diff --git a/.github/workflows/pr_info.yml b/.github/workflows/pr_info.yml deleted file mode 100644 index 66ee441..0000000 --- a/.github/workflows/pr_info.yml +++ /dev/null @@ -1,69 +0,0 @@ -name: PR Info - -# This workflow builds the whole project once and: -# - comments build deprecations/warnings (highlighting new ones since last tested PR) - -on: - pull_request: - branches: - - master - - stable - -jobs: - pr_info: - name: PR Info - runs-on: ubuntu-20.04 - steps: - - name: 'Prepare sticky comment' - # commit of v2.5.0 - # same one used again at the bottom of the file to update the comment. - uses: marocchino/sticky-pull-request-comment@3d60a5b2dae89d44e0c6ddc69dd7536aec2071cd - with: - message: | - Thanks for your Pull Request and making D better! - - This comment will automatically be updated to summarize some statistics in a few minutes. - only_create: true - - - name: '[Linux] Install dependencies' - if: runner.os == 'Linux' - run: | - sudo apt-get update && sudo apt-get install -y libcurl4-openssl-dev netcat - - # Compiler to test with - - name: Prepare compiler - uses: dlang-community/setup-dlang@v1 - with: - compiler: ldc-latest - - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Checkout old stuff, with new comment script - run: | - git checkout ${{ github.base_ref }} - git checkout ${{ github.sha }} -- ./scripts/ci/summary_comment.sh ./scripts/ci/summary_comment_diff.sh - - # first dump old info - - - name: Check pre-PR status - run: ./scripts/ci/summary_comment.sh | tee ../OLD_OUTPUT.txt - - - name: Checkout PR target - run: | - git checkout ${{ github.sha }} - git clean -fd - git reset --hard - - - name: Evaluate PR - run: ./scripts/ci/summary_comment.sh | tee ../NEW_OUTPUT.txt - - - name: Generate comment - run: ./scripts/ci/summary_comment_diff.sh ../OLD_OUTPUT.txt ../NEW_OUTPUT.txt | tee comment.txt - - - name: Update GitHub comment - uses: marocchino/sticky-pull-request-comment@3d60a5b2dae89d44e0c6ddc69dd7536aec2071cd - with: - path: comment.txt diff --git a/.github/workflows/pr_info_intro.yml b/.github/workflows/pr_info_intro.yml new file mode 100644 index 0000000..89db541 --- /dev/null +++ b/.github/workflows/pr_info_intro.yml @@ -0,0 +1,25 @@ +name: PR Info (pre-comment) + +on: + # NOTE: high probability for security vulnerabilities if doing ANYTHING in + # this file other than commenting something! + pull_request_target: + branches: + - master + - stable + +jobs: + intro_comment: + name: Make intro comment + runs-on: ubuntu-20.04 + steps: + - name: 'Prepare sticky comment' + # commit of v2.5.0 + # same one used again at the bottom of the file to update the comment. + uses: marocchino/sticky-pull-request-comment@3d60a5b2dae89d44e0c6ddc69dd7536aec2071cd + with: + message: | + Thanks for your Pull Request and making D better! + + This comment will automatically be updated to summarize some statistics in a few minutes. + only_create: true diff --git a/.github/workflows/pr_info_post.yml b/.github/workflows/pr_info_post.yml new file mode 100644 index 0000000..0830c46 --- /dev/null +++ b/.github/workflows/pr_info_post.yml @@ -0,0 +1,49 @@ +name: PR Info (comment) + +on: + workflow_run: + workflows: ["PR Info"] + types: + - completed + +jobs: + comment: + name: PR Info + runs-on: ubuntu-20.04 + if: > + github.event.workflow_run.event == 'pull_request' && + github.event.workflow_run.conclusion == 'success' + steps: + # from https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ + - name: 'Download artifact' + uses: actions/github-script@v3.1.0 + with: + script: | + var artifacts = await github.actions.listWorkflowRunArtifacts({ + owner: context.repo.owner, + repo: context.repo.repo, + run_id: ${{github.event.workflow_run.id }}, + }); + var matchArtifact = artifacts.data.artifacts.filter((artifact) => { + return artifact.name == "pr" + })[0]; + var download = await github.actions.downloadArtifact({ + owner: context.repo.owner, + repo: context.repo.repo, + artifact_id: matchArtifact.id, + archive_format: 'zip', + }); + var fs = require('fs'); + fs.writeFileSync('${{github.workspace}}/pr.zip', Buffer.from(download.data)); + - run: unzip pr.zip + + - name: Set variable + run: | + PR_ID=$(cat ./pr/NR) + echo "PR_ID=$PR_ID" >> $GITHUB_ENV + + - name: Update GitHub comment + uses: marocchino/sticky-pull-request-comment@3d60a5b2dae89d44e0c6ddc69dd7536aec2071cd + with: + path: pr/comment.txt + number: ${{ env.PR_ID }} diff --git a/.github/workflows/pr_info_untrusted.yml b/.github/workflows/pr_info_untrusted.yml new file mode 100644 index 0000000..c3416e5 --- /dev/null +++ b/.github/workflows/pr_info_untrusted.yml @@ -0,0 +1,68 @@ +name: PR Info + +# This workflow builds the whole project once and: +# - comments build deprecations/warnings (highlighting new ones since last tested PR) + +on: + pull_request: + branches: + - master + - stable + +jobs: + pr_info: + name: PR Info + runs-on: ubuntu-20.04 + steps: + # we first create a comment thanking the user in pr_info_intro.yml + # (separate step due to needing GITHUB_TOKEN access) + + - name: '[Linux] Install dependencies' + if: runner.os == 'Linux' + run: | + sudo apt-get update && sudo apt-get install -y libcurl4-openssl-dev netcat + + # Compiler to test with + - name: Prepare compiler + uses: dlang-community/setup-dlang@v1 + with: + compiler: ldc-latest + + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Checkout old stuff, with new comment script + run: | + git checkout ${{ github.base_ref }} + git checkout ${{ github.sha }} -- ./scripts/ci/summary_comment.sh ./scripts/ci/summary_comment_diff.sh + + # first dump old info + + - name: Check pre-PR status + run: ./scripts/ci/summary_comment.sh | tee ../OLD_OUTPUT.txt + + - name: Checkout PR target + run: | + git checkout ${{ github.sha }} + git clean -fd + git reset --hard + + - name: Evaluate PR + run: ./scripts/ci/summary_comment.sh | tee ../NEW_OUTPUT.txt + + - name: Generate comment + run: ./scripts/ci/summary_comment_diff.sh ../OLD_OUTPUT.txt ../NEW_OUTPUT.txt | tee comment.txt + + - name: Prepare comment for upload + run: | + mkdir -p ./pr + mv comment.txt pr + echo ${{ github.event.number }} > ./pr/NR + + - name: upload comment to high-trust action making the comment + uses: actions/upload-artifact@v2 + with: + name: pr + path: pr/