-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow running in place on an existing checkout #53
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
@@ -8,7 +8,7 @@ inputs: | |||||||||||||||||
actions: | ||||||||||||||||||
description: "Actions to correct" | ||||||||||||||||||
required: false | ||||||||||||||||||
default: ".github/workflows" | ||||||||||||||||||
default: '[".github/workflows"]' | ||||||||||||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Hey @segiddins thank you for your contributio! |
||||||||||||||||||
dockerfiles: | ||||||||||||||||||
description: "Dockerfiles to correct" | ||||||||||||||||||
required: false | ||||||||||||||||||
|
@@ -29,6 +29,10 @@ inputs: | |||||||||||||||||
description: "Fail if an unpinned action/image is found" | ||||||||||||||||||
required: false | ||||||||||||||||||
default: "false" | ||||||||||||||||||
in_place: | ||||||||||||||||||
description: "Update the files in place" | ||||||||||||||||||
required: false | ||||||||||||||||||
default: "false" | ||||||||||||||||||
Comment on lines
+32
to
+35
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. So, I agree that the existing action is a bit weird -- what would you think about making this be a directory path argument, where the default
Suggested change
|
||||||||||||||||||
runs: | ||||||||||||||||||
using: "docker" | ||||||||||||||||||
image: "Dockerfile" | ||||||||||||||||||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -27,6 +27,7 @@ | |
|
||
"github.com/go-git/go-billy/v5" | ||
"github.com/go-git/go-billy/v5/memfs" | ||
"github.com/go-git/go-billy/v5/osfs" | ||
"github.com/go-git/go-git/v5" | ||
"github.com/go-git/go-git/v5/plumbing/transport/http" | ||
"github.com/go-git/go-git/v5/storage/memory" | ||
|
@@ -59,15 +60,10 @@ | |
|
||
// initAction initializes the frizbee action - reads the environment variables, creates the GitHub client, etc. | ||
func initAction(ctx context.Context) (*action.FrizbeeAction, error) { | ||
// Get the GitHub token from the environment | ||
token := os.Getenv("GITHUB_TOKEN") | ||
if token == "" { | ||
return nil, errors.New("GITHUB_TOKEN environment variable is not set") | ||
} | ||
|
||
// Create a new GitHub client | ||
ts := oauth2.StaticTokenSource(&oauth2.Token{AccessToken: token}) | ||
tc := oauth2.NewClient(ctx, ts) | ||
var repo *git.Repository | ||
var fs billy.Filesystem | ||
var githubClient *github.Client | ||
var token string | ||
Comment on lines
+63
to
+66
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It looks like a bunch of these (particularly |
||
|
||
// Get the GITHUB_REPOSITORY_OWNER | ||
repoOwner := os.Getenv("GITHUB_REPOSITORY_OWNER") | ||
|
@@ -81,10 +77,31 @@ | |
return nil, errors.New("GITHUB_REPOSITORY environment variable is not set") | ||
} | ||
|
||
// Clone the repository | ||
fs, repo, err := cloneRepository("https://github.com/"+repoFullName, repoOwner, token) | ||
if err != nil { | ||
return nil, fmt.Errorf("failed to clone repository: %w", err) | ||
if os.Getenv("INPUT_IN_PLACE") != "true" { | ||
// Get the GitHub token from the environment | ||
token = os.Getenv("GITHUB_TOKEN") | ||
if token == "" { | ||
return nil, errors.New("GITHUB_TOKEN environment variable is not set") | ||
} | ||
|
||
// Create a new GitHub client | ||
ts := oauth2.StaticTokenSource(&oauth2.Token{AccessToken: token}) | ||
tc := oauth2.NewClient(ctx, ts) | ||
githubClient = github.NewClient(tc) | ||
|
||
// Clone the repository | ||
var err error | ||
fs, repo, err = cloneRepository("https://github.com/"+repoFullName, repoOwner, token) | ||
if err != nil { | ||
return nil, fmt.Errorf("failed to clone repository: %w", err) | ||
} | ||
} else { | ||
fs = osfs.New(".") | ||
var err error | ||
repo, err = git.PlainOpen(".") | ||
if err != nil { | ||
return nil, fmt.Errorf("failed to open repository: %w", err) | ||
} | ||
} | ||
|
||
cfg := config.DefaultConfig() | ||
|
@@ -107,12 +124,12 @@ | |
|
||
// Read the action settings from the environment and create the new frizbee replacers for actions and images | ||
return &action.FrizbeeAction{ | ||
Client: github.NewClient(tc), | ||
Client: githubClient, | ||
Token: token, | ||
RepoOwner: repoOwner, | ||
RepoName: strings.TrimPrefix(repoFullName, repoOwner+"/"), | ||
|
||
ActionsPath: os.Getenv("INPUT_ACTIONS"), | ||
ActionsPaths: envToStrings("INPUT_ACTIONS"), | ||
Comment on lines
-115
to
+132
