Copy code from code-review-demo and use reuseable code review action

FayeSGW · FayeSGW · commit d025d498ac6f · 2025-07-28T14:56:28.000+02:00
diff --git a/.github/workflows/code-review.yml b/.github/workflows/code-review.yml
@@ -0,0 +1,98 @@
+name: Code Review
+
+on:
+  workflow_call:
+    inputs:
+      kosli-org:
+        description: 'Kosli organization name'
+        required: true
+        type: string
+      kosli-build-flow:
+        description: 'Kosli build flow name *where the PR attestations are made*'
+        required: true
+        type: string
+
+      kosli-release-flow:
+        description: 'Kosli release flow name *where the attestation will be made*'
+        required: true
+        type: string
+      kosli-trail:
+        description: 'Kosli trail SHA to use'
+        required: true
+        type: string
+      base-tag:
+        description: 'Base tag to compare against (default: 1.0.0)'
+        required: false
+        type: string
+        default: '1.0.0'
+    secrets:
+      kosli-api-token:
+        description: 'Kosli API token'
+        required: true
+
+jobs:
+  code-review:
+    runs-on: ubuntu-24.04
+    permissions:
+      id-token: write
+      contents: write
+    env:
+      OUTPUT_FILE: output.json
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          fetch-tags: true
+
+      - name: Setup Kosli cli
+        uses: kosli-dev/setup-cli-action@v2
+        with:
+          version: ${{ vars.KOSLI_CLI_VERSION }}
+
+      - name: Setup Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.11'
+
+      - name: Install dependencies
+        run: pip install -r requirements.txt
+
+      - name: Get commit list between HEAD and base tag
+        id: get-commits
+        run: |
+          # Check if the base tag exists
+          if git rev-parse --verify ${{ inputs.base-tag }} >/dev/null 2>&1; then
+            # Tag exists, get all commit SHAs between HEAD and base tag (excluding the tag commit)
+            COMMIT_LIST=$(git log --format="%H" ${{ inputs.base-tag }}..HEAD)
+            echo "Using commits between HEAD and ${{ inputs.base-tag }} tag"
+          else
+            # Tag doesn't exist, use only HEAD commit
+            COMMIT_LIST=$(git rev-parse HEAD)
+            echo "Tag ${{ inputs.base-tag }} not found, using only HEAD commit"
+          fi
+          # Convert to space-separated list for the Python script
+          COMMIT_LIST_SPACED=$(echo "$COMMIT_LIST" | tr '\n' ' ')
+          echo "commit_list=$COMMIT_LIST_SPACED" >> $GITHUB_OUTPUT
+          echo "Found commits: $COMMIT_LIST_SPACED"
+
+      - name: Run code review evaluation
+        run: python3 "bin/code-review-evaluation.py" 
+          --host "https://app.kosli.com" 
+          --org "${{ inputs.kosli-org }}" 
+          --flow "${{ inputs.kosli-build-flow }}" 
+          --commit-list ${{ steps.get-commits.outputs.commit_list }} 
+          --attestation-type "pull_request" 
+          --api-token "${{ secrets.kosli-api-token }}" 
+          --output-file "${{ env.OUTPUT_FILE }}" 
+
+      - name: attest code review evidence to Kosli
+        run: kosli attest custom 
+          --type code-review
+          --name code-review
+          --attestation-data "${{ env.OUTPUT_FILE }}"
+          --flow ${{ inputs.kosli-release-flow }}
+          --trail ${{ inputs.kosli-trail }}
+          --api-token "${{ secrets.kosli-api-token }}"
+          --org ${{ inputs.kosli-org }}
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -0,0 +1,80 @@
+name: Build
+
+on:
+  push:
+    branches:
+      - '*-main'
+      - '*-release'
+
+env:
+  KOSLI_ORG: kosli-public
+  KOSLI_FLOW: test-code-review-action
+  KOSLI_API_TOKEN: '${{ secrets.KOSLI_PUBLIC_API_TOKEN }}'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+
+jobs:
+  setup:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          fetch-tags: true
+
+      - name: Setup Kosli cli
+        uses: kosli-dev/setup-cli-action@v2
+        with:
+          version: ${{ vars.KOSLI_CLI_VERSION }}
+
+
+      - name: Create Kosli Flow
+        run: kosli create flow ${{ env.KOSLI_FLOW }}
+          --template-file build-template.yml
+          --description "Code Review Demo"
+
+      - name: Begin Kosli Trail
+        run: kosli begin trail "${{ github.sha }}"
+          --flow ${{ env.KOSLI_FLOW }}
+
+
+  pull-request:
+    needs: [setup]
+    runs-on: ubuntu-24.04
+    permissions:
+      id-token: write
+      contents: write
+      pull-requests: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          fetch-tags: true
+
+      - name: Setup Kosli cli
+        uses: kosli-dev/setup-cli-action@v2
+        with:
+          version: ${{ vars.KOSLI_CLI_VERSION }}
+
+      - name: Attest pull-request evidence to Kosli
+        run: kosli attest pullrequest github
+          --name pull-request
+          --flow ${{ env.KOSLI_FLOW }}
+          --trail ${{ github.sha }}
+          --github-token ${{ secrets.GITHUB_TOKEN }}
+
+      
+  code-review:
+    needs: [pull-request]
+    uses: kosli-dev/control-actions/.github/actions/code-review@main
+    with:
+      base_ref: '1.0.0'
+      kosli_api_token: ${{ secrets.KOSLI_PUBLIC_API_TOKEN }}
+      kosli_org: 'kosli-public'
+      kosli_search_flow_name: 'test-code-review-action'
+      kosli_code_review_attestation_type: 'code-review'
+      kosli_code_review_flow_name: 'test-code-review-action'
+      kosli_code_review_trail_name: ${{ github.sha }}
diff --git a/.github/workflows/release-code-review.yml b/.github/workflows/release-code-review.yml
@@ -0,0 +1,47 @@
+name: Release Code Review
+
+on:
+  push:
+    tags:
+      - 's*-1.0.*'
+
+env:
+  KOSLI_ORG: kosli-public
+  KOSLI_FLOW: code-review-demo-release
+  KOSLI_API_TOKEN: '${{ secrets.KOSLI_PUBLIC_API_TOKEN }}'
+
+jobs:
+
+  setup:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          fetch-tags: true
+
+      - name: Setup Kosli cli
+        uses: kosli-dev/setup-cli-action@v2
+        with:
+          version: ${{ vars.KOSLI_CLI_VERSION }}
+
+      - name: Create Kosli Flow
+        run: kosli create flow ${{ env.KOSLI_FLOW }}
+          --template-file release-template.yml
+          --description "Code Review Demo Release"
+
+      - name: Begin Kosli Trail
+        run: kosli begin trail "${{ github.ref_name }}"
+          --flow ${{ env.KOSLI_FLOW }}
+
+  code-review:
+    needs: [setup]
+    uses: ./.github/workflows/code-review.yml
+    with:
+      kosli-org: kosli-public
+      kosli-build-flow: code-review-demo
+      kosli-release-flow: code-review-demo-release
+      kosli-trail: ${{ github.ref_name }}
+      base-tag: "1.0.0"
+    secrets:
+      kosli-api-token: ${{ secrets.KOSLI_PUBLIC_API_TOKEN }} 
diff --git a/build-template.yml b/build-template.yml
@@ -0,0 +1,7 @@
+version: 1
+trail:
+  attestations:
+    - name: code-review
+      type: custom:code-review
+    - name: pull-request
+      type: pull_request
diff --git a/release-template.yml b/release-template.yml
@@ -0,0 +1,5 @@
+version: 1
+trail:
+  attestations:
+    - name: code-review
+      type: custom:code-review
diff --git a/scenarios.md b/scenarios.md
diff --git a/source b/source
