Skip to content

Commit

Permalink
Add aggregate action
Browse files Browse the repository at this point in the history
  • Loading branch information
@jprinet
jprinet committed Oct 2, 2023
1 parent 4a2b29a commit aed9c0a
Show file tree
Hide file tree
Showing 7 changed files with 160 additions and 37 deletions.
3 changes: 1 addition & 2 deletions .github/workflows/test-terms-of-service-acceptance-run.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,6 @@ jobs:
permissions:
contents: write
pull-requests: write
actions: write
statuses: write
steps:
- name: Checkout
uses: actions/checkout@v4
Expand All @@ -19,3 +17,4 @@ jobs:
with:
tos-location: 'https://foo.bar/tos.html'
white-list: '*'
signature-location: '.github/develocity-tos.json'
107 changes: 80 additions & 27 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ _Note:_
Some parameters need to be adjusted here:
- The workflow name (here `Build`) triggered when a pull-request is submitted
- The build workflow filename (here `build.yml`) has to be adjusted to the filename of the workflow using `maven-build-scan/save`
- The location of the Develocity Terms of Service (here `https://foo.bar/tos.html`)
- The Develocity URL (here `https://<MY_DEVELOCITY_URL>`)
- The secret name holding the Develocity access key (here `<DEVELOCITY_ACCESS_KEY>`)

Expand All @@ -56,45 +57,35 @@ jobs:
contents: write
pull-requests: write
steps:
- name: Load data
id: load
uses: gradle/github-actions/maven-build-scan/[email protected]
- name: Publish Build Scan
uses: gradle/github-actions/[email protected]
with:
build-workflow-filename: 'build.yml'
- name: Verify Terms of Service acceptance
uses: gradle/github-actions/terms-of-service-acceptance/[email protected]
with:
tos-location: 'https://foo.bar/tos.html'
pr-number: ${{ steps.load.outputs.pr-number }}
- name: Publish Maven Build Scans
uses: gradle/github-actions/maven-build-scan/[email protected]
with:
develocity-url: 'https://<MY_DEVELOCITY_URL>'
develocity-access-key: ${{ secrets.<DEVELOCITY_ACCESS_KEY> }}
pr-number: ${{ steps.load.outputs.pr-number }}
```
### Implementation details
#### terms-of-service-acceptance/run
A composite action to verify that Develocity Terms of Service have been accepted.
#### maven-build-scan
This action checks if the user submitting a pull-request has accepted the Terms of Service.
If the user has previously accepted the terms, then the action succeeds.
If not, a comment is made on the pull-request asking the user to accept and the action fails. The user can then accept the Terms of Service by responding with a specific comment on the pull-request.
This composite action is a meta action to simplify the logic on consumer side.
See the [cla-assistant-lite documentation](https://github.com/marketplace/actions/cla-assistant-lite) for more details.
The action will download any saved Build Scan® and publish them to Develocity after having checked that the Terms of Service were accepted.
**Dependencies**:
- [cla-assistant-lite](https://github.com/marketplace/actions/cla-assistant-lite)
- `maven-build-scan/load`
- `terms-of-service-acceptance/run`
- `maven-build-scan/publish`

**Event Triggers**:

This action should be configured to respond to the following event triggers:
- `workflow_run`: to check if the user has previously accepted the Terms of Service before publishing a Build Scan®.
- `issue_comment`: to check if any new pull-request comment is accepting the Terms of Service.
These event allows access to the repository secrets (_Develocity Access Key_) which is required to publish a Build Scan® to Gradle Enterprise when authentication is enabled.

**Permissions**:

Expand All @@ -106,8 +97,11 @@ The following permissions are required for this action to operate:

| Name | Description | Default |
|------------------------------------------|------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `build-workflow-filename` | Filename of the workflow using `maven-build-scan/save` (called upon pull-request submission) | |
| `tos-location` | Terms Of Service location (URL) | |
| `pr-number` | pull-request number | |
| `develocity-url` | Develocity URL | |
| `develocity-access-key` | *Optional*: Develocity access key | |
| `develocity-allow-untrusted` | *Optional*: Develocity allow-untrusted flag | `false` |
| `signature-branch` | *Optional*: Git branch where the signature file will be stored | `${{ github.event.repository.default_branch }}` |
| `signature-location` | *Optional*: Signature file location | `.github/develocity-tos.json` |
| `pr-comment-tos-acceptance-missing` | *Optional*: pull-request comment added when Terms of Service have not previously been accepted | `Please accept [Develocity Terms Of Service]({0}) to get your pull-request Build Scan published by commenting this pull-request with the following message:` |
Expand All @@ -120,16 +114,19 @@ The following permissions are required for this action to operate:

_Note:_
Some parameters need to be adjusted here:
- The pull-request number (here `steps.load.outputs.pr-number`) has to be adjusted to the value set in the context
- The build workflow filename (here `build.yml`) has to be adjusted to the filename of the workflow using `maven-build-scan/save`
- The location of the Develocity Terms of Service (here `https://foo.bar/tos.html`)
- The Develocity URL (here `https://<MY_DEVELOCITY_URL>`)
- The secret name holding the Develocity access key (here `<DEVELOCITY_ACCESS_KEY>`)

