From aa8a1632688e1df3a7b4e51ef197f3cbeac6ef67 Mon Sep 17 00:00:00 2001 From: aptend Date: Wed, 11 Mar 2026 23:02:23 +0800 Subject: [PATCH 1/2] use token_action to pull --- .github/workflows/ci.yaml | 20 ++++++------------- .github/workflows/e2e-compose.yaml | 6 ++++++ .github/workflows/e2e-standalone.yaml | 7 +++++++ .github/workflows/e2e-upgrade.yaml | 8 ++++++++ .github/workflows/image-build.yaml | 4 ++++ .../workflows/merge-trigger-standalone.yaml | 5 +++++ .github/workflows/merge-trigger-tke.yaml | 4 +++- .github/workflows/release.yaml | 9 +++++++++ .github/workflows/robot.yaml | 3 +++ .github/workflows/utils.yaml | 3 +++ 10 files changed, 54 insertions(+), 15 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index ddc3b1a0..c4cad738 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -4,6 +4,9 @@ name: MatrixOne CI on: workflow_call: secrets: + TOKEN_ACTION: + description: "Token for checkout (e.g. pull from fork/private)" + required: false S3ENDPOINT: description: "S3ENDPOINT For Test" required: true @@ -76,6 +79,7 @@ jobs: - uses: actions/checkout@v6 with: + token: ${{ secrets.TOKEN_ACTION }} fetch-depth: "3" repository: ${{ github.event.pull_request.head.repo.full_name }} ref: ${{ github.event.pull_request.head.ref }} @@ -143,20 +147,6 @@ jobs: echo "steps.ut.conclusion: ${{ steps.ut.conclusion }}" echo "FAIL_UT_CASES=${fail_ut_cases}" echo "FAIL_UT_CASES=${fail_ut_cases}" >> $GITHUB_OUTPUT - - name: Insert Failed UT Cases to MOC - if: ${{ failure() }} - uses: matrixorigin/CI/actions/fail-ut-case@main - with: - action_time: ${{ steps.time.outputs.ACTION_TIME }} - ut_cases: ${{ steps.failed.outputs.FAIL_UT_CASES }} - pr_link: ${{ github.event.pull_request.html_url }} - action_link: ${{ steps.time.outputs.ACTION_LINK }} - job_time: ${{ steps.time.outputs.START_TIME }} - mo_host: ${{ secrets.EE_DB_ADDR }} - mo_port: ${{ secrets.EE_DB_PORT }} - mo_user: ${{ secrets.EE_DB_USER }} - mo_password: ${{ secrets.EE_DB_PASSWORD }} - mo_database: ${{ secrets.EE_DB_DB }} - name: Print the Top 10 Time-Consuming Tests if: ${{ always() }} continue-on-error: true @@ -173,6 +163,7 @@ jobs: steps: - uses: actions/checkout@v6 with: + token: ${{ secrets.TOKEN_ACTION }} fetch-depth: "3" repository: ${{ github.event.pull_request.head.repo.full_name }} ref: ${{ github.event.pull_request.head.ref }} @@ -211,6 +202,7 @@ jobs: steps: - uses: actions/checkout@v6 with: + token: ${{ secrets.TOKEN_ACTION }} fetch-depth: "3" repository: ${{ github.event.pull_request.head.repo.full_name }} ref: ${{ github.event.pull_request.head.ref }} diff --git a/.github/workflows/e2e-compose.yaml b/.github/workflows/e2e-compose.yaml index a2b36354..6614bd3a 100644 --- a/.github/workflows/e2e-compose.yaml +++ b/.github/workflows/e2e-compose.yaml @@ -2,6 +2,10 @@ name: MatrixOne Compose Test on: workflow_call: + secrets: + TOKEN_ACTION: + description: "Token for checkout (e.g. pull from fork/private)" + required: false jobs: bvt-docker-compose-push: @@ -24,6 +28,7 @@ jobs: - name: checkout uses: actions/checkout@v6 with: + token: ${{ secrets.TOKEN_ACTION }} fetch-depth: "3" repository: ${{ github.event.pull_request.head.repo.full_name }} ref: ${{ github.event.pull_request.head.ref }} @@ -194,6 +199,7 @@ jobs: - name: checkout uses: actions/checkout@v6 with: + token: ${{ secrets.TOKEN_ACTION }} fetch-depth: "3" repository: ${{ github.event.pull_request.head.repo.full_name }} ref: ${{ github.event.pull_request.head.ref }} diff --git a/.github/workflows/e2e-standalone.yaml b/.github/workflows/e2e-standalone.yaml index 7049616d..8896106f 100644 --- a/.github/workflows/e2e-standalone.yaml +++ b/.github/workflows/e2e-standalone.yaml @@ -2,6 +2,10 @@ name: MatrixOne e2e CI(Standalone) on: workflow_call: + secrets: + TOKEN_ACTION: + description: "Token for checkout (e.g. pull from fork/private)" + required: false jobs: bvt-linux-x86: @@ -14,6 +18,7 @@ jobs: - name: checkout head uses: actions/checkout@v6 with: + token: ${{ secrets.TOKEN_ACTION }} fetch-depth: "3" path: ./head repository: ${{ github.event.pull_request.head.repo.full_name }} @@ -149,6 +154,7 @@ jobs: - name: checkout head uses: