Check Pull Requests 3208 #3833
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Check Pull Requests | |
| on: | |
| repository_dispatch: | |
| types: [pr] | |
| run-name: Check Pull Requests ${{ github.event.client_payload.data.number }} | |
| concurrency: | |
| group: pr-check-${{ github.event.client_payload.data.sha }} | |
| cancel-in-progress: true | |
| jobs: | |
| gen-matrix: | |
| runs-on: ubuntu-24.04 | |
| outputs: | |
| matrix: ${{ steps.set-matrix.outputs.matrix }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| repository: eweOS/packages | |
| ref: ${{ github.event.client_payload.data.sha }} | |
| - id: set-matrix | |
| run: | | |
| export arch=$(. ./PKGBUILD && printf '%s\n' "${arch[@]}" | grep -v 'riscv64' | grep -v 'loongarch64' | sed 's/x86_64/amd64/; s/aarch64/arm64/; s/any/amd64/' | jq -R -s -c 'split("\n")[:-1]') | |
| export runson=$(. ./PKGBUILD && printf '%s\n' "${arch[@]}" | grep -v 'riscv64' | grep -v 'loongarch64' | sed 's/x86_64/amd64/; s/aarch64/arm64/; s/any/amd64/' | while read -r arch; do echo "$([ "$arch" = "arm64" ] && echo "ubuntu-24.04-arm" || echo "ubuntu-24.04")"; done | jq -R -s -c 'split("\n")[:-1]') | |
| matrix=$(jq -c -n --argjson arch "$arch" --argjson runson "$runson" '{"include": [range($arch|length) | {"arch": $arch[.], "runson": $runson[.]}] }') | |
| echo "::set-output name=matrix::$matrix" | |
| checknamcap: | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| checks: write | |
| steps: | |
| - uses: tibdex/github-app-token@v2 | |
| id: gettoken1 | |
| with: | |
| app_id: 337143 | |
| private_key: ${{ secrets.GH_APP_PRIVKEY }} | |
| - name: Get Current Job Log URL | |
| uses: Tiryoh/gha-jobid-action@v1 | |
| id: getjob | |
| with: | |
| github_token: ${{ steps.gettoken1.outputs.token }} | |
| job_name: ${{ github.job }} | |
| - name: Create check on PR | |
| uses: LouisBrunner/[email protected] | |
| id: getcheck | |
| with: | |
| token: ${{ steps.gettoken1.outputs.token }} | |
| name: Check PKGBUILD using namcap | |
| repo: eweOS/packages | |
| sha: ${{ github.event.client_payload.data.sha }} | |
| status: queued | |
| details_url: ${{ steps.getjob.outputs.html_url }} | |
| - uses: actions/checkout@v4 | |
| with: | |
| repository: eweOS/packages | |
| ref: ${{ github.event.client_payload.data.sha }} | |
| - name: Flag progress | |
| uses: LouisBrunner/[email protected] | |
| with: | |
| repo: eweOS/packages | |
| token: ${{ steps.gettoken1.outputs.token }} | |
| check_id: ${{ steps.getcheck.outputs.check_id }} | |
| status: in_progress | |
| details_url: ${{ steps.getjob.outputs.html_url }} | |
| - name: Run namcap | |
| run: >- | |
| docker run | |
| --rm | |
| -v $(pwd):/${{ github.workspace }} | |
| -w ${{ github.workspace }} | |
| ghcr.io/eweos/docker:master | |
| bash -c " | |
| pacman -Syu --noconfirm && | |
| pacman -Sy --noconfirm namcap && | |
| namcap -e splitpkgmakedeps ./PKGBUILD 2>&1 | tee namcap.log && | |
| grep '' namcap.log || echo namcap check successful, no error reported > namcap.log && | |
| set -euo pipefail && | |
| grep -v ' E: ' namcap.log | |
| " | |
| - uses: tibdex/github-app-token@v2 | |
| if: always() | |
| id: gettoken2 | |
| with: | |
| app_id: 337143 | |
| private_key: ${{ secrets.GH_APP_PRIVKEY }} | |
