From 6c6699f3d2d15428575005a037b73bcb0b5bd0e4 Mon Sep 17 00:00:00 2001 From: lauren Date: Mon, 17 Mar 2025 14:13:02 -0400 Subject: [PATCH] [ci] Don't use third party action to push commits (#32648) In light of recent third party actions being compromised, let's just push the commit ourselves rather than use a third party action. We already detect if changes are needed, so the step will only run if so. I also added a `dry_run` option to the manual runs of this workflow for testing. --- [//]: # (BEGIN SAPLING FOOTER) Stack created with [Sapling](https://sapling-scm.com). Best reviewed with [ReviewStack](https://reviewstack.dev/facebook/react/pull/32648). * #32650 * #32649 * __->__ #32648 --- .../workflows/runtime_commit_artifacts.yml | 41 +++++++++++-------- 1 file changed, 23 insertions(+), 18 deletions(-) diff --git a/.github/workflows/runtime_commit_artifacts.yml b/.github/workflows/runtime_commit_artifacts.yml index 9e60606210..6b1cad2245 100644 --- a/.github/workflows/runtime_commit_artifacts.yml +++ b/.github/workflows/runtime_commit_artifacts.yml @@ -16,6 +16,11 @@ on: required: true default: false type: boolean + dry_run: + description: Perform a dry run (run everything except push) + required: true + default: false + type: boolean env: TZ: /usr/share/zoneinfo/America/Los_Angeles @@ -246,16 +251,16 @@ jobs: git status -u - name: Commit changes to branch if: inputs.force == true || steps.check_should_commit.outputs.should_commit == 'true' - uses: stefanzweifel/git-auto-commit-action@v5 - with: - commit_message: | - ${{ github.event.workflow_run.head_commit.message || format('Manual build of {0}', github.event.workflow_run.head_sha || github.sha) }} + run: | + git config --global user.email "${{ format('{0}@users.noreply.github.com', github.triggering_actor) }}" + git config --global user.name "${{ github.triggering_actor }}" - DiffTrain build for [${{ github.event.workflow_run.head_sha || github.sha }}](https://github.com/facebook/react/commit/${{ github.event.workflow_run.head_sha || github.sha }}) - branch: builds/facebook-www - commit_user_name: ${{ github.triggering_actor }} - commit_user_email: ${{ format('{0}@users.noreply.github.com', github.triggering_actor) }} - create_branch: true + git commit -m "${{ github.event.workflow_run.head_commit.message || format('Manual build of {0}', github.event.workflow_run.head_sha || github.sha) }} + + DiffTrain build for [${{ github.event.workflow_run.head_sha || github.sha }}](https://github.com/facebook/react/commit/${{ github.event.workflow_run.head_sha || github.sha }})" || echo "No changes to commit" + - name: Push changes to branch + if: inputs.dry_run == false && (inputs.force == true || steps.check_should_commit.outputs.should_commit == 'true') + run: git push commit_fbsource_artifacts: needs: download_artifacts @@ -413,13 +418,13 @@ jobs: git status - name: Commit changes to branch if: inputs.force == true || steps.check_should_commit.outputs.should_commit == 'true' - uses: stefanzweifel/git-auto-commit-action@v5 - with: - commit_message: | - ${{ github.event.workflow_run.head_commit.message || format('Manual build of {0}', github.event.workflow_run.head_sha || github.sha) }} + run: | + git config --global user.email "${{ format('{0}@users.noreply.github.com', github.triggering_actor) }}" + git config --global user.name "${{ github.triggering_actor }}" - DiffTrain build for [${{ github.event.workflow_run.head_sha || github.sha }}](https://github.com/facebook/react/commit/${{ github.event.workflow_run.head_sha || github.sha }}) - branch: builds/facebook-fbsource - commit_user_name: ${{ github.triggering_actor }} - commit_user_email: ${{ format('{0}@users.noreply.github.com', github.triggering_actor) }} - create_branch: true + git commit -m "${{ github.event.workflow_run.head_commit.message || format('Manual build of {0}', github.event.workflow_run.head_sha || github.sha) }} + + DiffTrain build for [${{ github.event.workflow_run.head_sha || github.sha }}](https://github.com/facebook/react/commit/${{ github.event.workflow_run.head_sha || github.sha }})" || echo "No changes to commit" + - name: Push changes to branch + if: inputs.dry_run == false && (inputs.force == true || steps.check_should_commit.outputs.should_commit == 'true') + run: git push