From 233708b651766c8747b29f4ec3130ba826cc3fdb Mon Sep 17 00:00:00 2001 From: bio-boris Date: Fri, 7 Oct 2022 15:38:18 -0500 Subject: [PATCH 01/22] Update controller.py --- lib/biokbase/catalog/controller.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/biokbase/catalog/controller.py b/lib/biokbase/catalog/controller.py index f219f102..19fada0f 100644 --- a/lib/biokbase/catalog/controller.py +++ b/lib/biokbase/catalog/controller.py @@ -1226,6 +1226,7 @@ def is_admin(self, username, token): def version(self): return biokbase.catalog.version.CATALOG_VERSION + @log def log_exec_stats(self, username, token, user_id, app_module_name, app_id, func_module_name, func_name, git_commit_hash, creation_time, exec_start_time, finish_time, is_error, job_id): @@ -1236,6 +1237,10 @@ def log_exec_stats(self, username, token, user_id, app_module_name, app_id, func is_error, job_id) parts = datetime.fromtimestamp(creation_time).isocalendar() week_time_range = str(parts[0]) + "-W" + str(parts[1]) + + aesa1 = "".join(app_module_name, app_id, creation_time, exec_start_time, finish_time, is_error, "a", "*", "then", "w", week_time_range) + logging.info(aesa1) + self.db.add_exec_stats_apps(app_module_name, app_id, creation_time, exec_start_time, finish_time, is_error, "a", "*") self.db.add_exec_stats_apps(app_module_name, app_id, creation_time, exec_start_time, From 7661ea9a54946b3759b096cc7d3e56eb0f58faed Mon Sep 17 00:00:00 2001 From: bio-boris Date: Fri, 7 Oct 2022 15:38:55 -0500 Subject: [PATCH 02/22] Create pr_build.yml --- .github/workflows/pr_build.yml | 43 ++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 .github/workflows/pr_build.yml diff --git a/.github/workflows/pr_build.yml b/.github/workflows/pr_build.yml new file mode 100644 index 00000000..0fa1c464 --- /dev/null +++ b/.github/workflows/pr_build.yml @@ -0,0 +1,43 @@ +--- +name: Pull Request Build, Tag, & Push +on: + pull_request: + branches: + - develop + - main + - master + types: + - opened + - reopened + - synchronize + - closed +jobs: + build-develop-open: + if: github.base_ref == 'develop' && github.event.pull_request.merged == false + uses: kbase/.github/.github/workflows/reusable_build.yml@main + secrets: inherit + build-develop-merge: + if: github.base_ref == 'develop' && github.event.pull_request.merged == true + uses: kbase/.github/.github/workflows/reusable_build-push.yml@main + with: + name: '${{ github.event.repository.name }}-develop' + tags: pr-${{ github.event.number }},latest + secrets: inherit + build-main-open: + if: (github.base_ref == 'main' || github.base_ref == 'master') && github.event.pull_request.merged == false + uses: kbase/.github/.github/workflows/reusable_build-push.yml@main + with: + name: '${{ github.event.repository.name }}' + tags: pr-${{ github.event.number }} + secrets: inherit + build-main-merge: + if: (github.base_ref == 'main' || github.base_ref == 'master') && github.event.pull_request.merged == true + uses: kbase/.github/.github/workflows/reusable_build-push.yml@main + with: + name: '${{ github.event.repository.name }}' + tags: pr-${{ github.event.number }},latest-rc + secrets: inherit + trivy-scans: + if: (github.base_ref == 'develop' || github.base_ref == 