From 6b5be60ed578da07bb827010c5fd79abe2ca7507 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Yusuf=20K=C3=B6r?= Date: Fri, 28 Feb 2025 11:41:40 +0100 Subject: [PATCH 1/5] Implement a Github Action Workflow Log Processor Workflow --- .github/workflows/fetch_and_log.yaml | 76 +++++++++++++--------------- 1 file changed, 35 insertions(+), 41 deletions(-) diff --git a/.github/workflows/fetch_and_log.yaml b/.github/workflows/fetch_and_log.yaml index cec77cf..fd549e5 100644 --- a/.github/workflows/fetch_and_log.yaml +++ b/.github/workflows/fetch_and_log.yaml @@ -9,7 +9,7 @@ jobs: fetch-workflows: runs-on: ubuntu-latest outputs: - workflow_ids: ${{ steps.fetch-ids.outputs.workflow_ids }} + workflow_ids: ${{ steps.fetch-unprocessed-run-ids.outputs.workflow_ids }} steps: - name: Get Last Processed Run ID @@ -24,54 +24,48 @@ jobs: - name: Fetch Unprocessed Workflow Runs id: fetch-unprocessed-run-ids run: | - HOURS=1 - # WORKFLOW_IDS=$(gh run list --repo $GITHUB_REPOSITORY --limit 100 --json databaseId,status,createdAt --jq '[.[] | select(.createdAt > (now - (1 * 3600))) | .databaseId] | @json') - # LAST_RUN_ID=$(echo $WORKFLOW_IDS | jq '.[-1]') - - WORKFLOW_IDS=$(gh run list --repo $GITHUB_REPOSITORY --limit 100 --json databaseId,createdAt --jq "[.[] | select(.databaseId > $LAST_PROCESSED_RUN_ID) | .databaseId] | @json") - LAST_RUN_ID=$(echo $WORKFLOW_IDS | jq '.[-1]') # Store the highest run ID - - echo "LAST_RUN_ID=$LAST_RUN_ID" >> $GITHUB_ENV + # TODO: We need to address an important issue where workflow runs that are currently in progress may be included. + # These should be excluded from processing, and we should revisit them in the next run once they have finished. + WORKFLOW_IDS=$(gh run list --repo $GITHUB_REPOSITORY --limit 100 --json databaseId,createdAt,displayTitle --jq "[.[] | select(.databaseId > $LAST_PROCESSED_RUN_ID and .displayTitle != \"Fetch and Log Workflow Runs\")] | sort_by(.databaseId) | [.[].databaseId] | @json") + echo "Workflow runs to process: $WORKFLOW_IDS" echo "workflow_ids=$WORKFLOW_IDS" >> $GITHUB_OUTPUT env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + process-workflows: + needs: fetch-workflows + runs-on: ubuntu-latest + if: ${{ needs.fetch-workflows.outputs.workflow_ids != '[]' && needs.fetch-workflows.outputs.workflow_ids != '' }} + strategy: + matrix: + run_id: ${{ fromJson(needs.fetch-workflows.outputs.workflow_ids || '[]') }} + max-parallel: 1 + steps: + - name: Workflow Run to Process + run: + echo ${{ matrix.run_id }} + + # - name: Send Workflow Logs to Splunk + # uses: ykoer/github-workflow-splunk-logger@dev + # with: + # github_token: ${{ secrets.GITHUB_TOKEN }} + # splunk_url: ${{ vars.HEC_URL }} + # splunk_token: ${{ secrets.HEC_TOKEN }} + # run_id: ${{ matrix.run_id }} - - name: Save Last Processed Run ID + - name: Save Processed Run ID if: success() run: | - gh secret set LAST_PROCESSED_ID --repo $GITHUB_REPOSITORY --body "$LAST_RUN_ID" + gh variable set LAST_PROCESSED_RUN_ID --repo $GITHUB_REPOSITORY --body "${{ matrix.run_id }}" env: GH_TOKEN: ${{ secrets.GH_PAT }} - - process-logs: + + + # Add a fallback job that runs when there are no workflow Run's to process + process-workflows-empty: needs: fetch-workflows runs-on: ubuntu-latest - # strategy: - # matrix: - # run_id: ${{ fromJson(needs.fetch-workflows.outputs.workflow_ids || '[]') }} + if: ${{ needs.fetch-workflows.outputs.workflow_ids == '[]' || needs.fetch-workflows.outputs.workflow_ids == '' }} steps: - # - run: - # echo ${{ matrix.run_id }} - - run: | - echo "processing logs...." - echo "-----------------" - echo ${{ needs.fetch-workflows.outputs.workflow_ids }} - echo "-----------------" - echo ${{ fromJson(needs.fetch-workflows.outputs.workflow_ids || '[]') }} - echo "-----------------" - -# process-logs: -# needs: fetch-workflows -# runs-on: ubuntu-latest -# strategy: -# matrix: -# run_id: ${{ fromJson(needs.fetch-workflows.outputs.workflow_ids) }} - -# steps: -# - name: Send Workflow Logs to Splunk -# uses: ykoer/github-workflow-splunk-logger@dev -# with: -# github_token: ${{ secrets.GITHUB_TOKEN }} -# splunk_url: ${{ vars.HEC_URL }} -# splunk_token: ${{ secrets.HEC_TOKEN }} -# run_id: ${{ matrix.run_id }} \ No newline at end of file + - name: No workflows to process + run: echo "No new workflow runs to process" From 101b3b0e1974e29437b87c144d2d2e3e14a92104 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Yusuf=20K=C3=B6r?