Add spotless auto-fix for PRs (#1890)

trask · web-flow · commit 11c3dda26b9e · 2025-05-19T21:06:32.000Z
diff --git a/.github/workflows/auto-spotless-apply.yml b/.github/workflows/auto-spotless-apply.yml
@@ -0,0 +1,95 @@
+name: Auto spotless apply
+on:
+  workflow_run:
+    workflows:
+      - "Auto spotless check"
+    types:
+      - completed
+
+permissions:
+  contents: read
+
+jobs:
+  apply:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    steps:
+      - name: Download patch
+        uses: actions/download-artifact@v4.3.0
+        with:
+          run-id: ${{ github.event.workflow_run.id }}
+          path: ${{ runner.temp }}
+          merge-multiple: true
+          github-token: ${{ github.token }}
+
+      - id: unzip-patch
+        name: Unzip patch
+        working-directory: ${{ runner.temp }}
+        run: |
+          if [ -f patch ]; then
+            echo "exists=true" >> $GITHUB_OUTPUT
+          fi
+
+      - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
+        if: steps.unzip-patch.outputs.exists == 'true'
+        id: otelbot-token
+        with:
+          app-id: 1296620
+          private-key: ${{ secrets.OTELBOT_JAVA_CONTRIB_PRIVATE_KEY }}
+
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        if: steps.unzip-patch.outputs.exists == 'true'
+        with:
+          token: ${{ steps.otelbot-token.outputs.token }}
+
+      - id: get-pr
+        if: steps.unzip-patch.outputs.exists == 'true'
+        name: Get PR
+        env:
+          PR_BRANCH: |-
+            ${{
+              (github.event.workflow_run.head_repository.owner.login != github.event.workflow_run.repository.owner.login)
+                && format('{0}:{1}', github.event.workflow_run.head_repository.owner.login, github.event.workflow_run.head_branch)
+                || github.event.workflow_run.head_branch
+            }}
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          echo gh pr view "${PR_BRANCH}" --json number --jq .number
+          number=$(gh pr view "${PR_BRANCH}" --json number --jq .number)
+          echo $number
+          echo "number=$number" >> $GITHUB_OUTPUT
+
+      - name: Check out PR branch
+        if: steps.unzip-patch.outputs.exists == 'true'
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: gh pr checkout ${{ steps.get-pr.outputs.number }}
+
+      - name: Use CLA approved github bot
+        if: steps.unzip-patch.outputs.exists == 'true'
+        # IMPORTANT do not call the .github/scripts/use-cla-approved-bot.sh
+        # since that script could have been compromised in the PR branch
+        run: |
+          git config user.name otelbot
+          git config user.email 197425009+otelbot@users.noreply.github.com
+
+      - name: Apply patch and push
+        if: steps.unzip-patch.outputs.exists == 'true'
+        run: |
+          git apply "${{ runner.temp }}/patch"
+          git commit -a -m "./gradlew spotlessApply"
+          git push
+
+      - if: steps.unzip-patch.outputs.exists == 'true' && success()
+        env:
+          GH_TOKEN: ${{ steps.otelbot-token.outputs.token }}
+        run: |
+          gh pr comment ${{ steps.get-pr.outputs.number }} --body "🔧 The result from spotlessApply was committed to the PR branch."
+
+      - if: steps.unzip-patch.outputs.exists == 'true' && failure()
+        env:
+          GH_TOKEN: ${{ steps.otelbot-token.outputs.token }}
+        run: |
+          gh pr comment ${{ steps.get-pr.outputs.number }} --body "❌ The result from spotlessApply could not be committed to the PR branch, see logs: $GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID."
diff --git a/.github/workflows/auto-spotless-check.yml b/.github/workflows/auto-spotless-check.yml
@@ -0,0 +1,53 @@
+name: Auto spotless check
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Set up JDK for running Gradle
+        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+        with:
+          distribution: temurin
+          java-version: 17
+
+      - name: Set up gradle
+        uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1
+        with:
+          cache-read-only: true
+
+      - name: Check out PR branch
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: gh pr checkout ${{ github.event.pull_request.number }}
+
+      - name: Spotless
+        run: ./gradlew spotlessApply
+
+      - id: create-patch
+        name: Create patch file
+        run: |
+          git diff > patch
+          if [ -s patch ]; then
+            echo "exists=true" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Upload patch file
+        if: steps.create-patch.outputs.exists == 'true'
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          path: patch
+          name: patch
