Comment pull-request with Build Scan links in Publish action

README.md

@@ -73,7 +73,7 @@ jobs:
 A Composite action to save an unpublished Maven Build Scan®.
 
 The action saves unpublished Build Scan® data as a workflow artifact with name `maven-build-scan-data`, which can then be published in a dependent workflow.
-To simplify the Build Scan® publication process later on, a file containing the Gradle Enterprise Maven extension version(s) is saved as an additional workflow artifact with name `maven-build-scan-metadata`.
+An additional workflow artifact `maven-build-scan-metadata` containing the Gradle Enterprise Maven extension version(s) and the pull-request number is also uploaded by the current action.
 
 Use this action in your existing pull-request workflows to allow Build Scan® to be published. Since these workflows are running in an untrusted context, they do not have access to the required secrets to publish the Build Scan® directly.
 
@@ -114,6 +114,8 @@ This event allows access to the repository secrets (_Gradle Enterprise Access Ke
 The Build Scan® publication requires the Gradle Terms of Service to be approved, this can be achieved by adding a workflow using the `terms-of-service/verify` action.
 The `pull-request-check/verify` action is used to ensure this workflow passed successfully. 
 
+Every published Build Scan® will have its link commented in the pull-request.
+
 `dawidd6/action-download-artifact` action is used to download Artifacts uploaded by a different workflow.
 
 **Dependencies**:
@@ -131,6 +133,7 @@ The `pull-request-check/verify` action is used to ensure this workflow passed su
 | `gradle-enterprise-extension-version` | Gradle Enterprise Maven extension version          |         |
 | `gradle-enterprise-access-key`        | *Optional*: Gradle Enterprise access key           |         |
 | `gradle-enterprise-allow-untrusted`   | *Optional*: Gradle Enterprise allow-untrusted flag | `false` |
+| `pull-request-number`                 | pull-request number                                |         |
 
