Skip to content

Commit

Permalink
Merge pull request #32 from RyosukeDTomita/feature/github-comment
Browse files Browse the repository at this point in the history
Feature/GitHub comment
  • Loading branch information
RyosukeDTomita authored Jun 17, 2024
2 parents bb8e43b + f0279e2 commit 77b1e63
Show file tree
Hide file tree
Showing 8 changed files with 225 additions and 6 deletions.
24 changes: 24 additions & 0 deletions .github/archive-workflows/github-comment-test.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
name: github-comment
on: [push]

defaults:
run:
shell: bash

jobs:
github-comment-test: # job id(Typed by user)
runs-on: ubuntu-latest

steps:
# Checkout repository to runner
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: install package using aqua
uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1
with:
aqua_version: v2.29.0

- run: github-comment post -k hello --token ${{ secrets.TOKEN }}
- name: exit=0 then no comment
run: github-comment exec --token ${{ secrets.TOKEN }} -- ls
- name: exit!=0 then comment
run: github-comment exec --token ${{ secrets.TOKEN }} -- ls /not_exist
15 changes: 13 additions & 2 deletions .github/workflows/react-jest.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,10 @@ defaults:
jobs:
frontend-jest: # job id(Typed by user)
runs-on: ubuntu-latest
defaults:
# デフォルトのワーキングディレクトリのため設定不要だが,明示的に指定。
run:
working-directory: /home/runner/work/devsecops-demo-aws-ecs/devsecops-demo-aws-ecs

steps:
# Checkout repository to runner
Expand All @@ -18,8 +22,15 @@ jobs:
with:
node-version: '20'

- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0

- name: install package using aqua
uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1
with:
aqua_version: v2.29.0

- name: Install Dependencies
run: cd /home/runner/work/devsecops-demo-aws-ecs/devsecops-demo-aws-ecs && npm install
run: github-comment exec --token ${{ secrets.TOKEN }} -- npm install

- name: Run npm test
run: cd /home/runner/work/devsecops-demo-aws-ecs/devsecops-demo-aws-ecs && npm test -- --watchAll=false
run: github-comment exec --token ${{ secrets.TOKEN }} -- npm test -- --watchAll=false
7 changes: 5 additions & 2 deletions .github/workflows/react-semgrep.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,13 @@ jobs:
steps:
- name: clone application source code
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0

- name: install package using aqua
uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1
with:
aqua_version: v2.29.0
- name: full scan
run: |
semgrep \
github-comment exec --token ${{ secrets.TOKEN }} -- semgrep \
--sarif --output report.sarif \
--metrics=off \
--config="p/default"
Expand Down
1 change: 1 addition & 0 deletions aqua.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,3 +11,4 @@ registries:
ref: v4.193.0 # renovate: depName=aquaproj/aqua-registry
packages:
- name: suzuki-shunsuke/pinact@v0.2.0
- name: suzuki-shunsuke/github-comment@v6.0.4
2 changes: 1 addition & 1 deletion doc/github-actions.md
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ actions/setup-python@コミットハッシュ
- Environment Secret: Environmentを作成して値を区別して使用できる。Environmentはリポジトリに対して複数作成できる。
- Repository Secret: リポジトリで共通の値を使う。

### 使用方法
### 使用方法(CLI)

> [GitHub CLIでリポジトリへsecretを設定](https://zenn.dev/hankei6km/articles/set-secret-to-repo-with-githubcli)
> [GitHub Actionsで機密情報を扱う方法](https://qiita.com/ak2ie/items/4fbcdf74e7760c49c1af)
Expand Down
129 changes: 129 additions & 0 deletions doc/tools_doc/github-comment.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,129 @@
# github-comment

## github-commentとは

> [作者さんのブログ](https://zenn.dev/shunsuke_suzuki/articles/improve-cicd-with-github-comment)
> [使い方](https://github.com/suzuki-shunsuke/github-comment?tab=readme-ov-file)
- CIの結果を見やすくするために整形してコメントに投稿できる。

## install

ローカルにいれるというよりはGitHub Actionsから実行するのが良さそうだが一応インストール手順を書いておく。

```shell
aqua g -i suzuki-shunsuke/github-comment
aqua i -l
```

