From 0d0d7c6f5383f5df3e8aebccccbd3a50bddd607b Mon Sep 17 00:00:00 2001
From: Suhong Qin <51539171+sqin2019@users.noreply.github.com>
Date: Fri, 21 Jul 2023 12:48:54 -0700
Subject: [PATCH] feat: add tool cleanup pr comments (#77)

---
 .github/workflows/cleanup.yml      |  91 -----------------
 .github/workflows/tool_cleanup.yml | 158 +++++++++++++++++++++++++++++
 2 files changed, 158 insertions(+), 91 deletions(-)
 delete mode 100644 .github/workflows/cleanup.yml
 create mode 100644 .github/workflows/tool_cleanup.yml

diff --git a/.github/workflows/cleanup.yml b/.github/workflows/cleanup.yml
deleted file mode 100644
index d334513..0000000
--- a/.github/workflows/cleanup.yml
+++ /dev/null
@@ -1,91 +0,0 @@
-# Copyright 2023 The Authors (see AUTHORS file)
-
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-
-#      http://www.apache.org/licenses/LICENSE-2.0
-
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Reusable workflow that handles CLI request cleanup.
-name: 'aod-cleanup'
-
-# Support below trigger:
-# pull_request:
-#   types: 'closed'
-#   paths: 'tool.yaml'
-on:
-  workflow_call:
-    inputs:
-      aod_cli_version:
-        description: 'The version of AOD CLI.'
-        type: 'string'
-        default: 'latest'
-        required: false
-      go_version:
-        description: 'The version of Golang.'
-        type: 'string'
-        default: '1.20'
-        required: false
-
-jobs:
-  # Check the current status of this pull request with respect to code review.
-  review_status:
-    runs-on: 'ubuntu-latest'
-    permissions:
-      pull-requests: 'read'
-    outputs:
-      REVIEW_DECISION: '${{ steps.get_review_decision.outputs.REVIEW_DECISION }}'
-    steps:
-      - id: 'repo_name'
-        env:
-          REPO: '${{ github.repository }}'
-        run: 'echo "REPO_NAME=${REPO##*/}" >> $GITHUB_OUTPUT'
-      - id: 'get_review_decision'
-        env:
-          OWNER: '${{ github.repository_owner }}'
-          REPO_NAME: '${{ steps.repo_name.outputs.REPO_NAME }}'
-          PR_NUMBER: '${{ github.event.number }}'
-          GH_TOKEN: '${{ github.token }}'
-        run: |
-          reviewDecision="$(gh api graphql -F owner=$OWNER -F name=$REPO_NAME -F pr_number=$PR_NUMBER -f query='
-            query($name: String!, $owner: String!, $pr_number: Int!) {
-              repository(owner: $owner, name: $name) {
-                pullRequest(number: $pr_number) {
-                  reviewDecision
-                }
-              }
-            }
-          ' --jq '.data.repository.pullRequest.reviewDecision')"
-
-          echo REVIEW_DECISION=$reviewDecision >> $GITHUB_OUTPUT
-
-  # Only run Tool request cleanup when the pull request is approved.
-  cleanup:
-    needs: 'review_status'
-    if: '${{ needs.review_status.outputs.REVIEW_DECISION == ''APPROVED'' }}'
-    runs-on: 'ubuntu-latest'
-    permissions:
-      contents: 'read'
-      id-token: 'write'
-    name: 'Handle Tool Request Cleanup'
-    steps:
-      - name: 'Checkout Triggering Branch'
-        uses: 'actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab' # ratchet:actions/checkout@v3
-        with:
-          ref: '${{ github.event.pull_request.head.ref }}'
-      - name: 'Setup Go'
-        uses: 'actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568' # ratchet:actions/setup-go@v3
-        with:
-          go-version: '${{ inputs.go_version }}'
-      - name: 'Install AOD CLI'
-        run: 'go install github.com/abcxyz/access-on-demand/cmd/aod@${{ inputs.aod_cli_version }}'
-      - name: 'Handle cleanup'
-        env:
-          FILE_PATH: '${{ github.workspace }}/tool.yaml'
-        run: 'aod tool cleanup -path $FILE_PATH'
diff --git a/.github/workflows/tool_cleanup.yml b/.github/workflows/tool_cleanup.yml
new file mode 100644
index 0000000..69cd2e4
--- /dev/null
+++ b/.github/workflows/tool_cleanup.yml
@@ -0,0 +1,158 @@
+# Copyright 2023 The Authors (see AUTHORS file)
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#      http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Reusable workflow that handles tool request cleanup.
+name: 'aod-tool-cleanup'
+
+on:
+  workflow_call:
+    inputs:
+      aod_cli_version:
+        description: 'The version of AOD CLI.'
