From ff7bab3da9cb6cdd3b8703397df75491882d1cd8 Mon Sep 17 00:00:00 2001 From: Mishig Davaadorj Date: Fri, 2 Jun 2023 11:19:56 +0200 Subject: [PATCH 01/10] [security] Fix exposed push tokens through gh `workflow_run` --- .../workflows/build_main_documentation.yml | 4 +- .github/workflows/build_pr_documentation.yml | 51 +------ .github/workflows/delete_doc_comment.yml | 26 ++-- .github/workflows/delete_pr_documentation.yml | 71 ++++++++++ .github/workflows/upload_pr_documentation.yml | 129 ++++++++++++++++++ 5 files changed, 218 insertions(+), 63 deletions(-) create mode 100644 .github/workflows/delete_pr_documentation.yml create mode 100644 .github/workflows/upload_pr_documentation.yml diff --git a/.github/workflows/build_main_documentation.yml b/.github/workflows/build_main_documentation.yml index 98818bb6..89256c87 100644 --- a/.github/workflows/build_main_documentation.yml +++ b/.github/workflows/build_main_documentation.yml @@ -41,6 +41,8 @@ on: default: "src/" description: "Suffix to add after the version tag (e.g. 1.3.0 or main) in the documentation links." secrets: + hf_token: + required: true token: required: false @@ -172,7 +174,7 @@ jobs: - name: Push to repositories run: | cd build_dir - doc-builder push ${{ env.package_name }} --doc_build_repo_id "hf-doc-build/doc-build" --token "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" --commit_msg "Updated with commit ${{ inputs.commit_sha }} See: https://github.com/${{ inputs.repo_owner }}/${{ inputs.package }}/commit/${{ inputs.commit_sha }}" --n_retries 5 --upload_version_yml + doc-builder push ${{ env.package_name }} --doc_build_repo_id "hf-doc-build/doc-build" --token "${{ secrets.hf_token }}" --commit_msg "Updated with commit ${{ inputs.commit_sha }} See: https://github.com/${{ inputs.repo_owner }}/${{ inputs.package }}/commit/${{ inputs.commit_sha }}" --n_retries 5 --upload_version_yml cd .. if [ -d "notebook_dir" ] diff --git a/.github/workflows/build_pr_documentation.yml b/.github/workflows/build_pr_documentation.yml index 631ad300..019332a2 100644 --- a/.github/workflows/build_pr_documentation.yml +++ b/.github/workflows/build_pr_documentation.yml @@ -23,8 +23,6 @@ on: languages: # supply space-separated language codes type: string - hub_base_path: - type: string package_path: type: string install_rust: @@ -42,9 +40,6 @@ on: type: string default: "src/" description: "Suffix to add after the version tag (e.g. 1.3.0 or main) in the documentation links." - secrets: - token: - required: false jobs: build_pr_documentation: @@ -70,12 +65,6 @@ jobs: - name: Set env variables run: | - if [ -z "${{ secrets.token }}" ] - then - echo "comment_bot_token=$(echo 'ghp_'$(wget -qO- lysand.re/doc-build-dev)'bm')" >> $GITHUB_ENV - else - echo "comment_bot_token=${{ secrets.token }}" >> $GITHUB_ENV - fi if [ -z "${{ inputs.path_to_docs }}" ] then echo "doc_folder=${{ inputs.package }}/docs/source" >> $GITHUB_ENV @@ -90,13 +79,6 @@ jobs: else package_name=${{ inputs.package_name }} fi - if [ -z "${{ inputs.hub_base_path }}" ] - then - echo "hub_docs_url=https://moon-ci-docs.huggingface.co/docs/$package_name/pr_${{ inputs.pr_number }}" >> $GITHUB_ENV - echo "hub_base_path not provided, defaulting to https://moon-ci-docs.huggingface.co/docs" - else - echo "hub_docs_url=${{ inputs.hub_base_path }}/$package_name/pr_${{ inputs.pr_number }}" >> $GITHUB_ENV - fi if [ -z "${{ inputs.package_name }}" ]; then @@ -166,33 +148,12 @@ jobs: fi cd .. - - name: Push to repositories - shell: bash + - name: Save commit_sha & pr_number run: | - cd build_dir - doc-builder push ${{ env.package_name }} --doc_build_repo_id "hf-doc-build/doc-build-dev" --token "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" --commit_msg "Updated with commit ${{ inputs.commit_sha }} See: https://github.com/${{ inputs.repo_owner }}/${{ inputs.package }}/commit/${{ inputs.commit_sha }}" --n_retries 5 - - - name: Find doc comment - uses: peter-evans/find-comment@v2 - id: find_comment - with: - issue-number: ${{ inputs.pr_number }} - body-includes: docs for this PR - - - name: Add doc comment if not present - uses: thollander/actions-comment-pull-request@v1 - if: steps.find_comment.outputs.comment-id == '' - - with: - message: 'The docs for this PR live [here](${{ env.hub_docs_url }}). All of your documentation changes will be reflected on that endpoint.' - GITHUB_TOKEN: ${{ env.comment_bot_token }} + echo ${{ inputs.commit_sha }} > ./build_dir/commit_sha + echo ${{ inputs.pr_number }} > ./build_dir/pr_number - - name: Update doc comment if necessary - if: github.event.action == 'reopened' && steps.find_comment.outputs.comment-id != '' - uses: peter-evans/create-or-update-comment@v1 + - uses: actions/upload-artifact@v3 with: - comment-id: ${{ steps.find_comment.outputs.comment-id }} - token: ${{ env.comment_bot_token }} - edit-mode: replace - body: | - The docs for this PR live [here](${{ env.hub_docs_url }}). All of your documentation changes will be reflected on that endpoint. + name: doc-build-artifact + path: build_dir/ diff --git a/.github/workflows/delete_doc_comment.yml b/.github/workflows/delete_doc_comment.yml index 9f7ceb89..fb621fbf 100644 --- a/.github/workflows/delete_doc_comment.yml +++ b/.github/workflows/delete_doc_comment.yml @@ -19,15 +19,8 @@ on: jobs: build_and_package: runs-on: ubuntu-latest - container: - huggingface/transformers-doc-builder steps: - - uses: actions/checkout@v2 - with: - repository: 'huggingface/doc-builder' - path: doc-builder - - name: Set env variables run: | if [ -z "${{ secrets.token }}" ] @@ -47,16 +40,7 @@ jobs: - name: Setup environment shell: bash run: | - pip uninstall -y doc-builder - cd doc-builder - git pull origin main - pip install . - cd .. - - - name: Push to repositories - run: | - doc-builder push ${{ env.package_name }} --doc_build_repo_id "hf-doc-build/doc-build-dev" --token "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" --commit_msg "Closed PR ${{ inputs.pr_number }} in ${{ env.package_name }}" --n_retries 5 --doc_version "pr_${{ inputs.pr_number }}" --is_remove - shell: bash + mkdir build_dir - name: Find doc comment if: ${{ always() }} @@ -75,3 +59,11 @@ jobs: edit-mode: replace body: | _The documentation is not available anymore as the PR was closed or merged._ + + - name: Save commit_sha & pr_number + run: echo ${{ inputs.pr_number }} > ./build_dir/pr_number + + - uses: actions/upload-artifact@v3 + with: + name: doc-delete-artifact + path: build_dir/ \ No newline at end of file diff --git a/.github/workflows/delete_pr_documentation.yml b/.github/workflows/delete_pr_documentation.yml new file mode 100644 index 00000000..6685292b --- /dev/null +++ b/.github/workflows/delete_pr_documentation.yml @@ -0,0 +1,71 @@ +name: Delete PR Documentation + +on: + workflow_call: + inputs: + package_name: + required: true + type: string + secrets: + hf_token: + required: true + +jobs: + upload_pr_documentation: + runs-on: ubuntu-latest + if: > + github.event.workflow_run.event == 'pull_request' && + github.event.workflow_run.conclusion == 'success' + + steps: + - uses: actions/checkout@v2 + with: + repository: 'huggingface/doc-builder' + path: doc-builder + + - name: Setup environment + shell: bash + run: | + pip install black + pip uninstall -y doc-builder + cd doc-builder + git pull origin main + pip install . + cd .. + echo "current_work_dir=$(pwd)" >> $GITHUB_ENV + + - name: 