mirror of
https://github.com/microsoft/vcpkg.git
synced 2024-12-26 09:31:08 +08:00
Get the Actions bot out of the PR review business. (#29777)
* Recently, we are blocked from approving PRs from GitHub Actions across the entire microsoft/ organization. This change just updates a comment and 'fails' the check rather than trying to create reviews. * Intentionally damage a port to test the bot. * Try not commenting at all. * More annotations. * ExitCode is not a thing. * Remove markdownisms from console output. * Fix intentional damage almost * Remove all intentional breakage. * Update .github/workflows/untrustedPR.yml Co-authored-by: autoantwort <41973254+autoantwort@users.noreply.github.com> --------- Co-authored-by: Javier Matos Denizac <javier.matosd@gmail.com> Co-authored-by: autoantwort <41973254+autoantwort@users.noreply.github.com>
This commit is contained in:
parent
4149a220d4
commit
90e3d2b253
63
.github/workflows/trustedPR.yml
vendored
63
.github/workflows/trustedPR.yml
vendored
@ -1,63 +0,0 @@
|
||||
# Modelled after https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
|
||||
|
||||
name: Post PR Suggestions
|
||||
|
||||
on:
|
||||
workflow_run:
|
||||
workflows: ["PR Suggestions"]
|
||||
types:
|
||||
- completed
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
comment:
|
||||
permissions:
|
||||
pull-requests: write
|
||||
runs-on: ubuntu-22.04
|
||||
if: >
|
||||
${{ github.event.workflow_run.event == 'pull_request' &&
|
||||
github.event.workflow_run.conclusion == 'success' }}
|
||||
|
||||
steps:
|
||||
- name: 'Download artifact'
|
||||
uses: actions/github-script@v6
|
||||
with:
|
||||
script: |
|
||||
var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
run_id: ${{github.event.workflow_run.id }},
|
||||
});
|
||||
var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
|
||||
return artifact.name == "pr"
|
||||
})[0];
|
||||
var download = await github.rest.actions.downloadArtifact({
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
artifact_id: matchArtifact.id,
|
||||
archive_format: 'zip',
|
||||
});
|
||||
var fs = require('fs');
|
||||
fs.writeFileSync('${{github.workspace}}/pr.zip', Buffer.from(download.data));
|
||||
- run: unzip pr.zip
|
||||
|
||||
- uses: actions/github-script@v6
|
||||
with:
|
||||
script: |
|
||||
const { promises: fs } = require('fs')
|
||||
const event = (await fs.readFile('event', 'utf8')).trim()
|
||||
const body = (await fs.readFile('body', 'utf8')).trim()
|
||||
const issue_number = Number(await fs.readFile('./NR'));
|
||||
|
||||
var req = {
|
||||
owner: context.repo.owner,
|
||||
pull_number: issue_number,
|
||||
repo: context.repo.repo,
|
||||
event: event
|
||||
};
|
||||
if (body !== "") {
|
||||
req.body = body;
|
||||
}
|
||||
await github.rest.pulls.createReview(req);
|
142
.github/workflows/untrustedPR.yml
vendored
142
.github/workflows/untrustedPR.yml
vendored
@ -1,30 +1,22 @@
|
||||
# Modelled after https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
|
||||
|
||||
# These "checks" are also performed as part of our critical-path azure-pipelines review,
|
||||
# however here they are better able to post back to the original PR
|
||||
name: PR Suggestions
|
||||
name: Check For Common Mistakes
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
|
||||
jobs:
|
||||
build:
|
||||
Check:
|
||||
