Support using sketches reports from local path

per1234 · per1234 · commit 8a74de051576 · 2020-09-15T04:39:07.000-07:00
The action was previously designed to only run from a scheduled workflow. The reason is that it needs a token with write permissions to comment on the PR, but due to security restrictions there is no way to have such a token when a workflow is triggered by a pull_request event from a fork. This is problematic for private repos because if the schedule is set to a short interval the action will use up the free GitHub actoins minutes allocation quickly (public repos have unlimited minutes). If the schedule is set to a long interval, then there is a long potential wait time for the report. A common work flow in private repos is for PRs to be submitted from branches, not forks, which makes it possible to trigger the action from the PR. Running from a pull request triggered workflow should actually work as the action was, but the method of finding the artifact is very inefficient and unintuitive in that context. Recently, GitHub added the ability for private repositories to allow write permissions for workflows triggered by pull requests, making it even more likely this method of using the action will be found useful: https://docs.github.com/en/github/administering-a-repository/disabling-or-limiting-github-actions-for-a-repository#enabling-workflows-for-private-repository-forks
diff --git a/README.md b/README.md
@@ -10,9 +10,29 @@ This action comments on the pull request with a report on the resulting change i
 
 ### `sketches-reports-source-name`
 
-Name of the [workflow artifact](https://docs.github.com/en/actions/configuring-and-managing-workflows/persisting-workflow-data-using-artifacts) that contains the memory usage data, as specified to the [`actions/upload-artifact`](https://github.com/actions/upload-artifact) action via its `name` input.
+**Default**: "size-deltas-reports"
 
-**Default**: `"size-deltas-reports"`
+The action can be used in two ways:
+
+#### Run from a [scheduled workflow](https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions#onschedule)
+
+Recommended for public repositories.
+
+The use of a scheduled workflow is necessary in order for the action to have the [write permissions required to comment on pull requests submitted from forks](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token).
+
+In this usage, the `sketches-reports-source-name` defines the name of the workflow artifact that contains the memory usage data, as specified to the [`actions/upload-artifact`](https://github.com/actions/upload-artifact) action via its `name` input.
+
+#### Run from the same workflow as the [`arduino/compile-sketches`](https://github.com/arduino/compile-sketches) action
+
+Recommended for private repositories.
+
+If configured to trigger on a short interval, the scheduled workflow method can use a lot of GitHub Actions minutes, quickly using up the limited allotment provided by GitHub for private repositories (public repositories get unlimited free minutes). For this reason, it may be preferable to only run the action as needed.
+
+In order to get reports for pull requests from forks, the ["Send write tokens to workflows from fork pull requests" setting](https://docs.github.com/en/github/administering-a-repository/disabling-or-limiting-github-actions-for-a-repository#enabling-workflows-for-private-repository-forks) must be enabled.
+
+If the "Send write tokens to workflows from fork pull requests" setting is not enabled but the ["Run workflows from fork pull requests" setting](https://docs.github.com/en/github/administering-a-repository/disabling-or-limiting-github-actions-for-a-repository#enabling-workflows-for-private-repository-forks) is enabled, the workflow should be configured to only run the action when the pull request is not from a fork (`if: github.event.pull_request.head.repo.full_name == github.repository`). This will prevent workflow job failures that would otherwise be caused when the report creation failed due to not having the necessary write permissions.
+
+In this usage, the `sketches-reports-source-name` defines the path to the folder containing the memory usage data, as specified to the [`actions/download-artifact`](https://github.com/actions/download-artifact) action via its `path` input.
 