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I'd prefer to add a second argument which covers the multiple-paths option (which could be exclusive with the single argument), OR to change There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Thinking further, I converting |
||
DockerfilesPaths: envToStrings("INPUT_DOCKERFILES"), | ||
KubernetesPaths: envToStrings("INPUT_KUBERNETES"), | ||
DockerComposePaths: envToStrings("INPUT_DOCKER_COMPOSE"), | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -42,7 +42,7 @@ type FrizbeeAction struct { | |
RepoOwner string | ||
RepoName string | ||
|
||
ActionsPath string | ||
ActionsPaths []string | ||
DockerfilesPaths []string | ||
KubernetesPaths []string | ||
DockerComposePaths []string | ||
|
@@ -53,7 +53,6 @@ type FrizbeeAction struct { | |
ImagesReplacer *replacer.Replacer | ||
BFS billy.Filesystem | ||
Repo *git.Repository | ||
bodyBuilder *strings.Builder | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Removing |
||
} | ||
|
||
// Run runs the frizbee action | ||
|
@@ -77,21 +76,18 @@ func (fa *FrizbeeAction) Run(ctx context.Context) error { | |
|
||
// parseWorkflowActions parses the GitHub Actions workflow files | ||
func (fa *FrizbeeAction) parseWorkflowActions(ctx context.Context, out *replacer.ReplaceResult) error { | ||
if fa.ActionsPath == "" { | ||
log.Printf("Workflow path is empty") | ||
return nil | ||
} | ||
|
||
log.Printf("Parsing workflow files in %s...", fa.ActionsPath) | ||
res, err := fa.ActionsReplacer.ParsePathInFS(ctx, fa.BFS, fa.ActionsPath) | ||
if err != nil { | ||
return fmt.Errorf("failed to parse workflow files in %s: %w", fa.ActionsPath, err) | ||
} | ||
for _, path := range fa.ActionsPaths { | ||
log.Printf("Parsing workflow files in %s...", path) | ||
res, err := fa.ActionsReplacer.ParsePathInFS(ctx, fa.BFS, path) | ||
if err != nil { | ||
return fmt.Errorf("failed to parse workflow files in %s: %w", path, err) | ||
} | ||
|
||
// Copy the processed and modified files to the output | ||
out.Processed = mapset.NewSet(out.Processed...).Union(mapset.NewSet(res.Processed...)).ToSlice() | ||
for key, value := range res.Modified { | ||
out.Modified[key] = value | ||
// Copy the processed and modified files to the output | ||
out.Processed = mapset.NewSet(out.Processed...).Union(mapset.NewSet(res.Processed...)).ToSlice() | ||
for key, value := range res.Modified { | ||
out.Modified[key] = value | ||
} | ||
} | ||
return nil | ||
} | ||
|
@@ -256,21 +252,21 @@ func (fa *FrizbeeAction) createPR(ctx context.Context) error { | |
} | ||
defaultBranch := repository.GetDefaultBranch() | ||
|
||
fa.bodyBuilder = &strings.Builder{} | ||
fa.bodyBuilder.WriteString("## Frizbee: Pin images and actions to commit hash\n\n") | ||
fa.bodyBuilder.WriteString("The following PR pins images and actions to their commit hash.\n\n") | ||
fa.bodyBuilder.WriteString("Pinning images and actions to their commit hash ensures that the same " + | ||
bodyBuilder := &strings.Builder{} | ||
bodyBuilder.WriteString("## Frizbee: Pin images and actions to commit hash\n\n") | ||
bodyBuilder.WriteString("The following PR pins images and actions to their commit hash.\n\n") | ||
bodyBuilder.WriteString("Pinning images and actions to their commit hash ensures that the same " + | ||
"version of the image or action is used every time the workflow runs. This is important for " + | ||
"reproducibility and security.\n\n") | ||
//nolint:lll | ||
fa.bodyBuilder.WriteString("Pinning is a [security practice recommended by GitHub](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions).\n\n") | ||
bodyBuilder.WriteString("Pinning is a [security practice recommended by GitHub](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions).\n\n") | ||
//nolint:lll | ||
fa.bodyBuilder.WriteString("🥏 Posted on behalf of [frizbee-action](https://github.com/stacklok/frizbee-action) 🥏, by [Stacklok](https://stacklok.com).\n\n") | ||
bodyBuilder.WriteString("🥏 Posted on behalf of [frizbee-action](https://github.com/stacklok/frizbee-action) 🥏, by [Stacklok](https://stacklok.com).\n\n") | ||
|
||
// Create a new PR | ||
pr, _, err := fa.Client.PullRequests.Create(ctx, fa.RepoOwner, fa.RepoName, &github.NewPullRequest{ | ||
Title: github.String("Frizbee: Pin images and actions to commit hash"), | ||
Body: github.String(fa.bodyBuilder.String()), | ||
Body: github.String(bodyBuilder.String()), | ||
Head: github.String(branchName), | ||
Base: github.String(defaultBranch), | ||
MaintainerCanModify: github.Bool(true), | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we include this change in another PR? I think it's a good change.