 **Usage**:
 
@@ -182,4 +185,5 @@ jobs:
           gradle-enterprise-url: 'https://<MY_GE_URL>'
           gradle-enterprise-extension-version: ${{ matrix.version }}
           gradle-enterprise-access-key: ${{ secrets.<GE_ACCESS_KEY> }}
+          pull-request-number: ${{ steps.load.outputs.pull-request-number }}
 ```

maven/build-scan/load-metadata/action.yml

@@ -5,6 +5,9 @@ outputs:
   extension-versions:
     description: 'Array of Gradle Enterprise Maven Extension versions to publish Build Scans for'
     value: ${{ steps.collect-versions.outputs.VERSIONS }}
+  pull-request-number:
+    description: 'Pull-request number'
+    value: ${{ steps.collect-pr-number.outputs.PR_NUMBER }}
 
 runs:
   using: 'composite'
@@ -30,3 +33,14 @@ runs:
         # add as output
         echo "VERSIONS=$VERSIONS" >> $GITHUB_OUTPUT
       shell: bash
+    - name: Collect pull-request number
+      env:
+        METADATA_ARTIFACT_NAME: 'maven-build-scan-metadata'
+        METADATA_FILE_NAME: 'pull-request.properties'
+      id: collect-pr-number
+      run: |
+        # source first match as all files are identical (one file per save action call)
+        source "$(find ${{ env.METADATA_ARTIFACT_NAME }}/ -type f -name '*-${{ env.METADATA_FILE_NAME }}' -print -quit)"
+        # add as output
+        echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_OUTPUT
+      shell: bash

maven/build-scan/publish/action.yml

@@ -14,6 +14,13 @@ inputs:
   gradle-enterprise-allow-untrusted:
     description: 'Gradle Enterprise allow-untrusted flag'
     default: 'false'
+  pull-request-number:
+    description: 'Pull-request number'
+    required: true
+  github-token:
+    description: 'The token used for Github API requests'
+    default: ${{ github.token }}
+    required: false
 
 runs:
   using: 'composite'
@@ -83,12 +90,47 @@ runs:
         GRADLE_ENTERPRISE_ACCESS_KEY: ${{ inputs.gradle-enterprise-access-key }}
         PROJECT_DIR: 'maven-build-scan-publisher'
       working-directory: ${{ env.PROJECT_DIR }}
+      id: publish
       run: |
         set +e
+        SCAN_LINKS=""
         NB_SCANS=$(find ${{ env.BUILD_SCAN_DIR }}${{ inputs.gradle-enterprise-extension-version }} -type f -name "scan.scan"  | wc -l)
         for ((i=1; i <= $NB_SCANS; i++))
         do
           echo "BUILD SCAN PUBLICATION $i/$NB_SCANS"
-          mvn gradle-enterprise:build-scan-publish-previous
+          mvn gradle-enterprise:build-scan-publish-previous | tee build.out
+        
+          SCAN_LINK=$(grep -A1 "Publishing build scan..." build.out  | tail -n 1  | sed 's/\[INFO\] //')
+          if [[ ! -z "$SCAN_LINK" ]]
+          then
+            SCAN_LINKS="${SCAN_LINKS},[Link $i]($SCAN_LINK)"
+          fi
         done
+        echo "SCAN_LINKS=$SCAN_LINKS" >> $GITHUB_OUTPUT
       shell: bash
+    - name: Comment pull-request with Build Scan links
+      uses: actions/github-script@v6
+      env:
+        PR: ${{ inputs.pull-request-number }}
+        SCAN_LINKS: ${{ steps.publish.outputs.SCAN_LINKS }}
+        EXTENSION_VERSION: ${{ inputs.gradle-enterprise-extension-version }}
+      with:
+        github-token: ${{ inputs.github-token }}
+        script: |
+          const prNumber = Number(process.env.PR);
+          const scanLinks = process.env.SCAN_LINKS;
+          const extensionVersion = process.env.EXTENSION_VERSION;
+          
+          if(scanLinks.length > 0) {
+            const comment = `#### Explore the Build Scan(s): 
+            ${scanLinks.replace(/,/g,'\n')}
+          
+            ###### Generated by gradle/github-actions/maven/build-scan/publish for extension ${extensionVersion}`;
+          
+            github.rest.issues.createComment({
+              issue_number: prNumber,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: comment
+            });
+          }

maven/build-scan/save/action.yml

@@ -7,22 +7,25 @@ runs:
     - name: Generate UUID
       id: generate-uuid
       run: |
-        # create a unique file name to avoid issues with actions/upload-artifact if this composite action is called multiple times
+        # This is used to create a unique file name to avoid issues with actions/upload-artifact if this composite action is called multiple times
         echo "UUID=$(cat /proc/sys/kernel/random/uuid)" >> "$GITHUB_OUTPUT"
       shell: bash
-    - name: Dump Gradle Enterprise extension versions in file
+    - name: Dump Build Scan metadata
       env:
         BUILD_SCAN_DIR: '~/.m2/.gradle-enterprise/build-scan-data/'
       run: |
         if [ -d ${{ env.BUILD_SCAN_DIR }} ]; then
           find ${{ env.BUILD_SCAN_DIR }} -type d -name "*.*" -maxdepth 1 -mindepth 1 -exec basename {} \; > ${{ steps.generate-uuid.outputs.UUID }}-ge-extension-versions.txt
+          echo "PR_NUMBER=${{ github.event.number }}" > ${{ steps.generate-uuid.outputs.UUID }}-pull-request.properties
         fi
       shell: bash
     - name: Upload Build Scan metadata as workflow Artifact
       uses: actions/upload-artifact@v3
       with:
         name: 'maven-build-scan-metadata'
-        path: '*-ge-extension-versions.txt'
+        path: |
+          *-ge-extension-versions.txt
+          *-pull-request.properties
         retention-days: 1
     - name: Upload Build Scan as workflow Artifact
       uses: actions/upload-artifact@v3

pull-request-check/verify/action.yml

@@ -16,14 +16,14 @@ runs:
     - name: Verify pull-request check
       uses: actions/github-script@v6
       env:
-        sha: ${{ github.event.workflow_run.head_sha }}
+        SHA: ${{ github.event.workflow_run.head_sha }}
       with:
         github-token: ${{ inputs.github-token }}
         result-encoding: string
         script: |
           // returns most recent check runs first by default
           const checkRuns = await github.paginate('GET /repos/${{ github.repository }}/commits/{ref}/check-runs', {
-            ref: process.env.sha,
+            ref: process.env.SHA,
             per_page: 50
           });
           for await (const cr of checkRuns) {