+        type: 'string'
+        default: 'latest'
+        required: false
+      go_version:
+        description: 'The version of Golang.'
+        type: 'string'
+        default: '1.20'
+        required: false
+
+env:
+  TOOL_ERROR_FILENAME: '/tmp/tool_error.txt'
+
+jobs:
+  # Check the current status of this pull request with respect to code review.
+  review_status:
+    runs-on: 'ubuntu-latest'
+    permissions:
+      pull-requests: 'read'
+    outputs:
+      REVIEW_DECISION: '${{ steps.get_review_decision.outputs.REVIEW_DECISION }}'
+    steps:
+      - id: 'get_review_decision'
+        env:
+          # Set the GH_TOKEN environment variable to use GitHub CLI in a GitHub Actions workflow.
+          # See ref: https://docs.github.com/en/actions/using-workflows/using-github-cli-in-workflows
+          GH_TOKEN: '${{ github.token }}'
+        run: |
+          repo=${{ github.repository }}
+          reviewDecision="$(gh api graphql -F owner=${{ github.repository_owner }} -F name=${repo##*/} -F pr_number=${{ github.event.pull_request.number }} -f query='
+            query($name: String!, $owner: String!, $pr_number: Int!) {
+              repository(owner: $owner, name: $name) {
+                pullRequest(number: $pr_number) {
+                  reviewDecision
+                }
+              }
+            }
+          ' --jq '.data.repository.pullRequest.reviewDecision')"
+
+          echo REVIEW_DECISION=$reviewDecision >> $GITHUB_OUTPUT
+
+  # Only run Tool request cleanup when the pull request is approved.
+  cleanup:
+    needs: 'review_status'
+    if: '${{ needs.review_status.outputs.REVIEW_DECISION == ''APPROVED'' }}'
+    runs-on: 'ubuntu-latest'
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+      pull-requests: 'write'
+    name: 'Handle Tool Request Cleanup'
+    steps:
+      - name: 'Checkout Triggering Branch'
+        uses: 'actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab' # ratchet:actions/checkout@v3
+        with:
+          ref: '${{ github.event.pull_request.head.ref }}'
+      - name: 'Setup Go'
+        uses: 'actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568' # ratchet:actions/setup-go@v3
+        with:
+          go-version: '${{ inputs.go_version }}'
+      - name: 'Install AOD CLI'
+        run: 'go install github.com/abcxyz/access-on-demand/cmd/aod@${{ inputs.aod_cli_version }}'
+      - name: 'Handle cleanup'
+        id: 'cleanup_tool'
+        env:
+          FILE_PATH: '${{ github.workspace }}/tool.yaml'
+        run: |
+          touch ${{ env.TOOL_ERROR_FILENAME }}
+          aod tool cleanup -path ${{ env.FILE_PATH }} 2> ${{ env.TOOL_ERROR_FILENAME }}
+      # TODO (#79): Output only executed commands.
+      - name: 'Tool Request Cleanup Comment'
+        if: '${{ always() }}'
+        uses: 'actions/github-script@98814c53be79b1d30f795b907e553d8679345975' # ratchet:actions/github-script@v6
+        with:
+          github-token: '${{ github.token }}'
+          retries: '3'
+          script: |+
+            var body, req;
+            const fs = require("fs");
+            const outcome = '${{ steps.cleanup_tool.outcome }}';
+            switch (outcome) {
+              case 'success':
+                req = fs.readFileSync(
+                  `tool.yaml`,
+                  { encoding: "utf8" }
+                );
+
+              body = `**\`Access on Demand\`** - 🟩 **\`Tool\`** request succeeded.
+
+            <details>
+            <summary>Details</summary>
+            Executed "cleanup" commands in the request below, or skipped if "cleanup" commands not found.
+
+            \`\`\`
+            ${req}
+            \`\`\`
+            </details>`;
+                break;
+              case 'failure':
+                req = fs.readFileSync(
+                  `tool.yaml`,
+                  { encoding: "utf8" }
+                );
+                const error = fs.readFileSync(
+                  `${{ env.TOOL_ERROR_FILENAME }}`,
+                  { encoding: "utf8" }
+                );
+                body = `**\`Access on Demand\`** - 🟥 **\`Tool\`** request failed.
+
+            <details>
+            <summary>Details</summary>
+            Failed to execute "cleanup" commands in the request below.
+
+            \`\`\`
+            ${req}
+            \`\`\`
+
+            Error:
+            \`\`\`
+            ${error}
+            \`\`\`
+            </details>`;
+                break;
+              // step cancelled/skipped, should not happen if the triggering event is correct.
+              default:
+                // Do nothing.
+                break;
+            }
+
+            if (typeof body !== "undefined") {
+              await github.rest.issues.createComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: ${{ github.event.pull_request.number }},
+                body: body,
+              });
+            }