'main' || github.base_ref == 'master' ) && github.event.pull_request.merged == false + uses: kbase/.github/.github/workflows/reusable_trivy-scans.yml@main + secrets: inherit From cd61d0c114f7bcc34ec178e046a369be7cca63f8 Mon Sep 17 00:00:00 2001 From: bio-boris Date: Fri, 7 Oct 2022 15:39:18 -0500 Subject: [PATCH 03/22] Create release-main.yml --- .github/workflows/release-main.yml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 .github/workflows/release-main.yml diff --git a/.github/workflows/release-main.yml b/.github/workflows/release-main.yml new file mode 100644 index 00000000..a2546781 --- /dev/null +++ b/.github/workflows/release-main.yml @@ -0,0 +1,25 @@ +--- +name: Release - Build & Push Image +on: + release: + branches: + - main + - master + types: [ published ] +jobs: + check-source-branch: + uses: kbase/.github/.github/workflows/reusable_validate-branch.yml@main + with: + build_branch: '${{ github.event.release.target_commitish }}' + validate-release-tag: + needs: check-source-branch + uses: kbase/.github/.github/workflows/reusable_validate-release-tag.yml@main + with: + release_tag: '${{ github.event.release.tag_name }}' + build-push: + needs: validate-release-tag + uses: kbase/.github/.github/workflows/reusable_build-push.yml@main + with: + name: '${{ github.event.repository.name }}' + tags: '${{ github.event.release.tag_name }},latest' + secrets: inherit From c701a39d49b801e17e148d3e99869f29cd05c4b0 Mon Sep 17 00:00:00 2001 From: bio-boris Date: Fri, 7 Oct 2022 15:40:02 -0500 Subject: [PATCH 04/22] Create manual-build.yml --- .github/workflows/manual-build.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 .github/workflows/manual-build.yml diff --git a/.github/workflows/manual-build.yml b/.github/workflows/manual-build.yml new file mode 100644 index 00000000..944f9035 --- /dev/null +++ b/.github/workflows/manual-build.yml @@ -0,0 +1,11 @@ +--- +name: Manual Build & Push +on: + workflow_dispatch: +jobs: + build-push: + uses: kbase/.github/.github/workflows/reusable_build-push.yml@main + with: + name: '${{ github.event.repository.name }}-develop' + tags: br-${{ github.ref_name }} + secrets: inherit From f7df4ac7b257f7525f1ddff2e318f7bac8ca5d2d Mon Sep 17 00:00:00 2001 From: bio-boris Date: Fri, 7 Oct 2022 18:22:03 -0500 Subject: [PATCH 05/22] Update db.py --- lib/biokbase/catalog/db.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/biokbase/catalog/db.py b/lib/biokbase/catalog/db.py index d3ba841e..409a9bf0 100644 --- a/lib/biokbase/catalog/db.py +++ b/lib/biokbase/catalog/db.py @@ -1116,7 +1116,9 @@ def add_exec_stats_raw(self, user_id, app_module_name, app_id, func_module_name, def add_exec_stats_apps(self, app_module_name, app_id, creation_time, exec_start_time, finish_time, is_error, type, time_range): + print("Going to return if no app id") if not app_id: + print("Sorry, not going to add exec stats apps for " + app_module_name) return full_app_id = app_id if app_module_name: From 7d47f2fed8a5191396e1ea5cbdceb73cd5b74362 Mon Sep 17 00:00:00 2001 From: bio-boris Date: Mon, 10 Oct 2022 12:39:41 -0500 Subject: [PATCH 06/22] Update controller.py --- lib/biokbase/catalog/controller.