runs-on: ubuntu-22.04
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v3
|
||||
with:
|
||||
# fetch-depth 50 tries to ensure we capture the whole history of the branch
|
||||
fetch-depth: 50
|
||||
|
||||
- name: bootstrap
|
||||
- name: Bootstrap
|
||||
run: ./bootstrap-vcpkg.sh
|
||||
|
||||
- name: Save PR number
|
||||
run: |
|
||||
mkdir -p ./pr
|
||||
echo ${{ github.event.number }} > ./pr/NR
|
||||
|
||||
- name: Formatting
|
||||
run: |
|
||||
git config user.email github-actions
|
||||
@ -34,10 +26,10 @@ jobs:
|
||||
|
||||
unset VCPKG_ROOT
|
||||
|
||||
git diff --name-status --merge-base HEAD^ HEAD --diff-filter=MAR -- '*portfile.cmake' | sed 's/[MAR]\t*//' | while read filename; do grep -q -E '(vcpkg_apply_patches|vcpkg_copy_tool_dependencies|vcpkg_build_msbuild|vcpkg_extract_source_archive_ex|vcpkg_install_cmake|vcpkg_build_cmake|vcpkg_configure_cmake|vcpkg_fixup_cmake_targets)' "$filename" && echo " - \`$filename\`" || true; done > .github-pr.deprecated-cmake
|
||||
git diff --name-status --merge-base HEAD^ HEAD --diff-filter=MAR -- '*portfile.cmake' | sed 's/[MAR]\t*//' | while read filename; do grep -q -E '(vcpkg_apply_patches|vcpkg_copy_tool_dependencies|vcpkg_build_msbuild|vcpkg_extract_source_archive_ex|vcpkg_install_cmake|vcpkg_build_cmake|vcpkg_configure_cmake|vcpkg_fixup_cmake_targets)' "$filename" && echo "$filename" || true; done > .github-pr.deprecated-cmake
|
||||
git diff --name-status --merge-base HEAD^ HEAD --diff-filter=MAR -- '*vcpkg.json' | sed 's/[MAR]\t*//' > .github-pr.changed-manifest-files
|
||||
cat .github-pr.changed-manifest-files | while read filename; do grep -q -E '"license": ' "$filename" || echo " - \`$filename\`" || true; done > .github-pr.missing-license
|
||||
cat .github-pr.changed-manifest-files | while read filename; do match=$(grep -oiP '"license": ".*\K(AGPL-1\.0|AGPL-3\.0|BSD-2-Clause-FreeBSD|BSD-2-Clause-NetBSD|bzip2-1\.0\.5|eCos-2\.0|GFDL-1\.1|GFDL-1\.2|GFDL-1\.3|GPL-1\.0|GPL-1\.0\+|GPL-2\.0|GPL-2\.0\+|GPL-2\.0-with-autoconf-exception|GPL-2\.0-with-bison-exception|GPL-2\.0-with-classpath-exception|GPL-2\.0-with-font-exception|GPL-2\.0-with-GCC-exception|GPL-3\.0|GPL-3\.0\+|GPL-3\.0-with-autoconf-exception|GPL-3\.0-with-GCC-exception|LGPL-2\.0|LGPL-2\.0\+|LGPL-2\.1|LGPL-2\.1\+|LGPL-3\.0|LGPL-3\.0\+|Nunit|StandardML-NJ|wxWindows)(?=[ "])' "$filename" || true); if [ ! -z "$match" ]; then echo " - \`$filename\` (has deprecated license \`$match\`)" ; fi ; done > .github-pr.deprecated-license
|
||||
cat .github-pr.changed-manifest-files | while read filename; do grep -q -E '"license": ' "$filename" || echo "$filename" || true; done > .github-pr.missing-license
|
||||
cat .github-pr.changed-manifest-files | while read filename; do match=$(grep -oiP '"license": ".*\K(AGPL-1\.0|AGPL-3\.0|BSD-2-Clause-FreeBSD|BSD-2-Clause-NetBSD|bzip2-1\.0\.5|eCos-2\.0|GFDL-1\.1|GFDL-1\.2|GFDL-1\.3|GPL-1\.0|GPL-1\.0\+|GPL-2\.0|GPL-2\.0\+|GPL-2\.0-with-autoconf-exception|GPL-2\.0-with-bison-exception|GPL-2\.0-with-classpath-exception|GPL-2\.0-with-font-exception|GPL-2\.0-with-GCC-exception|GPL-3\.0|GPL-3\.0\+|GPL-3\.0-with-autoconf-exception|GPL-3\.0-with-GCC-exception|LGPL-2\.0|LGPL-2\.0\+|LGPL-2\.1|LGPL-2\.1\+|LGPL-3\.0|LGPL-3\.0\+|Nunit|StandardML-NJ|wxWindows)(?=[ "])' "$filename" || true); if [ ! -z "$match" ]; then echo "$filename (has deprecated license \"$match\")" ; fi ; done > .github-pr.deprecated-license
