From df1bec704d1b0dbeebf5208702d731ede2203512 Mon Sep 17 00:00:00 2001 From: Nicholas Wiltsie Date: Mon, 15 Apr 2024 16:25:39 -0700 Subject: [PATCH 01/12] Add static analysis action --- CHANGELOG.md | 32 +++------------------- README.md | 55 +++++++++++++++++++++++++++++++++----- static_analysis/action.yml | 18 +++++++++++++ 3 files changed, 69 insertions(+), 36 deletions(-) create mode 100644 static_analysis/action.yml diff --git a/CHANGELOG.md b/CHANGELOG.md index b974f82..9d7d1bd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,5 @@ # Changelog -All notable changes to the tool_name Docker file. +All notable changes to the Actions and reusable workflows. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). @@ -8,32 +8,6 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm --- ## [Unreleased] -### Changed -- Update links in on-prem Confluence to point to cloud-based Confluence -- Update `.gitignore` - Add common non-plain text file extensions (e.g. image and Office suite) -- Change something but it is not part of the last release. - ---- - -## [1.0.0] - YYYY-MM-DD ### Added -- For new features. -- Add item 1. - -### Changed -- For changes in existing functionality. -- Change item 1. - -### Deprecated -- For soon-to-be removed features. - -### Removed -- For now removed features. -- Remove item 1. - -### Fixed -- For any bug fixes. -- Fix item 1. - -### Security -- In case of vulnerabilities. \ No newline at end of file +- README documentation about usage and versioning +- Action for running static analysis diff --git a/README.md b/README.md index 3df2d4b..91e047d 100644 --- a/README.md +++ b/README.md @@ -1,20 +1,61 @@ -# Project/Repo Title +# Automations for the Boutros Lab -Template Repository for the Boutros Lab general project repos. Describe a simple overview of use/purpose here. +This is a repository for common GitHub [custom actions](https://docs.github.com/en/actions/creating-actions/about-custom-actions) and [resuable workflows](https://docs.github.com/en/actions/using-workflows/reusing-workflows) used in the Boutros Lab. ## Description -An in-depth paragraph about your project and overview of use. +Per [GitHub's advice](https://docs.github.com/en/actions/creating-actions/about-custom-actions#using-tags-for-release-management) for release management, this repository uses semantic version tags. The key details are: + +* Full semantic version tags, such as `v1.0.2`, are immutable and will always refer to the same commit hash. +* Major version tags, such as `v1` or `v2`, are kept up-to-date with the latest matching semantic version tag. + +Callers of these automations should use the latest major version tag (currently `v1`), as that will refer to the most recent stable and backwards-compatible version. Specifying semantic version tags is discouraged unless there is a specific need for absolute reproducibility. + +### Actions + +#### Static Analysis +Run static analyses for code style, linting, and repository configuration. + +```yaml +--- +name: Static analysis + +on: + push: + branches: + - main + pull_request: + branches: + - main + +jobs: + analysis: + runs-on: ubuntu-latest + + steps: + - uses: uclahs-cds/tool-automation/static_analyis@v1 + # The below is optional and shows the default value + with: + docker-tag: latest + +``` + + +### Reusable Workflows + +#### Workflow 1 + + ## License -Author: Name1(username1@mednet.ucla.edu), Name2(username2@mednet.ucla.edu) +Author: Nicholas Wiltsie (nwiltsie@mednet.ucla.edu) -[This project] is licensed under the GNU General Public License version 2. See the file LICENSE.md for the terms of the GNU GPL license. +tool-automations is licensed under the GNU General Public License version 2. See the file LICENSE.md for the terms of