Skip to content

Commit

Permalink
Code Review:
Browse files Browse the repository at this point in the history 
- One single job to publish Build Scans
- Replace approve with accept
  • Loading branch information
@jprinet
jprinet committed Sep 19, 2023
1 parent f238f4b commit ff543ce
Show file tree
Hide file tree
Showing 8 changed files with 106 additions and 154 deletions.
17 changes: 2 additions & 15 deletions .github/workflows/test-maven-build-scan-save.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,15 +34,14 @@ jobs:
- name: Save Maven Build Scan 2
uses: ./maven/build-scan/save

check-saved-build-scans:
verify-saved-build-scans:
name: Verify Saved Build Scans
needs: create-and-save-build-scans
runs-on: ubuntu-latest
env:
DATA_ARTIFACT_NAME: 'maven-build-scan-data'
METADATA_ARTIFACT_NAME: 'maven-build-scan-metadata'
steps:
- name: Download data workflow artifact
- name: Download Workflow Artifacts
uses: actions/download-artifact@v3
with:
name: ${{ env.DATA_ARTIFACT_NAME }}
Expand All @@ -54,15 +53,3 @@ jobs:
echo "Found $scanCount scans (2 expected)"
exit 1
fi
- name: Download metadata workflow artifact
uses: actions/download-artifact@v3
with:
name: ${{ env.METADATA_ARTIFACT_NAME }}
path: ${{ env.METADATA_ARTIFACT_NAME }}
- name: Verify metadata files count
run: |
metadataFilesCount=$(find ${{ env.METADATA_ARTIFACT_NAME }} -type f -name '*-ge-extension-versions.txt' | wc -l)
if [ "$metadataFilesCount" != "2" ]; then
echo "Found $metadataFilesCount metadata files (2 expected)"
exit 1
fi
8 changes: 4 additions & 4 deletions ...orkflows/test-terms-of-service-verify.yml → ...b/workflows/test-terms-of-service-run.yml
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
name: TEST - Gradle - Terms of Service approval verification
name: TEST - Run Terms of Service acceptance verification

on:
pull_request:

jobs:
check-terms-of-service-approval:
run-terms-of-service-acceptance:
runs-on: ubuntu-latest
permissions:
contents: write
Expand All @@ -14,8 +14,8 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Gradle - Terms of Service approval verification
uses: ./terms-of-service/verify
- name: Run Terms of Service acceptance
uses: ./terms-of-service-acceptance/run
with:
tos-location: 'https://foo.bar/tos.html'
white-list: '*'
86 changes: 36 additions & 50 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,12 @@

A collection of composite Github Actions

## terms-of-service/verify
## terms-of-service-acceptance/run

A composite action to verify that Gradle Terms of Service have been approved.
A composite action to verify that Gradle Terms of Service have been accepted.

The action succeeds if the pull-request contributors are recorded in the signature file, fails otherwise.
Contributors can approve the Terms of Service by commenting the pull-request, explore the [cla-assistant-lite documentation](https://github.com/marketplace/actions/cla-assistant-lite) for more details.
Contributors can accept the Terms of Service by commenting the pull-request, explore the [cla-assistant-lite documentation](https://github.com/marketplace/actions/cla-assistant-lite) for more details.

**Dependencies**:

Expand All @@ -18,23 +18,29 @@ Contributors can approve the Terms of Service by commenting the pull-request, ex
- `pull_request_target`
- `issue-comment`

**Permissions**:
- `contents: write`: to create/edit the signature file
- `pull-requests: write`: to comment the pull-request
- `actions: write`: to update the pull-request status check
- `statuses: write`: to update the pull-request status check