```yaml
[...]
- name: Verify Terms of Service acceptance
uses: gradle/github-actions/terms-of-service-acceptance/[email protected]
- name: Publish Build Scan
uses: gradle/github-actions/[email protected]
with:
build-workflow-filename: 'build.yml'
tos-location: 'https://foo.bar/tos.html'
pr-number: ${{ steps.load.outputs.pr-number }}
[...]
develocity-url: 'https://<MY_DEVELOCITY_URL>'
develocity-access-key: ${{ secrets.<DEVELOCITY_ACCESS_KEY> }}
```

#### maven-build-scan/save
Expand Down Expand Up @@ -181,7 +178,7 @@ This action should be configured to respond to the following event trigger (see
- `workflow_run`: to run after the pull-request workflow.
- `issue_comment`: to run after the pull-request is commented.

The action fails for any other event trigger, or if the comment is different than `recheck` or `I have read Develocity Terms Of Service and I hereby accept the Terms` (can be overridden).
The action fails for any other event trigger, or if the comment is different than `recheck` or `I have read Develocity Terms Of Service and I hereby accept the Terms` (can be overridden).

**Action inputs**:

Expand Down Expand Up @@ -212,6 +209,62 @@ Some parameters need to be adjusted here:
[...]
```

#### terms-of-service-acceptance/run

A composite action to verify that Develocity Terms of Service have been accepted.

This action checks if the user submitting a pull-request has accepted the Terms of Service.
If the user has previously accepted the terms, then the action succeeds.
If not, a comment is made on the pull-request asking the user to accept and the action fails. The user can then accept the Terms of Service by responding with a specific comment on the pull-request.

See the [cla-assistant-lite documentation](https://github.com/marketplace/actions/cla-assistant-lite) for more details.

**Dependencies**:

- [cla-assistant-lite](https://github.com/marketplace/actions/cla-assistant-lite)

**Event Triggers**:

This action should be configured to respond to the following event triggers:
- `workflow_run`: to check if the user has previously accepted the Terms of Service before publishing a Build Scan®.
- `issue_comment`: to check if any new pull-request comment is accepting the Terms of Service.

**Permissions**:

The following permissions are required for this action to operate:
- `contents: write`: to create/edit the signature file
- `pull-requests: write`: to comment the pull-request

**Action inputs**:

| Name | Description | Default |
|------------------------------------------|------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `tos-location` | Terms Of Service location (URL) | |
| `pr-number` | pull-request number | |
| `signature-branch` | *Optional*: Git branch where the signature file will be stored | `${{ github.event.repository.default_branch }}` |
| `signature-location` | *Optional*: Signature file location | `.github/develocity-tos.json` |
| `pr-comment-tos-acceptance-missing` | *Optional*: pull-request comment added when Terms of Service have not previously been accepted | `Please accept [Develocity Terms Of Service]({0}) to get your pull-request Build Scan published by commenting this pull-request with the following message:` |
| `pr-comment-tos-acceptance-request` | *Optional*: pull-request comment to accept the Terms of Service | `I have read Develocity Terms Of Service and I hereby accept the Terms` |
| `pr-comment-tos-acceptance-confirmation` | *Optional*: pull-request comment added when Terms of Service are accepted | `All Contributors have accepted Develocity Terms Of Service.` |
| `white-list` | *Optional*: CSV List of users not required to accept the Terms of Service | `''` |
| `github-token` | *Optional*: Github token | `${{ github.token }}` |

**Usage**:

_Note:_
Some parameters need to be adjusted here:
- The pull-request number (here `steps.load.outputs.pr-number`) has to be adjusted to the value set in the context

```yaml
[...]
- name: Verify Terms of Service acceptance
uses: gradle/github-actions/terms-of-service-acceptance/[email protected]
with:
tos-location: 'https://foo.bar/tos.html'
pr-number: ${{ steps.load.outputs.pr-number }}
[...]
```

#### maven-build-scan/publish

This action will publish all Maven Build Scans® that have been saved as workflow artifacts by the `maven-build-scan/save` action.
Expand Down
Binary file modified doc/architecture.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
71 changes: 71 additions & 0 deletions maven-build-scan/action.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
name: Publish Maven Build Scan
description: Publish Maven Build Scan

inputs:
build-workflow-filename:
description: 'Filename of the workflow where the maven-build-scan/save action was triggered'
required: true
develocity-url:
description: 'Develocity URL'
required: true
develocity-access-key:
description: 'Develocity access key'
required: false
tos-location:
description: 'Terms of Service location as an URL (https://foo.com/tos.html) or a Github repository file (/<owner>/<repo>/blob/<branch>/tos.html)'
required: true
develocity-allow-untrusted:
description: 'Develocity allow-untrusted flag'
default: 'false'
pr-comment-tos-acceptance-missing:
description: 'pull-request comment added when Terms of Service are not accepted ({0} in the value will be replaced by tos-location input)'
default: 'Please accept [Develocity Terms of Service]({0}) to get your pull-request Build Scan published by commenting this pull-request with the following message:'
pr-comment-tos-acceptance-request:
description: 'pull-request comment to accept the Terms of Service'
default: 'I have read Develocity Terms of Service and I hereby accept the Terms'
pr-comment-tos-acceptance-validation:
description: 'pull-request comment added when Terms of Service are accepted'
default: 'All Contributors have accepted Develocity Terms of Service.'
signature-branch:
description: 'Git branch where the signature file will be stored'
default: ${{ github.event.repository.default_branch }}
signature-location:
description: 'Signature file location'
default: '.github/develocity-tos.json'
white-list:
description: 'CSV List of users not required to accept the Terms of Service'
default: ''
github-token:
description: 'The token used for Github API requests'
default: ${{ github.token }}
required: false

runs:
using: composite
steps:
- name: Load data
id: load
uses: gradle/github-actions/maven-build-scan/[email protected]
with:
build-workflow-filename: ${{ inputs.build-workflow-filename }}
pr-comment-tos-acceptance-request: ${{ inputs.pr-comment-tos-acceptance-request }}
- name: Verify Terms of Service acceptance
uses: gradle/github-actions/terms-of-service-acceptance/[email protected]
with:
tos-location: ${{ inputs.tos-location }}
pr-number: ${{ steps.load.outputs.pr-number }}
pr-comment-tos-acceptance-missing: ${{ inputs.pr-comment-tos-acceptance-missing }}
pr-comment-tos-acceptance-request: ${{ inputs.pr-comment-tos-acceptance-request }}
pr-comment-tos-acceptance-validation: ${{ inputs.pr-comment-tos-acceptance-validation }}
signature-branch: ${{ inputs.signature-branch }}
signature-location: ${{ inputs.signature-location }}
white-list: ${{ inputs.white-list }}
github-token: ${{ inputs.github-token }}
- name: Publish Maven Build Scans
uses: gradle/github-actions/maven-build-scan/[email protected]
with:
develocity-url: ${{ inputs.develocity-url }}
develocity-access-key: ${{ inputs.develocity-access-key }}
pr-number: ${{ steps.load.outputs.pr-number }}
develocity-allow-untrusted: ${{ inputs.develocity-allow-untrusted }}
github-token: ${{ inputs.github-token }}
2 changes: 1 addition & 1 deletion maven-build-scan/load/action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ inputs:
required: true
pr-comment-tos-acceptance-request:
description: 'pull-request comment to accept the Terms of Service'
default: 'I have read Develocity Terms of Service and I hereby accept the Terms'
required: true

outputs:
pr-number:
Expand Down
2 changes: 1 addition & 1 deletion maven-build-scan/publish/action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ inputs:
required: false
develocity-allow-untrusted:
description: 'Develocity allow-untrusted flag'
default: 'false'
required: true
github-token:
description: 'The token used for Github API requests'
default: ${{ github.token }}
Expand Down
12 changes: 6 additions & 6 deletions terms-of-service-acceptance/run/action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,22 +10,22 @@ inputs:
required: true
pr-comment-tos-acceptance-missing:
description: 'pull-request comment added when Terms of Service are not accepted ({0} in the value will be replaced by tos-location input)'
default: 'Please accept [Develocity Terms of Service]({0}) to get your pull-request Build Scan published by commenting this pull-request with the following message:'
required: true
pr-comment-tos-acceptance-request:
description: 'pull-request comment to accept the Terms of Service'
default: 'I have read Develocity Terms of Service and I hereby accept the Terms'
required: true
pr-comment-tos-acceptance-validation:
description: 'pull-request comment added when Terms of Service are accepted'
default: 'All Contributors have accepted Develocity Terms of Service.'
required: true
signature-branch:
description: 'Git branch where the signature file will be stored'
default: ${{ github.event.repository.default_branch }}
required: true
signature-location:
description: 'Signature file location'
default: '.github/develocity-tos.json'
required: true
white-list:
description: 'CSV List of users not required to accept the Terms of Service'
default: ''
required: true
github-token:
description: 'The token used for Github API requests'
default: ${{ github.token }}
Expand Down

0 comments on commit aed9c0a

Please sign in to comment.