Skip to content

Commit

Permalink
Merge branch 'linuxdeepin:master' into master
Browse files Browse the repository at this point in the history
  • Loading branch information
@feiguoL
feiguoL authored Jul 15, 2024
2 parents c9faa1c + c672a59 commit 088ebd9
Show file tree
Hide file tree
Showing 11 changed files with 392 additions and 123 deletions.
6 changes: 4 additions & 2 deletions .github/workflows/api-check.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,13 +46,15 @@ jobs:
run: |
./deepin-abigail -c fastFilesCompare.json | tee api_check.txt
if [ -e 'api_check.txt' ];then
if [ `cat api_check.txt | grep -c '\[Del_export_fun'` != '0' ];then
check_num=$(cat api_check.txt | grep -c '\[Del_export_fun' || true)
echo "CHECK_NUM=$check_num" >> $GITHUB_ENV
if [ $check_num -gt 0 ];then
sed -i '1i API接口检查检测到存在对外接口删除:' api_check.txt
exit 1
fi
fi
- name: Comment PR
if: failure() && hashFiles('api_check.txt')
if: always() && env.CHECK_NUM > 0
uses: thollander/actions-comment-pull-request@v2
with:
filePath: api_check.txt
80 changes: 80 additions & 0 deletions .github/workflows/debian-check-keys.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
name: Debian Check Keys
on:
workflow_call:
outputs:
check_msg_env:
description: "output comment msg"
value: ${{ jobs.debian-check-keys.outputs.check_msg_all }}
check_status_env:
description: "check status"
value: ${{ jobs.debian-check-keys.outputs.check_status_all }}
check_msg:
description: "output comment msg for env"
value: ${{ jobs.debian-check-keys.outputs.check_msg_modify }}
check_status:
description: "check status for env"
value: ${{ jobs.debian-check-keys.outputs.check_status_modify }}

jobs:
debian-check-keys:
runs-on: ubuntu-latest
outputs:
check_msg_all: ${{ steps.get-output.outputs.check_msg_all }}
check_status_all: ${{ steps.get-output.outputs.check_status_all }}
check_msg_modify: ${{ steps.get-output.outputs.check_msg_modify }}
check_status_modify: ${{ steps.get-output.outputs.check_status_modify }}
continue-on-error: true
strategy:
matrix:
include:
- check_type: modify
check_keys: "getcap,setcap,lshw,dmidecode"
- check_type: all
check_keys: "export,unset"
steps:
- name: Fetch API Data
uses: JamesIves/fetch-api-data-action@v2
with:
endpoint: https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/files
configuration: '{ "method": "GET", "headers": {"Authorization": "Bearer ${{ secrets.GITHUB_TOKEN }}","X-GitHub-Api-Version": "2022-11-28","Accept": "application/vnd.github+json"} }'
- uses: actions/checkout@v4
with:
repository: kuchune/check-tools
ref: develop
sparse-checkout: debianCheck/do-with-data.py
sparse-checkout-cone-mode: false
path: debianCheck
- id: check-keys
run: |
check_result=$(python3 debianCheck/debianCheck/do-with-data.py ${check_type} ${check_keys} fetch-api-data-action/data.json)
echo "check_result=$check_result" >> "$GITHUB_OUTPUT"
env:
check_type: ${{ matrix.check_type }}
check_keys: ${{ matrix.check_keys }}
- name: Publish reports
id: artifact-upload-step
if: steps.check-keys.outputs.check_result == 'False'
uses: actions/upload-artifact@v4
with:
name: words-check-report-${{ matrix.check_type }}
path: result.json
- if: steps.check-keys.outputs.check_result == 'False'
id: get-result
run: |
echo "敏感词${{matrix.check_keys}}检查不通过"
exit 1
- name: Get Output
id: get-output
if: always()
env:
check_msg: |
检测到敏感词${{matrix.check_keys}}变动:
https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}/artifacts/${{steps.artifact-upload-step.outputs.artifact-id}}
check_status: ${{ steps.get-result.outcome}}
run: |
{
echo "check_msg_${{ matrix.check_type }}<<EOF"
echo "$check_msg"
echo EOF
} >> "$GITHUB_OUTPUT"
echo "check_status_${{ matrix.check_type }}=$check_status" >> "$GITHUB_OUTPUT"
59 changes: 59 additions & 0 deletions .github/workflows/debian-check-post.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
name: Debian Check Post
on:
workflow_call:
inputs:
debian-check-prefix-status:
required: true
type: string
debian-check-prefix-msg:
required: true
type: string
debian-check-version-status:
required: true
type: string
debian-check-version-msg:
required: true
type: string
debian-check-key-status-env:
required: true
type: string
debian-check-key-msg-env:
required: true
type: string
debian-check-key-status:
required: true
type: string
debian-check-key-msg:
required: true
type: string