|
||||
./vcpkg format-manifest --all --convert-control
|
||||
git diff > .github-pr.format-manifest
|
||||
git add -u
|
||||
@ -51,7 +43,8 @@ jobs:
|
||||
git diff > .github-pr.x-add-version.diff
|
||||
git reset HEAD~ --mixed
|
||||
|
||||
- uses: actions/github-script@v6
|
||||
- name: Generate Reply
|
||||
uses: actions/github-script@v6
|
||||
with:
|
||||
script: |
|
||||
const { promises: fs } = require('fs')
|
||||
@ -64,84 +57,79 @@ jobs:
|
||||
const deprecated_license = (await fs.readFile('.github-pr.deprecated-license', 'utf8')).trim()
|
||||
|
||||
let approve = true;
|
||||
var output = ''
|
||||
if (format !== "") {
|
||||
output += "<details><summary><b>All manifest files must be formatted</b></summary>\n\n"
|
||||
output += "`./vcpkg format-manifest ports/*/vcpkg.json`\n"
|
||||
output += "<details><summary><b>Diff</b></summary>\n\n"
|
||||
output += "```diff\n" + format + "\n```\n"
|
||||
output += "</details></details>\n\n"
|
||||
var format_output = '';
|
||||
format_output += "All vcpkg.json files must be formatted. To fix this problem, run:\n";
|
||||
format_output += "./vcpkg format-manifest ports/*/vcpkg.json\n";
|
||||
format_output += "\n";
|
||||
format_output += "It should make the following changes:";
|
||||
format_output += "```diff\n" + format + "\n```";
|
||||
core.error(format_output);
|
||||
approve = false;
|
||||
}
|
||||
if (add_version_out !== "") {
|
||||
output += "<details><summary><b>PRs must add only one version and must not modify any published versions</b></summary>\n\n"
|
||||
output += "When making any changes to a library, the version or port-version in `vcpkg.json` or `CONTROL` must be modified.\n"
|
||||
output += "```\n" + add_version_out + "\n```\n</details>\n\n"
|
||||
var add_version_output = '';
|
||||
add_version_output += "PRs must add only one version, and must not modify any published versions.\n";
|
||||
add_version_output += "When making any changes to a library, the version or port-version in vcpkg.json must be modified, and the version database updated.\n";
|
||||
add_version_output += "Making the following changes will fix this problem:";
|
||||
add_version_output += "```diff\n" + add_version_out + "\n```";
|
||||
core.error(add_version_output);
|
||||
approve = false;
|
||||
}
|
||||
if (version_string_out !== "") {
|
||||
output += version_string_out + "\n\n"
|
||||
core.warning(version_string_out);
|
||||
}
|
||||
if (add_version !== "") {
|
||||
output += "<details><summary><b>After committing all other changes, the version database must be updated</b></summary>\n\n"
|
||||
output += "```sh\n"
|
||||
output += "git add -u && git commit\n"
|
||||
output += "git checkout ${{ github.event.pull_request.base.sha }} -- versions\n"
|
||||
output += "./vcpkg x-add-version --all\n"
|
||||
output += "```\n"
|
||||
output += "<details><summary><b>Diff</b></summary>\n\n"
|
||||
output += "```diff\n" + add_version + "\n```\n"
|
||||
output += "</details></details>\n\n"
|
||||
var update_version_db_output = '';
|
||||
update_version_db_output += "After committing all other changes, the version database must be updated.\n";
|
||||
update_version_db_output += "This can be done by running the following commands after committing your changes:\n"
|
||||
update_version_db_output += "\n"
