Skip to content

Commit

Permalink
feat(workflow): combined workflow
Browse files Browse the repository at this point in the history
  • Loading branch information
@timo-a
timo-a committed Apr 3, 2024
1 parent 8907cdd commit ec28984
Showing 1 changed file with 120 additions and 0 deletions.
120 changes: 120 additions & 0 deletions .github/workflows/combined-pr.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,120 @@
# Description: This workflow runs OpenRewrite recipes against opened pull request and upload the patch.
# Since this pull request receives untrusted code, we should **NOT** have any secrets in the environment.
# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
---
name: combined-pr

on:
pull_request:
types: [opened, synchronize]
branches:
- master
- 2.[0-9]+
- 3.[0-9]+
- feature/suggestions

concurrency:
group: '${{ github.workflow }} @ ${{ github.ref }}'
cancel-in-progress: true

jobs:
upload-patch:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/checkout@v4
with:
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
- uses: actions/setup-java@v4
with:
java-version: '21'
distribution: 'temurin'
cache: 'maven'

# Capture the PR number
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#using-data-from-the-triggering-workflow
- name: Create pr_number.txt
run: echo "${{ github.event.number }}" > pr_number_combined.txt
- uses: actions/upload-artifact@v4
with:
name: pr_number_combined
path: pr_number_combined.txt
- name: Remove pr_number.txt
run: rm -f pr_number_combined.txt

# Execute recipes
- name: Apply OpenRewrite recipes
run: mvn --activate-profiles openrewrite org.openrewrite.maven:rewrite-maven-plugin:run

# Capture the diff
- name: Create patch
run: |
git diff | tee git-diff_combined.patch
- uses: actions/upload-artifact@v4
with:
name: patch
path: git-diff_combined.patch

post-suggestions:
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#running-a-workflow-based-on-the-conclusion-of-another-workflow
runs-on: ubuntu-latest
env:
# https://docs.github.com/en/actions/reference/authentication-in-a-workflow#permissions-for-the-github_token
ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
timeout-minutes: 10
steps:
- uses: actions/checkout@v4
with:
ref: ${{github.event.workflow_run.head_branch}}
repository: ${{github.event.workflow_run.head_repository.full_name}}

# Download the patch
- uses: actions/download-artifact@v4
with:
name: patch
github-token: ${{ secrets.GITHUB_TOKEN }}
run-id: ${{ github.event.workflow_run.id }}
- name: Apply patch
run: |
git apply git-diff_combined.patch --allow-empty
rm git-diff_combined.patch
# Download the PR number
- uses: actions/download-artifact@v4
with:
name: pr_number_combined
github-token: ${{ secrets.GITHUB_TOKEN }}
run-id: ${{ github.event.workflow_run.id }}
- name: Read pr_number.txt
# PR_NUMBER for google, CI_PULL_REQUEST for review dog
run: |
PR_NUMBER=$(cat pr_number_combined.txt)
echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_ENV
echo "CI_PULL_REQUEST=$PR_NUMBER" >> $GITHUB_ENV
rm pr_number_combined.txt
# Post suggestions as a comment on the PR
- uses: reviewdog/action-suggester@v1
with:
tool_name: OpenRewrite suggestions combined
reviewdog_flags: tee

# now let's try the same thing with google code suggester
# Download the patch
- uses: actions/download-artifact@v4
with:
name: patch
github-token: ${{ secrets.GITHUB_TOKEN }}
run-id: ${{ github.event.workflow_run.id }}
- name: Apply patch
run: |
git apply git-diff_combined.patch --allow-empty
rm git-diff_combined.patch
- uses: googleapis/code-suggester@v4
with:
command: review
pull_number: ${{ env.PR_NUMBER }}
git_dir: '.'

0 comments on commit ec28984

Please sign in to comment.