diff --git a/.github/workflows/control-instance-from-workflow.yml b/.github/workflows/control-instance-from-workflow.yml index f6671969..c5163b0e 100644 --- a/.github/workflows/control-instance-from-workflow.yml +++ b/.github/workflows/control-instance-from-workflow.yml @@ -23,9 +23,13 @@ on: "Name of the command to execute: create, delete, shelve, unshelve" required: true type: string + permissions: + # Permissions needed for reacting to IssueOps commands on issues issues: write checks: read + # Permissions needed for lock/unlock + contents: write jobs: control: @@ -33,6 +37,15 @@ jobs: steps: - uses: actions/checkout@v4 + - name: Acquire lock + uses: actions/lock@v2 + if: always() + with: + path: + lock-${{ vars.MORPHOCLOUD_OS_CLOUD }}-instance-${{ + inputs.issue_number }} + timeout: 3600 + - name: Control instance run: | gh issue comment $ISSUE_NUMBER \ @@ -54,3 +67,12 @@ jobs: string_encryption_key: ${{ secrets.STRING_ENCRYPTION_KEY }} mail_server_username: ${{secrets.MAIL_USERNAME}} mail_server_password: ${{secrets.MAIL_PASSWORD}} + + - name: Release lock + uses: actions/lock@v2 + if: always() + with: + path: + lock-${{ vars.MORPHOCLOUD_OS_CLOUD }}-instance-${{ + inputs.issue_number }} + action: unlock diff --git a/.github/workflows/control-instance.yml b/.github/workflows/control-instance.yml index 62cf27a5..f9df227d 100644 --- a/.github/workflows/control-instance.yml +++ b/.github/workflows/control-instance.yml @@ -4,10 +4,12 @@ on: issue_comment: types: [created] -# Permissions needed for reacting to IssueOps commands on issues permissions: + # Permissions needed for reacting to IssueOps commands on issues issues: write checks: read + # Permissions needed for lock/unlock + contents: write jobs: control: @@ -18,6 +20,7 @@ jobs: contains(github.event.comment.body, '/shelve') || contains(github.event.comment.body, '/delete_instance') ) }} steps: + - name: unshelve command id: unshelve_command uses: github/command@v1.2.0 @@ -87,6 +90,15 @@ jobs: - uses: actions/checkout@v4 + - name: Acquire lock + uses: actions/lock@v2 + if: always() + with: + path: + lock-${{ vars.MORPHOCLOUD_OS_CLOUD }}-instance-${{ + github.event.issue.number }} + timeout: 3600 + - name: Control instance id: control_instance if: ${{ steps.command.outputs.continue == 'true' }} @@ -100,3 +112,12 @@ jobs: string_encryption_key: ${{ secrets.STRING_ENCRYPTION_KEY }} mail_server_username: ${{secrets.MAIL_USERNAME}} mail_server_password: ${{secrets.MAIL_PASSWORD}} + + - name: Release lock + uses: actions/lock@v2 + if: always() + with: + path: + lock-${{ vars.MORPHOCLOUD_OS_CLOUD }}-instance-${{ + github.event.issue.number }} + action: unlock diff --git a/.github/workflows/create-instance.yml b/.github/workflows/create-instance.yml index 8aeb8095..c3283d30 100644 --- a/.github/workflows/create-instance.yml +++ b/.github/workflows/create-instance.yml @@ -4,6 +4,10 @@ on: issue_comment: types: [created] +permissions: + # Permissions needed for lock/unlock + contents: write + jobs: create: runs-on: self-hosted @@ -11,6 +15,7 @@ jobs: ${{ !github.event.issue.pull_request && ( contains(github.event.comment.body, '/create') ) }} steps: + - name: create command id: create_command uses: github/command@v1.2.0 @@ -23,6 +28,15 @@ jobs: - uses: actions/checkout@v4 + - name: Acquire lock + uses: actions/lock@v2 + if: always() + with: + path: + lock-${{ vars.MORPHOCLOUD_OS_CLOUD }}-instance-${{ + github.event.issue.number }} + timeout: 3600 + - name: Add "request:approved" label uses: actions/github-script@v7 with: @@ -684,3 +698,12 @@ jobs: setup_instance: ✅ attach_volume: ✅ send_email: ✅ + + - name: Release lock + uses: actions/lock@v2 + if: always() + with: + path: + lock-${{ vars.MORPHOCLOUD_OS_CLOUD }}-instance-${{ + github.event.issue.number }} + action: unlock diff --git a/.github/workflows/delete-instance-and-volume.yml b/.github/workflows/delete-instance-and-volume.yml index 15978628..177c9d5d 100644 --- a/.github/workflows/delete-instance-and-volume.yml +++ b/.github/workflows/delete-instance-and-volume.yml @@ -4,6 +4,10 @@ on: issue_comment: types: [created] +permissions: + # Permissions needed for lock/unlock + contents: write + jobs: delete_instance_and_volume: runs-on: self-hosted @@ -11,6 +15,7 @@ jobs: ${{ !github.event.issue.pull_request && ( contains(github.event.comment.body, '/delete_all') ) }} steps: + - name: delete_instance_and_volume command id: delete_instance_and_volume_command uses: github/command@v1.2.0 @@ -23,6 +28,15 @@ jobs: - uses: actions/checkout@v4 + - name: Acquire lock + uses: actions/lock@v2 + if: always() + with: + path: + lock-${{ vars.MORPHOCLOUD_OS_CLOUD }}-instance-${{ + github.event.issue.number }} + timeout: 3600 + - name: Delete volume id: delete_volume if: @@ -50,3 +64,12 @@ jobs: string_encryption_key: ${{ secrets.STRING_ENCRYPTION_KEY }} mail_server_username: ${{secrets.MAIL_USERNAME}} mail_server_password: ${{secrets.MAIL_PASSWORD}} + + - name: Release lock + uses: actions/lock@v2 + if: always() + with: + path: + lock-${{ vars.MORPHOCLOUD_OS_CLOUD }}-instance-${{ + github.event.issue.number }} + action: unlock diff --git a/.github/workflows/delete-volume.yml b/.github/workflows/delete-volume.yml index e75311fd..423005f7 100644 --- a/.github/workflows/delete-volume.yml +++ b/.github/workflows/delete-volume.yml @@ -4,6 +4,10 @@ on: issue_comment: types: [created] +permissions: + # Permissions needed for lock/unlock + contents: write + jobs: delete_volume: runs-on: self-hosted @@ -11,6 +15,8 @@ jobs: ${{ !github.event.issue.pull_request && ( contains(github.event.comment.body, '/delete_volume') ) }} steps: + + - name: delete_volume command id: delete_volume_command uses: github/command@v1.2.0 @@ -23,6 +29,15 @@ jobs: - uses: actions/checkout@v4 + - name: Acquire lock + uses: actions/lock@v2 + if: always() + with: + path: + lock-${{ vars.MORPHOCLOUD_OS_CLOUD }}-instance-${{ + github.event.issue.number }} + timeout: 3600 + - name: Delete volume id: delete_volume if: ${{ steps.delete_volume_command.outputs.continue == 'true' }} @@ -32,3 +47,12 @@ jobs: issue_number: ${{ github.event.issue.number }} instance_name_prefix: ${{ vars.INSTANCE_NAME_PREFIX }} volume_name_suffix: ${{ vars.VOLUME_NAME_SUFFIX }} + + - name: Release lock + uses: actions/lock@v2 + if: always() + with: + path: + lock-${{ vars.MORPHOCLOUD_OS_CLOUD }}-instance-${{ + github.event.issue.number }} + action: unlock diff --git a/.github/workflows/update-issue-from-workflow.yml b/.github/workflows/update-issue-from-workflow.yml index 3ca72b6e..4616f8ee 100644 --- a/.github/workflows/update-issue-from-workflow.yml +++ b/.github/workflows/update-issue-from-workflow.yml @@ -33,6 +33,15 @@ jobs: steps: - uses: actions/checkout@v4 + - name: Acquire lock + uses: actions/lock@v2 + if: always() + with: + path: + lock-${{ vars.MORPHOCLOUD_OS_CLOUD }}-instance-${{ + inputs.issue_number }} + timeout: 3600 + - name: Add comment run: | gh issue comment $ISSUE_NUMBER \ @@ -51,3 +60,12 @@ jobs: command_name: ${{ inputs.command_name }} token: ${{ secrets.GITHUB_TOKEN }} string_encryption_key: ${{ secrets.STRING_ENCRYPTION_KEY }} + + - name: Release lock + uses: actions/lock@v2 + if: always() + with: + path: + lock-${{ vars.MORPHOCLOUD_OS_CLOUD }}-instance-${{ + inputs.issue_number }} + action: unlock diff --git a/.github/workflows/update-issue.yml b/.github/workflows/update-issue.yml index c1dbeca1..1a97b15d 100644 --- a/.github/workflows/update-issue.yml +++ b/.github/workflows/update-issue.yml @@ -4,10 +4,12 @@ on: issue_comment: types: [created] -# Permissions needed for reacting to IssueOps commands on issues permissions: + # Permissions needed for reacting to IssueOps commands on issues issues: write checks: read + # Permissions needed for lock/unlock + contents: write jobs: update-issue: @@ -17,6 +19,7 @@ jobs: contains(github.event.comment.body, '/encode_email') || contains(github.event.comment.body, '/decode_email') ) }} steps: + - name: encode_email command id: encode_email_command uses: github/command@v1.2.0 @@ -41,6 +44,17 @@ jobs: "${{ vars.MORPHOCLOUD_GITHUB_ADMINS }},${{ github.event.issue.user.login }}" + - uses: actions/checkout@v4 + + - name: Acquire lock + uses: actions/lock@v2 + if: always() + with: + path: + lock-${{ vars.MORPHOCLOUD_OS_CLOUD }}-instance-${{ + github.event.issue.number }} + timeout: 3600 + - name: Set command metadata id: command if: @@ -69,8 +83,6 @@ jobs: DECODE_EMAIL_COMMAND_CONTINUE: ${{ steps.decode_email_command.outputs.continue }} - - uses: actions/checkout@v4 - - name: Update issue description if: ${{ steps.command.outputs.continue == 'true' }} uses: ./.github/actions/update-issue-description @@ -79,3 +91,12 @@ jobs: command_name: ${{ steps.command.outputs.command_name }} token: ${{ secrets.GITHUB_TOKEN }} string_encryption_key: ${{ secrets.STRING_ENCRYPTION_KEY }} + + - name: Release lock + uses: actions/lock@v2 + if: always() + with: + path: + lock-${{ vars.MORPHOCLOUD_OS_CLOUD }}-instance-${{ + github.event.issue.number }} + action: unlock diff --git a/.github/workflows/validate-request.yml b/.github/workflows/validate-request.yml index 5a634f2f..d244ada0 100644 --- a/.github/workflows/validate-request.yml +++ b/.github/workflows/validate-request.yml @@ -38,6 +38,15 @@ jobs: - uses: actions/checkout@v4 + - name: Acquire lock + uses: actions/lock@v2 + if: always() + with: + path: + lock-${{ vars.MORPHOCLOUD_OS_CLOUD }}-instance-${{ + steps.collect_inputs.outputs.issue_number }} + timeout: 3600 + - name: Extract fields id: extract uses: ./.github/actions/extract-issue-fields @@ -234,3 +243,12 @@ jobs: > Once the emails are correctly formatted and match, they will be automatically obfuscated for security. See details [here](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}). + + - name: Release lock + uses: actions/lock@v2 + if: always() + with: + path: + lock-${{ vars.MORPHOCLOUD_OS_CLOUD }}-instance-${{ + steps.collect_inputs.outputs.issue_number }} + action: unlock