diff --git a/.github/workflows/compare-ds-build.yml b/.github/workflows/compare-ds-build.yml index e781e42400e8..77d32af7a758 100644 --- a/.github/workflows/compare-ds-build.yml +++ b/.github/workflows/compare-ds-build.yml @@ -66,3 +66,16 @@ jobs: name: pr-artifacts-${{ github.event.pull_request.head.sha }} retention-days: 1 path: artifacts.tar.gz + - name: Save PR info + run: | + mkdir -p pr-info + echo "${{ github.event.pull_request.number }}" > pr-info/pr-number.txt + echo "${{ github.event.pull_request.head.sha }}" > pr-info/pr-sha.txt + echo "${{ github.base_ref }}" > pr-info/base-branch.txt + echo "${{ steps.fork_point.outputs.FORK_POINT }}" > pr-info/fork-point.txt + - name: Upload PR info + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v4 + with: + name: pr-info + retention-days: 1 + path: pr-info/ diff --git a/.github/workflows/compare-ds.yaml b/.github/workflows/compare-ds.yaml index d544e8265b03..c932f737f788 100644 --- a/.github/workflows/compare-ds.yaml +++ b/.github/workflows/compare-ds.yaml @@ -7,6 +7,7 @@ on: permissions: pull-requests: write contents: read + actions: read jobs: build-content: name: Generate Diff @@ -18,6 +19,25 @@ jobs: run: dnf install -y cmake make openscap-utils python3-pyyaml python3-setuptools python3-jinja2 git python3-deepdiff python3-requests jq python3-pip python3-setuptools - name: Install deps python run: pip install gitpython xmldiff + - name: Download PR info + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + run-id: ${{ github.event.workflow_run.id }} + name: pr-info + path: pr-info/ + - name: Get PR info + id: pr_info + run: | + PR_NUMBER=$(cat pr-info/pr-number.txt) + BASE_BRANCH=$(cat pr-info/base-branch.txt) + FORK_POINT=$(cat pr-info/fork-point.txt) + echo "pr_number=${PR_NUMBER}" >> $GITHUB_OUTPUT + echo "base_branch=${BASE_BRANCH}" >> $GITHUB_OUTPUT + echo "fork_point=${FORK_POINT}" >> $GITHUB_OUTPUT + echo "PR Number: ${PR_NUMBER}" + echo "Base Branch: ${BASE_BRANCH}" + echo "Fork Point: ${FORK_POINT}" - name: Checkout master uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4 with: @@ -27,18 +47,13 @@ jobs: # https://github.com/actions/checkout/issues/766 - name: Set git safe directory run: git config --global --add safe.directory "$GITHUB_WORKSPACE" - - name: Find forking point - env: - BASE_BRANCH: ${{ github.base_ref }} - run: echo "FORK_POINT=$(git merge-base origin/$BASE_BRANCH ${{ github.event.pull_request.head.sha }})" >> $GITHUB_OUTPUT - id: fork_point - name: Checkout (CTF) uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4 with: repository: ComplianceAsCode/content-test-filtering path: ctf - name: Detect content changes in the PR - run: python3 ./ctf/content_test_filtering.py pr --base ${{ steps.fork_point.outputs.FORK_POINT }} --remote_repo ${{ github.server_url }}/${{ github.repository }} --verbose --rule --output json ${{ github.event.pull_request.number }} > output.json + run: python3 ./ctf/content_test_filtering.py pr --base ${{ steps.pr_info.outputs.fork_point }} --remote_repo ${{ github.server_url }}/${{ github.repository }} --verbose --rule --output json ${{ steps.pr_info.outputs.pr_number }} > output.json - name: Test if there are no content changes run: echo "CTF_OUTPUT_SIZE=$(stat --printf="%s" output.json)" >> $GITHUB_OUTPUT id: ctf @@ -52,9 +67,9 @@ jobs: with: path: 'output.json' prop_path: 'product' - - name: Download built product ${{ github.base_ref }} (${{ steps.fork_point.outputs.FORK_POINT }}) + - name: Download built product ${{ steps.pr_info.outputs.base_branch }} (${{ steps.pr_info.outputs.fork_point }}) if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }} - uses: actions/download-artifact@v7 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 with: name: pr-artifacts-${{ github.event.workflow_run.head_sha }} path: pr_artifacts @@ -89,7 +104,7 @@ jobs: uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3 id: fc with: - issue-number: ${{ github.event.pull_request.number }} + issue-number: ${{ steps.pr_info.outputs.pr_number }} comment-author: 'github-actions[bot]' body-includes: This datastream diff is auto generated by the check - name: Create or update comment @@ -97,7 +112,7 @@ jobs: uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v4 with: comment-id: ${{ steps.fc.outputs.comment-id }} - issue-number: ${{ github.event.pull_request.number }} + issue-number: ${{ steps.pr_info.outputs.pr_number }} body: | This datastream diff is auto generated by the check `Compare DS/Generate Diff`
@@ -114,7 +129,7 @@ jobs: uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v4 with: comment-id: ${{ steps.fc.outputs.comment-id }} - issue-number: ${{ github.event.pull_request.number }} + issue-number: ${{ steps.pr_info.outputs.pr_number }} body: | This datastream diff is auto generated by the check `Compare DS/Generate Diff`. Due to the excessive size of the diff, it has been trimmed to fit the 65535-character limit. @@ -149,14 +164,14 @@ jobs: uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3 id: shell_diff with: - issue-number: ${{ github.event.pull_request.number }} + issue-number: ${{ steps.pr_info.outputs.pr_number }} comment-author: 'github-actions[bot]' body-includes: Change in Ansible 'shell' module found. - name: Create comment if: ${{ steps.ansible_shell_diff.outputs.SHELL_DIFF_OUTPUT_SIZE != '0' && steps.shell_diff.outputs.comment-id == 0 }} uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v4 with: - issue-number: ${{ github.event.pull_request.number }} + issue-number: ${{ steps.pr_info.outputs.pr_number }} body: | Change in Ansible `shell` module found.