| - name: Flag results | |
| uses: LouisBrunner/[email protected] | |
| with: | |
| repo: eweOS/packages | |
| token: ${{ steps.gettoken2.outputs.token }} | |
| check_id: ${{ steps.getcheck.outputs.check_id }} | |
| status: completed | |
| conclusion: success | |
| details_url: ${{ steps.getjob.outputs.html_url }} | |
| output: | | |
| {"summary":"check successful"} | |
| output_text_description_file: namcap.log | |
| - name: Flag failure | |
| if: ${{ failure() }} | |
| uses: LouisBrunner/[email protected] | |
| with: | |
| repo: eweOS/packages | |
| token: ${{ steps.gettoken2.outputs.token }} | |
| check_id: ${{ steps.getcheck.outputs.check_id }} | |
| status: completed | |
| details_url: ${{ steps.getjob.outputs.html_url }} | |
| output: | | |
| {"summary":"check failed"} | |
| output_text_description_file: namcap.log | |
| conclusion: failure | |
| buildpackage: | |
| needs: gen-matrix | |
| strategy: | |
| matrix: ${{fromJson(needs.gen-matrix.outputs.matrix)}} | |
| runs-on: ${{ matrix.runson }} | |
| permissions: | |
| checks: write | |
| steps: | |
| - uses: tibdex/github-app-token@v2 | |
| id: gettoken1 | |
| with: | |
| app_id: 337143 | |
| private_key: ${{ secrets.GH_APP_PRIVKEY }} | |
| - name: Get Current Job Log URL | |
| uses: Tiryoh/gha-jobid-action@v1 | |
| id: getjob | |
| with: | |
| github_token: ${{ steps.gettoken1.outputs.token }} | |
| job_name: "buildpackage (${{ matrix.arch }}, ${{ matrix.runson }})" | |
| - name: Create check on PR | |
| uses: LouisBrunner/[email protected] | |
| id: getcheck | |
| with: | |
| token: ${{ steps.gettoken1.outputs.token }} | |
| name: Build package on ${{ matrix.arch }} | |
| repo: eweOS/packages | |
| sha: ${{ github.event.client_payload.data.sha }} | |
| status: queued | |
| details_url: ${{ steps.getjob.outputs.html_url }} | |
| - uses: actions/checkout@v3 | |
| with: | |
| repository: eweOS/packages | |
| ref: ${{ github.event.client_payload.data.sha }} | |
| - name: Flag progress | |
| uses: LouisBrunner/[email protected] | |
| with: | |
| repo: eweOS/packages | |
| token: ${{ steps.gettoken1.outputs.token }} | |
| check_id: ${{ steps.getcheck.outputs.check_id }} | |
| status: in_progress | |
| details_url: ${{ steps.getjob.outputs.html_url }} | |
| - name: Free Disk Space (Ubuntu) | |
| uses: jlumbroso/free-disk-space@main | |
| with: | |
| docker-images: false | |
| swap-storage: false | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v1 | |
| with: | |
| platforms: ${{ matrix.arch }} | |
| image: "tonistiigi/binfmt:qemu-v8.1.5" | |
| - name: Build in Docker | |
| run: | | |
| docker run \ | |
| --rm \ | |
| -v $(pwd):/${{ github.workspace }} \ | |
| -w ${{ github.workspace }} \ | |
| --platform linux/${{ matrix.arch }} \ | |
| ghcr.io/eweos/docker:buildenv \ | |
| bash -c "pacman -Syu --noconfirm && set -euo pipefail && makepkg -s --noconfirm 2>&1 | tee build.log" | |
| - uses: tibdex/github-app-token@v2 | |
| if: always() | |
| id: gettoken2 | |
| with: | |
| app_id: 337143 | |
| private_key: ${{ secrets.GH_APP_PRIVKEY }} | |
| - name: Conclude results | |
| if: always() | |
| run: | | |
| tail build.log -n 15 > build.tail.log | |
| ls ./*.pkg.* -l | tee result.md | |
| - name: Copy packages | |
| run: | | |
| mkdir -p results | |
