diff --git a/README.md b/README.md index 975a8677..8c9be77b 100644 --- a/README.md +++ b/README.md @@ -73,7 +73,7 @@ jobs: A Composite action to save an unpublished Maven Build Scan®. The action saves unpublished Build Scan® data as a workflow artifact with name `maven-build-scan-data`, which can then be published in a dependent workflow. -To simplify the Build Scan® publication process later on, a file containing the Gradle Enterprise Maven extension version(s) is saved as an additional workflow artifact with name `maven-build-scan-metadata`. +An additional workflow artifact `maven-build-scan-metadata` containing the Gradle Enterprise Maven extension version(s) and the pull-request number is also uploaded by the current action. Use this action in your existing pull-request workflows to allow Build Scan® to be published. Since these workflows are running in an untrusted context, they do not have access to the required secrets to publish the Build Scan® directly. @@ -114,6 +114,8 @@ This event allows access to the repository secrets (_Gradle Enterprise Access Ke The Build Scan® publication requires the Gradle Terms of Service to be approved, this can be achieved by adding a workflow using the `terms-of-service/verify` action. The `pull-request-check/verify` action is used to ensure this workflow passed successfully. +Every published Build Scan® will have its link commented in the pull-request. + `dawidd6/action-download-artifact` action is used to download Artifacts uploaded by a different workflow. **Dependencies**: @@ -131,6 +133,7 @@ The `pull-request-check/verify` action is used to ensure this workflow passed su | `gradle-enterprise-extension-version` | Gradle Enterprise Maven extension version | | | `gradle-enterprise-access-key` | *Optional*: Gradle Enterprise access key | | | `gradle-enterprise-allow-untrusted` | *Optional*: Gradle Enterprise allow-untrusted flag | `false` | +| `pull-request-number` | pull-request number | | **Usage**: @@ -182,4 +185,5 @@ jobs: gradle-enterprise-url: 'https://' gradle-enterprise-extension-version: ${{ matrix.version }} gradle-enterprise-access-key: ${{ secrets. }} + pull-request-number: ${{ steps.load.outputs.pull-request-number }} ``` diff --git a/maven/build-scan/load-metadata/action.yml b/maven/build-scan/load-metadata/action.yml index a5da469e..27963ec9 100644 --- a/maven/build-scan/load-metadata/action.yml +++ b/maven/build-scan/load-metadata/action.yml @@ -5,6 +5,9 @@ outputs: extension-versions: description: 'Array of Gradle Enterprise Maven Extension versions to publish Build Scans for' value: ${{ steps.collect-versions.outputs.VERSIONS }} + pull-request-number: + description: 'Pull-request number' + value: ${{ steps.collect-pr-number.outputs.PR_NUMBER }} runs: using: 'composite' @@ -30,3 +33,14 @@ runs: # add as output echo "VERSIONS=$VERSIONS" >> $GITHUB_OUTPUT shell: bash + - name: Collect pull-request number + env: + METADATA_ARTIFACT_NAME: 'maven-build-scan-metadata' + METADATA_FILE_NAME: 'pull-request.properties' + id: collect-pr-number + run: | + # source first match as all files are identical (one file per save action call) + source "$(find ${{ env.METADATA_ARTIFACT_NAME }}/ -type f -name '*-${{ env.METADATA_FILE_NAME }}' -print -quit)" + # add as output + echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_OUTPUT + shell: bash diff --git a/maven/build-scan/publish/action.yml b/maven/build-scan/publish/action.yml index b3f676ba..87e95c1c 100644 --- a/maven/build-scan/publish/action.yml +++ b/maven/build-scan/publish/action.yml @@ -14,6 +14,13 @@ inputs: gradle-enterprise-allow-untrusted: description: 'Gradle Enterprise allow-untrusted flag' default: 'false' + pull-request-number: + description: 'Pull-request number' + required: true + github-token: + description: 'The token used for Github API requests' + default: ${{ github.token }} + required: false runs: using: 'composite' @@ -83,12 +90,47 @@ runs: GRADLE_ENTERPRISE_ACCESS_KEY: ${{ inputs.gradle-enterprise-access-key }} PROJECT_DIR: 'maven-build-scan-publisher' working-directory: ${{ env.PROJECT_DIR }} + id: publish run: | set +e + SCAN_LINKS="" NB_SCANS=$(find ${{ env.BUILD_SCAN_DIR }}${{ inputs.gradle-enterprise-extension-version }} -type f -name "scan.scan" | wc -l) for ((i=1; i <= $NB_SCANS; i++)) do echo "BUILD SCAN PUBLICATION $i/$NB_SCANS" - mvn gradle-enterprise:build-scan-publish-previous + mvn gradle-enterprise:build-scan-publish-previous | tee build.out + + SCAN_LINK=$(grep -A1 "Publishing build scan..." build.out | tail -n 1 | sed 's/\[INFO\] //') + if [[ ! -z "$SCAN_LINK" ]] + then + SCAN_LINKS="${SCAN_LINKS},[Link $i]($SCAN_LINK)" + fi done + echo "SCAN_LINKS=$SCAN_LINKS" >> $GITHUB_OUTPUT shell: bash + - name: Comment pull-request with Build Scan links + uses: actions/github-script@v6 + env: + PR: ${{ inputs.pull-request-number }} + SCAN_LINKS: ${{ steps.publish.outputs.SCAN_LINKS }} + EXTENSION_VERSION: ${{ inputs.gradle-enterprise-extension-version }} + with: + github-token: ${{ inputs.github-token }} + script: | + const prNumber = Number(process.env.PR); + const scanLinks = process.env.SCAN_LINKS; + const extensionVersion = process.env.EXTENSION_VERSION; + + if(scanLinks.length > 0) { + const comment = `#### Explore the Build Scan(s): + ${scanLinks.replace(/,/g,'\n')} + + ###### Generated by gradle/github-actions/maven/build-scan/publish for extension ${extensionVersion}`; + + github.rest.issues.createComment({ + issue_number: prNumber, + owner: context.repo.owner, + repo: context.repo.repo, + body: comment + }); + } diff --git a/maven/build-scan/save/action.yml b/maven/build-scan/save/action.yml index b719f7ad..b3709edc 100644 --- a/maven/build-scan/save/action.yml +++ b/maven/build-scan/save/action.yml @@ -7,22 +7,25 @@ runs: - name: Generate UUID id: generate-uuid run: | - # create a unique file name to avoid issues with actions/upload-artifact if this composite action is called multiple times + # This is used to create a unique file name to avoid issues with actions/upload-artifact if this composite action is called multiple times echo "UUID=$(cat /proc/sys/kernel/random/uuid)" >> "$GITHUB_OUTPUT" shell: bash - - name: Dump Gradle Enterprise extension versions in file + - name: Dump Build Scan metadata env: BUILD_SCAN_DIR: '~/.m2/.gradle-enterprise/build-scan-data/' run: | if [ -d ${{ env.BUILD_SCAN_DIR }} ]; then find ${{ env.BUILD_SCAN_DIR }} -type d -name "*.*" -maxdepth 1 -mindepth 1 -exec basename {} \; > ${{ steps.generate-uuid.outputs.UUID }}-ge-extension-versions.txt + echo "PR_NUMBER=${{ github.event.number }}" > ${{ steps.generate-uuid.outputs.UUID }}-pull-request.properties fi shell: bash - name: Upload Build Scan metadata as workflow Artifact uses: actions/upload-artifact@v3 with: name: 'maven-build-scan-metadata' - path: '*-ge-extension-versions.txt' + path: | + *-ge-extension-versions.txt + *-pull-request.properties retention-days: 1 - name: Upload Build Scan as workflow Artifact uses: actions/upload-artifact@v3 diff --git a/pull-request-check/verify/action.yml b/pull-request-check/verify/action.yml index ff8a6d07..4a9c6916 100644 --- a/pull-request-check/verify/action.yml +++ b/pull-request-check/verify/action.yml @@ -16,14 +16,14 @@ runs: - name: Verify pull-request check uses: actions/github-script@v6 env: - sha: ${{ github.event.workflow_run.head_sha }} + SHA: ${{ github.event.workflow_run.head_sha }} with: github-token: ${{ inputs.github-token }} result-encoding: string script: | // returns most recent check runs first by default const checkRuns = await github.paginate('GET /repos/${{ github.repository }}/commits/{ref}/check-runs', { - ref: process.env.sha, + ref: process.env.SHA, per_page: 50 }); for await (const cr of checkRuns) {