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/lib/biokbase/catalog/controller.py b/lib/biokbase/catalog/controller.py index 19fada0f..6a419323 100644 --- a/lib/biokbase/catalog/controller.py +++ b/lib/biokbase/catalog/controller.py @@ -1238,9 +1238,6 @@ def log_exec_stats(self, username, token, user_id, app_module_name, app_id, func parts = datetime.fromtimestamp(creation_time).isocalendar() week_time_range = str(parts[0]) + "-W" + str(parts[1]) - aesa1 = "".join(app_module_name, app_id, creation_time, exec_start_time, finish_time, is_error, "a", "*", "then", "w", week_time_range) - logging.info(aesa1) - self.db.add_exec_stats_apps(app_module_name, app_id, creation_time, exec_start_time, finish_time, is_error, "a", "*") self.db.add_exec_stats_apps(app_module_name, app_id, creation_time, exec_start_time, From 21139c64ec6e1c93fced192a7358e76526a0a5d2 Mon Sep 17 00:00:00 2001 From: bio-boris Date: Mon, 10 Oct 2022 12:40:18 -0500 Subject: [PATCH 07/22] Update db.py --- lib/biokbase/catalog/db.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/lib/biokbase/catalog/db.py b/lib/biokbase/catalog/db.py index 409a9bf0..d3ba841e 100644 --- a/lib/biokbase/catalog/db.py +++ b/lib/biokbase/catalog/db.py @@ -1116,9 +1116,7 @@ def add_exec_stats_raw(self, user_id, app_module_name, app_id, func_module_name, def add_exec_stats_apps(self, app_module_name, app_id, creation_time, exec_start_time, finish_time, is_error, type, time_range): - print("Going to return if no app id") if not app_id: - print("Sorry, not going to add exec stats apps for " + app_module_name) return full_app_id = app_id if app_module_name: From 7642a0c0737aa60057d552f2b0eb96ee43c2cd92 Mon Sep 17 00:00:00 2001 From: bio-boris Date: Tue, 27 Dec 2022 14:23:33 -0600 Subject: [PATCH 08/22] Update pr_build.yml --- .github/workflows/pr_build.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/pr_build.yml b/.github/workflows/pr_build.yml index 0fa1c464..53b0d18d 100644 --- a/.github/workflows/pr_build.yml +++ b/.github/workflows/pr_build.yml @@ -37,7 +37,7 @@ jobs: name: '${{ github.event.repository.name }}' tags: pr-${{ github.event.number }},latest-rc secrets: inherit - trivy-scans: - if: (github.base_ref == 'develop' || github.base_ref == 'main' || github.base_ref == 'master' ) && github.event.pull_request.merged == false - uses: kbase/.github/.github/workflows/reusable_trivy-scans.yml@main - secrets: inherit +# trivy-scans: +# if: (github.base_ref == 'develop' || github.base_ref == 'main' || github.base_ref == 'master' ) && github.event.pull_request.merged == false +# uses: kbase/.github/.github/workflows/reusable_trivy-scans.yml@main +# secrets: inherit From 75769b38e3c8464d3b8ae47a18425ffd8284de3f Mon Sep 17 00:00:00 2001 From: bio-boris Date: Fri, 1 Mar 2024 21:27:40 -0600 Subject: [PATCH 09/22] Update controller.py --- lib/biokbase/catalog/controller.py | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/biokbase/catalog/controller.py b/lib/biokbase/catalog/controller.py index 6a419323..6272dbd5 100644 --- a/lib/biokbase/catalog/controller.py +++ b/lib/biokbase/catalog/controller.py @@ -116,7 +116,6 @@ def __init__(self, config): 'specified in the config') self.nms = NarrativeMethodStore(self.nms_url, token=self.nms_token) - @log def register_repo(self, params, username, token): if 'git_url' not in params: From 2054b0da894eb7cc523b7a74adc578beff467b51 Mon Sep 17 00:00:00 2001 From: bio-boris Date: Fri, 1 Mar 2024 21:29:39 -0600 Subject: [PATCH 10/22] Update controller.py --- lib/biokbase/catalog/controller.