| cp build.log results/ | |
| cp ./*.pkg.* results/ | |
| - name: Flag results | |
| uses: LouisBrunner/[email protected] | |
| with: | |
| repo: eweOS/packages | |
| token: ${{ steps.gettoken2.outputs.token }} | |
| check_id: ${{ steps.getcheck.outputs.check_id }} | |
| status: completed | |
| conclusion: success | |
| details_url: ${{ steps.getjob.outputs.html_url }} | |
| output: | | |
| {"summary":"build successful"} | |
| output_text_description_file: result.md | |
| - name: Replace invalid char in filename | |
| run: | | |
| find results -type f -exec bash -c 'x="{}"; mv "$x" "${x//:/-}"' \; | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: results-${{ matrix.arch }} | |
| path: results | |
| compression-level: 0 | |
| - name: Flag failure | |
| if: ${{ failure() }} | |
| uses: LouisBrunner/[email protected] | |
| with: | |
| repo: eweOS/packages | |
| token: ${{ steps.gettoken2.outputs.token }} | |
| check_id: ${{ steps.getcheck.outputs.check_id }} | |
| status: completed | |
| details_url: ${{ steps.getjob.outputs.html_url }} | |
| output: | | |
| {"summary":"build failed"} | |
| output_text_description_file: build.tail.log | |
| conclusion: failure | |
| - name: Flag cancelled | |
| if: ${{ cancelled() }} | |
| uses: LouisBrunner/[email protected] | |
| with: | |
| repo: eweOS/packages | |
| token: ${{ steps.gettoken2.outputs.token }} | |
| check_id: ${{ steps.getcheck.outputs.check_id }} | |
| status: completed | |
| details_url: ${{ steps.getjob.outputs.html_url }} | |
| output: | | |
| {"summary":"build cancelled"} | |
| conclusion: cancelled | |
| checkpackagefilesdiff: | |
| needs: [buildpackage, gen-matrix] | |
| strategy: | |
| matrix: ${{fromJson(needs.gen-matrix.outputs.matrix)}} | |
| runs-on: ${{ matrix.runson }} | |
| permissions: | |
| checks: write | |
| steps: | |
| - uses: tibdex/github-app-token@v2 | |
| id: gettoken1 | |
| with: | |
| app_id: 337143 | |
| private_key: ${{ secrets.GH_APP_PRIVKEY }} | |
| - name: Get Current Job Log URL | |
| uses: Tiryoh/gha-jobid-action@v1 | |
| id: getjob | |
| with: | |
| github_token: ${{ steps.gettoken1.outputs.token }} | |
| job_name: "checkpackagefilesdiff (${{ matrix.arch }}, ${{ matrix.runson }})" | |
| - name: Create check on PR | |
| uses: LouisBrunner/[email protected] | |
| id: getcheck | |
| with: | |
| token: ${{ steps.gettoken1.outputs.token }} | |
| name: Check package file diff on ${{ matrix.arch }} | |
| repo: eweOS/packages | |
| sha: ${{ github.event.client_payload.data.sha }} | |
| status: queued | |
| details_url: ${{ steps.getjob.outputs.html_url }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v1 | |
| with: | |
| platforms: ${{ matrix.arch }} | |
| image: "tonistiigi/binfmt:qemu-v8.1.5" | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: results-${{ matrix.arch }} | |
| path: new-packages | |
| - uses: actions/checkout@v4 | |
| with: | |
| repository: eweOS/workflow | |
| path: workflow | |
| - name: Flag progress | |
| uses: LouisBrunner/[email protected] | |
| with: | |
| repo: eweOS/packages | |
| token: ${{ steps.gettoken1.outputs.token }} | |
| check_id: ${{ steps.getcheck.outputs.check_id }} | |
| status: in_progress | |
| details_url: ${{ steps.getjob.outputs.html_url }} | |
