HACKATHON: Example interdiff github action #159
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Check Kernel Commits for Upstream Fixes | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| jobs: | |
| check-upstream-fixes: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout PR branch | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.head_ref }} | |
| - name: Checkout base branch | |
| run: | | |
| git fetch origin ${{ github.base_ref }}:${{ github.base_ref }} | |
| - name: Download check_kernel_commits.py | |
| run: | | |
| curl -sL \ | |
| https://raw.githubusercontent.com/ctrliq/kernel-src-tree-tools/mainline/check_kernel_commits.py \ | |
| -o check_kernel_commits.py | |
| chmod +x check_kernel_commits.py | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.x' | |
| - name: Install build dependencies for patchutils | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y build-essential autoconf automake libtool gnulib | |
| - name: Clone and build custom patchutils | |
| run: | | |
| git clone https://github.com/kerneltoast/patchutils | |
| cd patchutils | |
| ./bootstrap | |
| ./configure | |
| make -j$(nproc) | |
| - name: Download run_interdiff.py | |
| run: | | |
| curl -sL \ | |
| https://raw.githubusercontent.com/ctrliq/kernel-src-tree-tools/hackathon-cve-check/run_interdiff.py \ | |
| -o run_interdiff.py | |
| chmod +x run_interdiff.py | |
| - name: Run upstream fixes check | |
| id: checkkernel | |
| run: | | |
| python3 check_kernel_commits.py --repo . --pr_branch "${{ github.head_ref }}" --base_branch "${{ github.base_ref }}" --markdown | tee result.txt | |
| # Save non-empty results for PR comment | |
| if grep -q -v "All referenced commits exist upstream and have no Fixes: tags." result.txt; then | |
| echo "has_findings=true" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Run interdiff check | |
| id: interdiff | |
| run: | | |
| python3 run_interdiff.py --repo . --pr_branch "${{ github.head_ref }}" --base_branch "${{ github.base_ref }}" --markdown --interdiff ./patchutils/src/interdiff | tee interdiff_result.txt | |
| # Save non-empty results for PR comment | |
| if grep -q -v "All backported commits match their upstream counterparts." interdiff_result.txt; then | |
| echo "has_differences=true" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Comment on PR if issues found | |
| if: steps.checkkernel.outputs.has_findings == 'true' | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| gh pr comment ${{ github.event.pull_request.number }} \ | |
| --body "$(cat result.txt)" \ | |
| --repo ${{ github.repository }} | |
| - name: Comment on PR if interdiff differences found | |
| if: steps.interdiff.outputs.has_differences == 'true' | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| gh pr comment ${{ github.event.pull_request.number }} \ | |
| --body "$(cat interdiff_result.txt)" \ | |
| --repo ${{ github.repository }} |