Skip to content

Commit

Permalink
Merge pull request #8 from kuchune/develop
Browse files Browse the repository at this point in the history 
comment msg
  • Loading branch information
@kuchune
kuchune authored Jun 3, 2024
2 parents 284fda9 + 804df3d commit 0177780
Show file tree
Hide file tree
Showing 3 changed files with 96 additions and 31 deletions.
62 changes: 42 additions & 20 deletions .github/script/debian-check.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,23 +14,23 @@ def debianPreCheck(repo, pull_number, token):
if file not in NoNeedPreFiles:
resultLst.append(file)
if resultLst:
print(f"[FAIL]: debian前缀检查不通过{resultLst}")
exit(1)
writeCommentFile(f"[FAIL]: debian前缀检查不通过{resultLst}")
exit(1)
else:
print("[PASS]: debian前缀检查通过")
writeCommentFile("[PASS]: debian前缀检查通过")

# 敏感词检查
def debianKeyWordsCheck(repo, pr, token, keyLst, excludeSuffLst, logFile):
try:
resulyJson = getGithubChangeInfo.filter_keywords(repo, pr, token, keyLst, excludeSuffLst, logFile)
showStr = '环境设置' if 'export' in keyLst else ''
if resulyJson:
print(f"[FAIL]: {showStr}敏感词检查不通过{list(resulyJson.keys())}")
exit(1)
writeCommentFile(f"[FAIL]: {showStr}敏感词检查不通过{list(resulyJson.keys())}")
exit(1)
else:
print(f"[PASS]: {showStr}敏感词检查通过")
writeCommentFile(f"[PASS]: {showStr}敏感词检查通过")
except Exception as e:
print(f"[ERR]: {showStr}异常报错-{e}")
writeCommentFile(f"[ERR]: {showStr}异常报错-{e}")
exit(1)

# debian/changelog版本检查
Expand All @@ -41,33 +41,55 @@ def debianVersionCheck():
version0 = versionLst[0].rstrip('\n')
version1 = versionLst[1].rstrip('\n')
if os.system(f'dpkg --compare-versions {version0} gt {version1}') == 0:
print(f'[PASS]: 版本检查通过:{version0}|{version1}')
writeCommentFile(f'[PASS]: 版本检查通过:{version0}|{version1}')
else:
print(f'[FAIL]: 版本检查不通过:{version0}|{version1}')
writeCommentFile(f'[FAIL]: 版本检查不通过:{version0}|{version1}')
exit(1)
else:
if len(versionLst) != 1:
print(f'[ERR]: 版本检查异常:{versionLst}')
writeCommentFile(f'[ERR]: 版本检查异常:{versionLst}')
exit(1)
else:
print(f'[PASS]: 版本检查通过:{versionLst}')
writeCommentFile(f'[PASS]: 版本检查通过:{versionLst}')

def writeCommentFile(commentMsg, commentType='body'):
try:
print(commentMsg)
with open('comment.txt', "a+") as fout:
fout.write(commentMsg+'\n')
except Exception as e:
print(f"[ERR]: writeCommentFile异常报错-{e}")



if __name__ == '__main__':
import argparse
parser = argparse.ArgumentParser()
parser.add_argument("--type", required=True, help="检查类型")
parser.add_argument("--repo", required=True, help="所有者和存储库名称。 例如,octocat/Hello-World")
parser.add_argument("--pr", required=True, help="pr number")
parser.add_argument("--token", required=True, help="github access token")
# parser.add_argument("--repo", required=True, help="所有者和存储库名称。 例如,octocat/Hello-World")
# parser.add_argument("--pr", required=True, help="pr number")
# parser.add_argument("--token", required=True, help="github access token")
parser.add_argument("--keys", required=False, help="查询关键字,逗号分隔")
parser.add_argument("--exclude", required=False, help="不进行敏感词筛选的文件后缀")
# parser.add_argument("--exclude", required=False, help="不进行敏感词筛选的文件后缀")
parser.add_argument("--log", required=False, help="输出日志文件名")
# parser.add_argument("--ref", required=False, help="commit sha")
args = parser.parse_args()