| - name: Check in Docker | |
| run: | | |
| docker run \ | |
| --rm \ | |
| -v $(pwd):/${{ github.workspace }} \ | |
| -w ${{ github.workspace }} \ | |
| --platform linux/${{ matrix.arch }} \ | |
| ghcr.io/eweos/docker:buildenv \ | |
| bash -c "cd workflow && ./check_pkgdiff.sh ../new-packages" | |
| - uses: tibdex/github-app-token@v2 | |
| if: always() | |
| id: gettoken2 | |
| with: | |
| app_id: 337143 | |
| private_key: ${{ secrets.GH_APP_PRIVKEY }} | |
| - name: Strip long result | |
| run: | | |
| if [ $(cat "workflow/filediff.report.md" | wc -c) -gt 65000 ]; then | |
| head -c 65000 workflow/filediff.report.md > report.md | |
| echo '> too long, stripped.' >> report.md | |
| else | |
| cp workflow/filediff.report.md report.md | |
| fi | |
| - name: Flag results | |
| uses: LouisBrunner/[email protected] | |
| with: | |
| repo: eweOS/packages | |
| token: ${{ steps.gettoken2.outputs.token }} | |
| check_id: ${{ steps.getcheck.outputs.check_id }} | |
| status: completed | |
| conclusion: neutral | |
| details_url: ${{ steps.getjob.outputs.html_url }} | |
| output: | | |
| {"summary":"check successful"} | |
| output_text_description_file: report.md | |
| - name: Flag failure | |
| if: ${{ failure() }} | |
| uses: LouisBrunner/[email protected] | |
| with: | |
| repo: eweOS/packages | |
| token: ${{ steps.gettoken2.outputs.token }} | |
| check_id: ${{ steps.getcheck.outputs.check_id }} | |
| status: completed | |
| details_url: ${{ steps.getjob.outputs.html_url }} | |
| output: | | |
| {"summary":"check failed"} | |
| conclusion: failure | |
| - name: Flag cancelled | |
| if: ${{ cancelled() }} | |
| uses: LouisBrunner/[email protected] | |
| with: | |
| repo: eweOS/packages | |
| token: ${{ steps.gettoken2.outputs.token }} | |
| check_id: ${{ steps.getcheck.outputs.check_id }} | |
| status: completed | |
| details_url: ${{ steps.getjob.outputs.html_url }} | |
| output: | | |
| {"summary":"build cancelled"} | |
| conclusion: cancelled | |
| checkpackagesymsdiff: | |
| needs: [buildpackage, gen-matrix] | |
| strategy: | |
| matrix: ${{fromJson(needs.gen-matrix.outputs.matrix)}} | |
| runs-on: ${{ matrix.runson }} | |
| permissions: | |
| checks: write | |
| steps: | |
| - uses: tibdex/github-app-token@v2 | |
| id: gettoken1 | |
| with: | |
| app_id: 337143 | |
| private_key: ${{ secrets.GH_APP_PRIVKEY }} | |
| - name: Get Current Job Log URL | |
| uses: Tiryoh/gha-jobid-action@v1 | |
| id: getjob | |
| with: | |
| github_token: ${{ steps.gettoken1.outputs.token }} | |
| job_name: "checkpackagesymsdiff (${{ matrix.arch }}, ${{ matrix.runson }})" | |
| - name: Create check on PR | |
| uses: LouisBrunner/[email protected] | |
| id: getcheck | |
| with: | |
| token: ${{ steps.gettoken1.outputs.token }} | |
| name: Check package symbols diff on ${{ matrix.arch }} | |
| repo: eweOS/packages | |
| sha: ${{ github.event.client_payload.data.sha }} | |
| status: queued | |
| details_url: ${{ steps.getjob.outputs.html_url }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v1 | |
| with: | |
| platforms: ${{ matrix.arch }} | |
| image: "tonistiigi/binfmt:qemu-v8.1.5" | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: results-${{ matrix.arch }} | |
| path: new-packages | |
| - uses: actions/checkout@v4 | |
