-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Combine TOS acceptance and publication in a single workflow #6
Changes from 3 commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
name: TEST - Publish Maven Build Scan | ||
|
||
on: | ||
pull_request: | ||
|
||
jobs: | ||
create-and-verify-build-scan-publication: | ||
name: Create and attempt to publish Maven Build Scan | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout current repository | ||
uses: actions/checkout@v4 | ||
- name: Checkout Maven sample project | ||
uses: actions/checkout@v4 | ||
with: | ||
repository: 'gradle/gradle-enterprise-build-config-samples' | ||
path: 'sample' | ||
ref: 'main' | ||
- name: Set up JDK 8 | ||
uses: actions/setup-java@v3 | ||
with: | ||
java-version: '8' | ||
distribution: 'temurin' | ||
- name: Run Maven Build | ||
working-directory: ./sample/common-gradle-enterprise-maven-configuration | ||
run: mvn clean -B | ||
- name: Attempt to publish Maven Build Scans | ||
uses: ./maven-build-scan/publish | ||
with: | ||
develocity-url: 'https://foo.bar' | ||
pr-number: ${{ github.event.number }} | ||
- name: Verify publication attempt | ||
run: | | ||
if ! grep -q "Publishing build scan..." ./maven-build-scan-publisher/build.out; then | ||
echo "Publication attempt not found in build log:" | ||
cat ./maven-build-scan-publisher/build.out | ||
exit 1 | ||
fi | ||
|
Large diffs are not rendered by default.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
name: Publish Maven Build Scan | ||
description: Publish Maven Build Scan | ||
|
||
inputs: | ||
build-workflow-filename: | ||
description: 'Filename of the workflow where the maven-build-scan/save action was triggered' | ||
required: true | ||
develocity-url: | ||
description: 'Develocity URL' | ||
required: true | ||
develocity-access-key: | ||
description: 'Develocity access key' | ||
required: false | ||
tos-location: | ||
description: 'Terms of Service location as an URL (https://foo.com/tos.html) or a Github repository file (/<owner>/<repo>/blob/<branch>/tos.html)' | ||
required: true | ||
develocity-allow-untrusted: | ||
description: 'Develocity allow-untrusted flag' | ||
default: 'false' | ||
pr-comment-tos-acceptance-missing: | ||
description: 'pull-request comment added when Terms of Service are not accepted ({0} in the value will be replaced by tos-location input)' | ||
default: 'Please accept [Develocity Terms of Service]({0}) to get your pull-request Build Scan published by commenting this pull-request with the following message:' | ||
pr-comment-tos-acceptance-request: | ||
description: 'pull-request comment to accept the Terms of Service' | ||
default: 'I have read Develocity Terms of Service and I hereby accept the Terms' | ||
pr-comment-tos-acceptance-validation: | ||
description: 'pull-request comment added when Terms of Service are accepted' | ||
default: 'All Contributors have accepted Develocity Terms of Service.' | ||
signature-branch: | ||
description: 'Git branch where the signature file will be stored' | ||
default: ${{ github.event.repository.default_branch }} | ||
signature-location: | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is probably better named "tos-acceptance-file", since it will always be the path to a file, and it records the "tos acceptance". |
||
description: 'Signature file location' | ||
default: '.github/develocity-tos.json' | ||
white-list: | ||
description: 'CSV List of users not required to accept the Terms of Service' | ||
default: '' | ||
github-token: | ||
description: 'The token used for Github API requests' | ||
default: ${{ github.token }} | ||
required: false | ||
|
||
runs: | ||
using: composite | ||
steps: | ||
- name: Load data | ||
id: load | ||
uses: gradle/github-actions/maven-build-scan/[email protected] | ||
with: | ||
build-workflow-filename: ${{ inputs.build-workflow-filename }} | ||
pr-comment-tos-acceptance-request: ${{ inputs.pr-comment-tos-acceptance-request }} | ||
- name: Verify Terms of Service acceptance | ||
uses: gradle/github-actions/terms-of-service-acceptance/[email protected] | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I am not super happy with the need for a fully qualified name of the composite action as the tag needs to be updated on each new release (which could easily be forgotten). The alternative would be to checkout the There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The common solution to this is to use a version alias (like If we do that, then this file won't need to be updated on each release, but it will still contain the fully-qualified path to the action (which I think is OK). There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Sounds good 👍 |
||
with: | ||
tos-location: ${{ inputs.tos-location }} | ||
pr-number: ${{ steps.load.outputs.pr-number }} | ||
pr-comment-tos-acceptance-missing: ${{ inputs.pr-comment-tos-acceptance-missing }} | ||
pr-comment-tos-acceptance-request: ${{ inputs.pr-comment-tos-acceptance-request }} | ||
pr-comment-tos-acceptance-validation: ${{ inputs.pr-comment-tos-acceptance-validation }} | ||
signature-branch: ${{ inputs.signature-branch }} | ||
signature-location: ${{ inputs.signature-location }} | ||
white-list: ${{ inputs.white-list }} | ||
github-token: ${{ inputs.github-token }} | ||
- name: Publish Maven Build Scans | ||
uses: gradle/github-actions/maven-build-scan/[email protected] | ||
with: | ||
develocity-url: ${{ inputs.develocity-url }} | ||
develocity-access-key: ${{ inputs.develocity-access-key }} | ||
pr-number: ${{ steps.load.outputs.pr-number }} | ||
develocity-allow-untrusted: ${{ inputs.develocity-allow-untrusted }} | ||
github-token: ${{ inputs.github-token }} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
name: Load Maven Build Scans | ||
description: Load Maven Build Scans | ||
|
||
inputs: | ||
build-workflow-filename: | ||
description: 'Filename of the workflow where the maven-build-scan/save action was triggered' | ||
required: true | ||
pr-comment-tos-acceptance-request: | ||
description: 'pull-request comment to accept the Terms of Service' | ||
required: true | ||
|
||
outputs: | ||
pr-number: | ||
description: "pull-request number" | ||
value: ${{ steps.pr.outputs.PR_NUMBER }} | ||
|
||
runs: | ||
using: 'composite' | ||
steps: | ||
- name: Check event trigger | ||
if: | | ||
(github.event_name != 'issue_comment' | ||
|| ( | ||
github.event.comment.body != 'recheck' | ||
&& github.event.comment.body != inputs.pr-comment-tos-acceptance-request | ||
) | ||
) | ||
&& github.event_name != 'workflow_run' | ||
run: | | ||
echo "Skipping Github event" | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This message won't make much sense in the logs on it's own, I don't think. What event is being skipped and why? (Also, maybe this should be logged as DEBUG) There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I adjusted the message, I kept it in INFO as I think adding some feedback makes the output clearer |
||
exit 1 | ||
shell: bash | ||
- name: Download Build Metadata after PR Build | ||
if: github.event_name == 'workflow_run' | ||
uses: dawidd6/action-download-artifact@v2 | ||
env: | ||
ARTIFACT_NAME: 'maven-build-scan-data' | ||
with: | ||
run_id: ${{ github.event.workflow_run.id }} | ||
name: ${{ env.ARTIFACT_NAME }} | ||
path: ${{ env.ARTIFACT_NAME }} | ||
- name: Download Build Metadata after PR Comment | ||
if: github.event_name == 'issue_comment' | ||
env: | ||
ARTIFACT_NAME: 'maven-build-scan-data' | ||
uses: dawidd6/action-download-artifact@v2 | ||
with: | ||
pr: ${{ github.event.issue.number }} | ||
workflow_conclusion: success | ||
workflow: ${{ inputs.build-workflow-filename }} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I trust that these 3 inputs together mean that we'll only load build scan data that was uploaded by There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yes, this step is called on |
||
name: ${{ env.ARTIFACT_NAME }} | ||
path: ${{ env.ARTIFACT_NAME }} | ||
- name: Restore Build Scans | ||
env: | ||
ARTIFACT_NAME: 'maven-build-scan-data' | ||
BUILD_SCAN_DIR: '~/.m2/.gradle-enterprise/build-scan-data/' | ||
run: | | ||
mkdir -p ${{ env.BUILD_SCAN_DIR }} | ||
cp -r ${{ env.ARTIFACT_NAME }}/* ${{ env.BUILD_SCAN_DIR }} | ||
shell: bash | ||
- name: Collect pull-request number | ||
id: pr | ||
env: | ||
BUILD_SCAN_DIR: '~/.m2/.gradle-enterprise/build-scan-data/' | ||
run: | | ||
source $(find ${{ env.BUILD_SCAN_DIR }} -type f -name "pr-number.properties") | ||
echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_OUTPUT | ||
shell: bash |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -10,39 +10,18 @@ inputs: | |
required: false | ||
develocity-allow-untrusted: | ||
description: 'Develocity allow-untrusted flag' | ||
default: 'false' | ||
required: true | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I set the defaults on the top level action only |
||
github-token: | ||
description: 'The token used for Github API requests' | ||
default: ${{ github.token }} | ||
required: false | ||
pr-number: | ||
description: 'PR number' | ||
required: true | ||
|
||
runs: | ||
using: 'composite' | ||
steps: | ||
- name: Download Build Scans | ||
uses: dawidd6/action-download-artifact@v2 | ||
env: | ||
ARTIFACT_NAME: 'maven-build-scan-data' | ||
with: | ||
run_id: ${{ github.event.workflow_run.id }} | ||
name: ${{ env.ARTIFACT_NAME }} | ||
path: ${{ env.ARTIFACT_NAME }} | ||
- name: Restore Build Scans | ||
env: | ||
ARTIFACT_NAME: 'maven-build-scan-data' | ||
BUILD_SCAN_DIR: '~/.m2/.gradle-enterprise/build-scan-data/' | ||
run: | | ||
mkdir -p ${{ env.BUILD_SCAN_DIR }} | ||
cp -r ${{ env.ARTIFACT_NAME }}/* ${{ env.BUILD_SCAN_DIR }} | ||
shell: bash | ||
- name: Collect pull-request number | ||
id: pr | ||
env: | ||
BUILD_SCAN_DIR: '~/.m2/.gradle-enterprise/build-scan-data/' | ||
run: | | ||
source $(find ${{ env.BUILD_SCAN_DIR }} -type f -name "pr-number.properties") | ||
echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_OUTPUT | ||
shell: bash | ||
- name: Create Maven Project Structure | ||
env: | ||
PROJECT_DIR: 'maven-build-scan-publisher' | ||
|
@@ -128,7 +107,7 @@ runs: | |
- name: Comment pull-request with Build Scan links | ||
uses: actions/github-script@v6 | ||
env: | ||
PR: ${{ steps.pr.outputs.PR_NUMBER }} | ||
PR: ${{ inputs.pr-number }} | ||
SCAN_LINKS: ${{ steps.publish.outputs.SCAN_LINKS }} | ||
with: | ||
github-token: ${{ inputs.github-token }} | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -5,24 +5,27 @@ inputs: | |
tos-location: | ||
description: 'Terms of Service location as an URL (https://foo.com/tos.html) or a Github repository file (/<owner>/<repo>/blob/<branch>/tos.html)' | ||
required: true | ||
pr-number: | ||
description: 'pull-request number' | ||
required: true | ||
pr-comment-tos-acceptance-missing: | ||
description: 'pull-request comment added when Terms of Service are not accepted ({0} in the value will be replaced by tos-location input)' | ||
default: 'Please accept [Develocity Terms of Service]({0}) to get your pull-request Build Scan published by commenting this pull-request with the following message:' | ||
required: true | ||
pr-comment-tos-acceptance-request: | ||
description: 'pull-request comment to accept the Terms of Service' | ||
default: 'I have read Develocity Terms of Service and I hereby accept the Terms' | ||
required: true | ||
pr-comment-tos-acceptance-validation: | ||
description: 'pull-request comment added when Terms of Service are accepted' | ||
default: 'All Contributors have accepted Develocity Terms of Service.' | ||
required: true | ||
signature-branch: | ||
description: 'Git branch where the signature file will be stored' | ||
default: ${{ github.event.repository.default_branch }} | ||
required: true | ||
signature-location: | ||
description: 'Signature file location' | ||
default: '.github/develocity-tos.json' | ||
required: true | ||
white-list: | ||
description: 'CSV List of users not required to accept the Terms of Service' | ||
default: '' | ||
required: true | ||
github-token: | ||
description: 'The token used for Github API requests' | ||
default: ${{ github.token }} | ||
|
@@ -32,8 +35,9 @@ runs: | |
using: 'composite' | ||
steps: | ||
- name: Run Terms of Service acceptance | ||
if: (github.event.comment.body == 'recheck' || github.event.comment.body == ${{ inputs.pr-comment-tos-acceptance-request }}) || github.event_name == 'pull_request_target' || github.event_name == 'pull_request' | ||
uses: contributor-assistant/[email protected] | ||
# uses: contributor-assistant/[email protected] | ||
id: check | ||
uses: jprinet/check-terms-of-service@v1 | ||
env: | ||
GITHUB_TOKEN: ${{ inputs.github-token }} | ||
with: | ||
|
@@ -45,3 +49,4 @@ runs: | |
allowlist: ${{ inputs.white-list }} | ||
path-to-document: 'unused' | ||
lock-pullrequest-aftermerge: false | ||
pr-number: ${{ inputs.pr-number }} |
This file was deleted.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder if "signature" is the best prefix here. This is the branch (and file) where we record TOS-acceptance. Maybe "tos-acceptance-file" and "tos-acceptance-file-branch" would be more self-explanatory as input names.