github_repository = os.getenv('GITHUB_REPOSITORY')
github_token = os.getenv('GITHUB_TOKEN')
github_job = os.getenv('GITHUB_JOB')
pull_number = os.getenv('PULL_NUMBER')
exclude_files = os.getenv('EXCLUDE_FILES')

github_workflow_sha= os.getenv('GITHUB_WORKFLOW_SHA')
github_ref_type = os.getenv('GITHUB_REF_TYPE')
html_url = getGithubChangeInfo.get_ref_runs(github_repository, github_workflow_sha, github_token)
writeCommentFile(f"Debian检查:{html_url}")
if args.type == 'pre-check':
debianPreCheck(args.repo, args.pr, args.token)
# head_ref = args.ref if args.ref else ''
debianPreCheck(github_repository, pull_number, github_token)
elif args.type == 'keys-check':
keyLst = args.keys.split(",") if args.keys else []
excludeSuffLst = args.exclude.split(',') if args.exclude else []
excludeSuffLst = exclude_files.split(',') if exclude_files else []
# excludeSuffLst = args.exclude.split(',') if args.exclude else []
logFile = args.log if args.log else 'githubResult.json'
debianKeyWordsCheck(args.repo, args.pr, args.token, keyLst, excludeSuffLst, logFile)

debianKeyWordsCheck(github_repository, pull_number, github_token, keyLst, excludeSuffLst, logFile)
35 changes: 29 additions & 6 deletions .github/script/getGithubChangeInfo.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,34 +26,51 @@ def get_commit_info(repo, commit_sha, token):
# 获取指定pr信息
def get_pull_info(repo, pull_number, token):
url = f'https://api.github.com/repos/{repo}/pulls/{pull_number}'
print(f'url is {url}')
print(f'headers is {headers}')
print(f'apiurl is {url}')
response = requests.get(url, headers=getHeaders(token))
# print(f"response is {response.json()}")
# writeJson(response.json(), 'r.json')
return response.json()

# 获取指定pr的commit信息
def get_pull_commit_info(repo, pull_number, token):
url = f'https://api.github.com/repos/{repo}/pulls/{pull_number}/commits'
print(f'apiurl is {url}')
response = requests.get(url, headers=getHeaders(token))
# print(f"response is {response.json()}")
return response.json()

def get_pulls_files(repo, pull_number, token):
url = f'https://api.github.com/repos/{repo}/pulls/{pull_number}/files'
print(f'apiurl is {url}')
response = requests.get(url, headers=getHeaders(token))
# print(f"response is {response.json()}")
if response.status_code == 200:
return response.json()
else:
print(response.json())

# 获取commit的run链接地址
def get_ref_runs(repo, commitSHA, token):
url = f'https://api.github.com/repos/{repo}/commits/{commitSHA}/check-runs'
print(f'apiurl is {url}')
response = requests.get(url, headers=getHeaders(token))
if response.status_code == 200:
writeJson(response.json(), 'r.json')
for jobInfo in response.json()['check_runs']:
if jobInfo['name'] == os.getenv('GITHUB_JOB'):
return jobInfo['html_url']
else:
print(response.json())

# 写json文件
def writeJson(originInfo, logFile, infoType=dict):
with open(logFile, "w+") as fout:
if isinstance(originInfo, infoType):
fout.write(json.dumps(originInfo, indent=4, ensure_ascii=False))

# 写json文件
def writeFile(originInfo, infoType=str):
# 写文件
def writeFile(originInfo, logFile, infoType=str):
with open(logFile, "a+") as fout:
if isinstance(originInfo, infoType):
fout.write(originInfo+'\n')
Expand All @@ -80,7 +97,7 @@ def get_pr_files(repo, pull_number, token):
# writeJson(originInfo)
return originInfo
except Exception as e:
print(f"[ERR]: 异常报错-{e}")
print(f"[ERR]: get_pr_files异常报错-{e}")


def get_change_files(repo, pull_number, token):
Expand Down Expand Up @@ -166,4 +183,10 @@ def filter_keywords(repo, pull_number, token, keyLst, excludeSuffLst, logFile):
# keyLst = args.keys.split(',')
# if args.exclude:
# excludeSuffLst = args.exclude.split(',')
# filter_keywords(args.repo, pull_number, keyLst, excludeSuffLst)
# filter_keywords(args.repo, pull_number, keyLst, excludeSuffLst)