| with: | |
| repository: eweOS/workflow | |
| path: workflow | |
| - name: Flag progress | |
| uses: LouisBrunner/[email protected] | |
| with: | |
| repo: eweOS/packages | |
| token: ${{ steps.gettoken1.outputs.token }} | |
| check_id: ${{ steps.getcheck.outputs.check_id }} | |
| status: in_progress | |
| details_url: ${{ steps.getjob.outputs.html_url }} | |
| - name: Check in Docker | |
| run: | | |
| docker run \ | |
| --rm \ | |
| -v $(pwd):/${{ github.workspace }} \ | |
| -w ${{ github.workspace }} \ | |
| --platform linux/${{ matrix.arch }} \ | |
| ghcr.io/eweos/docker:buildenv \ | |
| bash -c "pacman -Sy --noconfirm curl && cd workflow && ./check_symdiff.sh ../new-packages" | |
| - uses: tibdex/github-app-token@v2 | |
| if: always() | |
| id: gettoken2 | |
| with: | |
| app_id: 337143 | |
| private_key: ${{ secrets.GH_APP_PRIVKEY }} | |
| - name: Strip long result | |
| run: | | |
| if [ $(cat "workflow/symdiff.report.md" | wc -c) -gt 65000 ]; then | |
| head -c 65000 workflow/symdiff.report.md > report.md | |
| echo '> too long, stripped.' >> report.md | |
| else | |
| cp workflow/symdiff.report.md report.md | |
| fi | |
| - name: Flag results | |
| uses: LouisBrunner/[email protected] | |
| with: | |
| repo: eweOS/packages | |
| token: ${{ steps.gettoken2.outputs.token }} | |
| check_id: ${{ steps.getcheck.outputs.check_id }} | |
| status: completed | |
| conclusion: neutral | |
| details_url: ${{ steps.getjob.outputs.html_url }} | |
| output: | | |
| {"summary":"check successful"} | |
| output_text_description_file: report.md | |
| - name: Flag failure | |
| if: ${{ failure() }} | |
| uses: LouisBrunner/[email protected] | |
| with: | |
| repo: eweOS/packages | |
| token: ${{ steps.gettoken2.outputs.token }} | |
| check_id: ${{ steps.getcheck.outputs.check_id }} | |
| status: completed | |
| details_url: ${{ steps.getjob.outputs.html_url }} | |
| output: | | |
| {"summary":"check failed"} | |
| conclusion: failure | |
| - name: Flag cancelled | |
| if: ${{ cancelled() }} | |
| uses: LouisBrunner/[email protected] | |
| with: | |
| repo: eweOS/packages | |
| token: ${{ steps.gettoken2.outputs.token }} | |
| check_id: ${{ steps.getcheck.outputs.check_id }} | |
| status: completed | |
| details_url: ${{ steps.getjob.outputs.html_url }} | |
| output: | | |
| {"summary":"build cancelled"} | |
| conclusion: cancelled | |
| checkpackagenamcap: | |
| needs: [buildpackage, gen-matrix] | |
| strategy: | |
| matrix: ${{fromJson(needs.gen-matrix.outputs.matrix)}} | |
| runs-on: ${{ matrix.runson }} | |
| permissions: | |
| checks: write | |
| steps: | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v1 | |
| with: | |
| platforms: ${{ matrix.arch }} | |
| image: "tonistiigi/binfmt:qemu-v8.1.5" | |
| - uses: tibdex/github-app-token@v2 | |
| id: gettoken1 | |
| with: | |
| app_id: 337143 | |
| private_key: ${{ secrets.GH_APP_PRIVKEY }} | |
| - name: Get Current Job Log URL | |
| uses: Tiryoh/gha-jobid-action@v1 | |
| id: getjob | |
| with: | |
| github_token: ${{ steps.gettoken1.outputs.token }} | |
| job_name: "checkpackagenamcap (${{ matrix.arch }}, ${{ matrix.runson }})" | |
| - name: Create check on PR | |
| uses: LouisBrunner/[email protected] | |
| id: getcheck | |
| with: | |