actions/checkout@v6 with: + token: ${{ secrets.TOKEN_ACTION }} path: ./head repository: ${{ github.event.pull_request.head.repo.full_name }} ref: ${{ github.event.pull_request.head.ref }} @@ -237,6 +243,7 @@ jobs: - name: checkout head uses: actions/checkout@v6 with: + token: ${{ secrets.TOKEN_ACTION }} fetch-depth: "3" path: ./head repository: ${{ github.event.pull_request.head.repo.full_name }} diff --git a/.github/workflows/e2e-upgrade.yaml b/.github/workflows/e2e-upgrade.yaml index efa5275f..5eeadd96 100644 --- a/.github/workflows/e2e-upgrade.yaml +++ b/.github/workflows/e2e-upgrade.yaml @@ -2,6 +2,10 @@ name: MatrixOne e2e upgrade CI on: workflow_call: + secrets: + TOKEN_ACTION: + description: "Token for checkout (e.g. pull from fork/private)" + required: false inputs: release-repo: description: "release version" @@ -23,6 +27,7 @@ jobs: - name: checkout head uses: actions/checkout@v6 with: + token: ${{ secrets.TOKEN_ACTION }} path: ./head repository: ${{ github.event.pull_request.head.repo.full_name }} ref: ${{ github.event.pull_request.head.ref }} @@ -30,6 +35,7 @@ jobs: - name: checkout upstream uses: actions/checkout@v6 with: + token: ${{ secrets.TOKEN_ACTION }} path: ./upstream repository: ${{ github.event.pull_request.base.repo.full_name }} ref: ${{ github.event.pull_request.base.ref }} @@ -229,6 +235,7 @@ jobs: - name: Checkout Head uses: actions/checkout@v6 with: + token: ${{ secrets.TOKEN_ACTION }} path: ./head repository: ${{ github.event.pull_request.head.repo.full_name }} ref: ${{ github.event.pull_request.head.ref }} @@ -243,6 +250,7 @@ jobs: - name: Checkout Upstream Release uses: actions/checkout@v6 with: + token: ${{ secrets.TOKEN_ACTION }} path: ./upstream repository: ${{ inputs.release-repo }} # ref: ${{ steps.get-latest-release.outputs.tag }} // restore to this line after new release includes d4051aebd6 - update bvt cases (#23317) diff --git a/.github/workflows/image-build.yaml b/.github/workflows/image-build.yaml index a35ef7eb..0e9bcc1c 100644 --- a/.github/workflows/image-build.yaml +++ b/.github/workflows/image-build.yaml @@ -19,6 +19,9 @@ on: default: "p4n7f8j9" type: string secrets: + TOKEN_ACTION: + description: "Token for checkout (e.g. pull from fork/private)" + required: false DOCKERHUB_USERNAME: description: 'DOCKERHUB_USERNAME' required: true @@ -48,6 +51,7 @@ jobs: - name: Checkout uses: actions/checkout@v6 with: + token: ${{ secrets.TOKEN_ACTION }} fetch-depth: 1 # # github OIDC https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services diff --git a/.github/workflows/merge-trigger-standalone.yaml b/.github/workflows/merge-trigger-standalone.yaml index a31fbf14..71ae199d 100644 --- a/.github/workflows/merge-trigger-standalone.yaml +++ b/.github/workflows/merge-trigger-standalone.yaml @@ -3,6 +3,9 @@ name: MO Checkin Regression(Standalone BVT) on: workflow_call: secrets: + TOKEN_ACTION: + description: "Token for checkout (e.g. pull from fork/private)" + required: false WECHAT_MO_CHECKIN_BOT_WEBHOOK: description: "WECHAT_MO_CHECKIN_BOT_WEBHOOK" required: true @@ -20,6 +23,7 @@ jobs: - name: checkout matrixorigin/matrixone uses: actions/checkout@v6 with: + token: ${{ secrets.TOKEN_ACTION }} path: ./matrixone - name: Set up Go uses: matrixorigin/CI/actions/setup-env@main @@ -133,6 +137,7 @@ jobs: - name: checkout head uses: actions/checkout@v6 with: + token: ${{ secrets.TOKEN_ACTION }} path: ./head - name: Set up Go uses: matrixorigin/CI/actions/setup-env@main diff --git a/.github/workflows/merge-trigger-tke.yaml b/.github/workflows/merge-trigger-tke.yaml index 82010327..18596f31 100644 --- a/.github/workflows/merge-trigger-tke.yaml +++ b/.github/workflows/merge-trigger-tke.yaml @@ -43,6 +43,7 @@ jobs: if: ${{ always() && !cancelled() }} uses: actions/checkout@v6 with: + token: ${{ secrets.TOKEN_ACTION }} path: ./matrixone - name: Login to TCR uses: docker/login-action@v3 @@ -125,6 +126,7 @@ jobs: if: ${{ always() && !cancelled() }} uses: actions/checkout@v6 with: + token: ${{ secrets.TOKEN_ACTION }} path: ./matrixone - name: Clean TKE ENV run: | @@ -285,13 +287,13 @@ jobs: uses: actions/checkout@v6 with: repository: matrixorigin/mo-tester - token: ${{secrets.TOKEN_ACTION}} path: ./mo-tester ref: main - name: Clone matrixone Repo if: ${{ always() && !cancelled() }} uses: actions/checkout@v6 with: + token: ${{ secrets.TOKEN_ACTION }} path: ./matrixone - name: Set JAVA PATH run: | diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 870e7e27..3f76ac83 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -35,6 +35,8 @@ jobs: steps: - name: Checkout source uses: actions/checkout@v6 + with: + token: ${{ secrets.TOKEN_ACTION }} - name: Get release id: get_release uses: bruceadams/get-release@v1.3.2 @@ -101,6 +103,8 @@ jobs: steps: - name: Checkout source uses: actions/checkout@v6 + with: + token: ${{ secrets.TOKEN_ACTION }} - name: Get release id: get_release uses: bruceadams/get-release@v1.3.2 @@ -168,6 +172,8 @@ jobs: exit 1; - name: Checkout source uses: actions/checkout@v6 + with: + token: ${{ secrets.TOKEN_ACTION }} - name: Get release id: get_release uses: bruceadams/get-release@v1.3.2 @@ -197,6 +203,7 @@ jobs: - name: Clone gon uses: actions/checkout@v6 with: + token: ${{ secrets.TOKEN_ACTION }} fetch-depth: "1" repository: matrixorigin/gon ref: master @@ -270,6 +277,8 @@ jobs: exit 1; - name: Checkout source uses: actions/checkout@v6 + with: + token: ${{ secrets.TOKEN_ACTION }} - name: Get release id: get_release uses: bruceadams/get-release@v1.3.2 diff --git a/.github/workflows/robot.yaml b/.github/workflows/robot.yaml index ed7bc50b..257b1c1f 100644 --- a/.github/workflows/robot.yaml +++ b/.github/workflows/robot.yaml @@ -38,6 +38,8 @@ jobs: steps: - name: CheckOut uses: actions/checkout@v6 + with: + token: ${{ secrets.TOKEN_ACTION }} - name: Check the code to see if the issue number is removed id: get_check_val @@ -102,6 +104,7 @@ jobs: steps: - uses: actions/checkout@v6 with: + token: ${{ secrets.TOKEN_ACTION }} fetch-depth: "3" path: ./matrixone - name: Set up Go diff --git a/.github/workflows/utils.yaml b/.github/workflows/utils.yaml index e048d30a..00844461 100644 --- a/.github/workflows/utils.yaml +++ b/.github/workflows/utils.yaml @@ -98,6 +98,7 @@ jobs: steps: - uses: actions/checkout@v6 with: + token: ${{ secrets.TOKEN_ACTION }} fetch-depth: "1" path: ./matrixone repository: ${{ github.event.pull_request.head.repo.full_name }} @@ -330,6 +331,7 @@ jobs: if: ${{ always() && !cancelled() }} uses: actions/checkout@v6 with: + token: ${{ secrets.TOKEN_ACTION }} repository: matrixorigin/CI fetch-depth: "1" path: CI @@ -426,6 +428,7 @@ jobs: steps: - uses: actions/checkout@v6 with: + token: ${{ secrets.TOKEN_ACTION }} path: ./matrixone repository: ${{ github.event.pull_request.head.repo.full_name }} ref: ${{ github.event.pull_request.head.ref }} From 192fdbf60dfe7717493842e85f68ab7d3dc63b73 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 11 Mar 2026 15:03:41 +0000 Subject: [PATCH 2/2] Bump docker/login-action from 3 to 4 in /.github/workflows Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v3...v4) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/image-build.yaml | 4 ++-- .github/workflows/merge-trigger-tke.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/image-build.yaml b/.github/workflows/image-build.yaml index 0e9bcc1c..bded58d6 100644 --- a/.github/workflows/image-build.yaml +++ b/.github/workflows/image-build.yaml @@ -110,13 +110,13 @@ jobs: uses: docker/setup-buildx-action@v3 - name: Login to DockerHub - uses: docker/login-action@v3 + uses: docker/login-action@v4 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to Alicloud Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@v4 with: registry: registry.cn-shanghai.aliyuncs.com username: ${{ secrets.ACR_USERNAME }} diff --git a/.github/workflows/merge-trigger-tke.yaml b/.github/workflows/merge-trigger-tke.yaml index 18596f31..ea1ecdca 100644 --- a/.github/workflows/merge-trigger-tke.yaml +++ b/.github/workflows/merge-trigger-tke.yaml @@ -46,7 +46,7 @@ jobs: token: ${{ secrets.TOKEN_ACTION }} path: ./matrixone - name: Login to TCR - uses: docker/login-action@v3 + uses: docker/login-action@v4 with: registry: "ccr.ccs.tencentyun.com" username: ${{ secrets.TCR_USERNAME }}