jobs:
debian-check-post:
runs-on: ubuntu-latest
steps:
- id: get-comment-file
run: |
if [ ${{ inputs.debian-check-prefix-status }} == 'failure' ];then
echo "${{ inputs.debian-check-prefix-msg }}" >> comment.txt
fi
if [ ${{ inputs.debian-check-version-status }} == 'failure' ];then
echo "${{ inputs.debian-check-version-msg }}" >> comment.txt
fi
if [ ${{ inputs.debian-check-key-status-env }} == 'failure' ];then
echo "${{ inputs.debian-check-key-msg-env }}" >> comment.txt
fi
if [ ${{ inputs.debian-check-key-status }} == 'failure' ];then
echo "${{ inputs.debian-check-key-msg }}" >> comment.txt
fi
if [ -e 'comment.txt' ];then
sed -i '1i [Debian检查]:' comment.txt
fi
- name: Comment PR
if: hashFiles('comment.txt')
uses: thollander/actions-comment-pull-request@v2
with:
filePath: comment.txt
- uses: ryaugusta/pr-add-reviewers-action@v1
with:
token: ${{ secrets.BRIDGETOKEN }}
team_reviewers: Package-admins
41 changes: 41 additions & 0 deletions .github/workflows/debian-check-prefix.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
name: Debian Check Prefix
on:
workflow_call:
outputs:
check_msg:
description: "output comment msg"
value: ${{ jobs.debian-check-prefix.outputs.check_msg }}
check_status:
description: "check status"
value: ${{ jobs.debian-check-prefix.outputs.check_status }}

jobs:
debian-check-prefix:
runs-on: ubuntu-latest
outputs:
check_msg: |
检测到debian目录文件有变更: ${{ steps.get-changed-files.outputs.all_changed_files }}
check_status: ${{ steps.check-changed-files.outcome }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Get changed files
id: get-changed-files
uses: tj-actions/changed-files@v44
with:
files: 'debian/**'
files_ignore: |
debian/patches/*
debian/manpage.*
debian/*.manpages
debian/changelog
debian/copyright
debian/compat
debian/source/format
- name: Check changed files
id: check-changed-files
if: steps.get-changed-files.outputs.all_changed_files
run: |
echo "debian目录变动文件: ${{ steps.get-changed-files.outputs.all_changed_files }}"
exit 1
54 changes: 54 additions & 0 deletions .github/workflows/debian-check-version.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
name: Debian Check Version
on:
workflow_call:
outputs:
check_msg:
description: "output comment msg"
value: ${{ jobs.debian-check-version.outputs.check_msg }}
check_status:
description: "check status"
value: ${{ jobs.debian-check-version.outputs.check_status }}

jobs:
debian-check-version:
runs-on: ubuntu-latest
outputs:
check_msg: |
检测到debian/changelog版本变动异常: ${{ steps.check-version.outputs.version_str }}
check_status: ${{ steps.get-result.outcome }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v44
with:
files: 'debian/changelog'
- name: Check Version
id: check-version
if: steps.changed-files.outputs.all_changed_files
env:
repository: ${{ github.repository }}
run: |
result=$(echo ${repository} | grep "/" || true)
project_tmp=${repository}
if [[ "$result" != "" ]]; then
project_tmp=$(echo ${repository} | awk -F'/' '{print $2}' || true)
fi
version_str=$(dpkg-parsechangelog -l debian/changelog -n 2|grep ${project_tmp}|awk -F'[()]' '{print $2}'|grep -v '^$\|^Task\|^Bug\|^Influence'|tr '\n' ' '|| true)
version_num=$(echo $version_str|awk '{print NF}' || true)
echo "version_str is ${version_str}"
echo "version_num is ${version_num}"
if [[ "$version_num" == "2" ]]; then
version0=$(echo $version_str|awk '{print $1}' || true)
version1=$(echo $version_str|awk '{print $2}' || true)
check_result=$(dpkg --compare-versions ${version0} gt ${version1} && echo true || echo false)
fi
echo "check_result=$check_result" >> "$GITHUB_OUTPUT"
echo "version_str=$version_str" >> "$GITHUB_OUTPUT"
- if: steps.check-version.outputs.check_result == 'false'
id: get-result
run: |
echo "debian/changelog版本变动异常:${{ steps.check-version.outputs.version_str }}"
exit 1
132 changes: 22 additions & 110 deletions .github/workflows/debian-check.yml
View file
Original file line number Diff line number Diff line change
@@ -1,114 +1,26 @@
name: Debian Check
on: workflow_call