the GNU GPL license. - +GitHub automations common to the Boutros Lab repositories. -Copyright (C) 2023 University of California Los Angeles ("Boutros Lab") All rights reserved. +Copyright (C) 2024 University of California Los Angeles ("Boutros Lab") All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. diff --git a/static_analysis/action.yml b/static_analysis/action.yml new file mode 100644 index 0000000..c042959 --- /dev/null +++ b/static_analysis/action.yml @@ -0,0 +1,18 @@ +--- +name: Static analysis + +description: Run static analysis checks on code for pull requests + +inputs: + docker-tag: + description: Docker image tag to use for running checks + default: latest + +runs: + using: "composite" + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Run static checks + uses: docker://ghcr.io/uclahs-cds/cicd-base:${{ inputs.docker-tag }} From 2db522dfc65e73905db0ea8b03450379c64810e7 Mon Sep 17 00:00:00 2001 From: Nicholas Wiltsie Date: Tue, 16 Apr 2024 09:33:59 -0700 Subject: [PATCH 02/12] Try to work around lack of templating --- static_analysis/action.yml | 11 +++++++++-- static_analysis/template/action.yml | 9 +++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) create mode 100644 static_analysis/template/action.yml diff --git a/static_analysis/action.yml b/static_analysis/action.yml index c042959..4ff755b 100644 --- a/static_analysis/action.yml +++ b/static_analysis/action.yml @@ -7,6 +7,7 @@ inputs: docker-tag: description: Docker image tag to use for running checks default: latest + required: false runs: using: "composite" @@ -14,5 +15,11 @@ runs: - name: Checkout repository uses: actions/checkout@v4 - - name: Run static checks - uses: docker://ghcr.io/uclahs-cds/cicd-base:${{ inputs.docker-tag }} + # https://github.com/orgs/community/discussions/9049#discussioncomment-4239509 + - name: Configure image name + run: | + action_path="${{ github.action_path }}" + sed -i "s/DOCKER_IMAGE_TAG/$DOCKER_IMAGE_TAG/g" "$action_path/template/action.yml" + pwd + ls + tree diff --git a/static_analysis/template/action.yml b/static_analysis/template/action.yml new file mode 100644 index 0000000..d477fe0 --- /dev/null +++ b/static_analysis/template/action.yml @@ -0,0 +1,9 @@ +--- +name: Static analysis implementation + +description: Run static analysis checks on code for pull requests +runs: + using: "composite" + steps: + - name: Run static checks + uses: docker://ghcr.io/uclahs-cds/cicd-base:DOCKER_IMAGE_TAG From 0133beea73b310e51491d65dad472afd7dc9c699 Mon Sep 17 00:00:00 2001 From: Nicholas Wiltsie Date: Tue, 16 Apr 2024 09:35:56 -0700 Subject: [PATCH 03/12] Add explicit shell --- static_analysis/action.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/static_analysis/action.yml b/static_analysis/action.yml index 4ff755b..14960ec 100644 --- a/static_analysis/action.yml +++ b/static_analysis/action.yml @@ -17,6 +17,8 @@ runs: # https://github.com/orgs/community/discussions/9049#discussioncomment-4239509 - name: Configure image name + shell: bash + # FIXME need to inject the environment variable run: | action_path="${{ github.action_path }}" sed -i "s/DOCKER_IMAGE_TAG/$DOCKER_IMAGE_TAG/g" "$action_path/template/action.yml" From 14087e1d519632913c5a29c2785bdecd4b2cd025 Mon Sep 17 00:00:00 2001 From: Nicholas Wiltsie Date: Tue, 16 Apr 2024 09:48:23 -0700 Subject: [PATCH 04/12] Try the templating thing --- static_analysis/action.yml | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/static_analysis/action.yml b/static_analysis/action.yml index 14960ec..64e4b2f 100644 --- a/static_analysis/action.yml +++ b/static_analysis/action.yml @@ -18,10 +18,14 @@ runs: # https://github.com/orgs/community/discussions/9049#discussioncomment-4239509 - name: Configure image name shell: bash - # FIXME need to inject the environment variable + env: + DOCKER_IMAGE_TAG: ${{ inputs.docker-tag }} run: | - action_path="${{ github.action_path }}" - sed -i "s/DOCKER_IMAGE_TAG/$DOCKER_IMAGE_TAG/g" "$action_path/template/action.yml" - pwd - ls - tree + # There absolutely should not be an 'action.yml' file underneath the + # .git folder, so we should be able to safely assume we won't be + # stomping over it + sed -"s/DOCKER_IMAGE_TAG/$DOCKER_IMAGE_TAG/g" "$GITHUB_ACTION_PATH/template/action.yml" > ./.git/action.yml + cat ./.git/action.yml + + - name: Run checks + uses: ./.git/action.yml From 51f3fa67862b91f36dd5f35c897a42052e65ca4d Mon Sep 17 00:00:00 2001 From: Nicholas Wiltsie Date: Tue, 16 Apr 2024 09:49:44 -0700 Subject: [PATCH 05/12] Typo --- static_analysis/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/static_analysis/action.yml b/static_analysis/action.yml index 64e4b2f..debc359 100644 --- a/static_analysis/action.yml +++ b/static_analysis/action.yml @@ -24,7 +24,7 @@ runs: # There absolutely should not be an 'action.yml' file underneath the # .git folder, so we should be able to safely assume we won't be # stomping over it - sed -"s/DOCKER_IMAGE_TAG/$DOCKER_IMAGE_TAG/g" "$GITHUB_ACTION_PATH/template/action.yml" > ./.git/action.yml + sed -e "s/DOCKER_IMAGE_TAG/$DOCKER_IMAGE_TAG/g" "$GITHUB_ACTION_PATH/template/action.yml" > ./.git/action.yml cat ./.git/action.yml - name: Run checks From 5e892ac867209b8c46c215536619bbede1c5b26b Mon Sep 17 00:00:00 2001 From: Nicholas Wiltsie Date: Tue, 16 Apr 2024 09:51:08 -0700 Subject: [PATCH 06/12] Oops, path only --- static_analysis/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/static_analysis/action.yml b/static_analysis/action.yml index debc359..1f28fb4 100644 --- a/static_analysis/action.yml +++ b/static_analysis/action.yml @@ -28,4 +28,4 @@ runs: cat ./.git/action.yml - name: Run checks - uses: ./.git/action.yml + uses: ./.git From 3cde1a01f8ff130ff07987e9c0bdde976a764c76 Mon Sep 17 00:00:00 2001 From: Nicholas Wiltsie Date: Tue, 16 Apr 2024 09:55:26 -0700 Subject: [PATCH 07/12] Rename action to determine what name goes where --- static_analysis/action.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/static_analysis/action.yml b/static_analysis/action.yml index 1f28fb4..96f169c 100644 --- a/static_analysis/action.yml +++ b/static_analysis/action.yml @@ -1,5 +1,5 @@ --- -name: Static analysis +name: Perform static analyses description: Run static analysis checks on code for pull requests @@ -24,8 +24,9 @@ runs: # There absolutely should not be an 'action.yml' file underneath the # .git folder, so we should be able to safely assume we won't be # stomping over it - sed -e "s/DOCKER_IMAGE_TAG/$DOCKER_IMAGE_TAG/g" "$GITHUB_ACTION_PATH/template/action.yml" > ./.git/action.yml - cat ./.git/action.yml + sed -e "s/DOCKER_IMAGE_TAG/$DOCKER_IMAGE_TAG/g" \ + "$GITHUB_ACTION_PATH/template/action.yml" \ + > ./.git/action.yml - name: Run checks uses: ./.git From 5ef6add337c464118c987672e2efbcc89572d919 Mon Sep 17 00:00:00 2001 From: Nicholas Wiltsie Date: Tue, 16 Apr 2024 10:04:55 -0700 Subject: [PATCH 08/12] Fix up the README --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 91e047d..5c34456 100644 --- a/README.md +++ b/README.md @@ -33,11 +33,10 @@ jobs: runs-on: ubuntu-latest steps: - - uses: uclahs-cds/tool-automation/static_analyis@v1 + - uses: uclahs-cds/tool-automations/static_analysis@v1 # The below is optional and shows the default value with: docker-tag: latest - ``` From 495c1379711c57f46425634bab094c35f19e9793 Mon Sep 17 00:00:00 2001 From: Nicholas Wiltsie Date: Tue, 16 Apr 2024 11:49:33 -0700 Subject: [PATCH 09/12] Use python to allow for more checks --- static_analysis/action.yml | 34 ++++++++++++++++++++++++++-------- 