHUB_REPO: ${{ github.repository }} run: | get_count() { @@ -28,12 +31,12 @@ jobs: - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" if: steps.check_queued.outputs.count >= 20 - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Cancel duplicate workflow runs if: steps.check_queued.outputs.count >= 20 env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ github.token }} GITHUB_REPOSITORY: ${{ github.repository }} run: | pip install click requests typing_extensions python-dateutil diff --git a/.github/workflows/check_db_migration_confict.yml b/.github/workflows/check_db_migration_confict.yml index 0f6c26d90a..8dc7ab0882 100644 --- a/.github/workflows/check_db_migration_confict.yml +++ b/.github/workflows/check_db_migration_confict.yml @@ -8,13 +8,16 @@ jobs: check_db_migration_conflict: name: Check DB migration conflict runs-on: ubuntu-20.04 + permissions: + contents: read + pull-requests: write steps: - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Check and notify uses: actions/github-script@v3 with: - github-token: ${{ secrets.GITHUB_TOKEN }} + github-token: ${{ github.token }} script: | // API reference: https://octokit.github.io/rest.js const currentBranch = context.ref.replace('refs/heads/', ''); diff --git a/.github/workflows/chromatic-master.yml b/.github/workflows/chromatic-master.yml index 6cdf10506f..67a9dfac69 100644 --- a/.github/workflows/chromatic-master.yml +++ b/.github/workflows/chromatic-master.yml @@ -32,12 +32,27 @@ on: # List of jobs jobs: + config: + runs-on: "ubuntu-latest" + outputs: + has-secrets: ${{ steps.check.outputs.has-secrets }} + steps: + - name: "Check for secrets" + id: check + shell: bash + run: | + if [ -n "${{ (secrets.CHROMATIC_PROJECT_TOKEN != '') || '' }}" ]; then + echo "has-secrets=1" >> "$GITHUB_OUTPUT" + fi + chromatic-deployment: + needs: config + if: needs.config.outputs.has-secrets # Operating System runs-on: ubuntu-latest # Job steps steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v3 - name: Install dependencies run: npm ci working-directory: superset-frontend diff --git a/.github/workflows/docker-ephemeral-env.yml b/.github/workflows/docker-ephemeral-env.yml index bfa2542687..544c1c8b1f 100644 --- a/.github/workflows/docker-ephemeral-env.yml +++ b/.github/workflows/docker-ephemeral-env.yml @@ -7,9 +7,29 @@ on: - completed jobs: - docker_ephemeral_env: - name: Push ephemeral env Docker image to ECR + config: + runs-on: "ubuntu-latest" if: github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success' + outputs: + has-secrets: ${{ steps.check.outputs.has-secrets }} + steps: + - name: "Check for secrets" + id: check + shell: bash + run: | + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + if [ -n "${{ (secrets.AWS_ACCESS_KEY_ID != '' && + secrets.AWS_ACCESS_KEY_ID != '' && + secrets.AWS_SECRET_ACCESS_KEY != '' && + secrets.AWS_SECRET_ACCESS_KEY != '') || '' }}" ]; then + echo "has-secrets=1" >> "$GITHUB_OUTPUT" + fi + + docker_ephemeral_env: + needs: config + if: needs.config.outputs.has-secrets + name: Push ephemeral env Docker image to ECR runs-on: ubuntu-latest steps: diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml index d082603be9..cc47c996d3 100644 --- a/.github/workflows/docker-release.yml +++ b/.github/workflows/docker-release.yml @@ -4,12 +4,28 @@ on: release: types: [published] jobs: + config: + runs-on: "ubuntu-latest" + if: github.event.pull_request.draft == false + outputs: + has-secrets: ${{ steps.check.outputs.has-secrets }} + steps: + - name: "Check for secrets" + id: check + shell: bash + run: | + if [ -n "${{ (secrets.DOCKERHUB_USER != '' && secrets.DOCKERHUB_TOKEN != '') || '' }}" ]; then + echo "has-secrets=1" >> "$GITHUB_OUTPUT" + fi + docker-release: + needs: config + if: needs.config.outputs.has-secrets name: docker-release runs-on: ubuntu-latest steps: - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: persist-credentials: false submodules: recursive diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index cbbb9a8379..5bdb74eb92 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -8,13 +8,28 @@ on: types: [synchronize, opened, reopened, ready_for_review] jobs: - docker-build: + config: + runs-on: "ubuntu-latest" if: github.event.pull_request.draft == false + outputs: + has-secrets: ${{ steps.check.outputs.has-secrets }} + steps: + - name: "Check for secrets" + id: check + shell: bash + run: | + if [ -n "${{ (secrets.DOCKERHUB_USER != '' && secrets.DOCKERHUB_TOKEN != '') || '' }}" ]; then + echo "has-secrets=1" >> "$GITHUB_OUTPUT" + fi + + docker-build: + needs: config + if: needs.config.outputs.has-secrets name: docker-build runs-on: ubuntu-latest steps: - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: persist-credentials: false diff --git a/.github/workflows/embedded-sdk-release.yml b/.github/workflows/embedded-sdk-release.yml index be130759f9..60a2819e89 100644 --- a/.github/workflows/embedded-sdk-release.yml +++ b/.github/workflows/embedded-sdk-release.yml @@ -6,13 +6,28 @@ on: - 'master' jobs: + config: + runs-on: "ubuntu-latest" + outputs: + has-secrets: ${{ steps.check.outputs.has-secrets }} + steps: + - name: "Check for secrets" + id: check + shell: bash + run: | + if [ -n "${{ (secrets.NPM_TOKEN != '') || '' }}" ]; then + echo "has-secrets=1" >> "$GITHUB_OUTPUT" + fi + build: + needs: config + if: needs.config.outputs.has-secrets runs-on: ubuntu-20.04 defaults: run: working-directory: superset-embedded-sdk steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - uses: actions/setup-node@v2 with: node-version: "16" diff --git a/.github/workflows/embedded-sdk-test.yml b/.github/workflows/embedded-sdk-test.yml index cb312907b7..f849ae637a 100644 --- a/.github/workflows/embedded-sdk-test.yml +++ b/.github/workflows/embedded-sdk-test.yml @@ -14,7 +14,7 @@ jobs: run: working-directory: superset-embedded-sdk steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - uses: actions/setup-node@v2 with: node-version: "16" diff --git a/.github/workflows/ephemeral-env-pr-close.yml b/.github/workflows/ephemeral-env-pr-close.yml index 3c5209fca8..7430950b45 100644 --- a/.github/workflows/ephemeral-env-pr-close.yml +++ b/.github/workflows/ephemeral-env-pr-close.yml @@ -5,9 +5,26 @@ on: types: [closed] jobs: + config: + runs-on: "ubuntu-latest" + outputs: + has-secrets: ${{ steps.check.outputs.has-secrets }} + steps: + - name: "Check for secrets" + id: check + shell: bash + run: | + if [ -n "${{ (secrets.AWS_ACCESS_KEY_ID != '' && secrets.AWS_SECRET_ACCESS_KEY != '') || '' }}" ]; then + echo "has-secrets=1" >> "$GITHUB_OUTPUT" + fi + ephemeral-env-cleanup: + needs: config + if: needs.config.outputs.has-secrets name: Cleanup ephemeral envs runs-on: ubuntu-latest + permissions: + pull-requests: write steps: - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v1 @@ -48,7 +65,7 @@ jobs: if: steps.describe-services.outputs.active == 'true' uses: actions/github-script@v3 with: - github-token: ${{secrets.GITHUB_TOKEN}} + github-token: ${{github.token}} script: | github.issues.createComment({ issue_number: ${{ github.event.number }}, diff --git a/.github/workflows/ephemeral-env.yml b/.github/workflows/ephemeral-env.yml index c1945b3c20..08e3a998c3 100644 --- a/.github/workflows/ephemeral-env.yml +++ b/.github/workflows/ephemeral-env.yml @@ -5,10 +5,27 @@ on: types: [created] jobs: - ephemeral_env_comment: + config: + runs-on: "ubuntu-latest" if: github.event.issue.pull_request + outputs: + has-secrets: ${{ steps.check.outputs.has-secrets }} + steps: + - name: "Check for secrets" + id: check + shell: bash + run: | + if [ -n "${{ (secrets.AWS_ACCESS_KEY_ID != '' && secrets.AWS_SECRET_ACCESS_KEY != '') || '' }}" ]; then + echo "has-secrets=1" >> "$GITHUB_OUTPUT" + fi + + ephemeral_env_comment: + needs: config + if: needs.config.outputs.has-secrets name: Evaluate ephemeral env comment trigger (/testenv) runs-on: ubuntu-latest + permissions: + pull-requests: write outputs: slash-command: ${{ steps.eval-body.outputs.result }} feature-flags: ${{ steps.eval-feature-flags.outputs.result }} @@ -51,7 +68,7 @@ jobs: github.event.comment.author_association != 'OWNER' uses: actions/github-script@v3 with: - github-token: ${{secrets.GITHUB_TOKEN}} + github-token: ${{github.token}} script: | const errMsg = '@${{ github.event.comment.user.login }} Ephemeral environment creation is currently limited to committers.' github.issues.createComment({ @@ -67,9 +84,12 @@ jobs: if: needs.ephemeral_env_comment.outputs.slash-command == 'up' name: Spin up an ephemeral environment runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: persist-credentials: false @@ -97,7 +117,7 @@ jobs: if: steps.check-image.outcome == 'failure' uses: actions/github-script@v3 with: - github-token: ${{secrets.GITHUB_TOKEN}} + github-token: ${{github.token}} script: | const errMsg = '@${{ github.event.comment.user.login }} Container image not yet published for this PR. Please try again when build is complete.' github.issues.createComment({ @@ -171,7 +191,7 @@ jobs: if: ${{ success() }} uses: actions/github-script@v3 with: - github-token: ${{secrets.GITHUB_TOKEN}} + github-token: ${{github.token}} script: | github.issues.createComment({ issue_number: ${{ github.event.issue.number }}, @@ -184,7 +204,7 @@ jobs: if: ${{ failure() }} uses: actions/github-script@v3 with: - github-token: ${{secrets.GITHUB_TOKEN}} + github-token: ${{github.token}} script: | github.issues.createComment({ issue_number: ${{ github.event.issue.number }}, diff --git a/.github/workflows/latest-release-tag.yml b/.github/workflows/latest-release-tag.yml index ae3703af74..ccb941178a 100644 --- a/.github/workflows/latest-release-tag.yml +++ b/.github/workflows/latest-release-tag.yml @@ -7,10 +7,12 @@ jobs: latest-release: name: Add/update tag to new release runs-on: ubuntu-latest + permissions: + contents: write steps: - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: persist-credentials: false submodules: recursive @@ -27,4 +29,4 @@ jobs: description: Superset latest release tag-name: latest env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ github.token }} diff --git a/.github/workflows/license-check.yml b/.github/workflows/license-check.yml index 9ae633bdc4..8e2b9bbed3 100644 --- a/.github/workflows/license-check.yml +++ b/.github/workflows/license-check.yml @@ -7,12 +7,27 @@ on: pull_request: jobs: + config: + runs-on: "ubuntu-latest" + outputs: + has-secrets: ${{ steps.check.outputs.has-secrets }} + steps: + - name: "Check for secrets" + id: check + shell: bash + run: | + if [ -n "${{ (secrets.FOSSA_API_KEY != '' ) || '' }}" ]; then + echo "has-secrets=1" >> "$GITHUB_OUTPUT" + fi + license_check: + needs: config + if: needs.config.outputs.has-secrets name: License Check runs-on: ubuntu-20.04 steps: - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: persist-credentials: false submodules: recursive diff --git a/.github/workflows/pr-lint.yml b/.github/workflows/pr-lint.yml index 5f91522cfa..5283e138c1 100644 --- a/.github/workflows/pr-lint.yml +++ b/.github/workflows/pr-lint.yml @@ -11,9 +11,12 @@ on: jobs: check: runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write steps: - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: persist-credentials: false submodules: recursive @@ -25,4 +28,4 @@ jobs: on-failed-regex-create-review: false on-failed-regex-comment: "Please format your PR title to match: `%regex%`!" - repo-token: "${{ secrets.GITHUB_TOKEN }}" + repo-token: "${{ github.token }}" diff --git a/.github/workflows/prefer-typescript.yml b/.github/workflows/prefer-typescript.yml index 8005cf36a3..49ab90fb6f 100644 --- a/.github/workflows/prefer-typescript.yml +++ b/.github/workflows/prefer-typescript.yml @@ -11,9 +11,12 @@ jobs: if: github.ref == 'ref/heads/master' && github.event_name == 'pull_request' name: Prefer Typescript runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write steps: - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: persist-credentials: false submodules: recursive @@ -21,7 +24,7 @@ jobs: id: changed uses: ./.github/actions/file-changes-action with: - githubToken: ${{ secrets.GITHUB_TOKEN }} + githubToken: ${{ github.token }} - name: Determine if a .js or .jsx file was added id: check @@ -42,7 +45,7 @@ jobs: uses: ./.github/actions/comment-on-pr continue-on-error: true env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ github.token }} with: msg: | ### WARNING: Prefer TypeScript diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5d716fc2d4..ea3a75a42e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -6,7 +6,22 @@ on: - 'master' jobs: + config: + runs-on: "ubuntu-latest" + outputs: + has-secrets: ${{ steps.check.outputs.has-secrets }} + steps: + - name: "Check for secrets" + id: check + shell: bash + run: | + if [ -n "${{ (secrets.NPM_TOKEN != '' && secrets.GH_PERSONAL_ACCESS_TOKEN != '') || '' }}" ]; then + echo "has-secrets=1" >> "$GITHUB_OUTPUT" + fi + build: + needs: config + if: needs.config.outputs.has-secrets name: Bump version and publish package(s) runs-on: ubuntu-20.04 @@ -16,22 +31,28 @@ jobs: node-version: [16] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: # pulls all commits (needed for lerna / semantic release to correctly version) fetch-depth: 0 - name: Get tags and filter trigger tags run: | - git fetch --depth=1 origin "+refs/tags/*:refs/tags/*" + if ! git fetch --depth=1 origin "+refs/tags/*:refs/tags/*"; then + echo "::notice title=Workflow skipped::No tags present in repository" + exit + fi + echo "HAS_TAGS=1" >> $GITHUB_ENV" git fetch --prune --unshallow git tag -d `git tag | grep -E '^trigger-'` - name: Use Node.js ${{ matrix.node-version }} + if: env.HAS_TAGS uses: actions/setup-node@v1 with: node-version: ${{ matrix.node-version }} - name: Cache npm + if: env.HAS_TAGS uses: actions/cache@v1 with: path: ~/.npm # npm cache files are stored in `~/.npm` on Linux/macOS @@ -41,9 +62,11 @@ jobs: ${{ runner.OS }}- - name: Get npm cache directory path + if: env.HAS_TAGS id: npm-cache-dir-path run: echo "::set-output name=dir::$(npm config get cache)" - name: Cache npm + if: env.HAS_TAGS uses: actions/cache@v1 id: npm-cache # use this to check for `cache-hit` (`steps.npm-cache.outputs.cache-hit != 'true'`) with: @@ -53,16 +76,20 @@ jobs: ${{ runner.os }}-npm- - name: Install dependencies + if: env.HAS_TAGS working-directory: ./superset-frontend run: npm ci - name: Run unit tests + if: env.HAS_TAGS working-directory: ./superset-frontend run: npm run test -- plugins packages - name: Build packages + if: env.HAS_TAGS working-directory: ./superset-frontend run: npm run plugins:build - name: Configure npm and git + if: env.HAS_TAGS run: | echo "@superset-ui:registry=https://registry.npmjs.org/" > .npmrc echo "registry=https://registry.npmjs.org/" >> .npmrc @@ -70,17 +97,17 @@ jobs: npm whoami git config --local user.email "action@github.com" git config --local user.name "GitHub Action" - git remote set-url origin "https://${GITHUB_TOKEN}@github.com/apache-superset/superset-ui.git" > /dev/null 2>&1 env: NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ github.token }} - name: Bump version and publish package(s) + if: env.HAS_TAGS working-directory: ./superset-frontend run: | git tag -d `git tag | grep -E '^trigger-'` npm run plugins:release-from-tag env: NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ github.token }} GH_TOKEN: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} diff --git a/.github/workflows/superset-applitool-cypress.yml b/.github/workflows/superset-applitool-cypress.yml index 47fc1a24e4..8485dfb201 100644 --- a/.github/workflows/superset-applitool-cypress.yml +++ b/.github/workflows/superset-applitool-cypress.yml @@ -5,7 +5,22 @@ on: - cron: "0 1 * * *" jobs: + config: + runs-on: "ubuntu-latest" + outputs: + has-secrets: ${{ steps.check.outputs.has-secrets }} + steps: + - name: "Check for secrets" + id: check + shell: bash + run: | + if [ -n "${{ (secrets.APPLITOOLS_API_KEY != '' && secrets.APPLITOOLS_API_KEY != '') || '' }}" ]; then + echo "has-secrets=1" >> "$GITHUB_OUTPUT" + fi + cypress-applitools: + needs: config + if: needs.config.outputs.has-secrets runs-on: ubuntu-20.04 strategy: fail-fast: false @@ -18,7 +33,7 @@ jobs: SUPERSET__SQLALCHEMY_DATABASE_URI: postgresql+psycopg2://superset:superset@127.0.0.1:15432/superset PYTHONPATH: ${{ github.workspace }} REDIS_PORT: 16379 - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ github.token }} APPLITOOLS_APP_NAME: Superset APPLITOOLS_API_KEY: ${{ secrets.APPLITOOLS_API_KEY }} APPLITOOLS_BATCH_ID: ${{ github.sha }} diff --git a/.github/workflows/superset-applitools-storybook.yml b/.github/workflows/superset-applitools-storybook.yml index 5e50c6fd88..4225509e3a 100644 --- a/.github/workflows/superset-applitools-storybook.yml +++ b/.github/workflows/superset-applitools-storybook.yml @@ -11,7 +11,22 @@ env: APPLITOOLS_BATCH_NAME: Superset Storybook jobs: + config: + runs-on: "ubuntu-latest" + outputs: + has-secrets: ${{ steps.check.outputs.has-secrets }} + steps: + - name: "Check for secrets" + id: check + shell: bash + run: | + if [ -n "${{ (secrets.APPLITOOLS_API_KEY != '' && secrets.APPLITOOLS_API_KEY != '') || '' }}" ]; then + echo "has-secrets=1" >> "$GITHUB_OUTPUT" + fi + cron: + needs: config + if: needs.config.outputs.has-secrets runs-on: ubuntu-20.04 strategy: matrix: diff --git a/.github/workflows/superset-cli.yml b/.github/workflows/superset-cli.yml index 65ec8b018f..14810f3317 100644 --- a/.github/workflows/superset-cli.yml +++ b/.github/workflows/superset-cli.yml @@ -35,7 +35,7 @@ jobs: - 16379:6379 steps: - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: persist-credentials: false submodules: recursive diff --git a/.github/workflows/superset-docs.yml b/.github/workflows/superset-docs.yml index f1cc08f9f1..6a47df4400 100644 --- a/.github/workflows/superset-docs.yml +++ b/.github/workflows/superset-docs.yml @@ -9,7 +9,22 @@ on: - "docs/**" jobs: + config: + runs-on: "ubuntu-latest" + outputs: + has-secrets: ${{ steps.check.outputs.has-secrets }} + steps: + - name: "Check for secrets" + id: check + shell: bash + run: | + if [ -n "${{ (secrets.SUPERSET_SITE_BUILD != '' && secrets.SUPERSET_SITE_BUILD != '') || '' }}" ]; then + echo "has-secrets=1" >> "$GITHUB_OUTPUT" + fi + build-deploy: + needs: config + if: needs.config.outputs.has-secrets name: Build & Deploy runs-on: ubuntu-20.04 defaults: @@ -17,7 +32,7 @@ jobs: working-directory: docs steps: - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: persist-credentials: false submodules: recursive diff --git a/.github/workflows/superset-e2e.yml b/.github/workflows/superset-e2e.yml index ab82731ac4..b49622c85f 100644 --- a/.github/workflows/superset-e2e.yml +++ b/.github/workflows/superset-e2e.yml @@ -13,6 +13,9 @@ jobs: cypress-matrix: if: github.event.pull_request.draft == false runs-on: ubuntu-20.04 + permissions: + contents: read + pull-requests: read strategy: # when one test fails, DO NOT cancel the other # containers, because this will kill Cypress processes @@ -28,7 +31,7 @@ jobs: SUPERSET__SQLALCHEMY_DATABASE_URI: postgresql+psycopg2://superset:superset@127.0.0.1:15432/superset PYTHONPATH: ${{ github.workspace }} REDIS_PORT: 16379 - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ github.token }} services: postgres: image: postgres:14-alpine @@ -43,13 +46,13 @@ jobs: - 16379:6379 steps: - name: "Checkout (pull) ${{ github.ref }} ( ${{ github.sha }} )" - uses: actions/checkout@v2 + uses: actions/checkout@v3 if: github.event_name == 'push' with: persist-credentials: false submodules: recursive - name: "Checkout (pull_request) ${{ github.ref }} ( ${{ github.sha }} )" - uses: actions/checkout@v2 + uses: actions/checkout@v3 if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target' with: ref: "refs/pull/${{ github.event.number }}/merge" diff --git a/.github/workflows/superset-frontend.yml b/.github/workflows/superset-frontend.yml index bf09d293c6..63b16cd3af 100644 --- a/.github/workflows/superset-frontend.yml +++ b/.github/workflows/superset-frontend.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: persist-credentials: false submodules: recursive diff --git a/.github/workflows/superset-helm-lint.yml b/.github/workflows/superset-helm-lint.yml index d0e650839f..5f8051c22a 100644 --- a/.github/workflows/superset-helm-lint.yml +++ b/.github/workflows/superset-helm-lint.