GitHub Actionsを使いたい場合には後述の手順を参照。

## 使い方

### 共通してやること

- github-comment.yaml(template)を用意する。

```shell
github-comment init
```

```yaml
---
skip_no_token: true
base:
org: RyosukeDTomita
repo: devsecops-demo-aws-ecs
post:
default:
template: |
{{.Org}}/{{.Repo}} test
hello:
template: |
hello world!
exec:
hello:
- when: true
template: |
{{template "header" .}}
{{.Vars.foo}} {{.Vars.zoo.foo}}
{{.Org}} {{.Repo}} {{.PRNumber}} {{.SHA1}} {{.TemplateKey}}
exit code: {{.ExitCode}}
```console
$ {{.Command}}
```
Stdout:
```
{{.Stdout}}
```
Stderr:
```
{{.Stderr}}
```
CombinedOutput:
```
{{.CombinedOutput}}
```
template_for_too_long: |
{{template "header" .}}
{{.Vars.foo}} {{.Vars.zoo.foo}}
{{.Org}} {{.Repo}} {{.PRNumber}} {{.SHA1}} {{.TemplateKey}}
exit code: {{.ExitCode}}
```console
$ {{.Command}}
```
```
- [GitHub Personal Access Token](https://docs.github.com/ja/enterprise-cloud@latest/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens)を取得する。
### ローカルから試す
```shell
github-comment post --token <personal access token> --org RyosukeDTomita --repo devsecops-demo-aws-ecs --template hello --sha1 <commit hash>
```

### github-actionsから試す

- Personal Access TokenをGitHub Actionsのsecretに登録する。

- GitHub ActionsのWorkflow(`.github/workflows/`配下に作成。

> [!NOTE]
> 以下の例ではaquaを使ってgithub-commentをインストールして,実行している。
> また,成功する例と失敗する例を実行しており,失敗したときのみコメントが作成されていることを確かめる。
> [実行例](https://github.com/RyosukeDTomita/devsecops-demo-aws-ecs/pull/32#issuecomment-2171981579)
```yaml
name: github-comment
on: [push]

defaults:
run:
shell: bash

jobs:
github-comment-test: # job id(Typed by user)
runs-on: ubuntu-latest

steps:
# Checkout repository to runner
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: install package using aqua
uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1
with:
aqua_version: v2.29.0

- run: github-comment post -k hello --token ${{ secrets.TOKEN }}
- name: exit=0 then no comment
run: github-comment exec --token ${{ secrets.TOKEN }} -- ls
- name: exit!=0 then comment
run: github-comment exec --token ${{ secrets.TOKEN }} -- ls /not_exist
```
2 changes: 1 addition & 1 deletion doc/tools_doc/pre-commit.md
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ sudo pip3 install virtualenv
- **デフォルトでは変更されたファイルに対してのみしか実行**されないので注意が必用。全体のチェックをしたいなら手動で行える。

```shell
pre-commit run --all-files
pre-commit run --all-file
```

- 以下はhadolint(Dockerfileのリンター)を実行するための`.pre-commit-config.yaml`の例
Expand Down
51 changes: 51 additions & 0 deletions github-comment.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
---
skip_no_token: true
base:
org: RyosukeDTomita
repo: devsecops-demo-aws-ecs
post:
default:
template: |
{{.Org}}/{{.Repo}} test
hello:
template: |
hello world!
exec:
hello:
- when: true
template: |
{{template "header" .}}
{{.Vars.foo}} {{.Vars.zoo.foo}}
{{.Org}} {{.Repo}} {{.PRNumber}} {{.SHA1}} {{.TemplateKey}}
exit code: {{.ExitCode}}
```console
$ {{.Command}}
```
Stdout:
```
{{.Stdout}}
```
Stderr:
```
{{.Stderr}}
```
CombinedOutput:
```
{{.CombinedOutput}}
```
template_for_too_long: |
{{template "header" .}}
{{.Vars.foo}} {{.Vars.zoo.foo}}
{{.Org}} {{.Repo}} {{.PRNumber}} {{.SHA1}} {{.TemplateKey}}
exit code: {{.ExitCode}}
```console
$ {{.Command}}
```

0 comments on commit 77b1e63

Please sign in to comment.