From 2d9731053673e9ac6b359e522cf0a65955722079 Mon Sep 17 00:00:00 2001 From: Chris Cranford Date: Thu, 6 Jan 2022 12:58:38 -0500 Subject: [PATCH] DBZ-4063 Support authenticating queries for internal issues --- .github/workflows/missing-commits-by-issue-key.yml | 14 +++++++++++++- .../list-missing-commits-by-issue-key.sh | 4 +++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/.github/workflows/missing-commits-by-issue-key.yml b/.github/workflows/missing-commits-by-issue-key.yml index f088a094d..7fb28d21a 100644 --- a/.github/workflows/missing-commits-by-issue-key.yml +++ b/.github/workflows/missing-commits-by-issue-key.yml @@ -1,5 +1,9 @@ name: Missing commits check +# The Jira access token for performing authenticated queries requires that the variable +# be passed to the workflow using WEBHOOK_TOKEN so that it can be properly masked. It +# is currently the only way to do this reliably with GitHub Actions. + on: workflow_dispatch: inputs: @@ -12,6 +16,9 @@ on: to_tag: description: 'The tag to end at (e.g. v1.8.0.Final)' required: true + WEBHOOK_TOKEN: + description: 'Your JIRA access token' + required: true jobs: script: @@ -20,5 +27,10 @@ jobs: - name: Checkout action uses: actions/checkout@v1 - name: Run script + env: + FIXED_VERSION: ${{ github.event.inputs.fixed_version }} + FROM_TAG: ${{ github.event.inputs.from_tag }} + TO_TAG: ${{ github.event.inputs.to_tag }} + WEBHOOK_TOKEN: ${{ github.event.inputs.WEBHOOK_TOKEN }} run: | - ./github-support/list-missing-commits-by-issue-key.sh ${{ github.event.inputs.fixed_version }} ${{ github.event.inputs.from_tag }} ${{ github.event.inputs.to_tag }} + ./github-support/list-missing-commits-by-issue-key.sh $FIXED_VERSION $FROM_TAG $TO_TAG $WEBHOOK_TOKEN diff --git a/github-support/list-missing-commits-by-issue-key.sh b/github-support/list-missing-commits-by-issue-key.sh index a1a75ca7b..fc3fe0fb2 100755 --- a/github-support/list-missing-commits-by-issue-key.sh +++ b/github-support/list-missing-commits-by-issue-key.sh @@ -9,6 +9,7 @@ if [ $# -eq 0 ]; then echo " fix-version : The Jira version for which issues will be compared against the Git history" echo " since-tag-name : The starting tag to begin inspecting Git history from" echo " to-tag-name : The ending tag to stop inspecting Git history to" + echo " jira-token : Your Jira access token for authentication" echo "" echo "An example of comparing the issues in Jira for 1.8.0.CR1 with Git history would be:" echo " ./list-missing-commits-by-issue-key.sh 1.8.0.CR1 v1.8.0.Beta1 v1.8.0.CR1" @@ -19,6 +20,7 @@ fi FIX_VERSION=$1 SINCE_TAG_NAME=$2 TO_TAG_NAME=$3 +JIRA_TOKEN=$4 DIR="$HOME/debezium-issues" @@ -42,7 +44,7 @@ declare -a DEBEZIUM_REPOS=("debezium" "debezium-connector-db2" "debezium-connect echo "Getting issues from Jira for project $PROJECT_NAME and version $FIX_VERSION" echo " components excluded: $EXCLUDED_JIRA_COMPONENTS" echo "" -curl --silent -X "GET" "$JIRA_URL/rest/api/2/search?jql=project=$PROJECT_NAME%20and%20fixVersion=$FIX_VERSION%20and%20component%20not%20in%20($EXCLUDED_JIRA_COMPONENTS)" | jq -r '.issues[].key' > "$ISSUE_KEYS" 2> /dev/null +curl --silent -X "GET" -H "Authorization: Bearer ${JIRA_TOKEN}" "$JIRA_URL/rest/api/2/search?jql=project=$PROJECT_NAME%20and%20fixVersion=$FIX_VERSION%20and%20component%20not%20in%20($EXCLUDED_JIRA_COMPONENTS)" | jq -r '.issues[].key' > "$ISSUE_KEYS" 2> /dev/null # Obtain all history between tags for each repository for REPO in "${DEBEZIUM_REPOS[@]}";