**Action inputs**:

| Name | Description | Default |
|----------------------------------------|-------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `tos-location` | Terms Of Service location (URL) | |
| `signature-branch` | *Optional*: Git branch where the signature file will be stored | `${{ github.event.repository.default_branch }}` |
| `signature-location` | *Optional*: Signature file location | `.github/gradle-enterprise-tos.json` |
| `pr-comment-tos-approval-missing` | *Optional*: pull-request comment added when Terms of Service are not approved | `Please accept [Gradle Enterprise Terms Of Service]({0}) to get your pull-request Build Scan published by commenting this pull-request with the following message:` |
| `pr-comment-tos-approval-request` | *Optional*: pull-request comment to approve the Terms of Service | `I have read Gradle Enterprise Terms Of Service and I hereby accept the Terms` |
| `pr-comment-tos-approval-confirmation` | *Optional*: pull-request comment added when Terms of Service are approved | `All Contributors have accepted Gradle Enterprise Terms Of Service.` |
| `white-list` | *Optional*: CSV List of users not required to approve the Terms of Service | `''` |
| `github-token` | *Optional*: Github token | `${{ github.token }}` |
| Name | Description | Default |
|------------------------------------------|-------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `tos-location` | Terms Of Service location (URL) | |
| `signature-branch` | *Optional*: Git branch where the signature file will be stored | `${{ github.event.repository.default_branch }}` |
| `signature-location` | *Optional*: Signature file location | `.github/gradle-enterprise-tos.json` |
| `pr-comment-tos-acceptance-missing` | *Optional*: pull-request comment added when Terms of Service are not accepted | `Please accept [Gradle Enterprise Terms Of Service]({0}) to get your pull-request Build Scan published by commenting this pull-request with the following message:` |
| `pr-comment-tos-acceptance-request` | *Optional*: pull-request comment to accept the Terms of Service | `I have read Gradle Enterprise Terms Of Service and I hereby accept the Terms` |
| `pr-comment-tos-acceptance-confirmation` | *Optional*: pull-request comment added when Terms of Service are accepted | `All Contributors have accepted Gradle Enterprise Terms Of Service.` |
| `white-list` | *Optional*: CSV List of users not required to accept the Terms of Service | `''` |
| `github-token` | *Optional*: Github token | `${{ github.token }}` |

**Usage**:

```yaml
name: Gradle - Terms of Service approval verification
name: Gradle - Terms of Service acceptance verification

on:
# issue_comment event is triggered when a pull-request is commented
Expand All @@ -43,7 +49,7 @@ on:
pull_request_target:

jobs:
check-terms-of-service-approval:
run-terms-of-service-acceptance:
runs-on: ubuntu-latest
permissions:
# required to update signature file
Expand All @@ -54,15 +60,15 @@ jobs:
actions: write
statuses: write
steps:
- name: Gradle - Terms of Service approval verification
uses: gradle/github-actions/terms-of-service/verify@v1.0
- name: Run Terms of Service acceptance verification
uses: gradle/github-actions/terms-of-service-acceptance/run@v1.0
with:
# tos-location can also point to a file in a Github repository with this syntax: /<owner>/<repo>/blob/<branch>/tos.html
tos-location: 'https://foo.bar/tos.html'
# Optional inputs
#pr-comment-tos-approval-missing: 'Please accept [Gradle Enterprise Terms Of Service]({0}) to get your pull-request Build Scan published by commenting this pull-request with the following message:'
#pr-comment-tos-approval-request: 'I have read Gradle Enterprise Terms Of Service and I hereby accept the Terms'
#pr-comment-tos-approval-validation: 'All Contributors have accepted Gradle Enterprise Terms Of Service.'
#pr-comment-tos-acceptance-missing: 'Please accept [Gradle Enterprise Terms Of Service]({0}) to get your pull-request Build Scan published by commenting this pull-request with the following message:'
#pr-comment-tos-acceptance-request: 'I have read Gradle Enterprise Terms Of Service and I hereby accept the Terms'
#pr-comment-tos-acceptance-validation: 'All Contributors have accepted Gradle Enterprise Terms Of Service.'
#signature-branch: 'main'
#signature-location: '.github/gradle-enterprise-tos.json'
#white-list: 'bot1,bot2'
Expand All @@ -73,7 +79,6 @@ jobs:
A Composite action to save an unpublished Maven Build Scan®.

The action saves unpublished Build Scan® data as a workflow artifact with name `maven-build-scan-data`, which can then be published in a dependent workflow.
To simplify the Build Scan® publication process later on, a file containing the Gradle Enterprise Maven extension version(s) is saved as an additional workflow artifact with name `maven-build-scan-metadata`.

Use this action in your existing pull-request workflows to allow Build Scan® to be published. Since these workflows are running in an untrusted context, they do not have access to the required secrets to publish the Build Scan® directly.

Expand Down Expand Up @@ -108,17 +113,18 @@ Insert the `Save Build Scan` step after each Maven execution step in the Github

A composite action to publish all Maven Build Scans® saved as workflow artifacts when validating a pull-request (by the `maven/build-scan/save` action).

This action is called from a new workflow with a `workflow_run` event trigger in order to run just after the existing pull-request workflow has completed.
This event allows access to the repository secrets (_Gradle Enterprise Access Key_) which is required to publish Build Scans® to Gradle Enterprise when authentication is enabled.
Use this action in a separate workflow with a `workflow_run` event trigger, that will run after an existing pull-request workflow has completed. The action will download any saved Build Scan® and publish it to Gradle Enterprise.
This event allows access to the repository secrets (_Gradle Enterprise Access Key_) which is required to publish a Build Scan® to Gradle Enterprise when authentication is enabled.

The Build Scan® publication requires the Gradle Terms of Service to be approved, this can be achieved by adding a workflow using the `terms-of-service/verify` action.
The `pull-request-check/verify` action is used to ensure this workflow passed successfully.
The Build Scan® publication requires the Gradle Terms of Service to be accepted, this can be achieved by adding a workflow using the `terms-of-service-acceptance/run` action.
The `terms-of-service-acceptance/verify` action is used to ensure this workflow passed successfully.

`dawidd6/action-download-artifact` action is used to download Artifacts uploaded by a different workflow.

**Dependencies**:

- [dawidd6/action-download-artifact](https://github.com/marketplace/actions/download-workflow-artifact)
- [terms-of-service-acceptance/verify](./terms-of-service-acceptance/verify/action.yml)

**Event Trigger**:
- `workflow_run`
Expand All @@ -128,7 +134,6 @@ The `pull-request-check/verify` action is used to ensure this workflow passed su
| Name | Description | Default |
|---------------------------------------|----------------------------------------------------|---------|
| `gradle-enterprise-url` | Gradle Enterprise URL | |
| `gradle-enterprise-extension-version` | Gradle Enterprise Maven extension version | |
| `gradle-enterprise-access-key` | *Optional*: Gradle Enterprise access key | |
| `gradle-enterprise-allow-untrusted` | *Optional*: Gradle Enterprise allow-untrusted flag | `false` |

Expand All @@ -137,7 +142,7 @@ The `pull-request-check/verify` action is used to ensure this workflow passed su
_Note:_
Some parameters need to be adjusted here:
- The workflow name (here `PR Check`) has to be adjusted to the `name` used in the workflow run to validate pull-requests
- The workflow-job-name (here `check-terms-of-service-approval`) has to be adjusted to the job `name` used in the workflow to verify the Terms of Service approval.
- The workflow-job-name (here `run-terms-of-service-acceptance`) has to be adjusted to the job `name` used in the workflow to verify the Terms of Service approval.
- The Gradle Enterprise URL (here `https://<MY_GE_URL>`)
- The secret name holding the Gradle Enterprise access key (here `<GE_ACCESS_KEY>`)

Expand All @@ -151,35 +156,16 @@ on:

jobs:

verify-terms-of-service-approval:
publish-build-scans:
runs-on: ubuntu-latest
steps:
- name: Verify check terms of service approval job passed
uses: gradle/github-actions/pull-request-check/[email protected]
- name: Verify Terms of Service acceptance job passed
uses: gradle/github-actions/terms-of-service-acceptance/[email protected]
with:
workflow-job-name: 'check-terms-of-service-approval'

load-metadata:
runs-on: ubuntu-latest
needs: verify-terms-of-service-approval
outputs:
extension-versions: ${{ steps.load.outputs.extension-versions }}
steps:
- name: Load Gradle Enterprise extension versions to publish Build Scans for
id: load
uses: gradle/github-actions/maven/build-scan/[email protected]

publish-build-scan:
runs-on: ubuntu-latest
needs: load-metadata
strategy:
matrix:
version: ${{ fromJson(needs.load-metadata.outputs.extension-versions) }}
steps:
terms-of-service-acceptance-workflow-job-name: 'run-terms-of-service-acceptance'
- name: Publish Maven Build Scans
uses: gradle/github-actions/maven/build-scan/[email protected]
with:
gradle-enterprise-url: 'https://<MY_GE_URL>'
gradle-enterprise-extension-version: ${{ matrix.version }}
gradle-enterprise-access-key: ${{ secrets.<GE_ACCESS_KEY> }}
```
32 changes: 0 additions & 32 deletions maven/build-scan/load-metadata/action.yml
View file

This file was deleted.

Loading

0 comments on commit ff543ce

Please sign in to comment.