Skip to content

Commit

Permalink
feat: use cli outputs in pr comments (#90)
Browse files Browse the repository at this point in the history 
fix #85 and #86
  • Loading branch information
@sqin2019
sqin2019 authored Aug 14, 2023
1 parent 0ed6510 commit ce1315a
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 15 deletions.
35 changes: 24 additions & 11 deletions .github/workflows/handle.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,9 @@
# limitations under the License.

name: 'aod-handle'
# TODO(#30): Support pull_request labeled triggering event. Current workflow
# requires the triggering event must be pull_request_review as it relies on this
# event to get the approval submit time as IAM permission expiration start time.
# Current workflow requires the triggering event must be pull_request_review as
# it relies on this event to get the approval submit time as IAM permission
# expiration start time.
on:
workflow_call:
inputs:
Expand All @@ -41,7 +41,9 @@ on:
env:
DEFAULT_DURATION: '2h'
IAM_ERROR_FILENAME: '/tmp/iam_error.txt'
IAM_OUT_FILENAME: '/tmp/iam_output.txt'
TOOL_ERROR_FILENAME: '/tmp/tool_error.txt'
TOOL_OUT_FILENAME: '/tmp/tool_output.txt'

jobs:
review_status:
Expand Down Expand Up @@ -99,6 +101,10 @@ jobs:
workload_identity_provider: '${{ inputs.workload_identity_provider }}'
service_account: '${{ inputs.service_account }}'
token_format: 'access_token'
# Install gcloud, `setup-gcloud` automatically picks up authentication from `auth`.
- name: 'Set up Cloud SDK'
if: '${{ hashFiles(''tool.yaml'') != '''' }}'
uses: 'google-github-actions/setup-gcloud@e30db14379863a8c79331b04a9969f4c1e225e0b' # ratchet:google-github-actions/setup-gcloud@v1
- name: 'Install AOD CLI'
if: '${{ hashFiles(''iam.yaml'', ''tool.yaml'') != '''' }}'
run: 'go install github.com/abcxyz/access-on-demand/cmd/aod@${{ inputs.aod_cli_version }}'
Expand All @@ -123,8 +129,13 @@ jobs:
IAM_FILE_PATH: '${{ github.workspace }}/iam.yaml'
START_TIME: '${{ github.event.review.submitted_at }}'
run: |
touch ${{ env.IAM_ERROR_FILENAME }}
aod iam handle -path ${{ env.IAM_FILE_PATH }} -duration ${{ env.DURATION }} -start-time ${{ env.START_TIME }} 2> ${{ env.IAM_ERROR_FILENAME }}
touch ${{ env.IAM_ERROR_FILENAME }} ${{ env.IAM_OUT_FILENAME }}
aod iam handle \
-path ${{ env.IAM_FILE_PATH }} \
-duration ${{ env.DURATION }} \
-start-time ${{ env.START_TIME }} \
2> ${{ env.IAM_ERROR_FILENAME }} \
> ${{ env.IAM_OUT_FILENAME }}
# Request will not be handled when tool.yaml file does not exist in the
# case of a pull_request_review event, instead it prints out a notice.
- name: 'Handle Tool Request'
Expand All @@ -133,8 +144,10 @@ jobs:
env:
TOOL_FILE_PATH: '${{ github.workspace }}/tool.yaml'
run: |
touch ${{ env.TOOL_ERROR_FILENAME }}
aod tool do -path ${{ env.TOOL_FILE_PATH }} 2> ${{ env.TOOL_ERROR_FILENAME }}
touch ${{ env.TOOL_ERROR_FILENAME }} ${{ env.TOOL_OUT_FILENAME }}
aod tool do -path ${{ env.TOOL_FILE_PATH }} \
2> ${{ env.TOOL_ERROR_FILENAME }} \
> ${{ env.TOOL_OUT_FILENAME }}
- name: 'IAM Request Comment'
if: '${{ always() && hashFiles(''iam.yaml'') != '''' }}'
Expand All @@ -149,7 +162,7 @@ jobs:
switch (outcome) {
case 'success':
req = fs.readFileSync(
`iam.yaml`,
`${{ env.IAM_OUT_FILENAME }}`,
{ encoding: "utf8" }
);
Expand All @@ -166,7 +179,7 @@ jobs:
break;
case 'failure':
req = fs.readFileSync(
`iam.yaml`,
`${{ env.IAM_OUT_FILENAME }}`,
{ encoding: "utf8" }
);
const error = fs.readFileSync(
Expand Down Expand Up @@ -217,7 +230,7 @@ jobs:
switch (outcome) {
case 'success':
req = fs.readFileSync(
`tool.yaml`,
`${{ env.TOOL_OUT_FILENAME }}`,
{ encoding: "utf8" }
);
Expand All @@ -234,7 +247,7 @@ jobs:
break;
case 'failure':
req = fs.readFileSync(
`tool.yaml`,
`${{ env.TOOL_OUT_FILENAME }}`,
{ encoding: "utf8" }
);
const error = fs.readFileSync(
Expand Down
14 changes: 10 additions & 4 deletions .github/workflows/tool_cleanup.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ on:

env:
TOOL_ERROR_FILENAME: '/tmp/tool_error.txt'
TOOL_OUT_FILENAME: '/tmp/tool_output.txt'

jobs:
# Check the current status of this pull request with respect to code review.
Expand Down Expand Up @@ -93,15 +94,20 @@ jobs:
workload_identity_provider: '${{ inputs.workload_identity_provider }}'
service_account: '${{ inputs.service_account }}'
token_format: 'access_token'
# Install gcloud, `setup-gcloud` automatically picks up authentication from `auth`.
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@e30db14379863a8c79331b04a9969f4c1e225e0b' # ratchet:google-github-actions/setup-gcloud@v1
- name: 'Install AOD CLI'
run: 'go install github.com/abcxyz/access-on-demand/cmd/aod@${{ inputs.aod_cli_version }}'
- name: 'Handle cleanup'
id: 'cleanup_tool'
env:
FILE_PATH: '${{ github.workspace }}/tool.yaml'
run: |
touch ${{ env.TOOL_ERROR_FILENAME }}
aod tool cleanup -path ${{ env.FILE_PATH }} 2> ${{ env.TOOL_ERROR_FILENAME }}
touch ${{ env.TOOL_ERROR_FILENAME }} ${{ env.TOOL_OUT_FILENAME }}
aod tool cleanup -path ${{ env.FILE_PATH }} \
2> ${{ env.TOOL_ERROR_FILENAME }} \
> ${{ env.TOOL_OUT_FILENAME }}
# TODO (#79): Output only executed commands.
- name: 'Tool Request Cleanup Comment'
if: '${{ always() }}'
Expand All @@ -116,7 +122,7 @@ jobs:
switch (outcome) {
case 'success':
req = fs.readFileSync(
`tool.yaml`,
`${{ env.TOOL_OUT_FILENAME }}`,
{ encoding: "utf8" }
);
Expand All @@ -133,7 +139,7 @@ jobs:
break;
case 'failure':
req = fs.readFileSync(
`tool.yaml`,
`${{ env.TOOL_OUT_FILENAME }}`,
{ encoding: "utf8" }
);
const error = fs.readFileSync(
Expand Down

0 comments on commit ce1315a

Please sign in to comment.