From 4744cbde2cae51914a627978c49cc20682364752 Mon Sep 17 00:00:00 2001
From: sbansla <sbansla@twilio.com>
Date: Mon, 3 Apr 2023 10:19:01 +0530
Subject: [PATCH] chore: removing aws token validations

---
 .github/scripts/trigger-and-wait.js |  27 +++++
 .github/scripts/trigger-and-wait.sh | 156 ++++++++++++++++++++++++++++
 .github/workflows/release.yml       |  43 ++------
 src/index.js                        |   1 +
 4 files changed, 193 insertions(+), 34 deletions(-)
 create mode 100644 .github/scripts/trigger-and-wait.js
 create mode 100644 .github/scripts/trigger-and-wait.sh

diff --git a/.github/scripts/trigger-and-wait.js b/.github/scripts/trigger-and-wait.js
new file mode 100644
index 00000000..ea334fd6
--- /dev/null
+++ b/.github/scripts/trigger-and-wait.js
@@ -0,0 +1,27 @@
+const { spawn } = require('child_process');
+
+const triggerAndWait = async () => {
+  const scriptPath = '.github/scripts/trigger-and-wait.sh';
+  const child = spawn('bash', [scriptPath]);
+
+  child.stdout.on('data', (data) => {
+    console.log(`stdout: ${data}`)
+  })
+
+  child.stderr.on('data', (data) => {
+    console.log(`stderr: ${data}`)
+  })
+
+  child.on('data', (data) => {
+    console.log(`error: ${data}`)
+  })
+
+  child.on('exit', (code, signal) => {
+    if (code) console.log(`Process exit with code: ${code}`)
+    if (signal) console.log(`Process killed with signal: ${signal}`)
+  })
+}
+
+module.exports = {
+  triggerAndWait
+};
diff --git a/.github/scripts/trigger-and-wait.sh b/.github/scripts/trigger-and-wait.sh
new file mode 100644
index 00000000..fca2d2dd
--- /dev/null
+++ b/.github/scripts/trigger-and-wait.sh
@@ -0,0 +1,156 @@
+#!/bin/sh
+
+#Functionality from convictional/trigger-workflow-and-wait.
+#Link: https://github.com/convictional/trigger-workflow-and-wait
+
+usage_docs() {
+  echo ""
+  echo "    owner: twilio"
+  echo "    repo: twilio-cli-core"
+  echo "    github_token: \${{ secrets.GITHUB_PERSONAL_ACCESS_TOKEN }}"
+  echo "    workflow_file_name: main.yaml"
+}
+
+validate_args() {
+  wait_interval=10 # Waits for 10 seconds
+  if [ "${INPUT_WAITING_INTERVAL}" ]
+  then
+    wait_interval=${INPUT_WAITING_INTERVAL}
+  fi
+
+  propagate_failure=true
+  if [ -n "${INPUT_PROPAGATE_FAILURE}" ]
+  then
+    propagate_failure=${INPUT_PROPAGATE_FAILURE}
+  fi
+
+  trigger_workflow=true
+  if [ -n "${INPUT_TRIGGER_WORKFLOW}" ]
+  then
+    trigger_workflow=${INPUT_TRIGGER_WORKFLOW}
+  fi
+
+  wait_workflow=true
+  if [ -n "${INPUT_WAIT_WORKFLOW}" ]
+  then
+    wait_workflow=${INPUT_WAIT_WORKFLOW}
+  fi
+
+  if [ -z "${INPUT_OWNER}" ]
+  then
+    echo "Error: Owner is a required argument."
+    usage_docs
+    exit 1
+  fi
+
+  if [ -z "${INPUT_REPO}" ]
+  then
+    echo "Error: Repo is a required argument."
+    usage_docs
+    exit 1
+  fi
+
+  if [ -z "${INPUT_GITHUB_TOKEN}" ]
+  then
+    echo "Error: Github token is required. You can head over settings and"
+    echo "under developer, you can create a personal access tokens. The"
+    echo "token requires repo access."
+    usage_docs
+    exit 1
+  fi
+
+  if [ -z "${INPUT_WORKFLOW_FILE_NAME}" ]
+  then
+    echo "Error: Workflow File Name is required"
+    usage_docs
+    exit 1
+  fi
+
+  inputs=$(echo '{}' | jq)
+  if [ "${INPUT_INPUTS}" ]
+  then
+    inputs=$(echo "${INPUT_INPUTS}" | jq)
+  fi
+
+  ref="main"
+  if [ "$INPUT_REF" ]
+  then
+    ref="${INPUT_REF}"
+  fi
+}
+
+trigger_workflow() {
+  echo "https://api.github.com/repos/${INPUT_OWNER}/${INPUT_REPO}/actions/workflows/${INPUT_WORKFLOW_FILE_NAME}/dispatches"
+
+  curl -X POST "https://api.github.com/repos/${INPUT_OWNER}/${INPUT_REPO}/actions/workflows/${INPUT_WORKFLOW_FILE_NAME}/dispatches" \
+    -H "Accept: application/vnd.github.v3+json" \
+    -H "Content-Type: application/json" \
+    -H "Authorization: Bearer ${INPUT_GITHUB_TOKEN}" \
+    --data "{\"ref\":\"${ref}\",\"inputs\":${inputs}}"
+
+  # Sleep after triggering workflow so it can be polled for status
+  echo "Sleeping for $wait_interval seconds"
+  sleep $wait_interval
+}
+
+wait_for_workflow_to_finish() {
+  # Find the id of the last build
+  last_workflow=$(curl -X GET "https://api.github.com/repos/${INPUT_OWNER}/${INPUT_REPO}/actions/workflows/${INPUT_WORKFLOW_FILE_NAME}/runs" \
+    -H 'Accept: application/vnd.github.antiope-preview+json' \
+    -H "Authorization: Bearer ${INPUT_GITHUB_TOKEN}" | jq '[.workflow_runs[]] | first')
+  last_workflow_id=$(echo "${last_workflow}" | jq '.id')
+  last_workflow_url="https://github.com/${INPUT_OWNER}/${INPUT_REPO}/actions/runs/${last_workflow_id}"
+  echo "The workflow id is [${last_workflow_id}]."
+  echo "The workflow logs can be found at ${last_workflow_url}"
+  echo "::set-output name=workflow_id::${last_workflow_id}"
+  echo "::set-output name=workflow_url::${last_workflow_url}"
+  echo ""
+  conclusion=$(echo "${last_workflow}" | jq '.conclusion')
+  status=$(echo "${last_workflow}" | jq '.status')
+
+  while [[ "${conclusion}" == "null" && "${status}" != "\"completed\"" ]]
+  do
+    echo "Sleeping for \"${wait_interval}\" seconds"
+    sleep "${wait_interval}"
+    workflow=$(curl -X GET "https://api.github.com/repos/${INPUT_OWNER}/${INPUT_REPO}/actions/workflows/${INPUT_WORKFLOW_FILE_NAME}/runs" \
+      -H 'Accept: application/vnd.github.antiope-preview+json' \
+      -H "Authorization: Bearer ${INPUT_GITHUB_TOKEN}" | jq '.workflow_runs[] | select(.id == '${last_workflow_id}')')
+    conclusion=$(echo "${workflow}" | jq '.conclusion')
+    status=$(echo "${workflow}" | jq '.status')
+    echo "Checking conclusion [${conclusion}]"
+    echo "Checking status [${status}]"
+  done
+
+  if [[ "${conclusion}" == "\"success\"" && "${status}" == "\"completed\"" ]]
+  then
+    echo "Yes, success"
+  else
+    # Alternative "failure"
+    echo "Conclusion is not success, its [${conclusion}]."
+    if [ "${propagate_failure}" = true ]
+    then
+      echo "Propagating failure to upstream job"
+      exit 1
+    fi
+  fi
+}
+
+main() {
+  validate_args
+
+  if [ "${trigger_workflow}" = true ]
+  then
+    trigger_workflow
+  else
+    echo "Skipping triggering the workflow."
+  fi
+
+  if [ "${wait_workflow}" = true ]
+  then
+    wait_for_workflow_to_finish
+  else
+    echo "Skipping waiting for workflow."
+  fi
+}
+
+main
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 78c7a505..c96e45dd 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -12,7 +12,7 @@ on:
         description: 'HomeBrew prerelease'
         default: 'false'
 jobs:
-  cli-core-token-validation:
+  cli-token-validation:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout cli-core repo
@@ -23,44 +23,19 @@ jobs:
       - name: Extract branch name
         id: extract_branch
         run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
-      - name: Trigger CLI token validation workflow
-        run: |
-          fileName="$GITHUB_WORKSPACE/.github/scripts/trigger-workflow.js"
-          node -e "require('$fileName').triggerWorkflow()"
-        env:
-          WORKFLOW_NAME: '.github/workflows/release-token-validation.yml'
-          REPO_NAME: ${{ github.repository_owner }}/twilio-cli
-          REPO_ACCESS_TOKEN: ${{ secrets.REPO_ACCESS_TOKEN }}
-          BRANCH_NAME: ${{steps.extract_branch.outputs.branch}}
       - name: Validate REPO_ACCESS_TOKEN
         uses: actions/checkout@v2
         with:
           repository: '${{ github.repository_owner }}/twilio-oai'
           token:  ${{ secrets.REPO_ACCESS_TOKEN }}
-      - name: Validate AWS tokens
-        uses: aws-actions/configure-aws-credentials@v1
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
-          aws-region: us-east-1
-
-  cli-token-validation:
-    needs: [ cli-core-token-validation ]
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout cli-core repo
-        uses: actions/checkout@v2
-      - name: Execute py script to validate twilio-cli tokens
-        id: cli_token
-        run: |
-          output=$(python3 .github/scripts/validate_cli_tokens.py)
-          echo "::set-output name=tokenStatus::$output"
-      - name: Print status
-        run: echo "${{ steps.cli_token.outputs.tokenStatus }}"
-      - name: Validate the github workflow
-        if: ${{ steps.cli_token.outputs.tokenStatus != 'success'}}
-        run: exit 1
+      - name: Validate AWS token in twilio-cli project
+        run: node .github/scripts/trigger-and-wait.js
+        env:
+          INPUT_OWNER: ${{ github.repository_owner }}
+          INPUT_REPO: twilio-cli
+          INPUT_GITHUB_TOKEN: ${{ secrets.REPO_ACCESS_TOKEN }}
+          INPUT_WORKFLOW_FILE_NAME: release-token-validation.yml
+          INPUT_WAITING_INTERVAL: 10
 
   notify-start:
     needs: [ cli-token-validation ]
diff --git a/src/index.js b/src/index.js
index 76b23bca..3e7ea98b 100644
--- a/src/index.js
+++ b/src/index.js
@@ -18,5 +18,6 @@ module.exports = {
   releaseScripts: {
     UpdateRelease: require('../.github/scripts/update-release'),
     TriggerWorkflow: require('../.github/scripts/trigger-workflow'),
+    TriggerWaitWorkflow: require('../.github/scripts/trigger-and-wait'),
   },
 };