Comment with dependency diff

[wzieba]

Description

This PR introduces comment_with_dependency_diff script that is aiming to help Android product teams to better understand what changes to the dependency tree a PR might introduce.

We use similar scripts in WooCommerce and Day One projects. I want to extend support to other projects and share the implementation between them for easier maintenance.

Additionally, this PR introduces some improvements to the script:

• comment on PR without using Gradle (so our Android apps can remove another, not really needed dependency from their codebase)
• print build environment changes as well (previously, the script was only printing runtime dependencies changes)

To see the result, please see:

• Pocket Casts: Comment with dependency diff pocket-casts-android#2857
• Matticspace Mobile (for the case of a large diff): https://github.com/Automattic/Matticspace-Mobile/pull/67

---

• I have considered if this change warrants release notes and have added them to the appropriate section in the CHANGELOG.md if necessary.

[AliSoftware]

Looking good, just added some tweaking ideas.

[AliSoftware]

🧹 I guess this is leftover from debugging and can be removed?

[AliSoftware]

💄 Alternative: avoid intermediate json variable altogether:

Suggested change

	json=$(jq -c --null-input \
	--rawfile body "$comment_body_file" \
	'{
	body: $body
	}
	'
	)
	json_payload_file=$(mktemp)
	echo "$json" > "$json_payload_file"
	json_payload_file=$(mktemp)
	jq -c --null-input \
	--rawfile body "$comment_body_file" \
	'{ body: $body }' \
	> "$json_payload_file"

[AliSoftware]

📚 The more we add utility scripts like those to this plugin, the more I realize we should have made a better job as providing help / documentation at what each of those do. Especially so that people not as familiar with our CI (e.g. devs that are interested in using some of those helper scripts in their pipelines themselves but have no idea what each utility does) can better understand the purpose of each.

For example, the comment at the start of comment_on_pr is a good example of having some code-comment documentation on what the utility does and how it's expected to be used

I wish we took that habit sooner and applied it to all of our other bin/* utilities in this repo, making them all start with a code-comment explaining their role / context in which those helpers would be used and could help, documenting what the script does and its expected parameters and inputs (e.g. "this script should only run after ./gradlew … has been called and generated the build artifacts", etc).
We should probably make a pass at all of them at some point.

In the meantime, wdyt about us already starting moving towards this good habit and add some intro doc comments in any new helpers we introduce, starting from this one?

[AliSoftware]

💡 Even if one is only expected to call this helper on a Buildkite step for which we set if: build.pull_request.id != null, could be worth adding some protection about it anyway—typically at the start of the script, after your tests for -z "$MODULE" / -z "$CONFIGURATION". Like:

if [ "${BUILDKITE_PULL_REQUEST:-false}" == "false" ]; then
  echo "This script should only be called on pull requests. Be sure to set `if: build.pull_request.id != null` on the step invoking it in your buildkite pipeline"
  exit 2
fi

[AliSoftware]

💭 I have not checked if this would be strictly equivalent or not, but what do you think about using our github_api helper from this repo instead of calling curl directly, now that this script lives in the same repo/plugin? 🤔

[AliSoftware]

🤔 Actually, is the purpose of this whole API call only to extract the name of the base (aka target) branch of the PR?

If so, why not just use BUILDKITE_PULL_REQUEST_BASE_BRANCH directly?

(I think I slight remember mentioning this a while ago when I reviewed the first iterations of this script back when it was added to the repositories themselves, and iirc the argument was mostly due to legacy with this script previously being also used in other CI, maybe while we were still in the middle of transitioning to Buildkite…? So maybe that's where it comes from?)

[wzieba]

ah yes, thank you. It simplified things a lot!

[AliSoftware]

💡 Nitpick: could be worth extracting this SHA in a DEPENDENCY_TREE_CHECKSUM constant to put next to line 23, so that it'd be easier to update to a new version in the future by changing the version and checksum together?

[AliSoftware]

💡 I think we could even add a link to the job for quicker access (users would still need to click on the "Artifacts" tab but at least they'd already be on the right build and job 🙂 )

Suggested change

	echo "Content exceeds $github_pr_comment_max_size characters. Navigate to Buildkite build artifacts to see details." >> $COMMENT_FILE
	echo "Content exceeds $github_pr_comment_max_size characters. [Navigate to Buildkite build artifacts](${BUILDKITE_BUILD_URL}#${BUILDKITE_JOB_ID}) to see details." >> $COMMENT_FILE

[AliSoftware]

Btw:

• There's a risk that current_file_size would be so close to github_pr_comment_max_size already that even just adding this "Content exceed …" line to it will make it go over the limit…
  • So the github_pr_comment_max_size limit value should really be 65536… minus the length of this line telling that the content exceeds the max size 😅
• Wouldn't the logic of append_content here add the echo "Content exceeds …" string multiple times if you call append_content multiple times and it's not just the last one but one before that that makes the length be exceeded?
  • Though I guess in this case it's not a big deal because you only call append_content a maximum number of 2 times, so this scenario can only happen if the content from DIFF_DEPENDENCIES_FILE is already too long, and in which case you'll print the Content exceeds … 2 times (one for when you call it for DIFF_DEPENDENCIES_FILE, then other when you call it for DIFF_BUILD_ENV_FILE)… so probably not that dramatic and not worth fixing I guess.
  • But just wanted to mention in case you wanted to look into it, or if you planned in future PRs to potentially add more info and call append_content more times in future iterations of this helper, just to keep that in mind.

[wzieba]

Thank you @AliSoftware for the review! You raised good points. I think I've adjusted the implementation. Here are also updated tests:

• Matticspace Mobile (case with exceeding size: https://github.com/Automattic/Matticspace-Mobile/pull/67)
• Pocket Casts (casual case: Comment with dependency diff pocket-casts-android#2857)

Both seem to still work fine.

[wzieba]

Correction, title is missing

[AliSoftware]

[wzieba]

We're back on track!

https://github.com/Automattic/Matticspace-Mobile/pull/67

[AliSoftware]

I just realized that there might be more to it to compute the exact comment body length, because:

• I'm guessing GitHub counts \n as a character (i.e. comparing with the current length + length of header + length of body is off by one or two due to the extra newlines)
• comment_on_pr also adds some hidden content (<!-- … --> that includes the comment ID (--id), so that subsequent calls (from subsequent CI builds on the same PR) can know which comment to edit / delete. So that adds a bit to the length as well

Maybe the easiest solution is to simply reduce the value of github_comment_max_size in your code to something like 65400, to give some margin for those extras characters and id comment?