= Date: Thu, 6 Feb 2025 10:11:53 +0100 Subject: [PATCH 2/5] Testing full validation via a label --- .github/workflows/validate.yaml | 114 ++++++++++++++++++++++++++++++++ 1 file changed, 114 insertions(+) create mode 100644 .github/workflows/validate.yaml diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml new file mode 100644 index 0000000..afb1408 --- /dev/null +++ b/.github/workflows/validate.yaml @@ -0,0 +1,114 @@ + +on: + pull_request: + types: [synchronize, opened, reopened, labeled] + +permissions: + pull-requests: write + +# concurrency: +# group: ${{ github.workflow }}-${{ github.ref }} +# cancel-in-progress: true + +jobs: + validate: + name: 'Validate Changed Packages' + if: github.event.action == 'labeled' && contains(github.event.pull_request.labels.*.name, 'run-full-validation') + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Run Validation Script + run: | + echo "Running validation because 'full validation' label was added" + # Add your validation logic here (e.g., linting, testing) + + sleep 30 + exit 0 + + - name: Remove Label using GitHub CLI + run: gh pr edit ${{ github.event.pull_request.number }} --remove-label run-full-validation" + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # - name: 'Remove label' + # if: always() + # run: | + # PR_NUMBER=${{ github.event.pull_request.number }} + # REPO=${{ github.repository }} + # LABEL="full validation" + + # # URL-encodes the label by replacing special characters with their percent-encoded equivalents. + # ENCODED_FULL_VALIDATION_LABEL=$(printf "%s" "${{ env.FULL_VALIDATION_LABEL }}" | sed -e 's/ /%20/g' -e 's/:/%3A/g' -e 's/\//%2F/g' -e 's/?/%3F/g' -e 's/&/%26/g' -e 's/=/%3D/g') + + # HTTP_RESPONSE=$(curl -s -o response.txt -w "%{http_code}" -X DELETE \ + # -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ + # -H "Accept: application/vnd.github.v3+json" \ + # "https://api.github.com/repos/$REPO/issues/$PR_NUMBER/labels/${ENCODED_FULL_VALIDATION_LABEL}") + + # # Check if the HTTP response code is not 2xx and fail the step + # if [[ $HTTP_RESPONSE -lt 200 || $HTTP_RESPONSE -ge 300 ]]; then + # echo "Failed to remove label. HTTP Status: $HTTP_RESPONSE" + # exit 1 + # fi + + static-check: + name: 'See if Static Analysis should run' + runs-on: ubuntu-latest + + outputs: + all-changed-files: ${{ steps.changed-files.outputs.all_changed_and_modified_files }} + + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Get all changed files for this PR + id: changed-files + run: | + # Simulating output for debugging purposes + echo "all_changed_and_modified_files=file1.txt,file2.txt,file3.txt" + echo "::set-output name=all_changed_and_modified_files::file1.txt,file2.txt,file3.txt" + + - name: List changed files, skipping this job if there are no files to analyze + run: | + if [ "${{ steps.changed-files.outputs.all_changed_and_modified_files }}" == "" ]; then + echo 'No files eligible for scanning were changed. Skipping Static Analysis.' + exit 0 + else + echo ${{ steps.changed-files.outputs.all_changed_and_modified_files }} + fi + + static: + name: 'Run Static Analysis' + runs-on: ubuntu-latest + needs: static-check + if: needs.static-check.outputs.all-changed-files != '' + + steps: + - name: Check the outputs to determine whether to fail + run: echo "Running static analyzer" + +# remove-label: +# needs: validate +# if: always() # Ensures this runs even if validation fails +# runs-on: ubuntu-latest + +# steps: +# - name: Remove 'needs-validation' label +# run: | +# PR_NUMBER=${{ github.event.pull_request.number }} +# REPO=${{ github.repository }} +# LABEL="full validation" +# ENCODED_LABEL=$(printf "%s" "$LABEL" | sed -e 's/ /%20/g' -e 's/:/%3A/g' -e 's/\//%2F/g' -e 's/?