CI(clang-format): Post fixes as code suggestions if possible when running on a PR #1038
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
echoix
force-pushed
the
post-pr-review-suggestions
branch
from
9031f08 to
22729ad
Compare
echoix
added
CI
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is the continuation of #1035, and will be adapted back to OSGeo/grass#3284 as a final solution.
After a hundred iterations or so, I've got a solution that I'm satisfied with. This allows linter formatting in a PR from a forked pull request to do so without any special secret access, and also be able to add PR review comments, that need
pull-request: writepermissions. These permissions cannot be granted for PRs coming from forks. Since all the PRs come from forks, we could never use anywritepermissions from our forks. It also avoids usingpull_request_targetwith a checkout of the external code, which is something that should never be done.Instead, it runs another workflow triggered by the completion of another workflow, through the
workflow_runtrigger. That second workflow takes 3 seconds, max 10 including startup. It won't appear as a check for a PR, but still manages to use the event's payload information available to apply to the PR. The fixes that need to be added as code suggestion comments are fed through the upload of a diff artifact. It is then easily downloaded in the second workflow.Note that PR review comments can only be added to lines in the diff context, that is 3 lines above or below the changed lines of a PR, just like the web interface: the API isn't different. The code suggestion comments are added on a best-effort basis to facilitate contributors to finish a PR. So only upgrading the clang-format version in a PR won't be able to post suggestions on all changes in the repo, since the affected lines aren't changed in that PR.
I designed this solution to be able to accept and post code suggestions for other tools in the near future. Other workflows could upload diffs from multiple tools in the same artifact, and only the tool name and the file name needs to be handled by conditional expressions (
if: ...) or a bash loop (careful to not inject the file names from the artifact, as it is untrusted inputs; prefer whitelisting the expected file names to match to). For now, it is implemented for clang-format.This time, I created a new organization, so I could develop with the forked-repo situation from the start. Once this PR is merged, the "callback" workflow that post code suggestions will be enabled, and will work right away.