diff --git a/.github/workflows/api-check.yml b/.github/workflows/api-check.yml index 3a40ba116..922827268 100644 --- a/.github/workflows/api-check.yml +++ b/.github/workflows/api-check.yml @@ -48,12 +48,24 @@ jobs: id: check-api run: | ./deepin-abigail -c fastFilesCompare.json | tee api_check.txt + logMsg1=''' +
+ 详情 + + ```ruby + ''' + logMsg2=''' + ``` +
+ ''' + resultInfoMsg=$(cat api_check.txt) + detailUrl="https://github.com/reviews-team-test/infra-settings/blob/master/services/prow/config/jobs/images/api-check/readme.md" + logMsgHead="> [!WARNING\]\n> [[API接口检查]]($detailUrl)\n- 检测到存在对外接口删除和修改;" if [ -e 'api_check.txt' ];then check_num=$(cat api_check.txt | grep -c '\[Chg_exprort_fun\|\[Del_export_fun' || true) if [ $check_num -gt 0 ];then echo "isFail=true" >> $GITHUB_OUTPUT - sed -i '1i API接口检查检测到存在对外接口删除和修改:' api_check.txt - sed -i '1i [API接口检查]' api_check.txt + echo -e "${logMsgHead}${logMsg1}${resultInfoMsg}${logMsg2}" | tee comment.txt exit 1 fi fi @@ -61,8 +73,8 @@ jobs: if: always() && steps.check-api.outputs.isFail == 'true' uses: actions/upload-artifact@v4 with: - name: api-check-report - path: api_check.txt + name: api-check-comment + path: comment.txt Post-Check: runs-on: ubuntu-latest needs: Check-Api-Change @@ -72,11 +84,11 @@ jobs: - name: download artifact uses: actions/download-artifact@v4 with: - name: api-check-report + name: api-check-comment - name: Comment PR uses: thollander/actions-comment-pull-request@v2 with: - filePath: api_check.txt + filePath: comment.txt - name: Add Reviewers to Pull Request uses: ryaugusta/pr-add-reviewers-action@v1 with: diff --git a/.github/workflows/static-check.yml b/.github/workflows/static-check.yml index 993448f19..c59693914 100644 --- a/.github/workflows/static-check.yml +++ b/.github/workflows/static-check.yml @@ -4,6 +4,7 @@ on: workflow_call jobs: Get-Config: runs-on: ubuntu-latest + continue-on-error: true outputs: isGo: ${{ steps.get-check-flag.outputs.isGo }} isC: ${{ steps.get-check-flag.outputs.isC }} @@ -54,6 +55,7 @@ jobs: fi Call-GolangCiLint: runs-on: ubuntu-latest + continue-on-error: true needs: Get-Config if: needs.Get-Config.outputs.isGo == 'true' steps: @@ -80,13 +82,13 @@ jobs: - if: hashFiles('.golangci.yml') == '' run: mv staticCheck/staticCheck/golangci.yml .golangci.yml - uses: golangci/golangci-lint-action@v6 - continue-on-error: true with: version: latest args: --timeout=30m --out-format=junit-xml only-new-issues: true Call-CppCheck: runs-on: ubuntu-latest + continue-on-error: true needs: Get-Config if: needs.Get-Config.outputs.isC == 'true' steps: @@ -103,6 +105,7 @@ jobs: allow_approve: false Call-ShellCheck: runs-on: ubuntu-latest + continue-on-error: true needs: Get-Config if: needs.Get-Config.outputs.isShell == 'true' steps: @@ -112,7 +115,65 @@ jobs: persist-credentials: false - uses: pr-annotators/shellcheck-pr-annotator@main - uses: ludeeus/action-shellcheck@master - continue-on-error: true with: severity: error - format: gcc \ No newline at end of file + format: gcc + Call-DbusApiCheck: + runs-on: ubuntu-latest + continue-on-error: true + steps: + - name: download code + uses: actions/checkout@v3 + with: + ref: ${{ github.event.pull_request.head.sha }} + persist-credentials: false + - name: Set up Clang + uses: egor-tensin/setup-clang@v1 + with: + version: latest + platform: x64 + - name: install tools + run: | + sudo apt install python3-pip golang -y + sudo pip3 install clang + - name: download tools + uses: actions/checkout@v4 + with: + repository: reviews-team-test/ci_dbus_check + path: check-tools + - name: start check + run: | + commit_info=' + { + "repo_name": "${{github.repository}}", + "branch": "${{github.ref_name}}", + "committer": "${{github.actor}}", + "commit_event": "${{github.server_url}}/${{github.repository}}/pull/${{github.event.pull_request.number}}", + "commit_hash": "${{github.sha}}", + "commit_event_id": "${{github.event.pull_request.number}}", + "jenkins_url": "${{github.server_url}}/${{github.repository}}/actions/runs/${{github.run_id}}", + "email": "test@test.com" + }' + python3 check-tools/main.py --source_directory="." --commit_info_str="${commit_info}" || true + - name: get specified property result + id: repository_type + uses: ActionsTools/read-json-action@main + with: + file_path: "result.json" + prop_path: "scan_result" + - name: Publish reports + id: artifact-upload-step + if: steps.repository_type.outputs.value == 'unpassed' + uses: actions/upload-artifact@v4 + with: + name: dbusApi-check-report + path: dbus_check.log + - if: steps.repository_type.outputs.value == 'unpassed' + run: | + echo "[DBUS接口安全检查检测失败](https://github.com/${{github.repository}}/actions/runs/${{ github.run_id }}/artifacts/${{steps.artifact-upload-step.outputs.artifact-id}})" >> comment.txt + exit 1 + - name: Comment PR + if: always() && hashFiles('comment.txt') + uses: thollander/actions-comment-pull-request@v2 + with: + filePath: comment.txt \ No newline at end of file