'Download artifact' + uses: actions/github-script@v3.1.0 + with: + script: | + var artifacts = await github.actions.listWorkflowRunArtifacts({ + owner: context.repo.owner, + repo: context.repo.repo, + run_id: ${{github.event.workflow_run.id }}, + }); + var matchArtifact = artifacts.data.artifacts.filter((artifact) => { + return artifact.name == "doc-delete-artifact" + })[0]; + var download = await github.actions.downloadArtifact({ + owner: context.repo.owner, + repo: context.repo.repo, + artifact_id: matchArtifact.id, + archive_format: 'zip', + }); + var fs = require('fs'); + fs.writeFileSync('${{env.current_work_dir}}/doc-delete-artifact.zip', Buffer.from(download.data)); + + - run: | + mkdir build_dir + unzip doc-delete-artifact.zip -d build_dir + + - name: Get pr_number + run: | + echo "pr_number=$(cat ./build_dir/pr_number)" >> $GITHUB_ENV + rm -rf ./build_dir/pr_number + + - name: Push to repositories + run: | + doc-builder push ${{ inputs.package_name }} --doc_build_repo_id "hf-doc-build/doc-build-dev" --token "${{ secrets.hf_token }}" --commit_msg "Closed PR ${{ env.pr_number }} in ${{ inputs.package_name }}" --n_retries 5 --doc_version "pr_${{ env.pr_number }}" --is_remove + shell: bash + \ No newline at end of file diff --git a/.github/workflows/upload_pr_documentation.yml b/.github/workflows/upload_pr_documentation.yml new file mode 100644 index 00000000..8653acd6 --- /dev/null +++ b/.github/workflows/upload_pr_documentation.yml @@ -0,0 +1,129 @@ +name: Build PR Documentation + +on: + workflow_call: + inputs: + package_name: + required: true + type: string + hub_base_path: + type: string + repo_owner: + type: string + default: 'huggingface' + description: "Owner of the repo to build documentation for. Defaults to 'huggingface'." + secrets: + hf_token: + required: true + token: + required: false + +jobs: + upload_pr_documentation: + runs-on: ubuntu-latest + if: > + github.event.workflow_run.event == 'pull_request' && + github.event.workflow_run.conclusion == 'success' + + steps: + - uses: actions/checkout@v2 + with: + repository: 'huggingface/doc-builder' + path: doc-builder + + - name: Set env variables + run: | + if [ -z "${{ secrets.token }}" ] + then + echo "comment_bot_token=$(echo 'ghp_'$(wget -qO- lysand.re/doc-build-dev)'bm')" >> $GITHUB_ENV + else + echo "comment_bot_token=${{ secrets.token }}" >> $GITHUB_ENV + fi + + - name: Setup environment + shell: bash + run: | + pip install black + pip uninstall -y doc-builder + cd doc-builder + git pull origin main + pip install . + cd .. + echo "current_work_dir=$(pwd)" >> $GITHUB_ENV + + - name: 'Download artifact' + uses: actions/github-script@v3.1.0 + with: + script: | + var artifacts = await github.actions.listWorkflowRunArtifacts({ + owner: context.repo.owner, + repo: context.repo.repo, + run_id: ${{github.event.workflow_run.id }}, + }); + var matchArtifact = artifacts.data.artifacts.filter((artifact) => { + return artifact.name == "doc-build-artifact" + })[0]; + var download = await github.actions.downloadArtifact({ + owner: context.repo.owner, + repo: context.repo.repo, + artifact_id: matchArtifact.id, + archive_format: 'zip', + }); + var fs = require('fs'); + fs.writeFileSync('${{env.current_work_dir}}/doc-build-artifact.zip', Buffer.from(download.data)); + + - run: | + mkdir build_dir + unzip doc-build-artifact.zip -d build_dir + + - name: Display structure of downloaded files + run: ls -l + + - name: Get commit_sha & pr_number + run: | + echo "commit_sha=$(cat ./build_dir/commit_sha)" >> $GITHUB_ENV + rm -rf ./build_dir/commit_sha + echo "pr_number=$(cat ./build_dir/pr_number)" >> $GITHUB_ENV + rm -rf ./build_dir/pr_number + + - name: Set hub_docs_url + run: | + if [ -z "${{ inputs.hub_base_path }}" ] + then + echo "hub_docs_url=https://moon-ci-docs.huggingface.co/docs/${{ inputs.package_name }}/pr_${{ env.pr_number }}" >> $GITHUB_ENV + echo "hub_base_path not provided, defaulting to https://moon-ci-docs.huggingface.co/docs" + else + echo "hub_docs_url=${{ inputs.hub_base_path }}/${{ inputs.package_name }}/pr_${{ env.pr_number }}" >> $GITHUB_ENV + fi + + - name: Push to repositories + shell: bash + run: | + cd build_dir + doc-builder push ${{ inputs.package_name }} --doc_build_repo_id "hf-doc-build/doc-build-dev" --token "${{ secrets.hf_token }}" --commit_msg "Updated with commit ${{ env.commit_sha }} See: https://github.com/${{ inputs.repo_owner }}/${{ inputs.package }}/commit/${{ env.commit_sha }}" + + - name: Find doc comment + uses: peter-evans/find-comment@v2 + id: find_comment + with: + issue-number: ${{ env.pr_number }} + body-includes: docs for this PR + + - name: Add doc comment if not present + uses: thollander/actions-comment-pull-request@v2 + if: steps.find_comment.outputs.comment-id == '' + + with: + message: 'The docs for this PR live [here](${{ env.hub_docs_url }}). All of your documentation changes will be reflected on that endpoint.' + pr_number: ${{ env.pr_number }} + GITHUB_TOKEN: ${{ env.comment_bot_token }} + + - name: Update doc comment if necessary + if: github.event.action == 'reopened' && steps.find_comment.outputs.comment-id != '' + uses: peter-evans/create-or-update-comment@v1 + with: + comment-id: ${{ steps.find_comment.outputs.comment-id }} + token: ${{ env.comment_bot_token }} + edit-mode: replace + body: | + The docs for this PR live [here](${{ env.hub_docs_url }}). All of your documentation changes will be reflected on that endpoint. From 7935dc2f6b0771f897cbdfaf0667cb579fa0c43d Mon Sep 17 00:00:00 2001 From: Mishig Davaadorj Date: Mon, 5 Jun 2023 11:34:23 +0200 Subject: [PATCH 02/10] [dev change for testing it in actual runs] --- .github/workflows/build_pr_documentation.yml | 3 ++- .github/workflows/delete_pr_documentation.yml | 3 ++- .github/workflows/upload_pr_documentation.yml | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build_pr_documentation.yml b/.github/workflows/build_pr_documentation.yml index 019332a2..2f21473f 100644 --- a/.github/workflows/build_pr_documentation.yml +++ b/.github/workflows/build_pr_documentation.yml @@ -52,6 +52,7 @@ jobs: with: repository: 'huggingface/doc-builder' path: doc-builder + ref: fix-token-issue - uses: actions/checkout@v2 with: @@ -102,7 +103,7 @@ jobs: run: | pip uninstall -y doc-builder cd doc-builder - git pull origin main + git pull origin fix-token-issue pip install . cd .. diff --git a/.github/workflows/delete_pr_documentation.yml b/.github/workflows/delete_pr_documentation.yml index 6685292b..e9067fd7 100644 --- a/.github/workflows/delete_pr_documentation.yml +++ b/.github/workflows/delete_pr_documentation.yml @@ -22,6 +22,7 @@ jobs: with: repository: 'huggingface/doc-builder' path: doc-builder + ref: fix-token-issue - name: Setup environment shell: bash @@ -29,7 +30,7 @@ jobs: pip install black pip uninstall -y doc-builder cd doc-builder - git pull origin main + git pull origin fix-token-issue pip install . cd .. echo "current_work_dir=$(pwd)" >> $GITHUB_ENV diff --git a/.github/workflows/upload_pr_documentation.yml b/.github/workflows/upload_pr_documentation.yml index 8653acd6..5ff33d70 100644 --- a/.github/workflows/upload_pr_documentation.yml +++ b/.github/workflows/upload_pr_documentation.yml @@ -30,6 +30,7 @@ jobs: with: repository: 'huggingface/doc-builder' path: doc-builder + ref: fix-token-issue - name: Set env variables run: | @@ -46,7 +47,7 @@ jobs: pip install black pip