Skip to content

Compare DS job: store PR info to be used by compare ds workflow #14282

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Mab879 merged 1 commit into from
Jan 8, 2026
Merged

Compare DS job: store PR info to be used by compare ds workflow #14282

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions .github/workflows/compare-ds-build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,3 +66,16 @@ jobs:
name: pr-artifacts-${{ github.event.pull_request.head.sha }}
retention-days: 1
path: artifacts.tar.gz
- name: Save PR info
run: |
mkdir -p pr-info
echo "${{ github.event.pull_request.number }}" > pr-info/pr-number.txt
echo "${{ github.event.pull_request.head.sha }}" > pr-info/pr-sha.txt
echo "${{ github.base_ref }}" > pr-info/base-branch.txt
echo "${{ steps.fork_point.outputs.FORK_POINT }}" > pr-info/fork-point.txt
- name: Upload PR info
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v4
with:
name: pr-info
retention-days: 1
path: pr-info/
41 changes: 28 additions & 13 deletions .github/workflows/compare-ds.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ on:
permissions:
pull-requests: write
contents: read
actions: read
jobs:
build-content:
name: Generate Diff
Expand All @@ -18,6 +19,25 @@ jobs:
run: dnf install -y cmake make openscap-utils python3-pyyaml python3-setuptools python3-jinja2 git python3-deepdiff python3-requests jq python3-pip python3-setuptools
- name: Install deps python
run: pip install gitpython xmldiff
- name: Download PR info
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
run-id: ${{ github.event.workflow_run.id }}
name: pr-info
Copy link
Member

@Mab879 Mab879 Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the same name as ATEX, I think we might run into issues here.

Copy link
Member Author

@ggbecker ggbecker Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so, I also had the same doubt, but apparently the github workflow knows how to distinguish which artifact to download by using the run-id attribute, which is somehow described here: https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows#using-data-from-the-triggering-workflow

it knows from which workflow triggered the workflow_run and thus knows which artifact to download. That was my assumption. What do you think?

Copy link
Member Author

@ggbecker ggbecker Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/actions/download-artifact/blob/37930b1c2abaa49bbe596cd826c3c89aef350131/README.md?plain=1#L133

path: pr-info/
- name: Get PR info
id: pr_info
run: |
PR_NUMBER=$(cat pr-info/pr-number.txt)
BASE_BRANCH=$(cat pr-info/base-branch.txt)
FORK_POINT=$(cat pr-info/fork-point.txt)
echo "pr_number=${PR_NUMBER}" >> $GITHUB_OUTPUT
echo "base_branch=${BASE_BRANCH}" >> $GITHUB_OUTPUT
echo "fork_point=${FORK_POINT}" >> $GITHUB_OUTPUT
echo "PR Number: ${PR_NUMBER}"
echo "Base Branch: ${BASE_BRANCH}"
echo "Fork Point: ${FORK_POINT}"
- name: Checkout master
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4
with:
Expand All @@ -27,18 +47,13 @@ jobs:
# https://github.com/actions/checkout/issues/766
- name: Set git safe directory
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
- name: Find forking point
env:
BASE_BRANCH: ${{ github.base_ref }}
run: echo "FORK_POINT=$(git merge-base origin/$BASE_BRANCH ${{ github.event.pull_request.head.sha }})" >> $GITHUB_OUTPUT
id: fork_point
- name: Checkout (CTF)
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4
with:
repository: ComplianceAsCode/content-test-filtering
path: ctf
- name: Detect content changes in the PR
run: python3 ./ctf/content_test_filtering.py pr --base ${{ steps.fork_point.outputs.FORK_POINT }} --remote_repo ${{ github.server_url }}/${{ github.repository }} --verbose --rule --output json ${{ github.event.pull_request.number }} > output.json
run: python3 ./ctf/content_test_filtering.py pr --base ${{ steps.pr_info.outputs.fork_point }} --remote_repo ${{ github.server_url }}/${{ github.repository }} --verbose --rule --output json ${{ steps.pr_info.outputs.pr_number }} > output.json
- name: Test if there are no content changes
run: echo "CTF_OUTPUT_SIZE=$(stat --printf="%s" output.json)" >> $GITHUB_OUTPUT
id: ctf
Expand All @@ -52,9 +67,9 @@ jobs:
with:
path: 'output.json'
prop_path: 'product'
- name: Download built product ${{ github.base_ref }} (${{ steps.fork_point.outputs.FORK_POINT }})
- name: Download built product ${{ steps.pr_info.outputs.base_branch }} (${{ steps.pr_info.outputs.fork_point }})
if: ${{ steps.ctf.outputs.CTF_OUTPUT_SIZE != '0' }}
uses: actions/download-artifact@v7
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7
with:
name: pr-artifacts-${{ github.event.workflow_run.head_sha }}
path: pr_artifacts
Expand Down Expand Up @@ -89,15 +104,15 @@ jobs:
uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3
id: fc
with:
issue-number: ${{ github.event.pull_request.number }}
issue-number: ${{ steps.pr_info.outputs.pr_number }}
comment-author: 'github-actions[bot]'
body-includes: This datastream diff is auto generated by the check
- name: Create or update comment
if: ${{ steps.compare_ds.outputs.COMPARE_DS_OUTPUT_SIZE != '0' && steps.compare_ds.outputs.COMPARE_DS_OUTPUT_SIZE <= 65000 }}
uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v4
with:
comment-id: ${{ steps.fc.outputs.comment-id }}
issue-number: ${{ github.event.pull_request.number }}
issue-number: ${{ steps.pr_info.outputs.pr_number }}
body: |
This datastream diff is auto generated by the check `Compare DS/Generate Diff`
<details>
Expand All @@ -114,7 +129,7 @@ jobs:
uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v4
with:
comment-id: ${{ steps.fc.outputs.comment-id }}
issue-number: ${{ github.event.pull_request.number }}
issue-number: ${{ steps.pr_info.outputs.pr_number }}
body: |
This datastream diff is auto generated by the check `Compare DS/Generate Diff`.
Due to the excessive size of the diff, it has been trimmed to fit the 65535-character limit.
Expand Down Expand Up @@ -149,14 +164,14 @@ jobs:
uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3
id: shell_diff
with:
issue-number: ${{ github.event.pull_request.number }}
issue-number: ${{ steps.pr_info.outputs.pr_number }}
comment-author: 'github-actions[bot]'
body-includes: Change in Ansible 'shell' module found.
- name: Create comment
if: ${{ steps.ansible_shell_diff.outputs.SHELL_DIFF_OUTPUT_SIZE != '0' && steps.shell_diff.outputs.comment-id == 0 }}
uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v4
with:
issue-number: ${{ github.event.pull_request.number }}
issue-number: ${{ steps.pr_info.outputs.pr_number }}
body: |
Change in Ansible `shell` module found.

Expand Down
Loading