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: persist-credentials: false submodules: recursive diff --git a/.github/workflows/superset-helm-release.yml b/.github/workflows/superset-helm-release.yml index 1559432eb2..e75186609c 100644 --- a/.github/workflows/superset-helm-release.yml +++ b/.github/workflows/superset-helm-release.yml @@ -10,9 +10,12 @@ on: jobs: release: runs-on: ubuntu-latest + permissions: + contents: write + steps: - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: persist-credentials: false submodules: recursive @@ -36,5 +39,5 @@ jobs: with: charts_dir: helm env: - CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + CR_TOKEN: "${{ github.token }}" CR_RELEASE_NAME_TEMPLATE: "superset-helm-chart-{{ .Version }}" diff --git a/.github/workflows/superset-python-integrationtest.yml b/.github/workflows/superset-python-integrationtest.yml index eae19b234c..aa61a1c9ac 100644 --- a/.github/workflows/superset-python-integrationtest.yml +++ b/.github/workflows/superset-python-integrationtest.yml @@ -35,7 +35,7 @@ jobs: - 16379:6379 steps: - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: persist-credentials: false submodules: recursive @@ -102,7 +102,7 @@ jobs: - 16379:6379 steps: - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: persist-credentials: false submodules: recursive @@ -161,7 +161,7 @@ jobs: - 16379:6379 steps: - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: persist-credentials: false submodules: recursive diff --git a/.github/workflows/superset-python-misc.yml b/.github/workflows/superset-python-misc.yml index 739869a7bb..dfd6ce7b72 100644 --- a/.github/workflows/superset-python-misc.yml +++ b/.github/workflows/superset-python-misc.yml @@ -17,7 +17,7 @@ jobs: python-version: [3.8] steps: - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: persist-credentials: false submodules: recursive @@ -57,7 +57,7 @@ jobs: python-version: [3.8] steps: - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: persist-credentials: false submodules: recursive @@ -98,7 +98,7 @@ jobs: python-version: [3.8] steps: - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: persist-credentials: false submodules: recursive diff --git a/.github/workflows/superset-python-presto-hive.yml b/.github/workflows/superset-python-presto-hive.yml index 875901b1ec..6798842c1e 100644 --- a/.github/workflows/superset-python-presto-hive.yml +++ b/.github/workflows/superset-python-presto-hive.yml @@ -46,7 +46,7 @@ jobs: - 16379:6379 steps: - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: persist-credentials: false submodules: recursive @@ -115,7 +115,7 @@ jobs: - 16379:6379 steps: - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: persist-credentials: false submodules: recursive diff --git a/.github/workflows/superset-python-unittest.yml b/.github/workflows/superset-python-unittest.yml index 8c94d0f458..1ba1ee2589 100644 --- a/.github/workflows/superset-python-unittest.yml +++ b/.github/workflows/superset-python-unittest.yml @@ -19,7 +19,7 @@ jobs: PYTHONPATH: ${{ github.workspace }} steps: - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: persist-credentials: false submodules: recursive diff --git a/.github/workflows/superset-translations.yml b/.github/workflows/superset-translations.yml index 6b2a6aa3c6..9f735518fd 100644 --- a/.github/workflows/superset-translations.yml +++ b/.github/workflows/superset-translations.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: persist-credentials: false submodules: recursive @@ -38,7 +38,7 @@ jobs: python-version: [3.8] steps: - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: persist-credentials: false submodules: recursive diff --git a/.github/workflows/superset-websocket.yml b/.github/workflows/superset-websocket.yml index 2f4b0aea04..770ec54df4 100644 --- a/.github/workflows/superset-websocket.yml +++ b/.github/workflows/superset-websocket.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )" - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: persist-credentials: false - name: Install dependencies diff --git a/.github/workflows/welcome-new-users.yml b/.github/workflows/welcome-new-users.yml index ae16bf49c6..0144e20892 100644 --- a/.github/workflows/welcome-new-users.yml +++ b/.github/workflows/welcome-new-users.yml @@ -15,7 +15,7 @@ jobs: uses: actions/first-interaction@v1 continue-on-error: true with: - repo-token: ${{ secrets.GITHUB_TOKEN }} + repo-token: ${{ github.token }} pr-message: |- Congrats on making your first PR and thank you for contributing to Superset! :tada: :heart: