diff --git a/.github/workflows/licensecheck.yml b/.github/workflows/licensecheck.yml index 24bae120..5ef6e4d4 100644 --- a/.github/workflows/licensecheck.yml +++ b/.github/workflows/licensecheck.yml @@ -11,40 +11,34 @@ on: - 'rebased/*' jobs: - build: + check_commits: runs-on: ubuntu-latest + + strategy: + matrix: + value: ${{ github.event.commits }} + outputs: + license_lines: ${{ steps.process-files.outputs.license_lines }} + steps: - - name: Get push type - id: push-type + - name: Store commit + id: store_commit run: | - echo "Getting push type" - PUSH_TYPE='commit' - FETCH_DEPTH=10 - if ${{ github.event.forced }} || ${{ github.event.before == '0000000000000000000000000000000000000000' }}; then - PUSH_TYPE='branch' - FETCH_DEPTH=0 - fi - echo "Push type: $PUSH_TYPE" - echo "Fetch depth: $FETCH_DEPTH" - echo "push_type=$PUSH_TYPE" >> $GITHUB_OUTPUT - echo "fetch_depth=$FETCH_DEPTH" >> $GITHUB_OUTPUT - - - name: Checkout + COMMIT=${{ matrix.value.id }} + echo "commit=$COMMIT" >> $GITHUB_OUTPUT + + - name: Checkout commit and parent commit uses: actions/checkout@v4 with: - fetch-depth: ${{ steps.push-type.outputs.fetch_depth }} + fetch-depth: 2 + ref: "${{ steps.store_commit.outputs.commit }}" - name: Get changed files id: changed-files run: | - if ${{ steps.push-type.outputs.push_type == 'branch'}}; then - echo "First commit on feature branch or force push - getting all changed files compared to 'develop'" - CHANGED_FILES=$(git diff --name-only remotes/origin/develop ${{ github.event.after }} | xargs) - else - echo "Getting changed files from ${{ github.event.before }} to ${{ github.event.after }}" - CHANGED_FILES=$(git diff --name-only ${{ github.event.before }} ${{ github.event.after }} | xargs) - fi + echo "Getting changed files" + CHANGED_FILES=$(git diff --name-only HEAD^ HEAD | xargs) for file in $CHANGED_FILES; do echo "'$file' was changed" done @@ -74,31 +68,63 @@ jobs: echo EOF } >> $GITHUB_OUTPUT - - name: Remove commit/branch if licenses found - if: ${{ steps.process-files.outputs.license_lines != '' }} + - name: Create json with result + run: | + jq -cn --arg commit ${{ steps.store_commit.outputs.commit }} --arg licenselines "${{ steps.process-files.outputs.license_lines }}" '$ARGS.named' > result + + - name: Random Number Generator + id: random-number-generator + run: echo "random-number=$(echo $RANDOM)" >> $GITHUB_OUTPUT + shell: bash + + - name: Upload result + uses: actions/upload-artifact@v4 + with: + name: "result-${{ steps.random-number-generator.outputs.random-number }}" + path: result + + + process_results: + needs: check_commits + + runs-on: ubuntu-latest + + continue-on-error: true + + outputs: + results: ${{ steps.read_results.outputs.results }} + + steps: + - name: Download results + uses: actions/download-artifact@v4 + + - name: Read results file + id: read_results + run: | + results="$(cat */result | jq -c --slurp .)" + echo results=$results >> $GITHUB_OUTPUT + + - name: Filter results + id: filter_results + run: | + jq -n --argjson data '${{ steps.read_results.outputs.results }}' '$data[] | select(.licenselines == "")' >> filtered_results + filtered_results="$(cat filtered_results)" + echo filtered_results=$filtered_results >> $GITHUB_OUTPUT + + - name: Remove commits if licenses found + if: ${{ steps.filter_results.outputs.filtered_results != '' }} id: remove-license run: | - if ${{ steps.push-type.outputs.push_type == 'commit'}}; then - echo "Removing commit ${{ github.event.after }} as it contains licenses" - git reset --hard ${{ github.event.before }} - git push origin ${{ github.ref }} --force-with-lease - echo "link=https://github.com/${{ github.repository }}/commits/${{ github.ref }}" >> $GITHUB_OUTPUT - echo "short_msg=push denied, reset to '${{ toJSON(github.event.before) }}'!" >> $GITHUB_OUTPUT - echo "action_type=reverted to" >> $GITHUB_OUTPUT - echo "msg_code=${{ github.event.before }}" >> $GITHUB_OUTPUT - echo "xtra_msg=('${{ toJSON(github.event.head_commit.message) }}' denied)" >> $GITHUB_OUTPUT - else - echo "Removing branch ${{ github.ref }} as it contains licenses" - git push origin --delete ${{ github.ref }} - echo "link=https://github.com/${{ github.repository }}/branches" >> $GITHUB_OUTPUT - echo "short_msg='${{ github.ref }}' was removed!" >> $GITHUB_OUTPUT - echo "action_type=removed" >> $GITHUB_OUTPUT - echo "msg_code=${{ github.ref }}" >> $GITHUB_OUTPUT - echo "xtra_msg=" >> $GITHUB_OUTPUT - fi + echo "Removing commits as they contains licenses" + echo ${{ toJson(steps.filter_results.outputs.filtered_results) }} + echo "link=https://github.com/${{ github.repository }}/commits/${{ github.ref }}" >> $GITHUB_OUTPUT + echo "short_msg=push denied, reset to '${{ toJSON(github.event.before) }}'!" >> $GITHUB_OUTPUT + echo "action_type=reverted to" >> $GITHUB_OUTPUT + echo "msg_code=${{ github.event.before }}" >> $GITHUB_OUTPUT + echo "xtra_msg=('${{ toJSON(github.event.head_commit.message) }}' denied)" >> $GITHUB_OUTPUT - name: Find correspondences - if: ${{ steps.process-files.outputs.license_lines != '' }} + if: ${{ steps.filter_results.outputs.filtered_results != '' }} id: email uses: slackapi/slack-github-action@v2.1.1 with: @@ -146,3 +172,38 @@ jobs: } } ] + + - name: Fallback Slack notification + if: failure() + id: fallback_slack + uses: slackapi/slack-github-action@v2.1.1 + with: + errors: true + method: chat.postMessage # https://api.slack.com/methods/chat.postMessage + token: ${{ secrets.SLACK_BOT_TOKEN }} + payload: | + "channel": "ci", + "text": "${{ steps.remove-license.outputs.short_msg }}", + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": ":alert: *LICENSES DETECTED* :alert:" + } + }, + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "${{ steps.remove-license.outputs.action_type}} ${{ steps.push-type.outputs.push_type}} `${{ steps.remove-license.outputs.msg_code }}` ${{ steps.remove-license.outputs.xtra_msg }}" + } + }, + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "<${{ steps.remove-license.outputs.link }}>" + } + } + ] \ No newline at end of file