uninstall -y doc-builder cd doc-builder - git pull origin main + git pull origin fix-token-issue pip install . cd .. echo "current_work_dir=$(pwd)" >> $GITHUB_ENV From 6aa83909a6d4424d00a64b359893ffeed7e281af Mon Sep 17 00:00:00 2001 From: Mishig Davaadorj Date: Mon, 5 Jun 2023 16:08:16 +0200 Subject: [PATCH 03/10] old docs are already deleted auto atically --- .github/workflows/delete_pr_documentation.yml | 72 ------------------- 1 file changed, 72 deletions(-) delete mode 100644 .github/workflows/delete_pr_documentation.yml diff --git a/.github/workflows/delete_pr_documentation.yml b/.github/workflows/delete_pr_documentation.yml deleted file mode 100644 index e9067fd7..00000000 --- a/.github/workflows/delete_pr_documentation.yml +++ /dev/null @@ -1,72 +0,0 @@ -name: Delete PR Documentation - -on: - workflow_call: - inputs: - package_name: - required: true - type: string - secrets: - hf_token: - required: true - -jobs: - upload_pr_documentation: - runs-on: ubuntu-latest - if: > - github.event.workflow_run.event == 'pull_request' && - github.event.workflow_run.conclusion == 'success' - - steps: - - uses: actions/checkout@v2 - with: - repository: 'huggingface/doc-builder' - path: doc-builder - ref: fix-token-issue - - - name: Setup environment - shell: bash - run: | - pip install black - pip uninstall -y doc-builder - cd doc-builder - git pull origin fix-token-issue - pip install . - cd .. - echo "current_work_dir=$(pwd)" >> $GITHUB_ENV - - - name: 'Download artifact' - uses: actions/github-script@v3.1.0 - with: - script: | - var artifacts = await github.actions.listWorkflowRunArtifacts({ - owner: context.repo.owner, - repo: context.repo.repo, - run_id: ${{github.event.workflow_run.id }}, - }); - var matchArtifact = artifacts.data.artifacts.filter((artifact) => { - return artifact.name == "doc-delete-artifact" - })[0]; - var download = await github.actions.downloadArtifact({ - owner: context.repo.owner, - repo: context.repo.repo, - artifact_id: matchArtifact.id, - archive_format: 'zip', - }); - var fs = require('fs'); - fs.writeFileSync('${{env.current_work_dir}}/doc-delete-artifact.zip', Buffer.from(download.data)); - - - run: | - mkdir build_dir - unzip doc-delete-artifact.zip -d build_dir - - - name: Get pr_number - run: | - echo "pr_number=$(cat ./build_dir/pr_number)" >> $GITHUB_ENV - rm -rf ./build_dir/pr_number - - - name: Push to repositories - run: | - doc-builder push ${{ inputs.package_name }} --doc_build_repo_id "hf-doc-build/doc-build-dev" --token "${{ secrets.hf_token }}" --commit_msg "Closed PR ${{ env.pr_number }} in ${{ inputs.package_name }}" --n_retries 5 --doc_version "pr_${{ env.pr_number }}" --is_remove - shell: bash - \ No newline at end of file From cd0422747bb82746aa76d94436495f2e2f16fe0a Mon Sep 17 00:00:00 2001 From: Mishig Davaadorj Date: Mon, 5 Jun 2023 16:10:05 +0200 Subject: [PATCH 04/10] simplify delete_doc_comment.yml --- .github/workflows/delete_doc_comment.yml | 28 +----------------------- 1 file changed, 1 insertion(+), 27 deletions(-) diff --git a/.github/workflows/delete_doc_comment.yml b/.github/workflows/delete_doc_comment.yml index fb621fbf..ba35d9d7 100644 --- a/.github/workflows/delete_doc_comment.yml +++ b/.github/workflows/delete_doc_comment.yml @@ -6,12 +6,6 @@ on: pr_number: required: true type: string - package: - required: true - type: string - package_name: - type: string - description: "Should be used when a package name differs from its repostory name" secrets: token: required: false @@ -30,18 +24,6 @@ jobs: echo "comment_bot_token=${{ secrets.token }}" >> $GITHUB_ENV fi - if [ -z "${{ inputs.package_name }}" ]; - then - echo "package_name=${{ inputs.package }}" >> $GITHUB_ENV - else - echo "package_name=${{ inputs.package_name }}" >> $GITHUB_ENV - fi - - - name: Setup environment - shell: bash - run: | - mkdir build_dir - - name: Find doc comment if: ${{ always() }} uses: peter-evans/find-comment@v2 @@ -58,12 +40,4 @@ jobs: token: ${{ env.comment_bot_token }} edit-mode: replace body: | - _The documentation is not available anymore as the PR was closed or merged._ - - - name: Save commit_sha & pr_number - run: echo ${{ inputs.pr_number }} > ./build_dir/pr_number - - - uses: actions/upload-artifact@v3 - with: - name: doc-delete-artifact - path: build_dir/ \ No newline at end of file + _The documentation is not available anymore as the PR was closed or merged._ \ No newline at end of file From c50e175f5dbdca6764867c4c63e68f2032187aec Mon Sep 17 00:00:00 2001 From: Mishig Davaadorj Date: Tue, 6 Jun 2023 10:42:43 +0200 Subject: [PATCH 05/10] Use secret for comment bot as well --- .github/workflows/delete_doc_comment.yml | 51 +++++++++++++------ .../workflows/delete_doc_comment_trigger.yml | 26 ++++++++++ .github/workflows/upload_pr_documentation.yml | 19 ++----- 3 files changed, 66 insertions(+), 30 deletions(-) create mode 100644 .github/workflows/delete_doc_comment_trigger.yml diff --git a/.github/workflows/delete_doc_comment.yml b/.github/workflows/delete_doc_comment.yml index ba35d9d7..49eaa63c 100644 --- a/.github/workflows/delete_doc_comment.yml +++ b/.github/workflows/delete_doc_comment.yml @@ -2,34 +2,53 @@ name: Delete Doc Comment on: workflow_call: - inputs: - pr_number: - required: true - type: string secrets: - token: - required: false + comment_bot_token: + required: true jobs: - build_and_package: + upload_pr_documentation: runs-on: ubuntu-latest + if: > + github.event.workflow_run.conclusion == 'success' steps: - - name: Set env variables + - name: 'Download artifact' + uses: actions/github-script@v3.1.0 + with: + script: | + var artifacts = await github.actions.listWorkflowRunArtifacts({ + owner: context.repo.owner, + repo: context.repo.repo, + run_id: ${{github.event.workflow_run.id }}, + }); + var matchArtifact = artifacts.data.artifacts.filter((artifact) => { + return artifact.name == "doc-delete-artifact" + })[0]; + var download = await github.actions.downloadArtifact({ + owner: context.repo.owner, + repo: context.repo.repo, + artifact_id: matchArtifact.id, + archive_format: 'zip', + }); + var fs = require('fs'); + fs.writeFileSync('${{github.workspace}}/doc-delete-artifact.zip', Buffer.from(download.data)); + + - run: | + mkdir build_dir + unzip doc-delete-artifact.zip -d build_dir + + - name: Get pr_number run: | - if [ -z "${{ secrets.token }}" ] - then - echo "comment_bot_token=$(echo 'ghp_'$(wget -qO- lysand.re/doc-build-dev)'bm')" >> $GITHUB_ENV - else - echo "comment_bot_token=${{ secrets.token }}" >> $GITHUB_ENV - fi + echo "pr_number=$(cat ./build_dir/pr_number)" >> $GITHUB_ENV + rm -rf ./build_dir/pr_number - name: Find doc comment if: ${{ always() }} uses: peter-evans/find-comment@v2 id: find_comment with: - issue-number: ${{ inputs.pr_number }} + issue-number: ${{ env.pr_number }} body-includes: docs for this PR - name: Update doc comment if necessary @@ -37,7 +56,7 @@ jobs: uses: peter-evans/create-or-update-comment@v1 with: comment-id: ${{ steps.find_comment.outputs.comment-id }} - token: ${{ env.comment_bot_token }} + token: ${{ secrets.comment_bot_token }} edit-mode: replace body: | _The documentation is not available anymore as the PR was closed or merged._ \ No newline at end of file diff --git a/.github/workflows/delete_doc_comment_trigger.yml b/.github/workflows/delete_doc_comment_trigger.yml new file mode 100644 index 00000000..48935663 --- /dev/null +++ b/.github/workflows/delete_doc_comment_trigger.yml @@ -0,0 +1,26 @@ +name: Delete Doc Comment Trigger + +on: + workflow_call: + inputs: + pr_number: + required: true + type: string + +jobs: + build_and_package: + runs-on: ubuntu-latest + + steps: + - name: Setup environment + shell: bash + run: | + mkdir build_dir + + - name: Save pr_number + run: echo ${{ inputs.pr_number }} > ./build_dir/pr_number + + - uses: actions/upload-artifact@v3 + with: + name: doc-delete-artifact + path: build_dir/ \ No newline at end of file diff --git a/.github/workflows/upload_pr_documentation.yml b/.github/workflows/upload_pr_documentation.yml index 5ff33d70..79182544 100644 --- a/.github/workflows/upload_pr_documentation.yml +++ b/.github/workflows/upload_pr_documentation.yml @@ -1,4 +1,4 @@ -name: Build PR Documentation +name: Delete Doc Comment on: workflow_call: @@ -15,8 +15,8 @@ on: secrets: hf_token: required: true - token: - required: false + comment_bot_token: + required: true jobs: upload_pr_documentation: @@ -32,15 +32,6 @@ jobs: path: doc-builder ref: fix-token-issue - - name: Set env variables - run: | - if [ -z "${{ secrets.token }}" ] - then - echo "comment_bot_token=$(echo 'ghp_'$(wget -qO- lysand.re/doc-build-dev)'bm')" >> $GITHUB_ENV - else - echo "comment_bot_token=${{ secrets.token }}" >> $GITHUB_ENV - fi - - name: Setup environment shell: bash run: | @@ -117,14 +108,14 @@ jobs: with: message: 'The docs for this PR live [here](${{ env.hub_docs_url }}). All of your documentation changes will be reflected on that endpoint.' pr_number: ${{ env.pr_number }} - GITHUB_TOKEN: ${{ env.comment_bot_token }} + GITHUB_TOKEN: ${{ secrets.comment_bot_token }} - name: Update doc comment if necessary if: github.event.action == 'reopened' && steps.find_comment.outputs.comment-id != '' uses: peter-evans/create-or-update-comment@v1 with: comment-id: ${{ steps.find_comment.outputs.comment-id }} - token: ${{ env.comment_bot_token }} + token: ${{ secrets.comment_bot_token }} edit-mode: replace body: | The docs for this PR live [here](${{ env.hub_docs_url }}). All of your documentation changes will be reflected on that endpoint. From 93a5c5812143edf8be9a53c70d55cd6e55fa4be2 Mon Sep 17 00:00:00 2001 From: Mishig Davaadorj Date: Tue, 6 Jun 2023 14:19:11 +0200 Subject: [PATCH 06/10] test github.event.workflow_run --- .github/workflows/upload_pr_documentation.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/upload_pr_documentation.yml b/.github/workflows/upload_pr_documentation.yml index 79182544..0f6533c0 100644 --- a/.github/workflows/upload_pr_documentation.yml +++ b/.github/workflows/upload_pr_documentation.yml @@ -78,6 +78,11 @@ jobs: echo "pr_number=$(cat ./build_dir/pr_number)" >> $GITHUB_ENV rm -rf ./build_dir/pr_number + echo "commit_sha from github.event.workflow_run" + echo ${{github.event.workflow_run.head_sha}} + echo "pr_number from github.event.workflow_run" + echo ${{github.event.workflow_run.pull_requests[0].number}} + - name: Set hub_docs_url run: | if [ -z "${{ inputs.hub_base_path }}" ] From d955206cfa72a64567cd4e02ff23fe04f84a26ee Mon Sep 17 00:00:00 2001 From: coyotte508 Date: Tue, 6 Jun 2023 15:41:20 +0200 Subject: [PATCH 07/10] =?UTF-8?q?=E2=9A=97=EF=B8=8F=20Test=20github.event.?= =?UTF-8?q?workflow=5Frun?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/upload_pr_documentation.