Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set GITHUB_SHA to correct value for PRs #797

Closed
wants to merge 3 commits into from
Closed

Set GITHUB_SHA to correct value for PRs #797

wants to merge 3 commits into from

Conversation

juxtin
Copy link

@juxtin juxtin commented Sep 11, 2023

In re your comment here: actions/dependency-review-action#545 (comment)

This appears to be a bug in https://github.com/gradle/github-dependency-graph-gradle-plugin, which is used indirectly by this project to submit dependencies. I'll file an issue with them to get it fixed, but in the meantime I believe this PR will help.

Unfortunately, github.sha is not a good choice for the SHA to use when submitting a dependency snapshot for a PR. In the case of a PR, github.sha is (IIRC) a hypothetical merge commit, rather than the head SHA for the PR itself.

Since what we want is the PR's head SHA, we get that from github.event.pull_request.head.sha when that variable is available.

See https://github.com/gradle/github-dependency-graph-gradle-plugin#required-environment-variables for configuration reference for the Gradle plugin that submits dependencies.

@juxtin
Set GITHUB_SHA to correct value for PRs
fde28a6 
Unfortunately, `github.sha` is not a good choice for the SHA to use when submitting a dependency snapshot for a PR. In the case of a PR, `github.sha` is (IIRC) a hypothetical merge commit, rather than the head SHA for the PR itself.

Since what we want is the PR's head SHA, we get that from `github.event.pull_request.head.sha` when that variable is available. See https://github.com/gradle/github-dependency-graph-gradle-plugin#required-environment-variables
@juxtin juxtin mentioned this pull request Sep 11, 2023
Closed
@juxtin
Copy link
Author

juxtin commented Sep 11, 2023

I can see this didn't work as expected, which means it'll probably need to be fixed upstream in either https://github.com/gradle/github-dependency-graph-gradle-plugin or https://github.com/gradle/gradle-build-action. I'm working on an issue and maybe a PR for them.

@hfhbd
Overwrite GITHUB_SHA for each Gradle invocation
e099367 
Gradle dependency submission is applied via a plugin, which is evaluated for each invocation.
@hfhbd
Copy link
Owner

hfhbd commented Sep 11, 2023

Maybe I found a workaround until there is a proper fix in the Gradle build action:
The Gradle build action applies an Gradle init script, which applies the Gradle GitHub decendency project plugin. This project plugin is evaluated for each Gradle invocation and uses the current GITHUB_SHA: https://github.com/gradle/github-dependency-graph-gradle-plugin/blob/main/plugin/src/main/kotlin/org/gradle/github/dependencygraph/GitHubSnapshotParams.kt#L20

As a workaround you will need to overwrite GITHUB_SHA for each invocation of Gradle, not in the setup only.

@hfhbd hfhbd closed this Sep 27, 2023
MPV added a commit to MPV/github-dependency-review-for-scala that referenced this pull request Nov 6, 2023
@MPV
GITHUB_SHA correction for PRs
0a0d3e2 
See:
- hfhbd/ComposeTodo#797
This was referenced Nov 6, 2023
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@juxtin @hfhbd