1 file changed, 26 insertions(+), 8 deletions(-) diff --git a/static_analysis/action.yml b/static_analysis/action.yml index 96f169c..c2243aa 100644 --- a/static_analysis/action.yml +++ b/static_analysis/action.yml @@ -16,17 +16,35 @@ runs: uses: actions/checkout@v4 # https://github.com/orgs/community/discussions/9049#discussioncomment-4239509 - - name: Configure image name - shell: bash + # Due to limitations on composite Actions, we can't do something like: + # - uses: docker://ghcr.io/uclahs-cds/cicd-base:${{ inputs.docker-tag }} + # Instead, we need to write another action.yml on-the-fly and then use that. + # There absolutely should not be an 'action.yml' file underneath the .git + # folder of the calling repository already, so we can use that. + - name: Configure workflow + shell: python env: DOCKER_IMAGE_TAG: ${{ inputs.docker-tag }} run: | - # There absolutely should not be an 'action.yml' file underneath the - # .git folder, so we should be able to safely assume we won't be - # stomping over it - sed -e "s/DOCKER_IMAGE_TAG/$DOCKER_IMAGE_TAG/g" \ - "$GITHUB_ACTION_PATH/template/action.yml" \ - > ./.git/action.yml + import os + import re + from pathlib import Path + + # Bail out if there are any illegal characters in the tag + tag = os.environ.get("DOCKER_IMAGE_TAG") + if re.search(r"[^a-zA-Z0-9_.\-]", tag): + raise ValueError(f"Problem with the tag `{tag}`!") + + template = Path( + os.environ.get("GITHUB_ACTION_PATH"), "template", "action.yml" + ) + + Path(".git/action.yml").write_text( + template.read_text(encoding="utf-8").replace( + "DOCKER_IMAGE_TAG", tag + ), + encoding="utf-8" + ) - name: Run checks uses: ./.git From 02216b573292e591cfba572a9500965069f65192 Mon Sep 17 00:00:00 2001 From: Nicholas Wiltsie Date: Tue, 16 Apr 2024 15:00:55 -0700 Subject: [PATCH 10/12] Pivot to only hosting a single Action --- README.md | 28 ++++++------------- static_analysis/action.yml => action.yml | 0 .../template => template}/action.yml | 0 3 files changed, 9 insertions(+), 19 deletions(-) rename static_analysis/action.yml => action.yml (100%) rename {static_analysis/template => template}/action.yml (100%) diff --git a/README.md b/README.md index 5c34456..2a723f4 100644 --- a/README.md +++ b/README.md @@ -1,21 +1,8 @@ -# Automations for the Boutros Lab +# Static Code Analysis for the Boutros Lab -This is a repository for common GitHub [custom actions](https://docs.github.com/en/actions/creating-actions/about-custom-actions) and [resuable workflows](https://docs.github.com/en/actions/using-workflows/reusing-workflows) used in the Boutros Lab. - -## Description - -Per [GitHub's advice](https://docs.github.com/en/actions/creating-actions/about-custom-actions#using-tags-for-release-management) for release management, this repository uses semantic version tags. The key details are: - -* Full semantic version tags, such as `v1.0.2`, are immutable and will always refer to the same commit hash. -* Major version tags, such as `v1` or `v2`, are kept up-to-date with the latest matching semantic version tag. - -Callers of these automations should use the latest major version tag (currently `v1`), as that will refer to the most recent stable and backwards-compatible version. Specifying semantic version tags is discouraged unless there is a specific need for absolute reproducibility. - -### Actions - -#### Static Analysis Run static analyses for code style, linting, and repository configuration. +## Usage ```yaml --- name: Static analysis @@ -33,24 +20,27 @@ jobs: runs-on: ubuntu-latest steps: - - uses: uclahs-cds/tool-automations/static_analysis@v1 + - uses: uclahs-cds/tool-static-analysis@v1 # The below is optional and shows the default value with: docker-tag: latest ``` +## Versioning -### Reusable Workflows +Per [GitHub's advice](https://docs.github.com/en/actions/creating-actions/about-custom-actions#using-tags-for-release-management) for release management, this repository uses semantic version tags. The key details are: -#### Workflow 1 +* Full semantic version tags, such as `v1.0.2`, are immutable and will always refer to the same commit hash. +* Major version tags, such as `v1` or `v2`, are kept up-to-date with the latest matching semantic version tag. +Callers should use the latest major version tag (currently `v1`), as that will refer to the most recent stable and backwards-compatible version. Specifying semantic version tags is discouraged unless there is a specific need for absolute reproducibility. ## License Author: Nicholas Wiltsie (nwiltsie@mednet.ucla.edu) -tool-automations is licensed under the GNU General Public License version 2. See the file LICENSE.md for the terms of the GNU GPL license. +tool-static-analysis is licensed under the GNU General Public License version 2. See the file LICENSE.md for the terms of the GNU GPL license. GitHub automations common to the Boutros Lab repositories. diff --git a/static_analysis/action.yml b/action.yml similarity index 100% rename from static_analysis/action.yml rename to action.yml diff --git a/static_analysis/template/action.yml b/template/action.yml similarity index 100% rename from static_analysis/template/action.yml rename to template/action.yml From 33c8985f0401fdc8e803c4dab490004e38bf02e0 Mon Sep 17 00:00:00 2001 From: Nicholas Wiltsie Date: Tue, 16 Apr 2024 15:39:16 -0700 Subject: [PATCH 11/12] Update README, CHANGELOG --- CHANGELOG.md | 6 +++--- metadata.yaml | 14 +++++++------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9d7d1bd..4d9a5e1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,5 @@ # Changelog -All notable changes to the Actions and reusable workflows. +All notable changes to the static analysis Action. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). @@ -9,5 +9,5 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm ## [Unreleased] ### Added -- README documentation about usage and versioning -- Action for running static analysis +- Add README documentation about usage and versioning +- Bootstrap Action for static analysis diff --git a/metadata.yaml b/metadata.yaml index eb9a6dd..c09f652 100644 --- a/metadata.yaml +++ b/metadata.yaml @@ -1,8 +1,8 @@ --- -Category: '' # shoule be one of docker/pipeline/project/template/tool/training/users -Description: '' # Description of why the repository exists -Maintainers: ['someone@mednet.ucla.edu', 'someoneelse@mednet.ucla.edu'] # email address of maintainers -Contributors: 'Xavier Hernandez' # Full names of contributors -Languages: ['R', 'perl', 'nextflow'] # programming languages used -Dependencies: 'BPG' # packages, tools that repo needs to run -References: '' # is the tool/dependencies published, is there a confluence page +Category: 'tool' +Description: 'GitHub composite Action to perform static code analysis' +Maintainers: ['nwiltsie@mednet.ucla.edu'] +Contributors: 'Nicholas Wiltsie' +Languages: ['python'] +Dependencies: '' +References: '' From 5f0e90f02d5f8730a174161cbcbf76f4b9095278 Mon Sep 17 00:00:00 2001 From: Nicholas Wiltsie Date: Tue, 16 Apr 2024 15:40:31 -0700 Subject: [PATCH 12/12] Add Version to metadata --- metadata.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/metadata.yaml b/metadata.yaml index c09f652..e203ff4 100644 --- a/metadata.yaml +++ b/metadata.yaml @@ -4,5 +4,6 @@ Description: 'GitHub composite Action to perform static code analysis' Maintainers: ['nwiltsie@mednet.ucla.edu'] Contributors: 'Nicholas Wiltsie' Languages: ['python'] +Version: ['1.0.0'] # Tool version number Dependencies: '' References: ''