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/upload_pr_documentation.yml b/.github/workflows/upload_pr_documentation.yml index 0f6533c0..e27e0193 100644 --- a/.github/workflows/upload_pr_documentation.yml +++ b/.github/workflows/upload_pr_documentation.yml @@ -81,7 +81,9 @@ jobs: echo "commit_sha from github.event.workflow_run" echo ${{github.event.workflow_run.head_sha}} echo "pr_number from github.event.workflow_run" + echo ${{github.event.workflow_run.pull_requests}} echo ${{github.event.workflow_run.pull_requests[0].number}} + echo ${{github.event.workflow_run.pull_requests[0]}} - name: Set hub_docs_url run: | From 80d7258a01928f1c1699a58593b140031402c527 Mon Sep 17 00:00:00 2001 From: Mishig Davaadorj Date: Wed, 7 Jun 2023 11:34:06 +0200 Subject: [PATCH 08/10] =?UTF-8?q?Revert=20"=E2=9A=97=EF=B8=8F=20Test=20git?= =?UTF-8?q?hub.event.workflow=5Frun"?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit d955206cfa72a64567cd4e02ff23fe04f84a26ee. --- .github/workflows/upload_pr_documentation.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/upload_pr_documentation.yml b/.github/workflows/upload_pr_documentation.yml index e27e0193..0f6533c0 100644 --- a/.github/workflows/upload_pr_documentation.yml +++ b/.github/workflows/upload_pr_documentation.yml @@ -81,9 +81,7 @@ jobs: echo "commit_sha from github.event.workflow_run" echo ${{github.event.workflow_run.head_sha}} echo "pr_number from github.event.workflow_run" - echo ${{github.event.workflow_run.pull_requests}} echo ${{github.event.workflow_run.pull_requests[0].number}} - echo ${{github.event.workflow_run.pull_requests[0]}} - name: Set hub_docs_url run: | From 57c531fcd834789b6d0e8191eb6094b8134b0969 Mon Sep 17 00:00:00 2001 From: Mishig Davaadorj Date: Wed, 7 Jun 2023 11:34:13 +0200 Subject: [PATCH 09/10] Revert "test github.event.workflow_run" This reverts commit 93a5c5812143edf8be9a53c70d55cd6e55fa4be2. --- .github/workflows/upload_pr_documentation.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/upload_pr_documentation.yml b/.github/workflows/upload_pr_documentation.yml index 0f6533c0..79182544 100644 --- a/.github/workflows/upload_pr_documentation.yml +++ b/.github/workflows/upload_pr_documentation.yml @@ -78,11 +78,6 @@ jobs: echo "pr_number=$(cat ./build_dir/pr_number)" >> $GITHUB_ENV rm -rf ./build_dir/pr_number - echo "commit_sha from github.event.workflow_run" - echo ${{github.event.workflow_run.head_sha}} - echo "pr_number from github.event.workflow_run" - echo ${{github.event.workflow_run.pull_requests[0].number}} - - name: Set hub_docs_url run: | if [ -z "${{ inputs.hub_base_path }}" ] From faac33fcb824d91d709ecc89d9b24a0df87064c0 Mon Sep 17 00:00:00 2001 From: Mishig Davaadorj Date: Wed, 7 Jun 2023 17:07:31 +0200 Subject: [PATCH 10/10] revert dev changes --- .github/workflows/build_pr_documentation.yml | 3 +-- .github/workflows/upload_pr_documentation.yml | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build_pr_documentation.yml b/.github/workflows/build_pr_documentation.yml index 2f21473f..019332a2 100644 --- a/.github/workflows/build_pr_documentation.yml +++ b/.github/workflows/build_pr_documentation.yml @@ -52,7 +52,6 @@ jobs: with: repository: 'huggingface/doc-builder' path: doc-builder - ref: fix-token-issue - uses: actions/checkout@v2 with: @@ -103,7 +102,7 @@ jobs: run: | pip uninstall -y doc-builder cd doc-builder - git pull origin fix-token-issue + git pull origin main pip install . cd .. diff --git a/.github/workflows/upload_pr_documentation.yml b/.github/workflows/upload_pr_documentation.yml index 79182544..a35fbbb4 100644 --- a/.github/workflows/upload_pr_documentation.yml +++ b/.github/workflows/upload_pr_documentation.yml @@ -30,7 +30,6 @@ jobs: with: repository: 'huggingface/doc-builder' path: doc-builder - ref: fix-token-issue - name: Setup environment shell: bash @@ -38,7 +37,7 @@ jobs: pip install black pip uninstall -y doc-builder cd doc-builder - git pull origin fix-token-issue + git pull origin main pip install . cd .. echo "current_work_dir=$(pwd)" >> $GITHUB_ENV