Attempt to re-structure workflows to be more generic & reusable (#2364)

* Attempt to re-structure workflows to be more generic & reusable

* Iterate for reusable workflows can't call each other

* don't pass pullrequest params if no prnumber

* Comments

* Fix reusable workflow call

* Pass pr_id properly

* Fix run condition for prdetails job

* Fix needs dependency

* Stash work so far

* Fix copypasta

* Update

* Define outputs from pr_details.yml

* Fix output reporting

* Fix something or other

Author: t3chguy

.github/workflows/notify-downstream.yaml

@@ -2,6 +2,7 @@ name: Notify Downstream Projects
 on:
   push:
     branches: [ develop ]
+concurrency: ${{ github.workflow }}-${{ github.ref }}
 jobs:
   notify-matrix-react-sdk:
     runs-on: ubuntu-latest

.github/workflows/pr_details.yml

@@ -0,0 +1,59 @@
+# Find details about the PR associated with this ref
+# Outputs:
+#  prnumber: the ID number of the associated PR
+#  headref: the name of the head branch of the PR
+#  baseref: the name of the base branch of the PR
+name: PR Details
+on:
+  workflow_call:
+    inputs:
+      owner:
+        type: string
+        required: true
+        description: The github username of the owner of the head branch
+      branch:
+        type: string
+        required: true
+        description: The name of the head branch
+    outputs:
+      pr_id:
+        description: The ID of the PR found
+        value: ${{ jobs.prdetails.outputs.pr_id }}
+      head_branch:
+        description: The head branch of the PR found
+        value: ${{ jobs.prdetails.outputs.head_branch }}
+      base_branch:
+        description: The base branch of the PR found
+        value: ${{ jobs.prdetails.outputs.base_branch }}
+
+jobs:
+  prdetails:
+    name: Find PR Details
+    runs-on: ubuntu-latest
+    steps:
+      - name: "🔍 Read PR details"
+        id: details
+        # We need to find the PR number that corresponds to the branch, which we do by searching the GH API
+        # The workflow_run event includes a list of pull requests, but it doesn't get populated for
+        # forked PRs: https://docs.github.com/en/rest/reference/checks#create-a-check-run
+        run: |
+          head_branch='${{ inputs.owner }}:${{ inputs.branch }}'
+          echo "Head branch: $head_branch"
+          pulls_uri="https://api.github.com/repos/${{ github.repository }}/pulls?head=$(jq -Rr '@uri' <<<$head_branch)"
+          pr_data=$(curl -s -H 'Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' "$pulls_uri")
+
+          pr_number=$(jq -r '.[] | .number' <<< "$pr_data")
+          echo "PR number: $pr_number"
+          echo "::set-output name=prnumber::$pr_number"
+
+          head_ref=$(jq -r '.[] | .head.ref' <<< "$pr_data")
+          echo "Head ref: $head_ref"
+          echo "::set-output name=headref::$head_ref"
+
+          base_ref=$(jq -r '.[] | .base.ref' <<< "$pr_data")
+          echo "Base ref: $base_ref"
+          echo "::set-output name=baseref::$base_ref"
+    outputs:
+      pr_id: ${{ steps.details.outputs.prnumber }}
+      head_branch: ${{ steps.details.outputs.headref }}
+      base_branch: ${{ steps.details.outputs.baseref }}

.github/workflows/pull_request.yaml

@@ -2,6 +2,9 @@ name: Pull Request
 on:
   pull_request_target:
     types: [ opened, edited, labeled, unlabeled, synchronize ]
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 jobs:
   changelog:
     name: Preview Changelog

.github/workflows/sonarcloud.yml

@@ -0,0 +1,91 @@
+name: SonarCloud
+on:
+  workflow_call:
+    inputs:
+      repo:
+        type: string
+        required: true
+        description: The full name of the repo in org/repo format
+      head_branch:
+        type: string
+        required: true
+        description: The name of the head branch
+      # We cannot use ${{ github.sha }} here as for pull requests it'll be a simulated merge commit instead
+      revision:
+        type: string
+        required: true
+        description: The git revision with which this sonar run should be associated
+
+      # Coverage specific parameters, assumes coverage reports live in a /coverage/ directory
+      coverage_workflow_name:
+        type: string
+        required: false
+        description: The name of the workflow which uploaded the `coverage` artifact, if any
+      coverage_run_id:
+        type: string
+        required: false
+        description: The run_id of the workflow which upload the coverage relevant to this run
+
+      # PR specific parameters
+      pr_id:
+        type: string
+        required: false
+        description: The ID number of the PR if this workflow is being triggered due to one
+      base_branch:
+        type: string
+        required: false
+        description: The base branch of the PR if this workflow is being triggered due to one
+
+      # Org specific parameters
+      main_branch:
+        type: string
+        required: false
+        description: The default branch of the repository
+        default: "develop"
+    secrets:
+      SONAR_TOKEN:
+        required: true
+jobs:
+  analysis:
+    name: Analysis
+    runs-on: ubuntu-latest
+    steps:
+      - name: "🧮 Checkout code"
+        uses: actions/checkout@v3
+        with:
+          repository: ${{ inputs.repo }}
+          ref: ${{ inputs.head_branch }} # checkout commit that triggered this workflow
+          fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
+
+      # Fetch develop so that Sonar can identify new issues in PR builds
+      - name: "📕 Fetch ${{ inputs.main_branch }}"
+        if: inputs.head_branch != inputs.main_branch
+        run: git rev-parse HEAD && git fetch origin ${{ inputs.main_branch }}:${{ inputs.main_branch }} && git status && git rev-parse HEAD
+
+      # There's a 'download artifact' action, but it hasn't been updated for the workflow_run action
+      # (https://github.com/actions/download-artifact/issues/60) so instead we get this mess:
+      - name: "📥 Download Coverage Report"
+        uses: dawidd6/action-download-artifact@v2
+        if: inputs.coverage_workflow_name
+        with:
+          workflow: ${{ inputs.coverage_workflow_name }}
+          run_id: ${{ inputs.coverage_run_id }}
+          name: coverage
+          path: coverage
+
+      - name: "🔍 Read package.json version"
+        id: version
+        uses: martinbeentjes/npm-get-version-action@main
+
+      - name: "🩻 SonarCloud Scan"
+        uses: SonarSource/sonarcloud-github-action@master
+        with:
+          args: >
+            -Dsonar.projectVersion=${{ steps.version.outputs.current-version }}
+            -Dsonar.scm.revision=${{ inputs.revision }}
+            -Dsonar.pullrequest.key=${{ inputs.pr_id }}
+            -Dsonar.pullrequest.branch=${{ inputs.pr_id && inputs.head_branch }}
+            -Dsonar.pullrequest.base=${{ inputs.pr_id && inputs.base_branch }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.github/workflows/sonarqube.yml

@@ -4,87 +4,34 @@ on:
     workflows: [ "Tests" ]
     types:
       - completed
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 jobs:
-  sonarqube:
-    name: SonarQube
-    runs-on: ubuntu-latest
-    if: github.event.workflow_run.conclusion == 'success'
-    steps:
-      - name: "🧮 Checkout code"
-        uses: actions/checkout@v3
-        with:
-          repository: ${{ github.event.workflow_run.head_repository.full_name }}
-          ref: ${{ github.event.workflow_run.head_branch }} # checkout commit that triggered this workflow
-          fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
-
-      # fetch develop so that Sonar can identify new issues in PR builds
-      - name: "📕 Fetch develop"
-        if: "github.event.workflow_run.head_branch != 'develop'"
-        run: git rev-parse HEAD && git fetch origin develop:develop && git status && git rev-parse HEAD
-
-      # There's a 'download artifact' action, but it hasn't been updated for the workflow_run action
-      # (https://github.com/actions/download-artifact/issues/60) so instead we get this mess:
-      - name: "📥 Download Coverage Report"
-        uses: actions/[email protected]
-        with:
-          script: |
-            const artifacts = await github.actions.listWorkflowRunArtifacts({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                run_id: ${{ github.event.workflow_run.id }},
-            });
-            const matchArtifact = artifacts.data.artifacts.filter((artifact) => {
-                return artifact.name == "coverage"
-            })[0];
-            const download = await github.actions.downloadArtifact({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                artifact_id: matchArtifact.id,
-                archive_format: 'zip',
-            });
-            const fs = require('fs');
-            fs.writeFileSync('${{github.workspace}}/coverage.zip', Buffer.from(download.data));
-
-      - name: "🗃️ Extract Coverage Report"
-        run: unzip -d coverage coverage.zip && rm coverage.zip
-
-      - name: "🔍 Read latest tag"
-        id: version
-        uses: WyriHaximus/github-action-get-previous-tag@v1
+  prdetails:
+    name: ℹ️ PR Details
+    if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'pull_request'
+    uses: matrix-org/matrix-js-sdk/.github/workflows/pr_details.yml@develop
+    with:
+      owner: ${{ github.event.workflow_run.head_repository.owner.login }}
+      branch: ${{ github.event.workflow_run.head_branch }}
 
-      - name: "🔍 Read PR details"
-        id: prdetails
-        if: github.event.workflow_run.event == 'pull_request'
-        # We need to find the PR number that corresponds to the branch, which we do by searching the GH API
-        # The workflow_run event includes a list of pull requests, but it doesn't get populated for
-        # forked PRs: https://docs.github.com/en/rest/reference/checks#create-a-check-run
-        run: |
-          head_branch='${{github.event.workflow_run.head_repository.owner.login}}:${{github.event.workflow_run.head_branch}}'
-          echo "Head branch: $head_branch"
-          pulls_uri="https://api.github.com/repos/${{ github.repository }}/pulls?head=$(jq -Rr '@uri' <<<$head_branch)"
-          pr_data=$(curl -s -H 'Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' "$pulls_uri")
-
-          pr_number=$(jq -r '.[] | .number' <<< "$pr_data")
-          echo "PR number: $pr_number"
-          echo "::set-output name=prnumber::$pr_number"
-
-          head_ref=$(jq -r '.[] | .head.ref' <<< "$pr_data")
-          echo "Head ref: $head_ref"
-          echo "::set-output name=headref::$head_ref"
-
-          base_ref=$(jq -r '.[] | .base.ref' <<< "$pr_data")
-          echo "Base ref: $base_ref"
-          echo "::set-output name=baseref::$base_ref"
-
-      - name: "🩻 SonarCloud Scan"
-        uses: SonarSource/sonarcloud-github-action@master
-        with:
-          args: >
-            -Dsonar.projectVersion=${{ steps.version.outputs.tag }}
-            -Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }}
-            -Dsonar.pullrequest.key=${{ steps.prdetails.outputs.prnumber }}
-            -Dsonar.pullrequest.branch=${{ steps.prdetails.outputs.headref }}
-            -Dsonar.pullrequest.base=${{ steps.prdetails.outputs.baseref }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+  sonarqube:
+    name: 🩻 SonarQube
+    needs: prdetails
+    # Only wait for prdetails if it isn't skipped
+    if: |
+      always() &&
+      (needs.prdetails.result == 'success' || needs.prdetails.result == 'skipped') &&
+      github.event.workflow_run.conclusion == 'success'
+    uses: matrix-org/matrix-js-sdk/.github/workflows/sonarcloud.yml@develop
+    with:
+      repo: ${{ github.event.workflow_run.head_repository.full_name }}
+      pr_id: ${{ needs.prdetails.outputs.pr_id }}
+      head_branch: ${{ needs.prdetails.outputs.head_branch || github.event.workflow_run.head_branch }}
+      base_branch: ${{ needs.prdetails.outputs.base_branch }}
+      revision: ${{ github.event.workflow_run.head_sha }}
+      coverage_workflow_name: tests.yml
+      coverage_run_id: ${{ github.event.workflow_run.id }}
+    secrets:
+      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.github/workflows/static_analysis.yml

@@ -3,6 +3,9 @@ on:
   pull_request: { }
   push:
     branches: [ develop, master ]
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 jobs:
   ts_lint:
     name: "Typescript Syntax Check"

.github/workflows/tests.yml

@@ -2,7 +2,10 @@ name: Tests
 on:
   pull_request: { }
   push:
-    branches: [ develop, main, master ]
+    branches: [ develop, master ]
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 jobs:
   jest:
     name: Jest