Skip to content

Commit

Permalink
GHA
Browse files Browse the repository at this point in the history
  • Loading branch information
@jacopocarlini
jacopocarlini committed Aug 9, 2023
1 parent 23f077b commit 28d85e1
Show file tree
Hide file tree
Showing 8 changed files with 507 additions and 470 deletions.
8 changes: 3 additions & 5 deletions .github/workflows/anchore.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@ permissions:

env:
DOCKERFILE: Dockerfile
GITHUB_TOKEN_READ_PACKAGES: ${{ secrets.GITHUB_TOKEN }}

jobs:
Anchore-Build-Scan:
Expand All @@ -39,18 +38,17 @@ jobs:
uses: actions/checkout@v3

- name: Build the Docker image
run: docker build . --file ${{ env.DOCKERFILE }} --tag localbuild/testimage:latest --build-arg github_token=${{ env.GITHUB_TOKEN_READ_PACKAGES }}
run: docker build . --file ${{ env.DOCKERFILE }} --tag localbuild/testimage:latest

- name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled
id: scan
uses: anchore/scan-action@v3
with:
image: "localbuild/testimage:latest"
output-format: sarif
acs-report-enable: true
fail-build: true
severity-cutoff: "high"
- name: Upload Anchore Scan Report
uses: github/codeql-action/upload-sarif@v2
if: always()
with:
sarif_file: ${{ steps.scan.outputs.sarif }}
sarif_file: results.sarif
143 changes: 52 additions & 91 deletions .github/workflows/check_pr.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,56 +28,23 @@ jobs:
with:
configuration-path: '.github/auto_assign.yml'

check_labels:
name: Check Required Labels
# The type of runner that the job will run on
runs-on: ubuntu-latest

# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- name: Verify PR Labels
if: ${{ !contains(github.event.pull_request.labels.*.name, 'breaking-change') && !contains(github.event.pull_request.labels.*.name, 'enhancement') && !contains(github.event.pull_request.labels.*.name, 'bug') && !contains(github.event.pull_request.labels.*.name, 'ignore-for-release') }}
uses: actions/[email protected]
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
var comments = await github.rest.issues.listComments({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo
});
for (const comment of comments.data) {
if (comment.body.includes('This pull request does not contain a valid label')){
github.rest.issues.deleteComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: comment.id
})
}
}
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: 'This pull request does not contain a valid label. Please add one of the following labels: `[bug, enhancement, breaking-change, ignore-for-release]`'
})
core.setFailed('Missing required labels')
check_format:
name: Check Format
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3

- name: Formatting
uses: axel-op/googlejavaformat-action@v3
id: format
continue-on-error: true
uses: findologic/intellij-format-action@main
with:
args: "--set-exit-if-changed"
path: .
fail-on-changes: false

- uses: actions/[email protected]
if: always()
if: steps.format.outcome != 'success'
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
Expand All @@ -104,12 +71,15 @@ jobs:
repo: context.repo.repo,
body: 'Comment this PR with *update_code* to update `openapi.json` and format the code. Consider to use pre-commit to format the code.'
})
core.setFailed('Format your code.')
check_size:
runs-on: ubuntu-latest
name: Check Size
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0

- name: Check Size
uses: actions/[email protected]
Expand All @@ -121,7 +91,7 @@ jobs:
const additions = context.payload.pull_request.additions || 0
const deletions = context.payload.pull_request.deletions || 0
var changes = additions + deletions
console.log('additions: '+additions+'+ deletions: '+deletions+ ' = total changes: ' + changes);
console.log('additions: '+additions+' + deletions: '+deletions+ ' = total changes: ' + changes);
const { IGNORED_FILES } = process.env
const ignored_files = IGNORED_FILES.trim().split(',').filter(word => word.length > 0);
Expand All @@ -130,8 +100,8 @@ jobs:
const execSync = require('child_process').execSync;
for (const file of IGNORED_FILES.trim().split(',')) {
const ignored_additions_str = execSync('git --no-pager diff --numstat main..${{ github.ref_name}} | grep ' + file + ' | cut -f 1', { encoding: 'utf-8' })
const ignored_deletions_str = execSync('git --no-pager diff --numstat main..${{ github.ref_name}} | grep ' + file + ' | cut -f 2', { encoding: 'utf-8' })
const ignored_additions_str = execSync('git --no-pager diff --numstat origin/main..origin/${{ github.head_ref}} | grep ' + file + ' | cut -f 1', { encoding: 'utf-8' })
const ignored_deletions_str = execSync('git --no-pager diff --numstat origin/main..origin/${{ github.head_ref}} | grep ' + file + ' | cut -f 2', { encoding: 'utf-8' })
const ignored_additions = ignored_additions_str.split('\n').map(elem=> parseInt(elem || 0)).reduce(
(accumulator, currentValue) => accumulator + currentValue,
Expand All @@ -146,30 +116,53 @@ jobs:
console.log('ignored lines: ' + ignored + ' , consider changes: ' + changes);
}
if (changes < 200){
github.rest.issues.addLabels({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
labels: ['size/small']
})
var labels = await github.rest.issues.listLabelsOnIssue({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo
});
var labels = await github.rest.issues.listLabelsOnIssue({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo
});
if (labels.data.find(label => label.name == 'size/large')){
if (labels.data.find(label => label.name == 'size/large')){
github.rest.issues.removeLabel({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
name: 'size/large'
})
}
if (labels.data.find(label => label.name == 'size/small')){
github.rest.issues.removeLabel({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
name: 'size/large'
name: 'size/small'
})
}
var comments = await github.rest.issues.listComments({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo
});
for (const comment of comments.data) {
if (comment.body.includes('This PR exceeds the recommended size')){
github.rest.issues.deleteComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: comment.id
})
}
}
if (changes < 200){
github.rest.issues.addLabels({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
labels: ['size/small']
})
}
if (changes > 400){
github.rest.issues.addLabels({
Expand All @@ -179,44 +172,12 @@ jobs:
labels: ['size/large']
})
var comments = await github.rest.issues.listComments({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo
});
for (const comment of comments.data) {
if (comment.body.includes('This PR exceeds the recommended size')){
github.rest.issues.deleteComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: comment.id
})
}
}
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: 'This PR exceeds the recommended size of 400 lines. Please make sure you are NOT addressing multiple issues with one PR. _Note this PR might be rejected due to its size._'
})
var labels = await github.rest.issues.listLabelsOnIssue({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo
});
if (labels.data.find(label => label.name == 'size/small')){
github.rest.issues.removeLabel({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
name: 'size/small'
})
}
core.setFailed('PR is too large: ' + changes + ' changes.')
}
Loading

0 comments on commit 28d85e1

Please sign in to comment.