diff --git a/.github/script/debian-check.py b/.github/script/debian-check.py index 28cbdfa..6c4d077 100755 --- a/.github/script/debian-check.py +++ b/.github/script/debian-check.py @@ -14,10 +14,10 @@ def debianPreCheck(repo, pull_number, token): if file not in NoNeedPreFiles: resultLst.append(file) if resultLst: - print(f"[FAIL]: debian前缀检查不通过{resultLst}") - exit(1) + writeCommentFile(f"[FAIL]: debian前缀检查不通过{resultLst}") + exit(1) else: - print("[PASS]: debian前缀检查通过") + writeCommentFile("[PASS]: debian前缀检查通过") # 敏感词检查 def debianKeyWordsCheck(repo, pr, token, keyLst, excludeSuffLst, logFile): @@ -25,12 +25,12 @@ def debianKeyWordsCheck(repo, pr, token, keyLst, excludeSuffLst, logFile): resulyJson = getGithubChangeInfo.filter_keywords(repo, pr, token, keyLst, excludeSuffLst, logFile) showStr = '环境设置' if 'export' in keyLst else '' if resulyJson: - print(f"[FAIL]: {showStr}敏感词检查不通过{list(resulyJson.keys())}") - exit(1) + writeCommentFile(f"[FAIL]: {showStr}敏感词检查不通过{list(resulyJson.keys())}") + exit(1) else: - print(f"[PASS]: {showStr}敏感词检查通过") + writeCommentFile(f"[PASS]: {showStr}敏感词检查通过") except Exception as e: - print(f"[ERR]: {showStr}异常报错-{e}") + writeCommentFile(f"[ERR]: {showStr}异常报错-{e}") exit(1) # debian/changelog版本检查 @@ -41,33 +41,55 @@ def debianVersionCheck(): version0 = versionLst[0].rstrip('\n') version1 = versionLst[1].rstrip('\n') if os.system(f'dpkg --compare-versions {version0} gt {version1}') == 0: - print(f'[PASS]: 版本检查通过:{version0}|{version1}') + writeCommentFile(f'[PASS]: 版本检查通过:{version0}|{version1}') else: - print(f'[FAIL]: 版本检查不通过:{version0}|{version1}') + writeCommentFile(f'[FAIL]: 版本检查不通过:{version0}|{version1}') + exit(1) else: if len(versionLst) != 1: - print(f'[ERR]: 版本检查异常:{versionLst}') + writeCommentFile(f'[ERR]: 版本检查异常:{versionLst}') + exit(1) else: - print(f'[PASS]: 版本检查通过:{versionLst}') + writeCommentFile(f'[PASS]: 版本检查通过:{versionLst}') + +def writeCommentFile(commentMsg, commentType='body'): + try: + print(commentMsg) + with open('comment.txt', "a+") as fout: + fout.write(commentMsg+'\n') + except Exception as e: + print(f"[ERR]: writeCommentFile异常报错-{e}") + - if __name__ == '__main__': import argparse parser = argparse.ArgumentParser() parser.add_argument("--type", required=True, help="检查类型") - parser.add_argument("--repo", required=True, help="所有者和存储库名称。 例如,octocat/Hello-World") - parser.add_argument("--pr", required=True, help="pr number") - parser.add_argument("--token", required=True, help="github access token") + # parser.add_argument("--repo", required=True, help="所有者和存储库名称。 例如,octocat/Hello-World") + # parser.add_argument("--pr", required=True, help="pr number") + # parser.add_argument("--token", required=True, help="github access token") parser.add_argument("--keys", required=False, help="查询关键字,逗号分隔") - parser.add_argument("--exclude", required=False, help="不进行敏感词筛选的文件后缀") + # parser.add_argument("--exclude", required=False, help="不进行敏感词筛选的文件后缀") parser.add_argument("--log", required=False, help="输出日志文件名") + # parser.add_argument("--ref", required=False, help="commit sha") args = parser.parse_args() + + github_repository = os.getenv('GITHUB_REPOSITORY') + github_token = os.getenv('GITHUB_TOKEN') + github_job = os.getenv('GITHUB_JOB') + pull_number = os.getenv('PULL_NUMBER') + exclude_files = os.getenv('EXCLUDE_FILES') + github_workflow_sha= os.getenv('GITHUB_WORKFLOW_SHA') + github_ref_type = os.getenv('GITHUB_REF_TYPE') + html_url = getGithubChangeInfo.get_ref_runs(github_repository, github_workflow_sha, github_token) + writeCommentFile(f"Debian检查:{html_url}") if args.type == 'pre-check': - debianPreCheck(args.repo, args.pr, args.token) + # head_ref = args.ref if args.ref else '' + debianPreCheck(github_repository, pull_number, github_token) elif args.type == 'keys-check': keyLst = args.keys.split(",") if args.keys else [] - excludeSuffLst = args.exclude.split(',') if args.exclude else [] + excludeSuffLst = exclude_files.split(',') if exclude_files else [] + # excludeSuffLst = args.exclude.split(',') if args.exclude else [] logFile = args.log if args.log else 'githubResult.json' - debianKeyWordsCheck(args.repo, args.pr, args.token, keyLst, excludeSuffLst, logFile) - + debianKeyWordsCheck(github_repository, pull_number, github_token, keyLst, excludeSuffLst, logFile) \ No newline at end of file diff --git a/.github/script/getGithubChangeInfo.py b/.github/script/getGithubChangeInfo.py index a9db6da..798bc1e 100644 --- a/.github/script/getGithubChangeInfo.py +++ b/.github/script/getGithubChangeInfo.py @@ -26,34 +26,51 @@ def get_commit_info(repo, commit_sha, token): # 获取指定pr信息 def get_pull_info(repo, pull_number, token): url = f'https://api.github.com/repos/{repo}/pulls/{pull_number}' - print(f'url is {url}') - print(f'headers is {headers}') + print(f'apiurl is {url}') response = requests.get(url, headers=getHeaders(token)) + # print(f"response is {response.json()}") + # writeJson(response.json(), 'r.json') return response.json() # 获取指定pr的commit信息 def get_pull_commit_info(repo, pull_number, token): url = f'https://api.github.com/repos/{repo}/pulls/{pull_number}/commits' + print(f'apiurl is {url}') response = requests.get(url, headers=getHeaders(token)) + # print(f"response is {response.json()}") return response.json() def get_pulls_files(repo, pull_number, token): url = f'https://api.github.com/repos/{repo}/pulls/{pull_number}/files' print(f'apiurl is {url}') response = requests.get(url, headers=getHeaders(token)) + # print(f"response is {response.json()}") if response.status_code == 200: return response.json() else: print(response.json()) +# 获取commit的run链接地址 +def get_ref_runs(repo, commitSHA, token): + url = f'https://api.github.com/repos/{repo}/commits/{commitSHA}/check-runs' + print(f'apiurl is {url}') + response = requests.get(url, headers=getHeaders(token)) + if response.status_code == 200: + writeJson(response.json(), 'r.json') + for jobInfo in response.json()['check_runs']: + if jobInfo['name'] == os.getenv('GITHUB_JOB'): + return jobInfo['html_url'] + else: + print(response.json()) + # 写json文件 def writeJson(originInfo, logFile, infoType=dict): with open(logFile, "w+") as fout: if isinstance(originInfo, infoType): fout.write(json.dumps(originInfo, indent=4, ensure_ascii=False)) -# 写json文件 -def writeFile(originInfo, infoType=str): +# 写文件 +def writeFile(originInfo, logFile, infoType=str): with open(logFile, "a+") as fout: if isinstance(originInfo, infoType): fout.write(originInfo+'\n') @@ -80,7 +97,7 @@ def get_pr_files(repo, pull_number, token): # writeJson(originInfo) return originInfo except Exception as e: - print(f"[ERR]: 异常报错-{e}") + print(f"[ERR]: get_pr_files异常报错-{e}") def get_change_files(repo, pull_number, token): @@ -166,4 +183,10 @@ def filter_keywords(repo, pull_number, token, keyLst, excludeSuffLst, logFile): # keyLst = args.keys.split(',') # if args.exclude: # excludeSuffLst = args.exclude.split(',') -# filter_keywords(args.repo, pull_number, keyLst, excludeSuffLst) \ No newline at end of file +# filter_keywords(args.repo, pull_number, keyLst, excludeSuffLst) + +# get_pull_commit_info('kuchune/test_jenkins', '8', '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') +# repo = 'kuchune/test_jenkins' +# token = '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' +# # # get_pull_info(repo, '8', token) +# get_ref_runs(repo, 'f7b42ac', token) diff --git a/.github/workflows/debian-check.yml b/.github/workflows/debian-check.yml index f42ef0d..a42e5fc 100644 --- a/.github/workflows/debian-check.yml +++ b/.github/workflows/debian-check.yml @@ -3,12 +3,27 @@ on: pull_request # pull_request: # paths-ignore: # - ".github/workflows/**" -permissions: read-all +permissions: + pull-requests: write + contents: read env: - GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_REPOSITORY: ${{ github.repository }} + GITHUB_JOB: ${{ github.job }} + GITHUB_WORKFLOW_SHA: ${{ github.workflow_sha }} PULL_NUMBER: ${{ github.event.pull_request.number }} + GITHUB_REF_TYPE: ${{ github.ref_type }} EXCLUDE_FILES: "js,vue,ts,less,html,go,css,json,txt,doc,jpg,png,svg,py,yml,md" + github_event_name: ${{ github.event_name }} + github_event_path: ${{ github.event_path }} + github_graphql_url: ${{ github.graphql_url }} + github_head_ref: ${{ github.head_ref }} + github_path: ${{ github.path }} + github_ref: ${{ github.ref }} + github_ref_name: ${{ github.ref_name }} + github_sha: ${{ github.sha }} + github_token_temp: ${{ github.token }} + github_workflow_ref: ${{ github.workflow_ref }} jobs: debian-check: @@ -23,21 +38,21 @@ jobs: id: check-debian-prefix if: steps.checkout.outcome == 'success' run: | - python3 $GITHUB_WORKSPACE/.github/script/debian-check.py --type pre-check --token $GITHUB_ACCESS_TOKEN --repo $GITHUB_REPOSITORY --pr $PULL_NUMBER + python3 $GITHUB_WORKSPACE/.github/script/debian-check.py --type pre-check - name: Check Specical Words id: check-specical-words if: steps.checkout.outcome == 'success' && always() env: FILTER_KEYS: "getcap,setcap,lshw,dmidecode" run: | - python3 $GITHUB_WORKSPACE/.github/script/debian-check.py --type keys-check --token $GITHUB_ACCESS_TOKEN --repo $GITHUB_REPOSITORY --pr $PULL_NUMBER --keys $FILTER_KEYS --exclude $EXCLUDE_FILES --log keys.json + python3 $GITHUB_WORKSPACE/.github/script/debian-check.py --type keys-check --keys $FILTER_KEYS --log keys.json - name: Check Env Set Words id: check-env-set-words if: steps.checkout.outcome == 'success' && always() env: FILTER_KEYS: "export,unset" run: | - python3 $GITHUB_WORKSPACE/.github/script/debian-check.py --type keys-check --token $GITHUB_ACCESS_TOKEN --repo $GITHUB_REPOSITORY --pr $PULL_NUMBER --keys $FILTER_KEYS --exclude $EXCLUDE_FILES --log env-keys.json + python3 $GITHUB_WORKSPACE/.github/script/debian-check.py --type keys-check --keys $FILTER_KEYS --log env-keys.json - name: Publish reports if: always() uses: actions/upload-artifact@v4 @@ -46,3 +61,8 @@ jobs: path: | keys.json env-keys.json + - name: Comment PR + if: always() + uses: thollander/actions-comment-pull-request@v2 + with: + filePath: comment.txt