/%3F/g' -e 's/&/%26/g' -e 's/=/%3D/g') + +# echo $ENCODED_LABEL +# echo "https://api.github.com/repos/$REPO/issues/$PR_NUMBER/labels/$ENCODED_LABEL" +# curl -X DELETE -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ +# -H "Accept: application/vnd.github.v3+json" \ +# "https://api.github.com/repos/$REPO/issues/$PR_NUMBER/labels/${ENCODED_LABEL}" \ No newline at end of file From e5221caa3697c1801e9258cd124c64bebc373fbe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Yusuf=20K=C3=B6r?= Date: Thu, 6 Feb 2025 10:14:40 +0100 Subject: [PATCH 3/5] wip --- .github/workflows/validate.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml index afb1408..7bde007 100644 --- a/.github/workflows/validate.yaml +++ b/.github/workflows/validate.yaml @@ -31,9 +31,10 @@ jobs: exit 0 - name: Remove Label using GitHub CLI - run: gh pr edit ${{ github.event.pull_request.number }} --remove-label run-full-validation" - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + curl -X DELETE -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ + -H "Accept: application/vnd.github.v3+json" \ + "https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels/run-full-validation" # - name: 'Remove label' # if: always() From 539a14445eadba38e4be64a3017a5e1de64577ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Yusuf=20K=C3=B6r?= Date: Thu, 6 Feb 2025 10:36:17 +0100 Subject: [PATCH 4/5] wip --- .github/workflows/validate.yaml | 37 ++++++++++++++++++++++++++++++--- 1 file changed, 34 insertions(+), 3 deletions(-) diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml index 7bde007..f8e9934 100644 --- a/.github/workflows/validate.yaml +++ b/.github/workflows/validate.yaml @@ -12,8 +12,11 @@ permissions: jobs: validate: - name: 'Validate Changed Packages' - if: github.event.action == 'labeled' && contains(github.event.pull_request.labels.*.name, 'run-full-validation') + name: 'Validate Changed Packages - Github Hosted' + if: > + github.event.action == 'labeled' && + contains(github.event.pull_request.labels.*.name, 'run-full-validation') && + !contains(github.event.pull_request.labels.*.name, 'long-run') runs-on: ubuntu-latest steps: @@ -30,7 +33,35 @@ jobs: sleep 30 exit 0 - - name: Remove Label using GitHub CLI + - name: 'Remove label' + run: | + curl -X DELETE -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ + -H "Accept: application/vnd.github.v3+json" \ + "https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels/run-full-validation" + + validate-self-hosted: + name: 'Validate Changed Packages- Self-Hosted' + if: > + github.event.action == 'labeled' && + contains(github.event.pull_request.labels.*.name, 'run-full-validation') && + contains(github.event.pull_request.labels.*.name, 'long-run') + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Run Validation Script + run: | + echo "Running validation because 'full validation' label was added" + # Add your validation logic here (e.g., linting, testing) + + sleep 30 + exit 0 + + - name: 'Remove label' run: | curl -X DELETE -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ -H "Accept: application/vnd.github.v3+json" \ From 47320dda16ca800930db222000d502ea572104a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Yusuf=20K=C3=B6r?= Date: Thu, 6 Feb 2025 10:39:29 +0100 Subject: [PATCH 5/5] wip --- .github/workflows/validate.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml index f8e9934..1702877 100644 --- a/.github/workflows/validate.yaml +++ b/.github/workflows/validate.yaml @@ -90,6 +90,7 @@ jobs: static-check: name: 'See if Static Analysis should run' + if: github.event.action != 'labeled' runs-on: ubuntu-latest outputs: