From 28f577efe5b1db6f174b1c7175de695ada497413 Mon Sep 17 00:00:00 2001 From: Sanket Dharwadkar Date: Wed, 30 Aug 2023 09:47:00 -0700 Subject: [PATCH] ci: remove github workflows and actions (#1218) --- .../deploy-integ-appstream-egress.yml | 155 ------------ .github/workflows/deploy-integ.yml | 226 ------------------ .github/workflows/labeler.yml | 26 -- .github/workflows/mainline-protection.yaml | 24 -- .github/workflows/merge-coverage-report.yml | 39 --- .github/workflows/security-code-scanning.yml | 35 --- .github/workflows/unit-test-code-analysis.yml | 72 ------ 7 files changed, 577 deletions(-) delete mode 100644 .github/workflows/deploy-integ-appstream-egress.yml delete mode 100644 .github/workflows/deploy-integ.yml delete mode 100644 .github/workflows/labeler.yml delete mode 100644 .github/workflows/mainline-protection.yaml delete mode 100644 .github/workflows/merge-coverage-report.yml delete mode 100644 .github/workflows/security-code-scanning.yml delete mode 100644 .github/workflows/unit-test-code-analysis.yml diff --git a/.github/workflows/deploy-integ-appstream-egress.yml b/.github/workflows/deploy-integ-appstream-egress.yml deleted file mode 100644 index b0b0710d83..0000000000 --- a/.github/workflows/deploy-integ-appstream-egress.yml +++ /dev/null @@ -1,155 +0,0 @@ -# -# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -# SPDX-License-Identifier: Apache-2.0 -# - -name: Deploy & Integration Test (AppStream and Egress Enabled) -on: - push: - branches: - - develop -permissions: - id-token: write -jobs: - pre-deployment-check: - name: Pre deployment check - runs-on: ubuntu-20.04 - timeout-minutes: 10 - steps: - - name: "Block Concurrent Deployments" - uses: softprops/turnstyle@v1 - with: - poll-interval-seconds: 10 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - deploy: - name: Deploy to AppStream Dev - runs-on: ubuntu-20.04 - needs: pre-deployment-check - steps: - - name: Checkout - uses: actions/checkout@v2 - - name: Use Node.js - uses: actions/setup-node@v3 - with: - node-version: 16 - - uses: actions/setup-go@v2 - with: - go-version: 1.13 - - name: Install pnpm - run: npm install -g pnpm@5.18.9 - - name: Install dependencies - run: ./scripts/install.sh - - name: Build all packages - run: ./scripts/build-all-packages.sh - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 - with: - role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} - role-session-name: OIDCSessionName - role-duration-seconds: 10800 - aws-region: ${{ secrets.AWS_DEV_REGION }} - - name: Deploy - env: - STAGE_NAME: tre - AWS_CERTIFICATE_ARN: ${{ secrets.AWS_CERTIFICATE_ARN_APPSTREAM_EGRESS }} - AWS_DOMAIN_NAME: ${{ secrets.AWS_DOMAIN_NAME_APPSTREAM_EGRESS }} - AWS_HOSTED_ZONE_ID: ${{ secrets.AWS_HOSTED_ZONE_ID_APPSTREAM_EGRESS }} - run: | - cp ./main/end-to-end-tests/e2eGitHubConfig.AppStreamEgress.yml ./main/config/settings/${STAGE_NAME}.yml - ./scripts/read-values-for-github-action.sh - ./scripts/environment-deploy.sh ${STAGE_NAME} - infrastructure-test: - name: Infrastructure test - runs-on: ubuntu-20.04 - needs: deploy - steps: - - name: Checkout - uses: actions/checkout@v2 - - name: Use Node.js - uses: actions/setup-node@v3 - with: - node-version: 16 - - name: Install pnpm and system libraries - run: npm install -g pnpm@5.18.9 - - name: Install dependencies - run: pnpm install - working-directory: main/infrastructure-tests - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 - with: - role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} - role-session-name: OIDCSessionName - role-duration-seconds: 10800 - aws-region: ${{ secrets.AWS_DEV_REGION }} - - name: Run infrastructure tests - run: pnpm run testAppStreamEgressEnabled -- --stage=github - working-directory: ./main/infrastructure-tests - env: - INFRA_TESTS_HOSTING_ACCOUNT_ID: ${{ secrets.INFRA_TESTS_HOSTING_ACCOUNT_ID }} - INFRA_TESTS_HOSTING_ACCOUNT_STACK_NAME: ${{ secrets.INFRA_TESTS_HOSTING_ACCOUNT_STACK_NAME }} - integration-test: - name: Integration test - runs-on: ubuntu-20.04 - needs: infrastructure-test - steps: - - name: Checkout - uses: actions/checkout@v2 - - name: Use Node.js - uses: actions/setup-node@v3 - with: - node-version: 16 - - name: Install pnpm and system libraries - run: | - npm install -g pnpm@5.18.9 - sudo apt-get install libgtk2.0-0 libgtk-3-0 libgbm-dev libnotify-dev libgconf-2-4 libnss3 libxss1 libasound2 libxtst6 xauth xvfb - - name: Install dependencies - run: pnpm install - working-directory: main/integration-tests - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 - with: - role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} - role-session-name: OIDCSessionName - role-duration-seconds: 10800 - aws-region: ${{ secrets.AWS_DEV_REGION }} - - name: Run integration tests - run: ./scripts/run-integration-tests.sh ${STAGE_NAME} us-east-1 AppStreamEgress - working-directory: ./ - env: - DEPLOYMENT_BUCKET: ${{ secrets.DEPLOYMENT_BUCKET_APPSTREAM_EGRESS}} - STAGE_NAME: tre - aws-region: ${{ secrets.AWS_DEV_REGION }} - cypress-test: - name: Cypress test - runs-on: ubuntu-20.04 - needs: integration-test - steps: - - name: Checkout - uses: actions/checkout@v2 - - name: Use Node.js - uses: actions/setup-node@v3 - with: - node-version: 16 - - name: Install pnpm and system libraries - run: | - npm install -g pnpm@5.18.9 - sudo apt-get install libgtk2.0-0 libgtk-3-0 libgbm-dev libnotify-dev libgconf-2-4 libnss3 libxss1 libasound2 libxtst6 xauth xvfb - - name: Install dependencies - run: pnpm install - working-directory: main/end-to-end-tests - - name: Run cypress test - run: pnpm run cypress:run-tests:github:appstream-egress-enabled - working-directory: main/end-to-end-tests - env: - # Env parameters for cypress tests need header 'CYPRESS_' or 'cypress_' - # Cypress will strip the header and pass it to the tests - CYPRESS_BASE_URL: ${{ secrets.CYPRESS_BASE_URL_APPSTREAM_EGRESS}} - CYPRESS_researcherEmail: ${{ secrets.CYPRESS_RESEARCHER_EMAIL_APPSTREAM_EGRESS}} - CYPRESS_researcherPassword: ${{ secrets.CYPRESS_RESEARCHER_PASSWORD_APPSTREAM_EGRESS}} - CYPRESS_adminEmail: ${{ secrets.CYPRESS_ADMIN_EMAIL_APPSTREAM_EGRESS}} - CYPRESS_adminPassword: ${{ secrets.CYPRESS_ADMIN_PASSWORD_APPSTREAM_EGRESS}} - CYPRESS_guestEmail: ${{ secrets.CYPRESS_GUEST_EMAIL_APPSTREAM_EGRESS}} - CYPRESS_guestPassword: ${{ secrets.CYPRESS_GUEST_PASSWORD_APPSTREAM_EGRESS}} - CYPRESS_internalGuestEmail: ${{ secrets.CYPRESS_INTERNAL_GUEST_EMAIL_APPSTREAM_EGRESS}} - CYPRESS_internalGuestPassword: ${{ secrets.CYPRESS_INTERNAL_GUEST_PASSWORD_APPSTREAM_EGRESS}} diff --git a/.github/workflows/deploy-integ.yml b/.github/workflows/deploy-integ.yml deleted file mode 100644 index e6f2c4955b..0000000000 --- a/.github/workflows/deploy-integ.yml +++ /dev/null @@ -1,226 +0,0 @@ -# -# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -# SPDX-License-Identifier: Apache-2.0 -# - -name: Deploy & Integration Test -on: - push: - branches: - - develop -permissions: - id-token: write -jobs: - pre-deployment-check: - name: Pre deployment check - runs-on: ubuntu-20.04 - timeout-minutes: 10 - steps: - - name: "Block Concurrent Deployments" - uses: softprops/turnstyle@v1 - with: - poll-interval-seconds: 10 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - deploy: - name: Deploy to Dev - runs-on: ubuntu-20.04 - needs: pre-deployment-check - steps: - - name: Checkout - uses: actions/checkout@v2 - - name: Use Node.js - uses: actions/setup-node@v3 - with: - node-version: 16 - - uses: actions/setup-go@v2 - with: - go-version: 1.13 - - name: Install pnpm - run: npm install -g pnpm@5.18.9 - - name: Install dependencies - run: ./scripts/install.sh - - name: Build all packages - run: ./scripts/build-all-packages.sh - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 - with: - role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} - role-session-name: OIDCSessionName - role-duration-seconds: 10800 - aws-region: ${{ secrets.AWS_DEV_REGION }} - - name: Deploy - env: - STAGE_NAME: e2etest - AWS_CERTIFICATE_ARN: ${{ secrets.AWS_CERTIFICATE_ARN }} - AWS_DOMAIN_NAME: ${{ secrets.AWS_DOMAIN_NAME }} - AWS_HOSTED_ZONE_ID: ${{ secrets.AWS_HOSTED_ZONE_ID }} - run: | - cp ./main/end-to-end-tests/e2eGitHubConfig.yml ./main/config/settings/${STAGE_NAME}.yml - ./scripts/read-values-for-github-action.sh - ./scripts/environment-deploy.sh ${STAGE_NAME} - - name: Deploy to standalone RStudio environment - env: - STAGE_NAME: dev - AWS_CERTIFICATE_ARN_RSTUDIO: ${{ secrets.AWS_CERTIFICATE_ARN_RSTUDIO }} - AWS_DOMAIN_NAME_RSTUDIO: ${{ secrets.AWS_DOMAIN_NAME_RSTUDIO }} - AWS_HOSTED_ZONE_ID_RSTUDIO: ${{ secrets.AWS_HOSTED_ZONE_ID_RSTUDIO }} - run: | - cp ./main/end-to-end-tests/RStudioGithubConfig.yml ./main/config/settings/${STAGE_NAME}.yml - ./scripts/read-values-for-github-action-rstudio.sh - ./scripts/environment-deploy.sh ${STAGE_NAME} - integration-test: - name: Integration test - runs-on: ubuntu-20.04 - needs: deploy - steps: - - name: Checkout - uses: actions/checkout@v2 - - name: Use Node.js - uses: actions/setup-node@v3 - with: - node-version: 16 - - name: Install pnpm and system libraries - run: | - npm install -g pnpm@5.18.9 - sudo apt-get install libgtk2.0-0 libgtk-3-0 libgbm-dev libnotify-dev libgconf-2-4 libnss3 libxss1 libasound2 libxtst6 xauth xvfb - - name: Install dependencies - run: pnpm install - working-directory: main/integration-tests - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 - with: - role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} - role-session-name: OIDCSessionName - role-duration-seconds: 10800 - aws-region: ${{ secrets.AWS_DEV_REGION }} - - name: Run integration tests - run: ./scripts/run-integration-tests.sh ${STAGE_NAME} us-east-1 - working-directory: ./ - env: - DEPLOYMENT_BUCKET: ${{ secrets.DEPLOYMENT_BUCKET}} - STAGE_NAME: e2etest - aws-region: ${{ secrets.AWS_DEV_REGION }} - cypress-test: - name: Cypress test - runs-on: ubuntu-20.04 - needs: integration-test - steps: - - name: Checkout - uses: actions/checkout@v2 - - name: Use Node.js - uses: actions/setup-node@v3 - with: - node-version: 16 - - name: Install pnpm and system libraries - run: | - npm install -g pnpm@5.18.9 - sudo apt-get install libgtk2.0-0 libgtk-3-0 libgbm-dev libnotify-dev libgconf-2-4 libnss3 libxss1 libasound2 libxtst6 xauth xvfb - - name: Install dependencies - run: pnpm install - working-directory: main/end-to-end-tests - - name: Run cypress test - run: pnpm run cypress:run-tests:github - working-directory: main/end-to-end-tests - env: - # Env parameters for cypress tests need header 'CYPRESS_' or 'cypress_' - # Cypress will strip the header and pass it to the tests - CYPRESS_BASE_URL: ${{ secrets.CYPRESS_BASE_URL}} - CYPRESS_researcherEmail: ${{ secrets.CYPRESS_RESEARCHER_EMAIL}} - CYPRESS_researcherPassword: ${{ secrets.CYPRESS_RESEARCHER_PASSWORD}} - CYPRESS_adminEmail: ${{ secrets.CYPRESS_ADMIN_EMAIL}} - CYPRESS_adminPassword: ${{ secrets.CYPRESS_ADMIN_PASSWORD}} - CYPRESS_guestEmail: ${{ secrets.CYPRESS_GUEST_EMAIL}} - CYPRESS_guestPassword: ${{ secrets.CYPRESS_GUEST_PASSWORD}} - CYPRESS_internalGuestEmail: ${{ secrets.CYPRESS_INTERNAL_GUEST_EMAIL}} - CYPRESS_internalGuestPassword: ${{ secrets.CYPRESS_INTERNAL_GUEST_PASSWORD}} - check-codepipeline-status: - name: Check Github Status - runs-on: ubuntu-20.04 - needs: cypress-test - steps: - - name: Checkout - uses: actions/checkout@v2 - - name: Use Node.js - uses: actions/setup-node@v3 - with: - node-version: 16 - - name: Wait until CodePipeline status is shown - run: | - npm install - node checkCommitStatus.js ${{ secrets.GITHUB_TOKEN }} ${{ github.repository }} ${{ github.sha }} - working-directory: scripts/check-commit-status - merge-develop-to-mainline: - name: Merge develop to mainline - runs-on: ubuntu-20.04 - needs: check-codepipeline-status - steps: - - uses: actions/checkout@v2 - with: - token: ${{secrets.MERGE_TOKEN}} - fetch-depth: 0 - # There's no way for github actions to push to a protected branch. This is a workaround - # See https://github.community/t/how-to-push-to-protected-branches-in-a-github-action/16101/30 - - name: Temporarily disable branch protection - uses: octokit/request-action@v2.x - with: - route: DELETE /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins - owner: awslabs - repo: service-workbench-on-aws - branch: mainline - env: - GITHUB_TOKEN: ${{ secrets.MERGE_TOKEN }} - - name: Merge to mainline - run: | - git checkout mainline - echo - echo " Attempting to merge the 'develop' branch ($(git log -1 --pretty=%H develop))" - echo " into the 'mainline' branch ($(git log -1 --pretty=%H mainline))" - echo - git merge --ff-only --no-edit develop - git push origin mainline - - name: Enable branch protection - uses: octokit/request-action@v2.x - if: always() # Make sure to enable branch protection even if other steps fail - with: - route: POST /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins - owner: awslabs - repo: service-workbench-on-aws - branch: mainline - env: - GITHUB_TOKEN: ${{ secrets.MERGE_TOKEN }} - check-beta-in-changelog: - name: Check Beta status - # Trigger to check and add Beta header if the latest commit isn't a release from standard-version or the last Add Beta - # workflow run - if: "!contains(github.event.head_commit.message, 'chore(release):') && !contains(github.event.head_commit.message, 'Add Beta')" - needs: merge-develop-to-mainline - runs-on: ubuntu-20.04 - steps: - - uses: actions/checkout@v2 - with: - token: ${{ secrets.MERGE_TOKEN }} - fetch-depth: 0 - # There's no way for github actions to push to a protected branch. This is a workaround - # See https://github.community/t/how-to-push-to-protected-branches-in-a-github-action/16101/30 - - name: Temporarily disable branch protection - uses: octokit/request-action@v2.x - with: - route: DELETE /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins - owner: awslabs - repo: service-workbench-on-aws - branch: develop - env: - GITHUB_TOKEN: ${{ secrets.MERGE_TOKEN }} - - name: Check if Beta is present and add if not - run: ./scripts/check-and-add-beta.sh - - name: Enable branch protection - uses: octokit/request-action@v2.x - if: always() # Make sure to enable branch protection even if other steps fail - with: - route: POST /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins - owner: awslabs - repo: service-workbench-on-aws - branch: develop - env: - GITHUB_TOKEN: ${{ secrets.MERGE_TOKEN }} diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml deleted file mode 100644 index 4e2a3da7fd..0000000000 --- a/.github/workflows/labeler.yml +++ /dev/null @@ -1,26 +0,0 @@ -# -# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -# SPDX-License-Identifier: Apache-2.0 -# - -name: labeler - -on: [pull_request] - -jobs: - labeler: - runs-on: ubuntu-latest - name: Label the PR size - steps: - - uses: codelytv/pr-size-labeler@v1 - with: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - xs_max_size: "10" - s_max_size: "100" - m_max_size: "500" - l_max_size: "1000" - fail_if_xl: "false" - message_if_xl: > - 'This PR exceeds the recommended size of 1000 lines. - Please make sure you are NOT addressing multiple issues with one PR. - Note this PR might be rejected due to its size.’ diff --git a/.github/workflows/mainline-protection.yaml b/.github/workflows/mainline-protection.yaml deleted file mode 100644 index 43b66570f3..0000000000 --- a/.github/workflows/mainline-protection.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# -# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -# SPDX-License-Identifier: Apache-2.0 -# - -name: Mainline Protection -on: - pull_request: - types: [opened, synchronize, edited, reopened] -# The purpose of this workflow is to create a failing Status check on pull request against mainline. This will prevent -# PR from being merged into mainline. -jobs: - mainline-protection: - name: Only create PR against develop branch, not mainline branch - runs-on: ubuntu-20.04 - steps: - - name: Get branch name - id: branch-name - uses: tj-actions/branch-names@v5.1 - - name: mainline protection - if: steps.branch-name.outputs.base_ref_branch == 'mainline' - run: | - echo "PR has target branch ${{ steps.branch-name.outputs.base_ref_branch }}. Failing workflow..." - exit 1 diff --git a/.github/workflows/merge-coverage-report.yml b/.github/workflows/merge-coverage-report.yml deleted file mode 100644 index ae671bb987..0000000000 --- a/.github/workflows/merge-coverage-report.yml +++ /dev/null @@ -1,39 +0,0 @@ -# -# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -# SPDX-License-Identifier: Apache-2.0 -# - -name: Push Merge Commit Coverage Report -on: - push: - branches: - - develop -jobs: - codecov: - name: Send merge commit coverage report - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v2 - - name: Use Node.js - uses: actions/setup-node@v1 - with: - node-version: 12 - - name: Cache Node.js dependencies - uses: actions/cache@v2 - with: - path: ~/.pnpm-store - key: ${{ runner.os }}-pnpm-${{ hashFiles('**/package.json') }} - restore-keys: | - ${{ runner.os }}-pnpm- - ${{ runner.os }}- - - name: Install Node.js dependencies - run: | - npm install -g pnpm@5.18.9 - npm install -g codecov - pnpm recursive install --unsafe-perm --stream - - name: Run unit tests - run: | - pnpm run coverage --recursive --if-present --stream - - name: CodeCov - run: bash <(curl -s https://codecov.io/bash) -f ./coverage/coverage-final.json diff --git a/.github/workflows/security-code-scanning.yml b/.github/workflows/security-code-scanning.yml deleted file mode 100644 index 9f53d9d188..0000000000 --- a/.github/workflows/security-code-scanning.yml +++ /dev/null @@ -1,35 +0,0 @@ -# -# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -# SPDX-License-Identifier: Apache-2.0 -# - -name: Security Code Scanning -on: - pull_request: - branches: - - develop - - "feat-*" - paths-ignore: - - '**/*.md' - - '**/*.txt' - schedule: - - cron: '0 0 * * *' - push: - branches: - - develop - - "feat-*" -jobs: - CodeQL-Analyze: - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v2 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - with: - languages: javascript - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 diff --git a/.github/workflows/unit-test-code-analysis.yml b/.github/workflows/unit-test-code-analysis.yml deleted file mode 100644 index 2d4c2cecf9..0000000000 --- a/.github/workflows/unit-test-code-analysis.yml +++ /dev/null @@ -1,72 +0,0 @@ -# -# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -# SPDX-License-Identifier: Apache-2.0 -# - -name: Unit Tests & Code Analysis -on: - pull_request: - branches: - - develop - - "feat-*" -jobs: - static-code-analysis-and-unit-test: - name: Unit Tests & Code Analysis - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v2 - with: - fetch-depth: 2 - - name: Use Node.js - uses: actions/setup-node@v1 - with: - node-version: 12 - - name: Cache Node.js dependencies - uses: actions/cache@v2 - with: - path: ~/.pnpm-store - key: ${{ runner.os }}-pnpm-${{ hashFiles('**/package.json') }} - restore-keys: | - ${{ runner.os }}-pnpm- - ${{ runner.os }}- - - name: Install Node.js dependencies - run: | - npm install -g pnpm@5.18.9 - npm install -g codecov - pnpm recursive install --unsafe-perm --stream - - name: Check dependencies for vulnerabilities - run: | - ./scripts/check-dependency-vulnerabilities.sh - - name: Run static code analysis & linting tests - run: | - ./scripts/run-static-code-analysis.sh --stream - - name: Run unit tests - run: | - pnpm run coverage --recursive --if-present --stream - - name: CodeCov - run: bash <(curl -s https://codecov.io/bash) -f ./coverage/coverage-final.json - scan-for-secrets: - name: Scan for secrets - runs-on: ubuntu-latest - steps: - - name: Install Git Secret - run: | - cd ~ - git clone https://github.com/awslabs/git-secrets.git && cd git-secrets - sudo make install - git secrets --register-aws --global - # Prevent leakage of internal tools - git secrets --add '[aA]pollo|[bB]razil|[cC]oral|[oO]din' --global - git secrets --add 'tt\.amazon\.com|issues\.amazon\.com|cr\.amazon\.com' --global - # Prevent leakage of aws-iso - git secrets --add 'ic\.gov|sgov\.gov' --global - git secrets --add 'us-iso|aws-iso' --global - git secrets --add 'smil\.mil' --global - - name: Checkout - uses: actions/checkout@v2 - - name: Run Git Secret - run: git secrets --scan - - name: Print remediation message - if: failure() - run: echo "Check if creds was leaked. If yes, revoke the credentials and create a new PR"