From e37c3eecf8bd7b0812876f6bc7f0580c5d075b25 Mon Sep 17 00:00:00 2001 From: RyosukeDTomita Date: Sun, 16 Jun 2024 15:48:02 +0900 Subject: [PATCH 1/4] first try github-comment --- aqua.yaml | 1 + doc/tools_doc/github-comment.md | 26 +++++++++++++++ github-comment.yaml | 58 +++++++++++++++++++++++++++++++++ 3 files changed, 85 insertions(+) create mode 100644 doc/tools_doc/github-comment.md create mode 100644 github-comment.yaml diff --git a/aqua.yaml b/aqua.yaml index 6c1b161..cbac218 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -11,3 +11,4 @@ registries: ref: v4.193.0 # renovate: depName=aquaproj/aqua-registry packages: - name: suzuki-shunsuke/pinact@v0.2.0 +- name: suzuki-shunsuke/github-comment@v6.0.4 diff --git a/doc/tools_doc/github-comment.md b/doc/tools_doc/github-comment.md new file mode 100644 index 0000000..34b2387 --- /dev/null +++ b/doc/tools_doc/github-comment.md @@ -0,0 +1,26 @@ +# github-comment + +## github-commentとは + +> [作者さんのブログ](https://zenn.dev/shunsuke_suzuki/articles/improve-cicd-with-github-comment) +> [使い方](https://github.com/suzuki-shunsuke/github-comment?tab=readme-ov-file) + +- CIの結果を見やすくするために整形してコメントに投稿できる。 + +## install + +正直ローカルにいれるというよりはGitHub Actionsから実行するのが良さそうだが一応インストール手順を書いておく。 + +```shell +aqua g -i suzuki-shunsuke/github-comment +aqua i -l +``` + +## 使い方 + +ブランチがリモート(github.com)に存在しないとエラーが出る。 + +```shell +github-comment post -k test +opts is invalid: org is required +``` diff --git a/github-comment.yaml b/github-comment.yaml new file mode 100644 index 0000000..7d067a1 --- /dev/null +++ b/github-comment.yaml @@ -0,0 +1,58 @@ +--- +# skip_no_token: true +# base: +# org: +# repo: +# vars: +# foo: bar +# zoo: +# foo: hello +# templates: +# header: "# {{.Org}}/{{.Repo}}" +# post: +# default: +# template: | +# {{template "header" .}} +# {{.Vars.foo}} {{.Vars.zoo.foo}} +# {{.Org}} {{.Repo}} {{.PRNumber}} {{.SHA1}} {{.TemplateKey}} +# hello: +# template: hello +# exec: +# hello: +# - when: true +# template: | +# {{template "header" .}} +# {{.Vars.foo}} {{.Vars.zoo.foo}} +# {{.Org}} {{.Repo}} {{.PRNumber}} {{.SHA1}} {{.TemplateKey}} +# exit code: {{.ExitCode}} +# +# ```console +# $ {{.Command}} +# ``` +# +# Stdout: +# +# ``` +# {{.Stdout}} +# ``` +# +# Stderr: +# +# ``` +# {{.Stderr}} +# ``` +# +# CombinedOutput: +# +# ``` +# {{.CombinedOutput}} +# ``` +# template_for_too_long: | +# {{template "header" .}} +# {{.Vars.foo}} {{.Vars.zoo.foo}} +# {{.Org}} {{.Repo}} {{.PRNumber}} {{.SHA1}} {{.TemplateKey}} +# exit code: {{.ExitCode}} +# +# ```console +# $ {{.Command}} +# ``` From d7ed457522675d41cdb755f6e42cd7e21655e4b2 Mon Sep 17 00:00:00 2001 From: RyosukeDTomita Date: Sun, 16 Jun 2024 18:33:27 +0900 Subject: [PATCH 2/4] chore: Add GitHub Actions workflow for posting comments fix typo test test2 test3 test4 test5 test5 test6 test7 hello world test8 test9 test10 test11 test11 test12 test14 test15 test15 ok test19 --- .github/workflows/github-comment-test.yaml | 24 +++++ doc/tools_doc/github-comment.md | 2 - doc/tools_doc/pre-commit.md | 2 +- github-comment.yaml | 100 +++++++++++---------- 4 files changed, 79 insertions(+), 49 deletions(-) create mode 100644 .github/workflows/github-comment-test.yaml diff --git a/.github/workflows/github-comment-test.yaml b/.github/workflows/github-comment-test.yaml new file mode 100644 index 