 ### `github-token`
 
@@ -22,6 +42,8 @@ Name of the [workflow artifact](https://docs.github.com/en/actions/configuring-a
 
 ## Example usage
 
+### Scheduled workflow
+
 ```yaml
 on:
   schedule:
@@ -49,3 +71,53 @@ jobs:
           name: size-deltas-reports
           path: size-deltas-reports
 ```
+
+### Workflow triggered by `pull_request` event
+
+```yaml
+on: [push, pull_request]
+env:
+  # It's convenient to set variables for values used multiple times in the workflow
+  SKETCHES_REPORTS_PATH: sketches-reports
+  SKETCHES_REPORTS_ARTIFACT_NAME: sketches-reports
+jobs:
+  compile:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        fqbn:
+          - "arduino:avr:uno"
+          - "arduino:samd:mkrzero"
+    steps:
+      - uses: actions/checkout@v2
+
+      - uses: arduino/compile-sketches@main
+        with:
+          fqbn: ${{ matrix.fqbn }}
+          enable-deltas-report: true
+          sketches-report-path: ${{ env.SKETCHES_REPORTS_PATH }}
+
+      # This step is needed to pass the size data to the report job 
+      - name: Upload sketches report to workflow artifact
+        uses: actions/upload-artifact@v2
+        with:
+          name: ${{ env.SKETCHES_REPORTS_ARTIFACT_NAME }}
+          path: ${{ env.SKETCHES_REPORTS_PATH }}
+
+  # When using a matrix to compile for multiple boards, it's necessary to use a separate job for the deltas report
+  report:
+    needs: compile  # Wait for the compile job to finish to get the data for the report
+    if: github.event_name == 'pull_request' # Only run the job when the workflow is triggered by a pull request
+    runs-on: ubuntu-latest
+    steps:
+      # This step is needed to get the size data produced by the compile job
+      - name: Download sketches reports artifact
+        uses: actions/download-artifact@v2
+        with:
+          name: ${{ env.SKETCHES_REPORTS_ARTIFACT_NAME }}
+          path: ${{ env.SKETCHES_REPORTS_PATH }}
+
+      - uses: arduino/report-size-deltas@main
+        with:
+          sketches-reports-source-name: ${{ env.SKETCHES_REPORTS_PATH }}
+```
diff --git a/reportsizedeltas/reportsizedeltas.py b/reportsizedeltas/reportsizedeltas.py
@@ -3,6 +3,7 @@
 import json
 import logging
 import os
+import pathlib
 import re
 import sys
 import tempfile
@@ -84,59 +85,76 @@ def __init__(self, repository_name, sketches_reports_source_name, token):
         self.token = token
 
     def report_size_deltas(self):
-        """Scan the repository's pull requests and comment memory usage change reports where appropriate."""
-        # Get the repository's pull requests
-        logger.debug("Getting PRs for " + self.repository_name)
-        page_number = 1
-        page_count = 1
-        while page_number <= page_count:
-            api_data = self.api_request(request="repos/" + self.repository_name + "/pulls",
-                                        page_number=page_number)
-            prs_data = api_data["json_data"]
-            for pr_data in prs_data:
-                # Note: closed PRs are not listed in the API response
-                pr_number = pr_data["number"]
-                pr_head_sha = pr_data["head"]["sha"]
-                print("::debug::Processing pull request number:", pr_number)
-                # When a PR is locked, only collaborators may comment. The automatically generated GITHUB_TOKEN will
-                # likely be used, which is owned by the github-actions bot, who doesn't have collaborator status. So
-                # locking the thread would cause the job to fail.
-                if pr_data["locked"]:
-                    print("::debug::PR locked, skipping")
-                    continue
-
-                if self.report_exists(pr_number=pr_number,
-                                      pr_head_sha=pr_head_sha):
-                    # Go on to the next PR
-                    print("::debug::Report already exists")
-                    continue
-
-                artifact_download_url = self.get_artifact_download_url_for_sha(pr_user_login=pr_data["user"]["login"],
-                                                                               pr_head_ref=pr_data["head"]["ref"],
-                                                                               pr_head_sha=pr_head_sha)
-                if artifact_download_url is None:
-                    # Go on to the next PR
-                    print("::debug::No sketches report artifact found")
-                    continue
-
-                artifact_folder_object = self.get_artifact(artifact_download_url=artifact_download_url)
-
-                sketches_reports = self.get_sketches_reports(artifact_folder_object=artifact_folder_object)
-
-                if sketches_reports:
-                    if sketches_reports[0][self.ReportKeys.commit_hash] != pr_head_sha:
-                        # The deltas report key uses the hash from the report, but the report_exists() comparison is
-                        # done using the hash provided by the API. If for some reason the two didn't match, it would
-                        # result in the deltas report being done over and over again.
-                        print("::warning::Report commit hash doesn't match PR's head commit hash, skipping")
+        """Comment a report of memory usage change to pull request(s)."""
+        if os.environ["GITHUB_EVENT_NAME"] == "pull_request":
+            # The sketches reports will be in a local folder location specified by the user
+            sketches_reports_folder = pathlib.Path(os.environ["GITHUB_WORKSPACE"], self.sketches_reports_source_name)
+            sketches_reports = self.get_sketches_reports(artifact_folder_object=sketches_reports_folder)
+
+            if sketches_reports:
+                report = self.generate_report(sketches_reports=sketches_reports)
+
+                with open(file=os.environ["GITHUB_EVENT_PATH"]) as github_event_file:
+                    pr_number = json.load(github_event_file)["pull_request"]["number"]
+
+                self.comment_report(pr_number=pr_number, report_markdown=report)
+
+        else:
+            # The script is being run from a workflow triggered by something other than a PR
+            # Scan the repository's pull requests and comment memory usage change reports where appropriate.
+            # Get the repository's pull requests
+            logger.debug("Getting PRs for " + self.repository_name)
+            page_number = 1
+            page_count = 1
+            while page_number <= page_count:
+                api_data = self.api_request(request="repos/" + self.repository_name + "/pulls",
+                                            page_number=page_number)
+                prs_data = api_data["json_data"]
+                for pr_data in prs_data:
+                    # Note: closed PRs are not listed in the API response
+                    pr_number = pr_data["number"]
+                    pr_head_sha = pr_data["head"]["sha"]
+                    print("::debug::Processing pull request number:", pr_number)
+                    # When a PR is locked, only collaborators may comment. The automatically generated GITHUB_TOKEN will
+                    # likely be used, which is owned by the github-actions bot, who doesn't have collaborator status. So
+                    # locking the thread would cause the job to fail.
+                    if pr_data["locked"]:
+                        print("::debug::PR locked, skipping")
                         continue
 