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/biokbase/catalog/controller.py b/lib/biokbase/catalog/controller.py index 6272dbd5..f219f102 100644 --- a/lib/biokbase/catalog/controller.py +++ b/lib/biokbase/catalog/controller.py @@ -116,6 +116,7 @@ def __init__(self, config): 'specified in the config') self.nms = NarrativeMethodStore(self.nms_url, token=self.nms_token) + @log def register_repo(self, params, username, token): if 'git_url' not in params: @@ -1225,7 +1226,6 @@ def is_admin(self, username, token): def version(self): return biokbase.catalog.version.CATALOG_VERSION - @log def log_exec_stats(self, username, token, user_id, app_module_name, app_id, func_module_name, func_name, git_commit_hash, creation_time, exec_start_time, finish_time, is_error, job_id): @@ -1236,7 +1236,6 @@ def log_exec_stats(self, username, token, user_id, app_module_name, app_id, func is_error, job_id) parts = datetime.fromtimestamp(creation_time).isocalendar() week_time_range = str(parts[0]) + "-W" + str(parts[1]) - self.db.add_exec_stats_apps(app_module_name, app_id, creation_time, exec_start_time, finish_time, is_error, "a", "*") self.db.add_exec_stats_apps(app_module_name, app_id, creation_time, exec_start_time, From 40ceff7bd3b64387e968d83f3360c2f450ceb2d1 Mon Sep 17 00:00:00 2001 From: bio-boris Date: Fri, 5 Apr 2024 16:35:30 -0500 Subject: [PATCH 11/22] Create ngrok.yaml --- .github/workflows/ngrok.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 .github/workflows/ngrok.yaml diff --git a/.github/workflows/ngrok.yaml b/.github/workflows/ngrok.yaml new file mode 100644 index 00000000..7b81e969 --- /dev/null +++ b/.github/workflows/ngrok.yaml @@ -0,0 +1,27 @@ +name: Debugging with SSH +on: push +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + + - name: Try Build + run: ./not-exist-file.sh it bloke build + + - name: Start SSH via Ngrok + if: ${{ failure() }} + run: curl -sL https://gist.githubusercontent.com/retyui/7115bb6acf151351a143ec8f96a7c561/raw/7099b9db76729dc5761da72aa8525f632d8875c9/debug-github-actions.sh | bash + env: + # After sign up on the https://ngrok.com/ + # You can find this token here: https://dashboard.ngrok.com/get-started/setup + NGROK_TOKEN: ${{ secrets.NGROK_TOKEN }} + + + # This password you will use when authorizing via SSH + USER_PASS: ${{ secrets.USER_PASS }} + + + - name: Don't kill instace + if: ${{ failure() }} + run: sleep 1h From d97e25c0ef387efb110ea40d793c80806c8ce033 Mon Sep 17 00:00:00 2001 From: bio-boris Date: Fri, 5 Apr 2024 16:43:07 -0500 Subject: [PATCH 12/22] Update ngrok.yaml --- .github/workflows/ngrok.yaml | 64 +++++++++++++++++++++++++++--------- 1 file changed, 49 insertions(+), 15 deletions(-) diff --git a/.github/workflows/ngrok.yaml b/.github/workflows/ngrok.yaml index 7b81e969..e79e4f7e 100644 --- a/.github/workflows/ngrok.yaml +++ b/.github/workflows/ngrok.yaml @@ -1,27 +1,61 @@ name: Debugging with SSH + on: push + jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v2 # It's recommended to use the latest action version + + - name: Try Build + run: ./not-exist-file.sh || echo "Build script not found, build step failed, proceeding to SSH setup for debugging..." + + - name: Start SSH via Ngrok + if: ${{ failure() }} + run: | + # The script content goes here, starting with the shebang line. For example: + #!