From 52b1f9538c3a7c609bf5c577205b2558d8b8ea86 Mon Sep 17 00:00:00 2001 From: Dave Tryon <45672944+DaveTryon@users.noreply.github.com> Date: Tue, 21 Jan 2025 15:24:06 -0800 Subject: [PATCH 01/19] Add a placeholder test action --- .../pr-targeted-change-detection.yml | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/pr-targeted-change-detection.yml diff --git a/.github/workflows/pr-targeted-change-detection.yml b/.github/workflows/pr-targeted-change-detection.yml new file mode 100644 index 000000000..4c86438ec --- /dev/null +++ b/.github/workflows/pr-targeted-change-detection.yml @@ -0,0 +1,22 @@ +name: Test comments if targeted files are touched + +on: + pull_request: + types: + - opened + paths: + - 'src/**' + +jobs: + auto-comment: + runs-on: ubuntu-latest + steps: + - name: Checkout Repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: PR Comment + run: + gh pr comment $PRNUM "This is just a test" + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_REPO: ${{ github.repository }} + PRNUM: ${{ github.event.pull_request.number }} \ No newline at end of file From cdad57f59c16eb05f0d82e42739e7d816f7b0b06 Mon Sep 17 00:00:00 2001 From: Dave Tryon <45672944+DaveTryon@users.noreply.github.com> Date: Tue, 21 Jan 2025 15:31:23 -0800 Subject: [PATCH 02/19] Add a code change in the scope of the action's trigger --- src/Microsoft.Sbom.Tool/Program.cs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/Microsoft.Sbom.Tool/Program.cs b/src/Microsoft.Sbom.Tool/Program.cs index be4d6bdf4..adb0783e6 100644 --- a/src/Microsoft.Sbom.Tool/Program.cs +++ b/src/Microsoft.Sbom.Tool/Program.cs @@ -16,6 +16,8 @@ namespace Microsoft.Sbom.Tool; +// A comment-only change to test the trigger mechanism + internal class Program { internal static string Name => NameValue.Value; From b55e4c123695ec0c44ca6f100ddfc67820254c5b Mon Sep 17 00:00:00 2001 From: Dave Tryon <45672944+DaveTryon@users.noreply.github.com> Date: Tue, 21 Jan 2025 15:37:41 -0800 Subject: [PATCH 03/19] Add flag to run if the PR is edited --- .github/workflows/pr-targeted-change-detection.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-targeted-change-detection.yml b/.github/workflows/pr-targeted-change-detection.yml index 4c86438ec..203204709 100644 --- a/.github/workflows/pr-targeted-change-detection.yml +++ b/.github/workflows/pr-targeted-change-detection.yml @@ -3,7 +3,7 @@ name: Test comments if targeted files are touched on: pull_request: types: - - opened + - [opened, edited] paths: - 'src/**' From be33fcdaabecd6b6d1ecfceca2a727f18222f9e2 Mon Sep 17 00:00:00 2001 From: Dave Tryon <45672944+DaveTryon@users.noreply.github.com> Date: Tue, 21 Jan 2025 15:48:29 -0800 Subject: [PATCH 04/19] Try just "edited" flag for now --- .github/workflows/pr-targeted-change-detection.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-targeted-change-detection.yml b/.github/workflows/pr-targeted-change-detection.yml index 203204709..43ccbdad9 100644 --- a/.github/workflows/pr-targeted-change-detection.yml +++ b/.github/workflows/pr-targeted-change-detection.yml @@ -3,7 +3,7 @@ name: Test comments if targeted files are touched on: pull_request: types: - - [opened, edited] + - edited paths: - 'src/**' From 542594974532888a4fa6c7e21cc81d987b83ebff Mon Sep 17 00:00:00 2001 From: Dave Tryon <45672944+DaveTryon@users.noreply.github.com> Date: Tue, 21 Jan 2025 16:06:22 -0800 Subject: [PATCH 05/19] Another comment --- src/Microsoft.Sbom.Tool/Program.cs | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Microsoft.Sbom.Tool/Program.cs b/src/Microsoft.Sbom.Tool/Program.cs index adb0783e6..ea855b160 100644 --- a/src/Microsoft.Sbom.Tool/Program.cs +++ b/src/Microsoft.Sbom.Tool/Program.cs @@ -17,6 +17,7 @@ namespace Microsoft.Sbom.Tool; // A comment-only change to test the trigger mechanism +// Another one. internal class Program { From 78fcc11a61a69d6075d50bb046ac9e88bf662b5d Mon Sep 17 00:00:00 2001 From: Dave Tryon <45672944+DaveTryon@users.noreply.github.com> Date: Tue, 21 Jan 2025 16:10:25 -0800 Subject: [PATCH 06/19] Try to adjust trigger --- .github/workflows/pr-targeted-change-detection.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/pr-targeted-change-detection.yml b/.github/workflows/pr-targeted-change-detection.yml index 43ccbdad9..bb009a581 100644 --- a/.github/workflows/pr-targeted-change-detection.yml +++ b/.github/workflows/pr-targeted-change-detection.yml @@ -2,10 +2,8 @@ name: Test comments if targeted files are touched on: pull_request: - types: - - edited paths: - - 'src/**' + - 'src/**/*' jobs: auto-comment: From cbdb1ca3acaf25178158fcafeeccabb429562825 Mon Sep 17 00:00:00 2001 From: Dave Tryon <45672944+DaveTryon@users.noreply.github.com> Date: Tue, 21 Jan 2025 16:11:53 -0800 Subject: [PATCH 07/19] Adjust syntax --- .github/workflows/pr-targeted-change-detection.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-targeted-change-detection.yml b/.github/workflows/pr-targeted-change-detection.yml index bb009a581..84adec4a9 100644 --- a/.github/workflows/pr-targeted-change-detection.yml +++ b/.github/workflows/pr-targeted-change-detection.yml @@ -13,7 +13,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: PR Comment run: - gh pr comment $PRNUM "This is just a test" + gh pr comment $PRNUM -b "This is just a test" env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_REPO: ${{ github.repository }} From f0bfcf46a55eca5c8536e364f3abd03350c899f7 Mon Sep 17 00:00:00 2001 From: Dave Tryon <45672944+DaveTryon@users.noreply.github.com> Date: Tue, 21 Jan 2025 16:20:34 -0800 Subject: [PATCH 08/19] Debug permissions issue --- .../workflows/pr-targeted-change-detection.yml | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pr-targeted-change-detection.yml b/.github/workflows/pr-targeted-change-detection.yml index 84adec4a9..5ab4f789a 100644 --- a/.github/workflows/pr-targeted-change-detection.yml +++ b/.github/workflows/pr-targeted-change-detection.yml @@ -6,11 +6,27 @@ on: - 'src/**/*' jobs: + + print-token: + permissions: write-all + name: print-token + environment: dev + runs-on: ubuntu-latest + + steps: + - name: Check out code + uses: actions/checkout@v4 + + - name: Get registration token + id: getRegToken + run: | + curl -X POST -H \"Accept: application/vnd.github.v3+json\" -H 'Authorization: token ${{ secrets.GITHUB_TOKEN }}' https://api.github.com/repos/myprofile/myrepo/actions/runners/registration-token + auto-comment: runs-on: ubuntu-latest steps: - name: Checkout Repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@v4 - name: PR Comment run: gh pr comment $PRNUM -b "This is just a test" From 3ec2bffd28061332ba147978cc7f66e0fc732350 Mon Sep 17 00:00:00 2001 From: Dave Tryon <45672944+DaveTryon@users.noreply.github.com> Date: Tue, 21 Jan 2025 16:22:07 -0800 Subject: [PATCH 09/19] Tweak parameter --- .github/workflows/pr-targeted-change-detection.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/pr-targeted-change-detection.yml b/.github/workflows/pr-targeted-change-detection.yml index 5ab4f789a..20278c4f1 100644 --- a/.github/workflows/pr-targeted-change-detection.yml +++ b/.github/workflows/pr-targeted-change-detection.yml @@ -12,7 +12,6 @@ jobs: name: print-token environment: dev runs-on: ubuntu-latest - steps: - name: Check out code uses: actions/checkout@v4 @@ -20,7 +19,7 @@ jobs: - name: Get registration token id: getRegToken run: | - curl -X POST -H \"Accept: application/vnd.github.v3+json\" -H 'Authorization: token ${{ secrets.GITHUB_TOKEN }}' https://api.github.com/repos/myprofile/myrepo/actions/runners/registration-token + curl -X POST -H \"Accept: application/vnd.github.v3+json\" -H 'Authorization: token ${{ secrets.GITHUB_TOKEN }}' https://api.github.com/repos/${{ github.repository }}/actions/runners/registration-token auto-comment: runs-on: ubuntu-latest From 93ee4eb458974743fe70849ea1021508184fd814 Mon Sep 17 00:00:00 2001 From: Dave Tryon <45672944+DaveTryon@users.noreply.github.com> Date: Tue, 21 Jan 2025 16:24:41 -0800 Subject: [PATCH 10/19] Nope --- .github/workflows/pr-targeted-change-detection.yml | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/.github/workflows/pr-targeted-change-detection.yml b/.github/workflows/pr-targeted-change-detection.yml index 20278c4f1..581bd5cb4 100644 --- a/.github/workflows/pr-targeted-change-detection.yml +++ b/.github/workflows/pr-targeted-change-detection.yml @@ -7,20 +7,6 @@ on: jobs: - print-token: - permissions: write-all - name: print-token - environment: dev - runs-on: ubuntu-latest - steps: - - name: Check out code - uses: actions/checkout@v4 - - - name: Get registration token - id: getRegToken - run: | - curl -X POST -H \"Accept: application/vnd.github.v3+json\" -H 'Authorization: token ${{ secrets.GITHUB_TOKEN }}' https://api.github.com/repos/${{ github.repository }}/actions/runners/registration-token - auto-comment: runs-on: ubuntu-latest steps: From 9bf73eb516950c6cd9f963d0442b83db0c147cdf Mon Sep 17 00:00:00 2001 From: Dave Tryon <45672944+DaveTryon@users.noreply.github.com> Date: Tue, 21 Jan 2025 16:30:32 -0800 Subject: [PATCH 11/19] Try adding write permissions to the PR --- .github/workflows/pr-targeted-change-detection.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/pr-targeted-change-detection.yml b/.github/workflows/pr-targeted-change-detection.yml index 581bd5cb4..50d5fd5fd 100644 --- a/.github/workflows/pr-targeted-change-detection.yml +++ b/.github/workflows/pr-targeted-change-detection.yml @@ -9,6 +9,8 @@ jobs: auto-comment: runs-on: ubuntu-latest + permissions: + pull-requests: write steps: - name: Checkout Repository uses: actions/checkout@v4 From 60409abf056bc05a400acb2eb9237579eba4cc23 Mon Sep 17 00:00:00 2001 From: Dave Tryon <45672944+DaveTryon@users.noreply.github.com> Date: Tue, 21 Jan 2025 16:33:37 -0800 Subject: [PATCH 12/19] Tighten targeting --- .github/workflows/pr-targeted-change-detection.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pr-targeted-change-detection.yml b/.github/workflows/pr-targeted-change-detection.yml index 50d5fd5fd..62eee0d50 100644 --- a/.github/workflows/pr-targeted-change-detection.yml +++ b/.github/workflows/pr-targeted-change-detection.yml @@ -3,10 +3,9 @@ name: Test comments if targeted files are touched on: pull_request: paths: - - 'src/**/*' + - 'src/Microsoft.Sbom.Api/**/*' jobs: - auto-comment: runs-on: ubuntu-latest permissions: @@ -16,7 +15,7 @@ jobs: uses: actions/checkout@v4 - name: PR Comment run: - gh pr comment $PRNUM -b "This is just a test" + gh pr comment $PRNUM -b "You touched the API project--how does this impact the API version?" env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_REPO: ${{ github.repository }} From 54a8373fb5036d80acfb90b23819db32de472e44 Mon Sep 17 00:00:00 2001 From: Dave Tryon <45672944+DaveTryon@users.noreply.github.com> Date: Tue, 21 Jan 2025 16:34:44 -0800 Subject: [PATCH 13/19] Revert out-of-scope comment changes --- src/Microsoft.Sbom.Tool/Program.cs | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/Microsoft.Sbom.Tool/Program.cs b/src/Microsoft.Sbom.Tool/Program.cs index ea855b160..be4d6bdf4 100644 --- a/src/Microsoft.Sbom.Tool/Program.cs +++ b/src/Microsoft.Sbom.Tool/Program.cs @@ -16,9 +16,6 @@ namespace Microsoft.Sbom.Tool; -// A comment-only change to test the trigger mechanism -// Another one. - internal class Program { internal static string Name => NameValue.Value; From 1c08fcfd2d5c4f8842a5359ec090483ae8046695 Mon Sep 17 00:00:00 2001 From: Dave Tryon <45672944+DaveTryon@users.noreply.github.com> Date: Tue, 21 Jan 2025 16:36:17 -0800 Subject: [PATCH 14/19] Add in-scope change --- src/Microsoft.Sbom.Api/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/Microsoft.Sbom.Api/README.md b/src/Microsoft.Sbom.Api/README.md index 14a589984..d3f47ecc4 100644 --- a/src/Microsoft.Sbom.Api/README.md +++ b/src/Microsoft.Sbom.Api/README.md @@ -3,6 +3,8 @@ Generates Software Bill of Materials (SBOM) See [SBOM API Reference](https://github.com/microsoft/sbom-tool/blob/main/docs/sbom-tool-api-reference.md) for details on how to set up a Generation Service using the Microsoft Dependency Injection Library. +This comment is in the API project but isn't a code change + #### Scan Sample ```C# using Microsoft.Extensions.Hosting; From d91c467226aaa7c3a9e0497db8c9c1d7602c4c09 Mon Sep 17 00:00:00 2001 From: Dave Tryon <45672944+DaveTryon@users.noreply.github.com> Date: Tue, 21 Jan 2025 16:49:52 -0800 Subject: [PATCH 15/19] Get the action closer to a final form --- .github/workflows/pr-comment-api-change.md | 0 ...geted-change-detection.yml => pr-comment-api-change.yml} | 6 +++--- 2 files changed, 3 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/pr-comment-api-change.md rename .github/workflows/{pr-targeted-change-detection.yml => pr-comment-api-change.yml} (68%) diff --git a/.github/workflows/pr-comment-api-change.md b/.github/workflows/pr-comment-api-change.md new file mode 100644 index 000000000..e69de29bb diff --git a/.github/workflows/pr-targeted-change-detection.yml b/.github/workflows/pr-comment-api-change.yml similarity index 68% rename from .github/workflows/pr-targeted-change-detection.yml rename to .github/workflows/pr-comment-api-change.yml index 62eee0d50..725a6832a 100644 --- a/.github/workflows/pr-targeted-change-detection.yml +++ b/.github/workflows/pr-comment-api-change.yml @@ -1,9 +1,9 @@ -name: Test comments if targeted files are touched +name: CHekc for API changes on: pull_request: paths: - - 'src/Microsoft.Sbom.Api/**/*' + - 'src/Microsoft.Sbom.Api/**/*.cs' jobs: auto-comment: @@ -15,7 +15,7 @@ jobs: uses: actions/checkout@v4 - name: PR Comment run: - gh pr comment $PRNUM -b "You touched the API project--how does this impact the API version?" + gh pr comment $PRNUM --body-file .github/workflows/pr-comment-api-change.md env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_REPO: ${{ github.repository }} From ef31e0e8c737311b89360e2c90d7c67515edf82b Mon Sep 17 00:00:00 2001 From: Dave Tryon <45672944+DaveTryon@users.noreply.github.com> Date: Tue, 21 Jan 2025 16:50:58 -0800 Subject: [PATCH 16/19] Revert non-code changes in the API --- src/Microsoft.Sbom.Api/README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/Microsoft.Sbom.Api/README.md b/src/Microsoft.Sbom.Api/README.md index d3f47ecc4..14a589984 100644 --- a/src/Microsoft.Sbom.Api/README.md +++ b/src/Microsoft.Sbom.Api/README.md @@ -3,8 +3,6 @@ Generates Software Bill of Materials (SBOM) See [SBOM API Reference](https://github.com/microsoft/sbom-tool/blob/main/docs/sbom-tool-api-reference.md) for details on how to set up a Generation Service using the Microsoft Dependency Injection Library. -This comment is in the API project but isn't a code change - #### Scan Sample ```C# using Microsoft.Extensions.Hosting; From 5c9dab162447b9514ab13f71e8d7c73133b5cd88 Mon Sep 17 00:00:00 2001 From: Dave Tryon <45672944+DaveTryon@users.noreply.github.com> Date: Tue, 21 Jan 2025 