-                    report = self.generate_report(sketches_reports=sketches_reports)
+                    if self.report_exists(pr_number=pr_number,
+                                          pr_head_sha=pr_head_sha):
+                        # Go on to the next PR
+                        print("::debug::Report already exists")
+                        continue
 
-                    self.comment_report(pr_number=pr_number, report_markdown=report)
+                    artifact_download_url = self.get_artifact_download_url_for_sha(
+                        pr_user_login=pr_data["user"]["login"],
+                        pr_head_ref=pr_data["head"]["ref"],
+                        pr_head_sha=pr_head_sha)
+                    if artifact_download_url is None:
+                        # Go on to the next PR
+                        print("::debug::No sketches report artifact found")
+                        continue
 
-            page_number += 1
-            page_count = api_data["page_count"]
+                    artifact_folder_object = self.get_artifact(artifact_download_url=artifact_download_url)
+
+                    sketches_reports = self.get_sketches_reports(artifact_folder_object=artifact_folder_object)
+
+                    if sketches_reports:
+                        if sketches_reports[0][self.ReportKeys.commit_hash] != pr_head_sha:
+                            # The deltas report key uses the hash from the report, but the report_exists() comparison is
+                            # done using the hash provided by the API. If for some reason the two didn't match, it would
+                            # result in the deltas report being done over and over again.
+                            print("::warning::Report commit hash doesn't match PR's head commit hash, skipping")
+                            continue
+
+                        report = self.generate_report(sketches_reports=sketches_reports)
+
+                        self.comment_report(pr_number=pr_number, report_markdown=report)
+
+                page_number += 1
+                page_count = api_data["page_count"]
 
