add Breakage (#14)

cscherrer · web-flow · commit 1ba29864ca26 · 2021-09-02T15:42:38.000-07:00
diff --git a/.github/workflows/Breakage.yml b/.github/workflows/Breakage.yml
@@ -0,0 +1,129 @@
+# Ref: https://securitylab.github.com/research/github-actions-preventing-pwn-requests
+name: Breakage
+
+# read-only repo token
+# no access to secrets
+on:
+  pull_request:
+
+jobs:
+  break:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        pkg: [
+          "cscherrer/MeasureTheory.jl",
+          "cscherrer/Soss.jl",
+          "mschauer/Mitosis.jl"
+        ]
+        pkgversion: [latest, stable]
+
+    steps:
+      - uses: actions/checkout@v2
+
+      # Install Julia
+      - uses: julia-actions/setup-julia@v1
+        with:
+          version: 1
+          arch: x64
+      - uses: actions/cache@v1
+        env:
+          cache-name: cache-artifacts
+        with:
+          path: ~/.julia/artifacts
+          key: ${{ runner.os }}-test-${{ env.cache-name }}-${{ hashFiles('**/Project.toml') }}
+          restore-keys: |
+            ${{ runner.os }}-test-${{ env.cache-name }}-
+            ${{ runner.os }}-test-
+            ${{ runner.os }}-
+      - uses: julia-actions/julia-buildpkg@v1
+
+      # Breakage test
+      - name: 'Breakage of ${{ matrix.pkg }}, ${{ matrix.pkgversion }} version'
+        env:
+          URL: ${{ matrix.pkg }}
+          VERSION: ${{ matrix.pkgversion }}
+        run: |
+          set -v
+          mkdir -p ./pr
+          echo "${{ github.event.number }}" > ./pr/NR
+          git clone https://github.com/$URL
+          export PKG=$(echo $URL | cut -f2 -d/)
+          cd $PKG
+          if [ $VERSION == "stable" ]; then
+            TAG=$(git tag -l "v*" --sort=-creatordate | head -n1)
+            if [ -z "$TAG" ]; then
+              TAG="no_tag"
+            else
+              git checkout $TAG
+            fi
+          else
+            TAG=$VERSION
+          fi
+          export TAG
+          julia -e 'using Pkg;
+            PKG, TAG, VERSION = ENV["PKG"], ENV["TAG"], ENV["VERSION"]
+            joburl = joinpath(ENV["GITHUB_SERVER_URL"], ENV["GITHUB_REPOSITORY"], "actions/runs", ENV["GITHUB_RUN_ID"])
+            open("../pr/$PKG-$VERSION", "w") do io
+              try
+                TAG == "no_tag" && error("Not tag for $VERSION")
+                pkg"activate .";
+                pkg"instantiate";
+                pkg"dev ../";
+                pkg"build";
+                pkg"test";
+
+                print(io, "[![](https://img.shields.io/badge/$TAG-Pass-green)]($joburl)");
+              catch e
+                @error e;
+                print(io, "[![](https://img.shields.io/badge/$TAG-Fail-red)]($joburl)");
+              end;
+            end'
+
+      - uses: actions/upload-artifact@v2
+        with:
+          name: pr
+          path: pr/
+
+  upload:
+    needs: break
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - uses: actions/download-artifact@v2
+        with:
+          name: pr
+          path: pr/
+
+      - run: ls
+      - run: |
+          cd pr
+          echo "| Package name | latest | stable |" > MSG
+          echo "|--|--|--|" >> MSG
+          count=0
+          for file in *
+          do
+            [ "$file" == "NR" ] && continue
+            [ "$file" == "MSG" ] && continue
+            if [ $count == "0" ]; then
+              name=$(echo $file | cut -f1 -d-)
+              echo -n "| $name | "
+            else
+              echo -n "| "
+            fi
+            cat $file
+            if [ $count == "0" ]; then
+              echo -n " "
+              count=1
+            else
+              echo " |"
+              count=0
+            fi
+          done >> MSG
+
+      - uses: actions/upload-artifact@v2
+        with:
+          name: pr
+          path: pr/
diff --git a/.github/workflows/CommentPR.yml b/.github/workflows/CommentPR.yml
@@ -0,0 +1,54 @@
+# Ref: https://securitylab.github.com/research/github-actions-preventing-pwn-requests
+name: Comment on the pull request
+
+# read-write repo token
+# access to secrets
+on:
+  workflow_run:
+    workflows: ["Breakage"]
+    types:
+      - completed
+
+jobs:
+  upload:
+    runs-on: ubuntu-latest
+    if: >
+      ${{ github.event.workflow_run.event == 'pull_request' &&
+      github.event.workflow_run.conclusion == 'success' }}
+    steps:
+      - name: 'Download artifact'
+        uses: actions/github-script@v3.1.0
+        with:
+          script: |
+            var artifacts = await github.actions.listWorkflowRunArtifacts({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               run_id: ${{github.event.workflow_run.id }},
+            });
+            var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
+              return artifact.name == "pr"
+            })[0];
+            var download = await github.actions.downloadArtifact({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               artifact_id: matchArtifact.id,
+               archive_format: 'zip',
+            });
+            var fs = require('fs');
+            fs.writeFileSync('${{github.workspace}}/pr.zip', Buffer.from(download.data));
+      - run: unzip pr.zip
+
+      - name: 'Comment on PR'
+        uses: actions/github-script@v3
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            var fs = require('fs');
+            var issue_number = Number(fs.readFileSync('./NR'));
+            var msg = fs.readFileSync('./MSG', 'utf8');
+            await github.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: issue_number,
+              body: msg
+            });