0000000..cd3d722 --- /dev/null +++ b/.github/workflows/github-comment-test.yaml @@ -0,0 +1,24 @@ +name: github-comment +on: [push] + +defaults: + run: + shell: bash + +jobs: + github-comment-test: # job id(Typed by user) + runs-on: ubuntu-latest + + steps: + # Checkout repository to runner + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + - name: install package using aqua + uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1 + with: + aqua_version: v2.29.0 + + - run: github-comment post -k hello --token ${{ secrets.TOKEN }} + - name: exit=0 then no comment + run: github-comment exec --token ${{ secrets.TOKEN }} -- ls + - name: exit!=0 then comment + run: github-comment exec --token ${{ secrets.TOKEN }} -- ls /not_exist diff --git a/doc/tools_doc/github-comment.md b/doc/tools_doc/github-comment.md index 34b2387..4a803a4 100644 --- a/doc/tools_doc/github-comment.md +++ b/doc/tools_doc/github-comment.md @@ -18,8 +18,6 @@ aqua i -l ## 使い方 -ブランチがリモート(github.com)に存在しないとエラーが出る。 - ```shell github-comment post -k test opts is invalid: org is required diff --git a/doc/tools_doc/pre-commit.md b/doc/tools_doc/pre-commit.md index 3655202..3703c88 100644 --- a/doc/tools_doc/pre-commit.md +++ b/doc/tools_doc/pre-commit.md @@ -34,7 +34,7 @@ sudo pip3 install virtualenv - **デフォルトでは変更されたファイルに対してのみしか実行**されないので注意が必用。全体のチェックをしたいなら手動で行える。 ```shell -pre-commit run --all-files +pre-commit run --all-file ``` - 以下はhadolint(Dockerfileのリンター)を実行するための`.pre-commit-config.yaml`の例 diff --git a/github-comment.yaml b/github-comment.yaml index 7d067a1..5b5dc91 100644 --- a/github-comment.yaml +++ b/github-comment.yaml @@ -1,12 +1,19 @@ --- -# skip_no_token: true -# base: -# org: -# repo: +skip_no_token: true +base: + org: RyosukeDTomita + repo: devsecops-demo-aws-ecs +post: + default: + template: | + {{.Org}}/{{.Repo}} test + hello: + template: | + hello world! # vars: # foo: bar # zoo: -# foo: hello + # foo: hello # templates: # header: "# {{.Org}}/{{.Repo}}" # post: @@ -15,44 +22,45 @@ # {{template "header" .}} # {{.Vars.foo}} {{.Vars.zoo.foo}} # {{.Org}} {{.Repo}} {{.PRNumber}} {{.SHA1}} {{.TemplateKey}} -# hello: -# template: hello -# exec: -# hello: -# - when: true -# template: | -# {{template "header" .}} -# {{.Vars.foo}} {{.Vars.zoo.foo}} -# {{.Org}} {{.Repo}} {{.PRNumber}} {{.SHA1}} {{.TemplateKey}} -# exit code: {{.ExitCode}} -# -# ```console -# $ {{.Command}} -# ``` -# -# Stdout: -# -# ``` -# {{.Stdout}} -# ``` -# -# Stderr: -# -# ``` -# {{.Stderr}} -# ``` -# -# CombinedOutput: -# -# ``` -# {{.CombinedOutput}} -# ``` -# template_for_too_long: | -# {{template "header" .}} -# {{.Vars.foo}} {{.Vars.zoo.foo}} -# {{.Org}} {{.Repo}} {{.PRNumber}} {{.SHA1}} {{.TemplateKey}} -# exit code: {{.ExitCode}} -# -# ```console -# $ {{.Command}} -# ``` + # hello: + # template: + # hello +exec: + hello: + - when: true + template: | + {{template "header" .}} + {{.Vars.foo}} {{.Vars.zoo.foo}} + {{.Org}} {{.Repo}} {{.PRNumber}} {{.SHA1}} {{.TemplateKey}} + exit code: {{.ExitCode}} + + ```console + $ {{.Command}} + ``` + + Stdout: + + ``` + {{.Stdout}} + ``` + + Stderr: + + ``` + {{.Stderr}} + ``` + + CombinedOutput: + + ``` + {{.CombinedOutput}} + ``` + template_for_too_long: | + {{template "header" .