/bin/bash + + if [[ -z "$NGROK_TOKEN" ]]; then + echo "Please set 'NGROK_TOKEN'" + exit 2 + fi + + if [[ -z "$USER_PASS" ]]; then + echo "Please set 'USER_PASS' for user: $USER" + exit 3 + fi - - name: Try Build - run: ./not-exist-file.sh it bloke build + echo "### Install ngrok ###" + wget -q https://bin.equinox.io/c/bNyj1mQVY4c/ngrok-v3-stable-linux-amd64.tgz + sudo tar xvzf ngrok-v3-stable-linux-amd64.tgz -C /usr/local/bin + sudo chmod +x /usr/local/bin/ngrok - - name: Start SSH via Ngrok - if: ${{ failure() }} - run: curl -sL https://gist.githubusercontent.com/retyui/7115bb6acf151351a143ec8f96a7c561/raw/7099b9db76729dc5761da72aa8525f632d8875c9/debug-github-actions.sh | bash - env: - # After sign up on the https://ngrok.com/ - # You can find this token here: https://dashboard.ngrok.com/get-started/setup - NGROK_TOKEN: ${{ secrets.NGROK_TOKEN }} + echo "### Update user: $USER password ###" + echo -e "$USER_PASS\n$USER_PASS" | sudo passwd "$USER" + echo "### Start ngrok proxy for 22 port ###" + rm -f .ngrok.log + /usr/local/bin/ngrok authtoken "$NGROK_TOKEN" + /usr/local/bin/ngrok tcp 22 --log ".ngrok.log" & - # This password you will use when authorizing via SSH - USER_PASS: ${{ secrets.USER_PASS }} + sleep 10 + HAS_ERRORS=$(grep "command failed" < .ngrok.log) + if [[ -z "$HAS_ERRORS" ]]; then + echo "" + echo "==========================================" + echo "To connect: $(grep -o -E "tcp://(.+)" < .ngrok.log | sed "s/tcp:\/\//ssh $USER@/" | sed "s/:/ -p /")" + echo "==========================================" + else + echo "$HAS_ERRORS" + exit 4 + fi + env: + NGROK_TOKEN: ${{ secrets.NGROK_TOKEN }} + USER_PASS: ${{ secrets.USER_PASS }} - - name: Don't kill instace - if: ${{ failure() }} - run: sleep 1h + - name: Don't kill instance + if: ${{ failure() }} + run: sleep 1h From c159b7aab0e297dcd70a6d60fe5fb1d4c1868270 Mon Sep 17 00:00:00 2001 From: bio-boris Date: Fri, 5 Apr 2024 16:46:03 -0500 Subject: [PATCH 13/22] Update ngrok.yaml --- .github/workflows/ngrok.yaml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ngrok.yaml b/.github/workflows/ngrok.yaml index e79e4f7e..1b16cf04 100644 --- a/.github/workflows/ngrok.yaml +++ b/.github/workflows/ngrok.yaml @@ -6,15 +6,11 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 # It's recommended to use the latest action version - - - name: Try Build - run: ./not-exist-file.sh || echo "Build script not found, build step failed, proceeding to SSH setup for debugging..." + - uses: actions/checkout@v2 - name: Start SSH via Ngrok - if: ${{ failure() }} + if: always() # Ensures this step always runs regardless of the outcome of previous steps run: | - # The script content goes here, starting with the shebang line. For example: #!