16:52:27 -0800 Subject: [PATCH 17/19] Add a comment that should trigger the workflow --- src/Microsoft.Sbom.Api/SBOMGenerator.cs | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Microsoft.Sbom.Api/SBOMGenerator.cs b/src/Microsoft.Sbom.Api/SBOMGenerator.cs index 06c9d259a..e1bed5860 100644 --- a/src/Microsoft.Sbom.Api/SBOMGenerator.cs +++ b/src/Microsoft.Sbom.Api/SBOMGenerator.cs @@ -22,6 +22,7 @@ namespace Microsoft.Sbom.Api; /// /// Responsible for an API to generate SBOMs. +/// This is a dummy comment to test the PR workflow /// public class SbomGenerator : ISBOMGenerator { From e6844ae4fb470afe0752f3bc47644bfe36a1232d Mon Sep 17 00:00:00 2001 From: Dave Tryon <45672944+DaveTryon@users.noreply.github.com> Date: Tue, 21 Jan 2025 16:54:05 -0800 Subject: [PATCH 18/19] Fix the workflow (I forgot to commit these) --- .github/workflows/pr-comment-api-change.md | 4 ++++ .github/workflows/pr-comment-api-change.yml | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pr-comment-api-change.md b/.github/workflows/pr-comment-api-change.md index e69de29bb..f3ca2c7f3 100644 --- a/.github/workflows/pr-comment-api-change.md +++ b/.github/workflows/pr-comment-api-change.md @@ -0,0 +1,4 @@ +You touched the API project. Did you change _any_ of the API interfaces in _any way_? If so, this is an API-breaking change. Please be sure you do the following: + +1. Bump the major version in the next release +2. Update the documentation to show the new functionality diff --git a/.github/workflows/pr-comment-api-change.yml b/.github/workflows/pr-comment-api-change.yml index 725a6832a..e17b55115 100644 --- a/.github/workflows/pr-comment-api-change.yml +++ b/.github/workflows/pr-comment-api-change.yml @@ -1,4 +1,4 @@ -name: CHekc for API changes +name: Check for API changes on: pull_request: From e340b0d9262f2d140d1b90629dc797a7fdf1c105 Mon Sep 17 00:00:00 2001 From: Dave Tryon <45672944+DaveTryon@users.noreply.github.com> Date: Wed, 22 Jan 2025 09:23:28 -0800 Subject: [PATCH 19/19] Update PR comment --- .github/workflows/pr-comment-api-change.md | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pr-comment-api-change.md b/.github/workflows/pr-comment-api-change.md index f3ca2c7f3..62b2d2076 100644 --- a/.github/workflows/pr-comment-api-change.md +++ b/.github/workflows/pr-comment-api-change.md @@ -1,4 +1,15 @@ -You touched the API project. Did you change _any_ of the API interfaces in _any way_? If so, this is an API-breaking change. Please be sure you do the following: +This PR changes files in the API project. Does it change _any_ of the API interfaces in _any way_? Please note that this includes the following types of changes: +- Changing the signature of an existing interface method +- Adding a new method to an existing interface +- Adding a required data member to a class that an existing interface method consumes -1. Bump the major version in the next release -2. Update the documentation to show the new functionality +Because any of these changes can potentially break a downstream consumer with customized interface implementations, these changes need to be treated as breaking changes. Please do one of the following: + +## Option 1 - Publish this as a breaking change +1. Update the documentation to show the new functionality and/or explain the change +2. Bump the major version in the next release + +## Option 2 - Refactor the changes to be non-breaking +1. Review [this commit](https://github.com/microsoft/sbom-tool/commit/4d0ce83e194ed6feace53666aeb6280f5b8b8769), which adds a new interface in a backward-compatible way +2. Refactor the change to follow this pattern so that existing interfaces are left completely intact +3. Bump the minor version in the next release