permissions: write-all

jobs:
Check-Debian-Prefix:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v44
with:
files: 'debian/**'
files_ignore: |
debian/patches/*
debian/manpage.*
debian/*.manpages
debian/changelog
debian/copyright
debian/compat
debian/source/format
- name: List all changed files
if: steps.changed-files.outputs.all_changed_files
env:
DEBIAN_CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }}
run: |
if [ ! -z ${DEBIAN_CHANGED_FILES} ]; then
echo "list all debian files that have changed: $DEBIAN_CHANGED_FILES"
exit 1
fi
Check-Version-Check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v44
with:
files: 'debian/changelog'
- name: Check Version
if: steps.changed-files.outputs.all_changed_files
run: |
result=$(echo ${repository} | grep "/" || true)
project_tmp=${repository}
if [[ "$result" != "" ]]; then
project_tmp=$(echo ${repository} | awk -F'/' '{print $2}' || true)
fi
version_str=$(dpkg-parsechangelog -l debian/changelog -n 2|grep ${project_tmp}|awk -F'[()]' '{print $2}'|grep -v '^$\|^Task\|^Bug\|^Influence'|tr '\n' ' '|| true)
version_num=$(echo $version_str|awk '{print NF}' || true)
echo "version_str is ${version_str}"
echo "version_num is ${version_num}"
if [[ "$version_num" == "2" ]]; then
version0=$(echo $version_str|awk '{print $1}' || true)
version1=$(echo $version_str|awk '{print $2}' || true)
check_result=$(dpkg --compare-versions ${version0} gt ${version1} && echo true || echo false)
if [[ "$check_result" == "false" ]];then
echo $version_str
exit 1
fi
fi
Check-Specical-Words:
runs-on: ubuntu-latest
steps:
- name: Fetch API Data
uses: JamesIves/fetch-api-data-action@v2
with:
endpoint: https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/files
configuration: '{ "method": "GET", "headers": {"Authorization": "Bearer ${{ secrets.GITHUB_TOKEN }}","X-GitHub-Api-Version": "2022-11-28","Accept": "application/vnd.github+json"} }'
- uses: actions/checkout@v4
with:
repository: kuchune/check-tools
sparse-checkout: debianCheck/do-with-data.py
sparse-checkout-cone-mode: false
path: debianCheck
- run: |
python3 debianCheck/debianCheck/do-with-data.py ${check_type} ${check_keys} fetch-api-data-action/data.json
env:
check_type: modify
check_keys: getcap,setcap,lshw,dmidecode
- name: Publish reports
if: failure()
uses: actions/upload-artifact@v4
with:
name: specical-words-check-report
path: result.json
Check-Env-Set-Words:
runs-on: ubuntu-latest
steps:
- name: Fetch API Data
uses: JamesIves/fetch-api-data-action@v2
with:
endpoint: https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/files
configuration: '{ "method": "GET", "headers": {"Authorization": "Bearer ${{ secrets.GITHUB_TOKEN }}","X-GitHub-Api-Version": "2022-11-28","Accept": "application/vnd.github+json"} }'
- uses: actions/checkout@v4
with:
repository: kuchune/check-tools
sparse-checkout: debianCheck/do-with-data.py
sparse-checkout-cone-mode: false
path: debianCheck
- run: |
python3 debianCheck/debianCheck/do-with-data.py ${check_type} ${check_keys} fetch-api-data-action/data.json
env:
check_type: all
check_keys: export,unset
- name: Publish reports
if: failure()
uses: actions/upload-artifact@v4
with:
name: env-set-words-check-report
path: result.json
call-debian-check-prefix:
uses: linuxdeepin/.github/.github/workflows/debian-check-prefix.yml@master
call-debian-check-version:
uses: linuxdeepin/.github/.github/workflows/debian-check-version.yml@master
call-debian-check-keys:
uses: linuxdeepin/.github/.github/workflows/debian-check-keys.yml@master
post-debian-check:
if: failure()
needs: [call-debian-check-prefix, call-debian-check-version, call-debian-check-keys]
uses: linuxdeepin/.github/.github/workflows/debian-check-post.yml@master
secrets: inherit
with:
debian-check-prefix-status: ${{ needs.call-debian-check-prefix.outputs.check_status }}
debian-check-prefix-msg: ${{ needs.call-debian-check-prefix.outputs.check_msg }}
debian-check-version-status: ${{ needs.call-debian-check-version.outputs.check_status }}
debian-check-version-msg: ${{ needs.call-debian-check-version.outputs.check_msg }}
debian-check-key-status-env: ${{ needs.call-debian-check-keys.outputs.check_status_env }}
debian-check-key-msg-env: ${{ needs.call-debian-check-keys.outputs.check_msg_env}}
debian-check-key-status: ${{ needs.call-debian-check-keys.outputs.check_status }}
debian-check-key-msg: ${{ needs.call-debian-check-keys.outputs.check_msg }}
Loading

0 comments on commit 088ebd9

Please sign in to comment.