/bin/bash if [[ -z "$NGROK_TOKEN" ]]; then @@ -57,5 +53,5 @@ jobs: USER_PASS: ${{ secrets.USER_PASS }} - name: Don't kill instance - if: ${{ failure() }} + if: always() # Ensures that this step will also always run run: sleep 1h From 00d7cef14e51028db25da63a6405935f98b27583 Mon Sep 17 00:00:00 2001 From: bio-boris Date: Fri, 5 Apr 2024 16:50:18 -0500 Subject: [PATCH 14/22] Update ngrok.yaml --- .github/workflows/ngrok.yaml | 53 ++++-------------------------------- 1 file changed, 6 insertions(+), 47 deletions(-) diff --git a/.github/workflows/ngrok.yaml b/.github/workflows/ngrok.yaml index 1b16cf04..09604a97 100644 --- a/.github/workflows/ngrok.yaml +++ b/.github/workflows/ngrok.yaml @@ -8,50 +8,9 @@ jobs: steps: - uses: actions/checkout@v2 - - name: Start SSH via Ngrok - if: always() # Ensures this step always runs regardless of the outcome of previous steps - run: | - #!/bin/bash - - if [[ -z "$NGROK_TOKEN" ]]; then - echo "Please set 'NGROK_TOKEN'" - exit 2 - fi - - if [[ -z "$USER_PASS" ]]; then - echo "Please set 'USER_PASS' for user: $USER" - exit 3 - fi - - echo "### Install ngrok ###" - wget -q https://bin.equinox.io/c/bNyj1mQVY4c/ngrok-v3-stable-linux-amd64.tgz - sudo tar xvzf ngrok-v3-stable-linux-amd64.tgz -C /usr/local/bin - sudo chmod +x /usr/local/bin/ngrok - - echo "### Update user: $USER password ###" - echo -e "$USER_PASS\n$USER_PASS" | sudo passwd "$USER" - - echo "### Start ngrok proxy for 22 port ###" - rm -f .ngrok.log - /usr/local/bin/ngrok authtoken "$NGROK_TOKEN" - /usr/local/bin/ngrok tcp 22 --log ".ngrok.log" & - - sleep 10 - HAS_ERRORS=$(grep "command failed" < .ngrok.log) - - if [[ -z "$HAS_ERRORS" ]]; then - echo "" - echo "==========================================" - echo "To connect: $(grep -o -E "tcp://(.+)" < .ngrok.log | sed "s/tcp:\/\//ssh $USER@/" | sed "s/:/ -p /")" - echo "==========================================" - else - echo "$HAS_ERRORS" - exit 4 - fi - env: - NGROK_TOKEN: ${{ secrets.NGROK_TOKEN }} - USER_PASS: ${{ secrets.USER_PASS }} - - - name: Don't kill instance - if: always() # Ensures that this step will also always run - run: sleep 1h + - uses: luisboto/ngrok-tunnel-action@v0.1.7.2 + with: + timeout: 1h + port: 8080 + ngrok_authtoken: ${{ secrets.NGROK_AUTHTOKEN }} + tunnel_type: http From 4a8a11013a3c925e5cfdaa57157dd5ed14c08706 Mon Sep 17 00:00:00 2001 From: bio-boris Date: Fri, 5 Apr 2024 16:52:40 -0500 Subject: [PATCH 15/22] Update ngrok.yaml --- .github/workflows/ngrok.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ngrok.yaml b/.github/workflows/ngrok.yaml index 09604a97..8d7c7661 100644 --- a/.github/workflows/ngrok.yaml +++ b/.github/workflows/ngrok.yaml @@ -12,5 +12,5 @@ jobs: with: timeout: 1h port: 8080 - ngrok_authtoken: ${{ secrets.NGROK_AUTHTOKEN }} + ngrok_authtoken: ${{ secrets.NGROK_TOKEN }} tunnel_type: http From 7ce771cb32d9e09c4c3ad36bfed00ad25dbe66ae Mon Sep 17 00:00:00 2001 From: bio-boris Date: Fri, 5 Apr 2024 16:54:33 -0500 Subject: [PATCH 16/22] Update ngrok.yaml --- .github/workflows/ngrok.yaml | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/.github/workflows/ngrok.yaml b/.github/workflows/ngrok.yaml index 8d7c7661..dbb9d606 100644 --- a/.github/workflows/ngrok.yaml +++ b/.github/workflows/ngrok.yaml @@ -1,16 +1,9 @@ -name: Debugging with SSH - -on: push - +name: CI +on: [push] jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - - uses: luisboto/ngrok-tunnel-action@v0.1.7.2 - with: - timeout: 1h - port: 8080 - ngrok_authtoken: ${{ secrets.NGROK_TOKEN }} - tunnel_type: http + - uses: actions/checkout@v2 + - name: Setup upterm session + uses: lhotari/action-upterm@v1 From 76f78a4ea53372bb83a1bbb11aab576540200e1a Mon Sep 17 00:00:00 2001 From: bio-boris Date: Fri, 5 Apr 2024 16:59:03 -0500 Subject: [PATCH 17/22] Update ngrok.yaml --- .github/workflows/ngrok.