| token: ${{ steps.gettoken1.outputs.token }} | |
| name: Check package using namcap (${{ matrix.arch }}) | |
| repo: eweOS/packages | |
| sha: ${{ github.event.client_payload.data.sha }} | |
| status: queued | |
| details_url: ${{ steps.getjob.outputs.html_url }} | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: results-${{ matrix.arch }} | |
| path: packages | |
| - name: Flag progress | |
| uses: LouisBrunner/[email protected] | |
| with: | |
| repo: eweOS/packages | |
| token: ${{ steps.gettoken1.outputs.token }} | |
| check_id: ${{ steps.getcheck.outputs.check_id }} | |
| status: in_progress | |
| details_url: ${{ steps.getjob.outputs.html_url }} | |
| - name: Run namcap | |
| run: >- | |
| docker run | |
| --rm | |
| -v $(pwd):/${{ github.workspace }} | |
| -w ${{ github.workspace }} | |
| --platform linux/${{ matrix.arch }} | |
| ghcr.io/eweos/docker:buildenv | |
| bash -c " | |
| pacman -Syu --noconfirm && | |
| pacman -Sy --noconfirm namcap && | |
| (pacman -U --noconfirm ./packages/*.pkg.* || echo pacman E: failed to install package > namcap.log) && | |
| namcap -e elfgnurelro,elfnoshstk,sodepends,shebangdepends ./packages/*.pkg.* 2>&1 | tee -a namcap.log && | |
| (grep '' namcap.log || echo namcap check successful, no error reported > namcap.log) && | |
| set -euo pipefail && | |
| grep -v ' E: ' namcap.log | |
| " | |
| - name: Strip long result | |
| if: always() | |
| run: | | |
| if [ $(cat namcap.log | wc -c) -gt 65000 ]; then | |
| head -c 65000 namcap.log > namcap.log.result | |
| echo '' >> namcap.log.result | |
| echo '> too long, stripped.' >> namcap.log.result | |
| else | |
| cp namcap.log namcap.log.result | |
| fi | |
| - uses: tibdex/github-app-token@v2 | |
| if: always() | |
| id: gettoken2 | |
| with: | |
| app_id: 337143 | |
| private_key: ${{ secrets.GH_APP_PRIVKEY }} | |
| - name: Flag results | |
| uses: LouisBrunner/[email protected] | |
| with: | |
| repo: eweOS/packages | |
| token: ${{ steps.gettoken2.outputs.token }} | |
| check_id: ${{ steps.getcheck.outputs.check_id }} | |
| status: completed | |
| details_url: ${{ steps.getjob.outputs.html_url }} | |
| conclusion: success | |
| output: | | |
| {"summary":"check successful"} | |
| output_text_description_file: namcap.log.result | |
| - name: Flag failure | |
| if: ${{ failure() }} | |
| uses: LouisBrunner/[email protected] | |
| with: | |
| repo: eweOS/packages | |
| token: ${{ steps.gettoken2.outputs.token }} | |
| check_id: ${{ steps.getcheck.outputs.check_id }} | |
| status: completed | |
| details_url: ${{ steps.getjob.outputs.html_url }} | |
| output: | | |
| {"summary":"check failed"} | |
| output_text_description_file: namcap.log.result | |
| conclusion: failure | |
| approvepr: | |
| needs: [checknamcap, checkpackagefilesdiff, checkpackagesymsdiff] | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: tibdex/github-app-token@v2 | |
| id: gettoken | |
| with: | |
| app_id: 337143 | |
| private_key: ${{ secrets.GH_APP_PRIVKEY }} | |
| - name: Approve Pull Request | |
| uses: juliangruber/approve-pull-request-action@v2 | |
| continue-on-error: true | |
| with: | |
| github-token: ${{ steps.gettoken.outputs.token }} | |
| number: ${{ github.event.client_payload.data.number }} | |
| repo: eweos/packages |