forked from OISF/suricata
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
github-ci: check for new authors in pull-request
On pull request, get a list of commit authors for the pull request and compare to the list of authors in git master. If any differ, save to new-authors.txt and upload this as an artifact. As a workflow-run, download this artifact and if non-empty, add a comment to the pull-request that new authors may be part of the pull request. This 2 step approach is because GitHub actions running in pull-request context are not allowed to comment on the pull request, instead a post-workflow workflow has been added that runs in the context of the repo which can then comment on the pull request.
- Loading branch information
1 parent
3e0d2ff
commit af5a0e1
Showing
2 changed files
with
100 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,54 @@ | ||
| name: New Authors Report | ||
|
|
||
| on: | ||
| workflow_run: | ||
| workflows: [New Authors Check] | ||
| types: [completed] | ||
|
|
||
| jobs: | ||
| comment: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - run: echo "Author check is complete" | ||
|
|
||
| - name: Download artifact new authors | ||
| uses: actions/github-script@v6 | ||
| with: | ||
| script: | | ||
| let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({ | ||
| owner: context.repo.owner, | ||
| repo: context.repo.repo, | ||
| run_id: context.payload.workflow_run.id, | ||
| }); | ||
| let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => { | ||
| return artifact.name == "new-authors"; | ||
| })[0]; | ||
| let download = await github.rest.actions.downloadArtifact({ | ||
| owner: context.repo.owner, | ||
| repo: context.repo.repo, | ||
| artifact_id: matchArtifact.id, | ||
| archive_format: 'zip', | ||
| }); | ||
| let fs = require('fs'); | ||
| fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/new-authors.zip`, Buffer.from(download.data)); | ||
| - run: unzip new-authors.zip | ||
| - run: | | ||
| if test -s new-authors.txt; then | ||
| echo new_authors=yes >> $GITHUB_ENV | ||
| fi | ||
| - name: Comment on PR | ||
| if: ${{ env.new_authors == 'yes' }} | ||
| uses: actions/github-script@v6 | ||
| with: | ||
| github-token: ${{ secrets.GITHUB_TOKEN }} | ||
| script: | | ||
| let fs = require('fs'); | ||
| let issue_number = Number(fs.readFileSync('./pr-number.txt')); | ||
| let new_authors = String(fs.readFileSync('./new-authors.txt')); | ||
| let msg = 'NOTE: This PR may contain new authors:\n\n```\n' + new_authors + '```'; | ||
| await github.rest.issues.createComment({ | ||
| owner: context.repo.owner, | ||
| repo: context.repo.repo, | ||
| issue_number: issue_number, | ||
| body: msg | ||
| }); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| name: New Authors Check | ||
|
|
||
| on: | ||
| pull_request: | ||
|
|
||
| jobs: | ||
| check-id: | ||
| name: New Author Check | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - run: sudo apt -y install git | ||
| - run: git clone https://github.com/${{ github.repository }} | ||
| - run: git remote add author ${{ github.event.pull_request.head.repo.html_url }} | ||
| working-directory: suricata | ||
| - run: git fetch author | ||
| working-directory: suricata | ||
| - run: git checkout author/${{ github.event.pull_request.head.ref }} | ||
| working-directory: suricata | ||
| - name: Export known authors from master branch | ||
| run: git log --format="%an <%ae>" origin/master | sort | uniq > ../authors.txt | ||
| working-directory: suricata | ||
| - name: Export authors from new commits | ||
| run: git log --format="%an <%ae>" origin/${GITHUB_BASE_REF}... | sort | uniq > ../commit-authors.txt | ||
| working-directory: suricata | ||
| - name: Check new authors | ||
| run: | | ||
| touch new-authors.txt | ||
| while read -r author; do | ||
| echo "Checking author: ${author}" | ||
| if ! grep -q "^${author}\$" authors.txt; then | ||
| echo "ERROR: ${author} NOT FOUND" | ||
| echo "::warning ::New author found: ${author}" | ||
| echo "${author}" >> new-authors.txt | ||
| echo has_new_authors="yes" >> $GITHUB_ENV | ||
| fi | ||
| done < commit-authors.txt | ||
| - run: mkdir new-authors | ||
| - run: cp new-authors.txt new-authors | ||
| - run: echo ${{ github.event.number }} > new-authors/pr-number.txt | ||
| - run: ls -l | ||
| - name: Upload new authors | ||
| uses: actions/upload-artifact@v3 | ||
| with: | ||
| name: new-authors | ||
| path: new-authors | ||
|
|