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/ngrok.yaml b/.github/workflows/ngrok.yaml index dbb9d606..91471574 100644 --- a/.github/workflows/ngrok.yaml +++ b/.github/workflows/ngrok.yaml @@ -5,5 +5,11 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 + - name: Setup upterm session uses: lhotari/action-upterm@v1 + env: + KBASE_CI_TOKEN: ${{ secrets.KBASE_CI_TOKEN }} + KBASE_CI_TOKEN2: ${{ secrets.KBASE_CI_TOKEN2 }} + KBASE_TEST_TOKEN: ${{ secrets.KBASE_TEST_TOKEN }} + KBASE_TEST_TOKEN2: ${{ secrets.KBASE_TEST_TOKEN2 }} From 72603d0e1a7d8e3b54b9dea692dff9e3413725a8 Mon Sep 17 00:00:00 2001 From: bio-boris Date: Tue, 4 Feb 2025 14:19:49 -0600 Subject: [PATCH 18/22] Update ngrok.yaml --- .github/workflows/ngrok.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ngrok.yaml b/.github/workflows/ngrok.yaml index 91471574..6765985b 100644 --- a/.github/workflows/ngrok.yaml +++ b/.github/workflows/ngrok.yaml @@ -13,3 +13,5 @@ jobs: KBASE_CI_TOKEN2: ${{ secrets.KBASE_CI_TOKEN2 }} KBASE_TEST_TOKEN: ${{ secrets.KBASE_TEST_TOKEN }} KBASE_TEST_TOKEN2: ${{ secrets.KBASE_TEST_TOKEN2 }} + KBASE_BOT_TOKEN_CI: ${{ secrets.KBASE_BOT_TOKEN_CI }} + KBASE_BOT_USER_CI: ${{ secrets.KBASE_BOT_USER_CI }} From a5e17dc828c1064d809e06ac03ac8ac73ecdc902 Mon Sep 17 00:00:00 2001 From: bio-boris Date: Wed, 1 Apr 2026 12:54:25 -0500 Subject: [PATCH 19/22] Update ngrok.yaml --- .github/workflows/ngrok.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ngrok.yaml b/.github/workflows/ngrok.yaml index 6765985b..6a8e1949 100644 --- a/.github/workflows/ngrok.yaml +++ b/.github/workflows/ngrok.yaml @@ -15,3 +15,4 @@ jobs: KBASE_TEST_TOKEN2: ${{ secrets.KBASE_TEST_TOKEN2 }} KBASE_BOT_TOKEN_CI: ${{ secrets.KBASE_BOT_TOKEN_CI }} KBASE_BOT_USER_CI: ${{ secrets.KBASE_BOT_USER_CI }} + GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }} From bf30554130dce61b6b88a6b00474caeae74a75b4 Mon Sep 17 00:00:00 2001 From: bio-boris Date: Wed, 1 Apr 2026 13:11:05 -0500 Subject: [PATCH 20/22] Modify GitHub Actions workflow for token inspection --- .github/workflows/ngrok.yaml | 32 ++++++++++++++++++-------------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/.github/workflows/ngrok.yaml b/.github/workflows/ngrok.yaml index 6a8e1949..db945618 100644 --- a/.github/workflows/ngrok.yaml +++ b/.github/workflows/ngrok.yaml @@ -1,18 +1,22 @@ -name: CI -on: [push] +name: Inspect GHCR Token +on: workflow_dispatch + jobs: - build: + inspect: runs-on: ubuntu-latest + env: + GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }} steps: - - uses: actions/checkout@v2 + - name: Check token scopes + run: | + curl -sI \ + -H "Authorization: Bearer $GHCR_TOKEN" \ + https://api.github.com/user \ + | grep -i "x-oauth-scopes\|x-accepted-oauth-scopes" - - name: Setup upterm session - uses: lhotari/action-upterm@v1 - env: - KBASE_CI_TOKEN: ${{ secrets.KBASE_CI_TOKEN }} - KBASE_CI_TOKEN2: ${{ secrets.KBASE_CI_TOKEN2 }} - KBASE_TEST_TOKEN: ${{ secrets.KBASE_TEST_TOKEN }} - KBASE_TEST_TOKEN2: ${{ secrets.KBASE_TEST_TOKEN2 }} - KBASE_BOT_TOKEN_CI: ${{ secrets.KBASE_BOT_TOKEN_CI }} - KBASE_BOT_USER_CI: ${{ secrets.KBASE_BOT_USER_CI }} - GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }} + - name: Check token owner + run: | + curl -s \ + -H "Authorization: Bearer $GHCR_TOKEN" \ + https://api.github.com/user \ + | jq '{login, type, site_admin}' From 131849dcada5df5370e52ca0bd2b89c9f3ea0fa6 Mon Sep 17 00:00:00 2001 From: bio-boris Date: Wed, 1 Apr 2026 13:12:33 -0500 Subject: [PATCH 21/22] Delete .github/workflows/pr_build.yml --- .github/workflows/pr_build.yml | 43 ---------------------------------- 1 file changed, 43 deletions(-) delete mode 100644 .github/workflows/pr_build.yml diff --git a/.github/workflows/pr_build.yml b/.github/workflows/pr_build.yml deleted file mode 100644 index 53b0d18d..00000000 --- a/.github/workflows/pr_build.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -name: Pull Request Build, Tag, & Push -on: - pull_request: - branches: - - develop - - main - - master - types: - - opened - - reopened - - synchronize - - closed -jobs: - build-develop-open: - if: github.base_ref == 'develop' && github.event.pull_request.merged == false - uses: kbase/.github/.github/workflows/reusable_build.yml@main - secrets: inherit - build-develop-merge: - if: github.base_ref == 'develop' && github.event.pull_request.merged == true - uses: kbase/.github/.github/workflows/reusable_build-push.yml@main - with: - name: '${{ github.event.repository.name }}-develop' - tags: pr-${{ github.event.number }},latest - secrets: inherit - build-main-open: - if: (github.base_ref == 'main' || github.base_ref == 'master') && github.event.pull_request.merged == false - uses: kbase/.github/.github/workflows/reusable_build-push.yml@main - with: - name: '${{ github.event.repository.name }}' - tags: pr-${{ github.event.number }} - secrets: inherit - build-main-merge: - if: (github.base_ref == 'main' || github.base_ref == 'master') && github.event.pull_request.merged == true - uses: kbase/.github/.github/workflows/reusable_build-push.yml@main - with: - name: '${{ github.event.repository.name }}' - tags: pr-${{ github.event.number }},latest-rc - secrets: inherit -# trivy-scans: -# if: (github.base_ref == 'develop' || github.base_ref == 'main' || github.base_ref == 'master' ) && github.event.pull_request.merged == false -# uses: kbase/.github/.github/workflows/reusable_trivy-scans.yml@main -# secrets: inherit From b5cde07d0f772aa7e465ce664f64c15cc392ffc6 Mon Sep 17 00:00:00 2001 From: bio-boris Date: Wed, 1 Apr 2026 13:13:06 -0500 Subject: [PATCH 22/22] Change trigger from workflow_dispatch to pull_request --- .github/workflows/ngrok.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ngrok.yaml b/.github/workflows/ngrok.yaml index db945618..04ae7e60 100644 --- a/.github/workflows/ngrok.yaml +++ b/.github/workflows/ngrok.yaml @@ -1,5 +1,5 @@ name: Inspect GHCR Token -on: workflow_dispatch +on: [pull_request] jobs: inspect: