Combine TOS acceptance and publication in a single workflow #6
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| name: TEST - Publish Maven Build Scan | ||
|
|
||
| on: | ||
| pull_request: | ||
|
|
||
| jobs: | ||
| create-and-verify-build-scan-publication: | ||
| name: Create and attempt to publish Maven Build Scan | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout current repository | ||
| uses: actions/checkout@v4 | ||
| - name: Checkout Maven sample project | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| repository: 'gradle/gradle-enterprise-build-config-samples' | ||
| path: 'sample' | ||
| ref: 'main' | ||
| - name: Set up JDK 8 | ||
| uses: actions/setup-java@v3 | ||
| with: | ||
| java-version: '8' | ||
| distribution: 'temurin' | ||
| - name: Run Maven Build | ||
| working-directory: ./sample/common-gradle-enterprise-maven-configuration | ||
| run: mvn clean -B | ||
| - name: Attempt to publish Maven Build Scans | ||
| uses: ./maven-build-scan/publish | ||
| with: | ||
| develocity-url: 'https://foo.bar' | ||
| pr-number: ${{ github.event.number }} | ||
| - name: Verify publication attempt | ||
| run: | | ||
| if ! grep -q "Publishing build scan..." ./maven-build-scan-publisher/build.out; then | ||
| echo "Publication attempt not found in build log:" | ||
| cat ./maven-build-scan-publisher/build.out | ||
| exit 1 | ||
| fi | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,71 @@ | ||
| name: Publish Maven Build Scan | ||
| description: Publish Maven Build Scan | ||
|
|
||
| inputs: | ||
| build-workflow-filename: | ||
| description: 'Filename of the workflow where the maven-build-scan/save action was triggered' | ||
| required: true | ||
| develocity-url: | ||
| description: 'Develocity URL' | ||
| required: true | ||
| develocity-access-key: | ||
| description: 'Develocity access key' | ||
| required: false | ||
| tos-location: | ||
| description: 'Terms of Service location as an URL (https://foo.com/tos.html) or a Github repository file (/<owner>/<repo>/blob/<branch>/tos.html)' | ||
| required: true | ||
| develocity-allow-untrusted: | ||
| description: 'Develocity allow-untrusted flag' | ||
| default: 'false' | ||
| pr-comment-tos-acceptance-missing: | ||
| description: 'pull-request comment added when Terms of Service are not accepted ({0} in the value will be replaced by tos-location input)' | ||
| default: 'Please accept [Develocity Terms of Service]({0}) to get your pull-request Build Scan published by commenting this pull-request with the following message:' | ||
| pr-comment-tos-acceptance-request: | ||
| description: 'pull-request comment to accept the Terms of Service' | ||
| default: 'I have read Develocity Terms of Service and I hereby accept the Terms' | ||
| pr-comment-tos-acceptance-validation: | ||
| description: 'pull-request comment added when Terms of Service are accepted' | ||
| default: 'All Contributors have accepted Develocity Terms of Service.' | ||
| signature-branch: | ||
| description: 'Git branch where the signature file will be stored' | ||
| default: ${{ github.event.repository.default_branch }} | ||
| signature-location: | ||
|
There was a problem hiding this comment. This is probably better named "tos-acceptance-file", since it will always be the path to a file, and it records the "tos acceptance". |
||
| description: 'Signature file location' | ||
| default: '.github/develocity-tos.json' | ||
| white-list: | ||
| description: 'CSV List of users not required to accept the Terms of Service' | ||
| default: '' | ||
| github-token: | ||
| description: 'The token used for Github API requests' | ||
| default: ${{ github.token }} | ||
| required: false | ||
|
|
||
| runs: | ||
| using: composite | ||
| steps: | ||
| - name: Load data | ||
| id: load | ||
| uses: gradle/github-actions/maven-build-scan/[email protected] | ||
| with: | ||
| build-workflow-filename: ${{ inputs.build-workflow-filename }} | ||
| pr-comment-tos-acceptance-request: ${{ inputs.pr-comment-tos-acceptance-request }} | ||
| - name: Verify Terms of Service acceptance | ||
| uses: gradle/github-actions/terms-of-service-acceptance/[email protected] | ||
|
There was a problem hiding this comment. I am not super happy with the need for a fully qualified name of the composite action as the tag needs to be updated on each new release (which could easily be forgotten). The alternative would be to checkout the There was a problem hiding this comment. The common solution to this is to use a version alias (like If we do that, then this file won't need to be updated on each release, but it will still contain the fully-qualified path to the action (which I think is OK). |
||
| with: | ||
| tos-location: ${{ inputs.tos-location }} | ||
| pr-number: ${{ steps.load.outputs.pr-number }} | ||
| pr-comment-tos-acceptance-missing: ${{ inputs.pr-comment-tos-acceptance-missing }} | ||
| pr-comment-tos-acceptance-request: ${{ inputs.pr-comment-tos-acceptance-request }} | ||
| pr-comment-tos-acceptance-validation: ${{ inputs.pr-comment-tos-acceptance-validation }} | ||
| signature-branch: ${{ inputs.signature-branch }} | ||
| signature-location: ${{ inputs.signature-location }} | ||
| white-list: ${{ inputs.white-list }} | ||
| github-token: ${{ inputs.github-token }} | ||
| - name: Publish Maven Build Scans | ||
| uses: gradle/github-actions/maven-build-scan/[email protected] | ||
| with: | ||
| develocity-url: ${{ inputs.develocity-url }} | ||
| develocity-access-key: ${{ inputs.develocity-access-key }} | ||
| pr-number: ${{ steps.load.outputs.pr-number }} | ||
| develocity-allow-untrusted: ${{ inputs.develocity-allow-untrusted }} | ||
| github-token: ${{ inputs.github-token }} | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,68 @@ | ||
| name: Load Maven Build Scans | ||
| description: Load Maven Build Scans | ||
|
|
||
| inputs: | ||
| build-workflow-filename: | ||
| description: 'Filename of the workflow where the maven-build-scan/save action was triggered' | ||
| required: true | ||
| pr-comment-tos-acceptance-request: | ||
| description: 'pull-request comment to accept the Terms of Service' | ||
| required: true | ||
|
|
||
| outputs: | ||
| pr-number: | ||
| description: "pull-request number" | ||
| value: ${{ steps.pr.outputs.PR_NUMBER }} | ||
|
|
||
| runs: | ||
| using: 'composite' | ||
| steps: | ||
| - name: Check event trigger | ||
| if: | | ||
| (github.event_name != 'issue_comment' | ||
| || ( | ||
| github.event.comment.body != 'recheck' | ||
| && github.event.comment.body != inputs.pr-comment-tos-acceptance-request | ||
| ) | ||
| ) | ||
| && github.event_name != 'workflow_run' | ||
| run: | | ||
| echo "Skipping Github event" | ||
|
There was a problem hiding this comment. This message won't make much sense in the logs on it's own, I don't think. What event is being skipped and why? (Also, maybe this should be logged as DEBUG) There was a problem hiding this comment. I adjusted the message, I kept it in INFO as I think adding some feedback makes the output clearer |
||
| exit 1 | ||
| shell: bash | ||
| - name: Download Build Metadata after PR Build | ||
| if: github.event_name == 'workflow_run' | ||
| uses: dawidd6/action-download-artifact@v2 | ||
| env: | ||
| ARTIFACT_NAME: 'maven-build-scan-data' | ||
| with: | ||
| run_id: ${{ github.event.workflow_run.id }} | ||
| name: ${{ env.ARTIFACT_NAME }} | ||
| path: ${{ env.ARTIFACT_NAME }} | ||
| - name: Download Build Metadata after PR Comment | ||
| if: github.event_name == 'issue_comment' | ||
| env: | ||
| ARTIFACT_NAME: 'maven-build-scan-data' | ||
| uses: dawidd6/action-download-artifact@v2 | ||
| with: | ||
| pr: ${{ github.event.issue.number }} | ||
| workflow_conclusion: success | ||
| workflow: ${{ inputs.build-workflow-filename }} | ||
|
There was a problem hiding this comment. I trust that these 3 inputs together mean that we'll only load build scan data that was uploaded by There was a problem hiding this comment. Yes, this step is called on |
||
| name: ${{ env.ARTIFACT_NAME }} | ||
| path: ${{ env.ARTIFACT_NAME }} | ||
| - name: Restore Build Scans | ||
| env: | ||
| ARTIFACT_NAME: 'maven-build-scan-data' | ||
| BUILD_SCAN_DIR: '~/.m2/.gradle-enterprise/build-scan-data/' | ||
| run: | | ||
| mkdir -p ${{ env.BUILD_SCAN_DIR }} | ||
| cp -r ${{ env.ARTIFACT_NAME }}/* ${{ env.BUILD_SCAN_DIR }} | ||
| shell: bash | ||
| - name: Collect pull-request number | ||
| id: pr | ||
| env: | ||
| BUILD_SCAN_DIR: '~/.m2/.gradle-enterprise/build-scan-data/' | ||
| run: | | ||
| source $(find ${{ env.BUILD_SCAN_DIR }} -type f -name "pr-number.properties") | ||
| echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_OUTPUT | ||
| shell: bash | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -5,24 +5,27 @@ inputs: | |
| tos-location: | ||
| description: 'Terms of Service location as an URL (https://foo.com/tos.html) or a Github repository file (/<owner>/<repo>/blob/<branch>/tos.html)' | ||
| required: true | ||
| pr-number: | ||
| description: 'pull-request number' | ||
| required: true | ||
| pr-comment-tos-acceptance-missing: | ||
| description: 'pull-request comment added when Terms of Service are not accepted ({0} in the value will be replaced by tos-location input)' | ||
| required: true | ||
| pr-comment-tos-acceptance-request: | ||
| description: 'pull-request comment to accept the Terms of Service' | ||
| required: true | ||
| pr-comment-tos-acceptance-validation: | ||
| description: 'pull-request comment added when Terms of Service are accepted' | ||
| required: true | ||
| signature-branch: | ||
| description: 'Git branch where the signature file will be stored' | ||
| required: true | ||
| signature-location: | ||
| description: 'Signature file location' | ||
| required: true | ||
| white-list: | ||
| description: 'CSV List of users not required to accept the Terms of Service' | ||
| required: true | ||
| github-token: | ||
| description: 'The token used for Github API requests' | ||
| default: ${{ github.token }} | ||
|
|
@@ -32,8 +35,9 @@ runs: | |
| using: 'composite' | ||
| steps: | ||
| - name: Run Terms of Service acceptance | ||
| # uses: contributor-assistant/[email protected] | ||
| id: check | ||
| uses: jprinet/check-terms-of-service@v1 | ||
| env: | ||
| GITHUB_TOKEN: ${{ inputs.github-token }} | ||
| with: | ||
|
|
@@ -45,3 +49,4 @@ runs: | |
| allowlist: ${{ inputs.white-list }} | ||
| path-to-document: 'unused' | ||
| lock-pullrequest-aftermerge: false | ||
| pr-number: ${{ inputs.pr-number }} | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder if "signature" is the best prefix here. This is the branch (and file) where we record TOS-acceptance. Maybe "tos-acceptance-file" and "tos-acceptance-file-branch" would be more self-explanatory as input names.