Skip to content

Commit da5fa9b

Browse files
ales-otfales-otf
authored
Enable workflows to run on forks #1742 
2 parents 1f41b5e + 7d952e6 commit da5fa9b

File tree

2 files changed

+32
-14
lines changed

2 files changed

+32
-14
lines changed

.github/workflows/require-clean-merges.yml

Lines changed: 22 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,14 @@ jobs:
3434
else
3535
echo "MERGE_BRANCHES=devnet-ready devnet testnet main" >> $GITHUB_ENV
3636
fi
37+
38+
- name: Add Fork Remote and Fetch PR Branch
39+
if: github.event.pull_request.head.repo.fork == true
40+
run: |
41+
PR_BRANCH="${{ github.event.pull_request.head.ref }}"
42+
PR_FORK="${{ github.event.pull_request.head.repo.clone_url }}"
43+
git remote add fork $PR_FORK
44+
git fetch --no-tags --prune fork $PR_BRANCH
3745
3846
- name: Check Merge Cleanliness
3947
run: |
@@ -42,25 +50,33 @@ jobs:
4250
echo "Fetching all branches..."
4351
git fetch --all --prune
4452
53+
if [[ "${{github.event.pull_request.head.repo.fork}}" == "true" ]]; then
54+
PR_BRANCH_REF="fork/$PR_BRANCH"
55+
echo "Using fork reference: $PR_BRANCH_REF"
56+
else
57+
PR_BRANCH_REF="origin/$PR_BRANCH"
58+
echo "Using origin reference: $PR_BRANCH_REF"
59+
fi
60+
4561
echo "Checking out PR branch: $PR_BRANCH"
46-
git checkout $PR_BRANCH
47-
git reset --hard origin/$PR_BRANCH
62+
git checkout $PR_BRANCH_REF
63+
git reset --hard $PR_BRANCH_REF
4864
4965
# Configure a temporary Git identity to allow merging
5066
git config --local user.email "[email protected]"
5167
git config --local user.name "GitHub Actions"
5268
5369
for branch in $MERGE_BRANCHES; do
54-
echo "Checking merge from $branch into $PR_BRANCH..."
70+
echo "Checking merge from $branch into $PR_BRANCH_REF..."
5571
5672
# Ensure PR branch is up to date
57-
git reset --hard origin/$PR_BRANCH
73+
git reset --hard $PR_BRANCH_REF
5874
5975
# Merge without committing to check for conflicts
6076
if git merge --no-commit --no-ff origin/$branch; then
61-
echo "✅ Merge from $branch into $PR_BRANCH is clean."
77+
echo "✅ Merge from $branch into $PR_BRANCH_REF is clean."
6278
else
63-
echo "❌ Merge conflict detected when merging $branch into $PR_BRANCH"
79+
echo "❌ Merge conflict detected when merging $branch into $PR_BRANCH_REF"
6480
exit 1
6581
fi
6682

.github/workflows/run-benchmarks.yml

Lines changed: 10 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -24,18 +24,20 @@ jobs:
2424
if: ${{ env.SKIP_BENCHMARKS != '1' }}
2525
uses: actions/checkout@v4
2626
with:
27-
ref: ${{ github.head_ref }}
27+
repository: ${{ github.event.pull_request.head.repo.full_name }}
28+
ref: ${{ github.event.pull_request.head.ref }}
2829
fetch-depth: 0
2930

3031
- name: Install GitHub CLI
31-
if: ${{ env.SKIP_BENCHMARKS != '1' }}
32+
# We disallow skipping benchmarks for PRs from forks to avoid exposing secrets
33+
if: ${{ github.event.pull_request.head.repo.full_name == github.repository && env.SKIP_BENCHMARKS != '1' }}
3234
run: |
3335
sudo apt-get update
3436
sudo apt-get install -y gh
3537
echo "${{ secrets.GITHUB_TOKEN }}" | gh auth login --with-token
3638
3739
- name: Check skip label
38-
if: ${{ env.SKIP_BENCHMARKS != '1' }}
40+
if: ${{ github.event.pull_request.head.repo.full_name == github.repository && env.SKIP_BENCHMARKS != '1' }}
3941
run: |
4042
labels=$(gh pr view ${{ github.event.pull_request.number }} --json labels --jq '.labels[].name')
4143
if echo "$labels" | grep -q "skip-validate-benchmarks"; then
@@ -50,7 +52,7 @@ jobs:
5052
sudo apt-get install -y clang curl libssl-dev llvm libudev-dev protobuf-compiler
5153
5254
- name: Check skip label
53-
if: ${{ env.SKIP_BENCHMARKS != '1' }}
55+
if: ${{ github.event.pull_request.head.repo.full_name == github.repository && env.SKIP_BENCHMARKS != '1' }}
5456
run: |
5557
labels=$(gh pr view ${{ github.event.pull_request.number }} --json labels --jq '.labels[].name')
5658
if echo "$labels" | grep -q "skip-validate-benchmarks"; then
@@ -66,7 +68,7 @@ jobs:
6668
toolchain: stable
6769

6870
- name: Check skip label
69-
if: ${{ env.SKIP_BENCHMARKS != '1' }}
71+
if: ${{ github.event.pull_request.head.repo.full_name == github.repository && env.SKIP_BENCHMARKS != '1' }}
7072
run: |
7173
labels=$(gh pr view ${{ github.event.pull_request.number }} --json labels --jq '.labels[].name')
7274
if echo "$labels" | grep -q "skip-validate-benchmarks"; then
@@ -81,7 +83,7 @@ jobs:
8183
key: bench-${{ hashFiles('**/Cargo.lock') }}
8284

8385
- name: Check skip label
84-
if: ${{ env.SKIP_BENCHMARKS != '1' }}
86+
if: ${{ github.event.pull_request.head.repo.full_name == github.repository && env.SKIP_BENCHMARKS != '1' }}
8587
run: |
8688
labels=$(gh pr view ${{ github.event.pull_request.number }} --json labels --jq '.labels[].name')
8789
if echo "$labels" | grep -q "skip-validate-benchmarks"; then
@@ -95,7 +97,7 @@ jobs:
9597
cargo build --profile production -p node-subtensor --features runtime-benchmarks
9698
9799
- name: Check skip label
98-
if: ${{ env.SKIP_BENCHMARKS != '1' }}
100+
if: ${{ github.event.pull_request.head.repo.full_name == github.repository && env.SKIP_BENCHMARKS != '1' }}
99101
run: |
100102
labels=$(gh pr view ${{ github.event.pull_request.number }} --json labels --jq '.labels[].name')
101103
if echo "$labels" | grep -q "skip-validate-benchmarks"; then
@@ -110,7 +112,7 @@ jobs:
110112
./scripts/benchmark_action.sh
111113
112114
- name: Check skip label after run
113-
if: ${{ env.SKIP_BENCHMARKS != '1' }}
115+
if: ${{ github.event.pull_request.head.repo.full_name == github.repository && env.SKIP_BENCHMARKS != '1' }}
114116
run: |
115117
labels=$(gh pr view ${{ github.event.pull_request.number }} --json labels --jq '.labels[].name')
116118
if echo "$labels" | grep -q "skip-validate-benchmarks"; then

0 commit comments

Comments
 (0)