# get_pull_commit_info('kuchune/test_jenkins', '8', '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')
# repo = 'kuchune/test_jenkins'
# token = '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'
# # # get_pull_info(repo, '8', token)
# get_ref_runs(repo, 'f7b42ac', token)
30 changes: 25 additions & 5 deletions .github/workflows/debian-check.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,27 @@ on: pull_request
# pull_request:
# paths-ignore:
# - ".github/workflows/**"
permissions: read-all
permissions:
pull-requests: write
contents: read
env:
GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_REPOSITORY: ${{ github.repository }}
GITHUB_JOB: ${{ github.job }}
GITHUB_WORKFLOW_SHA: ${{ github.workflow_sha }}
PULL_NUMBER: ${{ github.event.pull_request.number }}
GITHUB_REF_TYPE: ${{ github.ref_type }}
EXCLUDE_FILES: "js,vue,ts,less,html,go,css,json,txt,doc,jpg,png,svg,py,yml,md"
github_event_name: ${{ github.event_name }}
github_event_path: ${{ github.event_path }}
github_graphql_url: ${{ github.graphql_url }}
github_head_ref: ${{ github.head_ref }}
github_path: ${{ github.path }}
github_ref: ${{ github.ref }}
github_ref_name: ${{ github.ref_name }}
github_sha: ${{ github.sha }}
github_token_temp: ${{ github.token }}
github_workflow_ref: ${{ github.workflow_ref }}

jobs:
debian-check:
Expand All @@ -23,21 +38,21 @@ jobs:
id: check-debian-prefix
if: steps.checkout.outcome == 'success'
run: |
python3 $GITHUB_WORKSPACE/.github/script/debian-check.py --type pre-check --token $GITHUB_ACCESS_TOKEN --repo $GITHUB_REPOSITORY --pr $PULL_NUMBER
python3 $GITHUB_WORKSPACE/.github/script/debian-check.py --type pre-check
- name: Check Specical Words
id: check-specical-words
if: steps.checkout.outcome == 'success' && always()
env:
FILTER_KEYS: "getcap,setcap,lshw,dmidecode"
run: |
python3 $GITHUB_WORKSPACE/.github/script/debian-check.py --type keys-check --token $GITHUB_ACCESS_TOKEN --repo $GITHUB_REPOSITORY --pr $PULL_NUMBER --keys $FILTER_KEYS --exclude $EXCLUDE_FILES --log keys.json
python3 $GITHUB_WORKSPACE/.github/script/debian-check.py --type keys-check --keys $FILTER_KEYS --log keys.json
- name: Check Env Set Words
id: check-env-set-words
if: steps.checkout.outcome == 'success' && always()
env:
FILTER_KEYS: "export,unset"
run: |
python3 $GITHUB_WORKSPACE/.github/script/debian-check.py --type keys-check --token $GITHUB_ACCESS_TOKEN --repo $GITHUB_REPOSITORY --pr $PULL_NUMBER --keys $FILTER_KEYS --exclude $EXCLUDE_FILES --log env-keys.json
python3 $GITHUB_WORKSPACE/.github/script/debian-check.py --type keys-check --keys $FILTER_KEYS --log env-keys.json
- name: Publish reports
if: always()
uses: actions/upload-artifact@v4
Expand All @@ -46,3 +61,8 @@ jobs:
path: |
keys.json
env-keys.json
- name: Comment PR
if: always()
uses: thollander/actions-comment-pull-request@v2
with:
filePath: comment.txt

0 comments on commit 0177780

Please sign in to comment.