|
||||
update_version_db_output += "git add -u && git commit\n"
|
||||
update_version_db_output += "git checkout ${{ github.event.pull_request.base.sha }} -- versions\n"
|
||||
update_version_db_output += "./vcpkg x-add-version --all"
|
||||
core.error(update_version_db_output);
|
||||
approve = false;
|
||||
}
|
||||
if (cmake !== "") {
|
||||
output += "You have modified or added at least one portfile where deprecated functions are used.\n"
|
||||
output += "<details>\n\n"
|
||||
output += "If you feel able to do so, please consider migrating them to the new functions:\n"
|
||||
output += " `vcpkg_install_cmake` -> `vcpkg_cmake_install` (from port `vcpkg-cmake`)\n"
|
||||
output += " `vcpkg_build_cmake` -> `vcpkg_cmake_build` (from port `vcpkg-cmake`)\n"
|
||||
output += " `vcpkg_configure_cmake` -> `vcpkg_cmake_configure` (Please remove the option `PREFER_NINJA`) (from port `vcpkg-cmake`)\n"
|
||||
output += " `vcpkg_fixup_cmake_targets` -> `vcpkg_cmake_config_fixup` (from port `vcpkg-cmake-config`)\n"
|
||||
output += " `vcpkg_extract_source_archive_ex` -> [`vcpkg_extract_source_archive`](https://github.com/microsoft/vcpkg/blob/master/docs/maintainers/vcpkg_extract_source_archive.md)\n"
|
||||
output += " `vcpkg_build_msbuild` -> [`vcpkg_install_msbuild`](https://github.com/microsoft/vcpkg/blob/master/docs/maintainers/vcpkg_install_msbuild.md)\n"
|
||||
output += " `vcpkg_copy_tool_dependencies` -> [`vcpkg_copy_tools`](https://github.com/microsoft/vcpkg/blob/master/docs/maintainers/vcpkg_copy_tools.md)\n"
|
||||
output += " `vcpkg_apply_patches` should be replaced by the `PATCHES` arguments to the \"extract\" helpers (e.g. [`vcpkg_from_github()`](https://github.com/microsoft/vcpkg/blob/master/docs/maintainers/vcpkg_from_github.md))\n"
|
||||
output += "\n"
|
||||
output += "In the ports that use the new function, you have to add the corresponding dependencies:\n"
|
||||
output += "```json\n"
|
||||
output += '{\n "name": "vcpkg-cmake",\n "host": true\n},\n'
|
||||
output += '{\n "name": "vcpkg-cmake-config",\n "host": true\n}\n'
|
||||
output += "```\n"
|
||||
output += `The following files are affected:\n${cmake}\n`
|
||||
output += "</details>\n\n"
|
||||
var deprecated_output = '';
|
||||
deprecated_output += "You have modified or added at least one portfile where deprecated functions are used.\n"
|
||||
deprecated_output += "If you feel able to do so, please consider migrating them to the new functions:\n";
|
||||
deprecated_output += " vcpkg_install_cmake -> vcpkg_cmake_install (from port vcpkg-cmake)\n";
|
||||
deprecated_output += " vcpkg_build_cmake -> vcpkg_cmake_build (from port vcpkg-cmake)\n";
|
||||
deprecated_output += " vcpkg_configure_cmake -> vcpkg_cmake_configure (Please remove the option PREFER_NINJA) (from port vcpkg-cmake)\n";
|
||||
deprecated_output += " vcpkg_fixup_cmake_targets -> vcpkg_cmake_config_fixup (from port vcpkg-cmake-config)\n";
|
||||
deprecated_output += " vcpkg_extract_source_archive_ex -> vcpkg_extract_source_archive https://learn.microsoft.com/en-us/vcpkg/maintainers/functions/vcpkg_extract_source_archive\n";
|
||||
deprecated_output += " vcpkg_build_msbuild -> vcpkg_install_msbuild https://learn.microsoft.com/en-us/vcpkg/maintainers/functions/vcpkg_install_msbuild\n";
|
||||
deprecated_output += " vcpkg_copy_tool_dependencies -> vcpkg_copy_tools https://learn.microsoft.com/en-us/vcpkg/maintainers/functions/vcpkg_copy_tools\n";
|
||||
deprecated_output += " vcpkg_apply_patches should be replaced by the PATCHES arguments to the \"extract\" helpers (for example, vcpkg_from_github() (https://learn.microsoft.com/en-us/vcpkg/maintainers/functions/vcpkg_from_github))\n";
|
||||
deprecated_output += "\n";
|
||||
deprecated_output += "In the ports that use the new function, you have to add the corresponding dependencies:\n";
|
||||
deprecated_output += "```json\n";
|
||||
deprecated_output += '{\n "name": "vcpkg-cmake",\n "host": true\n},\n'
|
||||
deprecated_output += '{\n "name": "vcpkg-cmake-config",\n "host": true\n}\n';
|
||||
deprecated_output += "```\n";
|
||||
deprecated_output += `The following files are affected:\n${cmake}`;
|
||||
core.warning(deprecated_output);
|
||||
}
|
||||
|
||||
if (missing_license !== "" || deprecated_license !== "") {
|
||||
output += 'You have modified or added at least one vcpkg.json where you should check the `license` field.\n'
|
||||
output += "<details>\n\n"
|
||||
var license_output = '';
|
||||
license_output += 'You have modified or added at least one vcpkg.json where you should check the \"license\" field.\n'
|
||||
if (missing_license !== "") {
|
||||
output += 'If you feel able to do so, please consider adding a "license" field to the following files:\n'
|
||||
output += missing_license
|
||||
output += "\n\nValid values for the license field can be found in the [documentation](https://github.com/microsoft/vcpkg/blob/master/docs/maintainers/manifest-files.md#license)\n\n"
|
||||
license_output += 'If you feel able to do so, please consider adding a "license" field to the following files:\n'
|
||||
license_output += missing_license
|
||||
license_output += "\n\nValid values for the license field can be found at https://learn.microsoft.com/en-us/vcpkg/reference/vcpkg-json#license\n\n"
|
||||
}
|
||||
if (deprecated_license !== "") {
|
||||
output += 'If you feel able to do so, please consider replacing the deprecated license identifiers in the following files:\n'
|
||||
output += deprecated_license
|
||||
output += "\n\nDeprecated and non deprecated license identifiers can be found [here](https://spdx.github.io/spdx-spec/SPDX-license-list/#a3-deprecated-licenses)\n"
|
||||
license_output += 'If you feel able to do so, please consider replacing the deprecated license identifiers in the following files:\n'
|
||||
license_output += deprecated_license
|
||||
license_output += "\n\nDeprecated and non deprecated license identifiers can be found at https://spdx.org/licenses/#deprecated\n"
|
||||
The old link is now 404
|
||||
}
|
||||
output += "</details>\n\n"
|
||||
|
||||
core.warning(license_output);
|
||||
}
|
||||
|
||||
if (approve) {
|
||||
await fs.writeFile("pr/event", "APPROVE")
|
||||
} else {
|
||||
output = "_This is a new experimental fast check for PR issues. Please let us know if this bot is helpful!_\n\n" + output
|
||||
await fs.writeFile("pr/event", "REQUEST_CHANGES")
|
||||
if (!approve) {
|
||||
process.exitCode = 1;
|
||||
}
|
||||
await fs.writeFile("pr/body", output)
|
||||
|
||||
console.log(output);
|
||||
|
||||
- uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: pr
|
||||
path: pr/
|
||||
|
Loading…
x
Reference in New Issue
Block a user