}} + {{.Vars.foo}} {{.Vars.zoo.foo}} + {{.Org}} {{.Repo}} {{.PRNumber}} {{.SHA1}} {{.TemplateKey}} + exit code: {{.ExitCode}} + + ```console + $ {{.Command}} + ``` From 942576b0a98f51652fab51233a220a55e2cf38d8 Mon Sep 17 00:00:00 2001 From: RyosukeDTomita Date: Mon, 17 Jun 2024 10:16:19 +0900 Subject: [PATCH 3/4] add github-comment document --- .../github-comment-test.yaml | 0 doc/github-actions.md | 2 +- doc/tools_doc/github-comment.md | 111 +++++++++++++++++- github-comment.yaml | 15 --- 4 files changed, 109 insertions(+), 19 deletions(-) rename .github/{workflows => archive-workflows}/github-comment-test.yaml (100%) diff --git a/.github/workflows/github-comment-test.yaml b/.github/archive-workflows/github-comment-test.yaml similarity index 100% rename from .github/workflows/github-comment-test.yaml rename to .github/archive-workflows/github-comment-test.yaml diff --git a/doc/github-actions.md b/doc/github-actions.md index a571c65..73c705e 100644 --- a/doc/github-actions.md +++ b/doc/github-actions.md @@ -39,7 +39,7 @@ actions/setup-python@コミットハッシュ - Environment Secret: Environmentを作成して値を区別して使用できる。Environmentはリポジトリに対して複数作成できる。 - Repository Secret: リポジトリで共通の値を使う。 -### 使用方法 +### 使用方法(CLI) > [GitHub CLIでリポジトリへsecretを設定](https://zenn.dev/hankei6km/articles/set-secret-to-repo-with-githubcli) > [GitHub Actionsで機密情報を扱う方法](https://qiita.com/ak2ie/items/4fbcdf74e7760c49c1af) diff --git a/doc/tools_doc/github-comment.md b/doc/tools_doc/github-comment.md index 4a803a4..2d50f8d 100644 --- a/doc/tools_doc/github-comment.md +++ b/doc/tools_doc/github-comment.md @@ -9,16 +9,121 @@ ## install -正直ローカルにいれるというよりはGitHub Actionsから実行するのが良さそうだが一応インストール手順を書いておく。 +ローカルにいれるというよりはGitHub Actionsから実行するのが良さそうだが一応インストール手順を書いておく。 ```shell aqua g -i suzuki-shunsuke/github-comment aqua i -l ``` +GitHub Actionsを使いたい場合には後述の手順を参照。 + ## 使い方 +### 共通してやること + +- github-comment.yaml(template)を用意する。 + +```shell +github-comment init +``` + +```yaml +--- +skip_no_token: true +base: + org: RyosukeDTomita + repo: devsecops-demo-aws-ecs +post: + default: + template: | + {{.Org}}/{{.Repo}} test + hello: + template: | + hello world! +exec: + hello: + - when: true + template: | + {{template "header" .}} + {{.Vars.foo}} {{.Vars.zoo.foo}} + {{.Org}} {{.Repo}} {{.PRNumber}} {{.SHA1}} {{.TemplateKey}} + exit code: {{.ExitCode}} + + ```console + $ {{.Command}} + ``` + + Stdout: + + ``` + {{.Stdout}} + ``` + + Stderr: + + ``` + {{.Stderr}} + ``` + + CombinedOutput: + + ``` + {{.CombinedOutput}} + ``` + template_for_too_long: | + {{template "header" .}} + {{.Vars.foo}} {{.Vars.zoo.foo}} + {{.Org}} {{.Repo}} {{.PRNumber}} {{.SHA1}} {{.TemplateKey}} + exit code: {{.ExitCode}} + + ```console + $ {{.Command}} + ``` +``` + +- [GitHub Personal Access Token](https://docs.github.com/ja/enterprise-cloud@latest/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens)を取得する。 + +### ローカルから試す + ```shell -github-comment post -k test -opts is invalid: org is required +github-comment post --token --org RyosukeDTomita --repo devsecops-demo-aws-ecs --template hello --sha1 +``` + +### github-actionsから試す + +- Personal Access TokenをGitHub Actionsのsecretに登録する。 + +- GitHub ActionsのWorkflow(`.github/workflows/`配下に作成。 + +> [!NOTE] +> 以下の例ではaquaを使ってgithub-commentをインストールして,実行している。 +> また,成功する例と失敗する例を実行しており,失敗したときのみコメントが作成されていることを確かめる。 +> [実行例](https://github.com/RyosukeDTomita/devsecops-demo-aws-ecs/pull/32#issuecomment-2171981579) + +```yaml +name: github-comment +on: [push] + +defaults: + run: + shell: bash + +jobs: + github-comment-test: # job id(Typed by user) + runs-on: ubuntu-latest + + steps: + # Checkout repository to runner + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + - name: install package using aqua + uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1 + with: + aqua_version: v2.29.0 + + - run: github-comment post -k hello --token ${{ secrets.TOKEN }} + - name: exit=0 then no comment + run: github-comment exec --token ${{ secrets.TOKEN }} -- ls + - name: exit!=0 then comment + run: github-comment exec --token ${{ secrets.TOKEN }} -- ls /not_exist ``` diff --git a/github-comment.yaml b/github-comment.yaml index 5b5dc91..ed2feba 100644 --- a/github-comment.yaml +++ b/github-comment.yaml @@ -10,21 +10,6 @@ post: hello: template: | hello world! -# vars: -# foo: bar -# zoo: - # foo: hello -# templates: -# header: "# {{.Org}}/{{.Repo}}" -# post: -# default: -# template: | -# {{template "header" .}} -# {{.Vars.foo}} {{.Vars.zoo.foo}} -# {{.Org}} {{.Repo}} {{.PRNumber}} {{.SHA1}} {{.TemplateKey}} - # hello: - # template: - # hello exec: hello: - when: true From f0279e2de1a35d210a6f0cc48199edf2e523faf6 Mon Sep 17 00:00:00 2001 From: RyosukeDTomita Date: Mon, 17 Jun 2024 10:21:52 +0900 Subject: [PATCH 4/4] use githu-comment chore: Update GitHub Actions workflow for installing dependencies and running tests fix path fix path2 --- .github/workflows/react-jest.yaml | 15 +++++++++++++-- .github/workflows/react-semgrep.yaml | 7 +++++-- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/.github/workflows/react-jest.yaml b/.github/workflows/react-jest.yaml index 7ee2bf5..275e6cb 100644 --- a/.github/workflows/react-jest.yaml +++ b/.github/workflows/react-jest.yaml @@ -8,6 +8,10 @@ defaults: jobs: frontend-jest: # job id(Typed by user) runs-on: ubuntu-latest + defaults: + # デフォルトのワーキングディレクトリのため設定不要だが,明示的に指定。 + run: + working-directory: /home/runner/work/devsecops-demo-aws-ecs/devsecops-demo-aws-ecs steps: # Checkout repository to runner @@ -18,8 +22,15 @@ jobs: with: node-version: '20' + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + + - name: install package using aqua + uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1 + with: + aqua_version: v2.29.0 + - name: Install Dependencies - run: cd /home/runner/work/devsecops-demo-aws-ecs/devsecops-demo-aws-ecs && npm install + run: github-comment exec --token ${{ secrets.TOKEN }} -- npm install - name: Run npm test - run: cd /home/runner/work/devsecops-demo-aws-ecs/devsecops-demo-aws-ecs && npm test -- --watchAll=false + run: github-comment exec --token ${{ secrets.TOKEN }} -- npm test -- --watchAll=false diff --git a/.github/workflows/react-semgrep.yaml b/.github/workflows/react-semgrep.yaml index b7f208b..7214c6c 100644 --- a/.github/workflows/react-semgrep.yaml +++ b/.github/workflows/react-semgrep.yaml @@ -17,10 +17,13 @@ jobs: steps: - name: clone application source code uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - + - name: install package using aqua + uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1 + with: + aqua_version: v2.29.0 - name: full scan run: | - semgrep \ + github-comment exec --token ${{ secrets.TOKEN }} -- semgrep \ --sarif --output report.sarif \ --metrics=off \ --config="p/default"