diff --git a/.github/workflows/adapter-code-coverage-upload.yml b/.github/workflows/adapter-code-coverage-upload.yml new file mode 100644 index 00000000000..3e515768927 --- /dev/null +++ b/.github/workflows/adapter-code-coverage-upload.yml @@ -0,0 +1,103 @@ +name: Adapter Code Coverage Upload + +on: + workflow_run: + workflows: ["Adapter Code Coverage"] + types: + - completed + +permissions: + contents: write + pull-requests: write + +jobs: + upload-coverage: + runs-on: ubuntu-latest + if: github.event.workflow_run.conclusion == 'success' + steps: + - name: Download Coverage Artifacts + uses: actions/download-artifact@v4 + with: + name: coverage-results + path: coverage-results + run-id: ${{ github.event.workflow_run.id }} + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Check Artifacts Exist + id: check_artifacts + run: | + if [ -d "coverage-results/metadata" ]; then + echo "has_artifacts=true" >> $GITHUB_OUTPUT + echo "pr_number=$(cat coverage-results/metadata/pr_number)" >> $GITHUB_OUTPUT + echo "head_sha=$(cat coverage-results/metadata/head_sha)" >> $GITHUB_OUTPUT + echo "directories=$(cat coverage-results/metadata/directories)" >> $GITHUB_OUTPUT + else + echo "has_artifacts=false" >> $GITHUB_OUTPUT + fi + + - name: Checkout Coverage Preview Branch + if: steps.check_artifacts.outputs.has_artifacts == 'true' + uses: actions/checkout@v4 + with: + fetch-depth: 0 + ref: coverage-preview + repository: prebid/prebid-server + + - name: Upload Coverage Results + if: steps.check_artifacts.outputs.has_artifacts == 'true' + id: commit_coverage + run: | + directory=.github/preview/${{ github.event.workflow_run.id }}_$(date +%s) + mkdir -p $directory + cp -r coverage-results/*.html ./$directory 2>/dev/null || true + cp -r coverage-results/*.txt ./$directory 2>/dev/null || true + + # Check if there are files to commit + if [ -z "$(ls -A $directory 2>/dev/null)" ]; then + echo "No coverage files to upload" + echo "has_files=false" >> $GITHUB_OUTPUT + exit 0 + fi + + git config --global user.name "github-actions[bot]" + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git add $directory/* + git commit -m 'Add coverage files' + git push origin coverage-preview + echo "remote_coverage_preview_dir=${directory}" >> $GITHUB_OUTPUT + echo "has_files=true" >> $GITHUB_OUTPUT + + # Checkout master branch to access the helper script at + # .github/workflows/helpers/pull-request-utils.js + # which may not exist on the coverage-preview branch + - name: Checkout Master Branch + if: steps.check_artifacts.outputs.has_artifacts == 'true' && steps.commit_coverage.outputs.has_files == 'true' + uses: actions/checkout@v4 + with: + ref: master + repository: prebid/prebid-server + + - name: Add Coverage Summary To Pull Request + if: steps.check_artifacts.outputs.has_artifacts == 'true' && steps.commit_coverage.outputs.has_files == 'true' + uses: actions/github-script@v7 + with: + script: | + const fs = require('fs'); + const utils = require('./.github/workflows/helpers/pull-request-utils.js') + + const prNumber = parseInt('${{ steps.check_artifacts.outputs.pr_number }}'); + const headSha = '${{ steps.check_artifacts.outputs.head_sha }}'; + const remoteCoverageDir = '${{ steps.commit_coverage.outputs.remote_coverage_preview_dir }}'; + const adapterDirectories = JSON.parse('${{ steps.check_artifacts.outputs.directories }}'); + + // Read coverage text files for summary + const tmpCoverageDir = 'coverage-results'; + + const helper = utils.coverageHelper({ + github, + context: { payload: { pull_request: { number: prNumber } } }, + headSha: headSha, + tmpCoverageDir: tmpCoverageDir, + remoteCoverageDir: remoteCoverageDir + }) + await helper.AddCoverageSummary(adapterDirectories) diff --git a/.github/workflows/adapter-code-coverage.yml b/.github/workflows/adapter-code-coverage.yml index 10dd9e89773..a2be8d190b5 100644 --- a/.github/workflows/adapter-code-coverage.yml +++ b/.github/workflows/adapter-code-coverage.yml @@ -1,12 +1,11 @@ name: Adapter Code Coverage on: - pull_request_target: + pull_request: paths: ["adapters/*/*.go"] permissions: - pull-requests: write - contents: write + contents: read jobs: run-coverage: @@ -21,8 +20,6 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 - ref: ${{github.event.pull_request.head.ref}} - repository: ${{github.event.pull_request.head.repo.full_name}} - name: Discover Adapter Directories id: get_directories @@ -30,7 +27,7 @@ jobs: with: result-encoding: string script: | - const utils = require('./.github/workflows/helpers/pull-request-utils.js') + const utils = require('./.github/workflows/helpers/pull-request-utils.js') function directoryExtractor(filepath, status) { // extract directory name only if file is not removed and file is in adapters directory if (status != "removed" && filepath.startsWith("adapters/") && filepath.split("/").length > 2) { @@ -56,7 +53,7 @@ jobs: # generate coverage for adapter cd ./adapters - for directory in $directories; do + for directory in $directories; do cd $directory coverage_profile_path="${PWD}/${directory}.out" go test -coverprofile="${coverage_profile_path}" @@ -66,46 +63,18 @@ jobs: done echo "coverage_dir=${temp_dir}" >> $GITHUB_OUTPUT - # remove pull request branch files - cd .. - rm -f -r ./* - - - name: Checkout Coverage Preview Branch - uses: actions/checkout@v4 - with: - fetch-depth: 0 - ref: coverage-preview - repository: prebid/prebid-server - - - name: Upload Coverage Results + - name: Save PR Context if: steps.run_coverage.outputs.coverage_dir != '' - id: commit_coverage run: | - directory=.github/preview/${{ github.run_id }}_$(date +%s) - mkdir -p $directory - cp -r ${{ steps.run_coverage.outputs.coverage_dir }}/*.html ./$directory - git config --global user.name "github-actions[bot]" - git config --global user.email "github-actions[bot]@users.noreply.github.com" - git add $directory/* - git commit -m 'Add coverage files' - git push origin coverage-preview - echo "remote_coverage_preview_dir=${directory}" >> $GITHUB_OUTPUT + mkdir -p ${{ steps.run_coverage.outputs.coverage_dir }}/metadata + echo '${{ github.event.pull_request.number }}' > ${{ steps.run_coverage.outputs.coverage_dir }}/metadata/pr_number + echo '${{ github.event.pull_request.head.sha }}' > ${{ steps.run_coverage.outputs.coverage_dir }}/metadata/head_sha + echo '${{ steps.get_directories.outputs.result }}' > ${{ steps.run_coverage.outputs.coverage_dir }}/metadata/directories - - name: Checkout Master Branch - if: steps.get_directories.outputs.result != '' - run: git checkout master - - - name: Add Coverage Summary To Pull Request - if: steps.run_coverage.outputs.coverage_dir != '' && steps.commit_coverage.outputs.remote_coverage_preview_dir != '' - uses: actions/github-script@v7 + - name: Upload Coverage Artifacts + if: steps.run_coverage.outputs.coverage_dir != '' + uses: actions/upload-artifact@v4 with: - script: | - const utils = require('./.github/workflows/helpers/pull-request-utils.js') - const helper = utils.coverageHelper({ - github, context, - headSha: '${{ github.event.pull_request.head.sha }}', - tmpCoverageDir: '${{ steps.run_coverage.outputs.coverage_dir }}', - remoteCoverageDir: '${{ steps.commit_coverage.outputs.remote_coverage_preview_dir }}' - }) - const adapterDirectories = JSON.parse('${{ steps.get_directories.outputs.result }}') - await helper.AddCoverageSummary(adapterDirectories) + name: coverage-results + path: ${{ steps.run_coverage.outputs.coverage_dir }} + retention-days: 1 diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index 55fba5ee287..3c754fda90f 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -1,11 +1,12 @@ name: Adapter Semgrep Check on: - pull_request_target: + pull_request: paths: ["adapters/*/*.go"] -permissions: - pull-requests: write +permissions: + contents: read + pull-requests: write jobs: semgrep-check: @@ -15,8 +16,6 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 - ref: ${{github.event.pull_request.head.ref}} - repository: ${{github.event.pull_request.head.repo.full_name}} - name: Calculate Code Diff id: calculate_diff