fix: Use Spring's native CSRF protection, and fix login page #7394
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: PR Automation test suite | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
on: | |
pull_request: | |
branches: | |
- release | |
- master | |
- pg | |
types: [ labeled, synchronize ] | |
jobs: | |
checkTestLabel: | |
runs-on: ubuntu-latest | |
outputs: | |
ok_to_test: ${{ steps.checkLabel.outputs.ok_to_test }} | |
steps: | |
- name: Check PR Label | |
id: checkLabel | |
uses: actions/github-script@v7 | |
with: | |
# This script will check if the PR has ok-to-test label. | |
# To avoid being dependent on the event which triggered this workflow, | |
# we will always get the pull request labels directly from the context | |
# It will later set the output to be "true" or "false". | |
script: | | |
const labels = context.payload.pull_request.labels.map(label => label.name); | |
if (labels.includes("ok-to-test")) { | |
console.log("Label 'ok-to-test' is present"); | |
core.setOutput("ok_to_test", "true"); | |
} else { | |
console.log("Label 'ok-to-test' is not present"); | |
core.setOutput("ok_to_test", "false"); | |
} | |
mark-stale: | |
needs: [ checkTestLabel ] | |
if: needs.checkTestLabel.outputs.ok_to_test == 'false' | |
runs-on: ubuntu-latest | |
permissions: | |
pull-requests: write | |
defaults: | |
run: | |
shell: bash | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
# In case of a no label present, mark the Cypress status to be stale | |
- name: Mark the Cypress response to be stale | |
uses: actions/github-script@v7 | |
env: | |
NODE_PATH: "${{ github.workspace }}/.github/workflows/scripts" | |
BODY: | | |
Tests have not run on the HEAD ${{ github.event.pull_request.head.sha }} yet | |
with: | |
script: | | |
require("write-cypress-status.js")({core, context, github}, "warning", process.env.BODY) | |
parse-tags: | |
needs: [ checkTestLabel ] | |
if: needs.checkTestLabel.outputs.ok_to_test == 'true' | |
runs-on: ubuntu-latest | |
permissions: | |
pull-requests: write | |
defaults: | |
run: | |
shell: bash | |
outputs: | |
tags: ${{ steps.parseTags.outputs.tags }} | |
spec: ${{ steps.parseTags.outputs.spec }} | |
matrix: ${{ steps.checkAll.outputs.matrix }} | |
steps: | |
# Checkout the code in the current branch in case the workflow is called because of a branch push event | |
- name: Checkout the head commit of the branch | |
uses: actions/checkout@v4 | |
with: | |
repository: appsmithorg/appsmith | |
# Reads the PR description to retrieve the /ok-to-test or, if that's absent, the /test command | |
- name: Read tags from PR description | |
uses: actions/github-script@v7 | |
id: parseTags | |
env: | |
NODE_PATH: "${{ github.workspace }}/.github/workflows/scripts" | |
with: | |
script: | | |
require("test-tag-parser.js")({core, context, github}) | |
# In case of a run with all test cases, allocate a larger matrix | |
- name: Check if @tag.All is present in tags | |
id: checkAll | |
run: | | |
if [[ -n "${{ steps.parseTags.outputs.spec }}" ]]; then | |
echo "matrix=[0]" >> $GITHUB_OUTPUT | |
else | |
tags="${{ steps.parseTags.outputs.tags }}" | |
if [[ $tags == "@tag.All" ]]; then | |
echo "matrix=[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59]" >> $GITHUB_OUTPUT | |
else | |
echo "matrix=[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19]" >> $GITHUB_OUTPUT | |
fi | |
fi | |
# In case of a runnable command, update the PR with run details | |
- name: Add test response with link to workflow run | |
uses: actions/github-script@v7 | |
env: | |
NODE_PATH: "${{ github.workspace }}/.github/workflows/scripts" | |
BODY: | | |
Your tests are running. | |
Tests running at: <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}> | |
Commit: ${{ github.event.pull_request.head.sha }} | |
Workflow: `${{ github.workflow }}` | |
Tags: `${{ steps.parseTags.outputs.tags }}` | |
Spec: `${{ steps.parseTags.outputs.spec }}` | |
with: | |
script: | | |
require("write-cypress-status.js")({core, context, github}, "important", process.env.BODY) | |
# Call the workflow to run Cypress tests | |
perform-test: | |
needs: [ parse-tags ] | |
if: success() | |
uses: ./.github/workflows/pr-cypress.yml | |
secrets: inherit | |
with: | |
tags: ${{ needs.parse-tags.outputs.tags}} | |
spec: ${{ needs.parse-tags.outputs.spec}} | |
matrix: ${{ needs.parse-tags.outputs.matrix}} | |
is-pg-build: ${{ github.event.pull_request.base.ref == 'pg' }} |