     def report_exists(self, pr_number, pr_head_sha):
         """Return whether a report has already been commented to the pull request thread for the latest workflow run
@@ -257,10 +275,12 @@ def get_sketches_reports(self, artifact_folder_object):
         artifact_folder_object -- object containing the data about the temporary folder that stores the markdown files
         """
         with artifact_folder_object as artifact_folder:
+            # artifact_folder will be a string when running in non-local report mode
+            artifact_folder = pathlib.Path(artifact_folder)
             sketches_reports = []
-            for report_filename in sorted(os.listdir(path=artifact_folder)):
+            for report_filename in sorted(artifact_folder.iterdir()):
                 # Combine sketches reports into an array
-                with open(file=artifact_folder + "/" + report_filename) as report_file:
+                with open(file=report_filename.joinpath(report_filename)) as report_file:
                     report_data = json.load(report_file)
                     if (
                         (self.ReportKeys.boards not in report_data)
diff --git a/reportsizedeltas/tests/data/test_report_size_deltas_pull_request/githubevent.json b/reportsizedeltas/tests/data/test_report_size_deltas_pull_request/githubevent.json
@@ -0,0 +1,8 @@
+{
+  "pull_request": {
+    "head": {
+      "sha": "pull_request-head-sha"
+    },
+    "number": 42
+  }
+}
diff --git a/reportsizedeltas/tests/test_reportsizedeltas.py b/reportsizedeltas/tests/test_reportsizedeltas.py
@@ -177,7 +177,42 @@ def test_set_verbosity():
     reportsizedeltas.set_verbosity(enable_verbosity=False)
 
 
-def test_report_size_deltas(mocker):
+def test_report_size_deltas_pull_request(mocker, monkeypatch):
+    sketches_reports_source_name = "golden-sketches-reports-source-path"
+    github_workspace = "golden-github-workspace"
+    sketches_reports_folder = pathlib.Path(github_workspace, sketches_reports_source_name)
+    sketches_reports = unittest.mock.sentinel.sketches_reports
+    report = "golden report"
+
+    monkeypatch.setenv("GITHUB_EVENT_NAME", "pull_request")
+    monkeypatch.setenv("GITHUB_WORKSPACE", github_workspace)
+    monkeypatch.setenv("GITHUB_EVENT_PATH",
+                       str(test_data_path.joinpath("test_report_size_deltas_pull_request", "githubevent.json")))
+
+    mocker.patch("reportsizedeltas.ReportSizeDeltas.get_sketches_reports", autospec=True)
+    mocker.patch("reportsizedeltas.ReportSizeDeltas.generate_report", autospec=True, return_value=report)
+    mocker.patch("reportsizedeltas.ReportSizeDeltas.comment_report", autospec=True)
+
+    report_size_deltas = get_reportsizedeltas_object(sketches_reports_source_name=sketches_reports_source_name)
+
+    # Test handling of no sketches reports data available
+    reportsizedeltas.ReportSizeDeltas.get_sketches_reports.return_value = None
+    report_size_deltas.report_size_deltas()
+
+    report_size_deltas.comment_report.assert_not_called()
+
+    # Test report data available
+    mocker.resetall()
+    reportsizedeltas.ReportSizeDeltas.get_sketches_reports.return_value = sketches_reports
+    report_size_deltas.report_size_deltas()
+
+    report_size_deltas.get_sketches_reports.assert_called_once_with(report_size_deltas,
+                                                                    artifact_folder_object=sketches_reports_folder)
+    report_size_deltas.generate_report.assert_called_once_with(report_size_deltas, sketches_reports=sketches_reports)
+    report_size_deltas.comment_report.assert_called_once_with(report_size_deltas, pr_number=42, report_markdown=report)
+
+
+def test_report_size_deltas_not_pull_request(mocker, monkeypatch):
     artifact_download_url = "test_artifact_download_url"
     artifact_folder_object = "test_artifact_folder_object"
     pr_head_sha = "pr-head-sha"
@@ -186,6 +221,8 @@ def test_report_size_deltas(mocker):
     json_data = [{"number": 1, "locked": True, "head": {"sha": pr_head_sha, "ref": "asdf"}, "user": {"login": "1234"}},
                  {"number": 2, "locked": False, "head": {"sha": pr_head_sha, "ref": "asdf"}, "user": {"login": "1234"}}]
 
+    monkeypatch.setenv("GITHUB_EVENT_NAME", "schedule")
+
     report_size_deltas = get_reportsizedeltas_object()
 
     mocker.patch("reportsizedeltas.ReportSizeDeltas.api_request",
