devops: automate bug report tests #9386
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,67 @@ | ||
| name: Test new bug report badge | ||
| run-name: Test bug report on issue ${{ github.event.issue.number }} | ||
| on: | ||
| issues: | ||
| types: [opened] | ||
| jobs: | ||
| extract-bug-badge-url: | ||
| if: ${{ contains(github.event.issue.labels.*.name, 'question') }} | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| runBadgeTest: ${{ steps.testCondition.outputs.runNext }} | ||
| link: ${{ steps.testCondition.outputs.link }} | ||
| steps: | ||
| - name: Test badge test run conditions | ||
| id: testCondition | ||
| run: | | ||
| product=$(echo "${{ github.event.issue.body }}" | grep -A2 "Are you experiencing an issue with.*" | tail -n 1) | ||
| link=$(echo "${{ github.event.issue.body }}" | grep -A2 "Link to the badge.*" | tail -n 1) | ||
|
|
||
| if [[ "$product" == "shields.io" && "$link" == "https://img.shields.io"* ]]; then | ||
| echo "runNext=true" >> "$GITHUB_OUTPUT" | ||
| echo "link=$link" >> "$GITHUB_OUTPUT" | ||
| else | ||
| echo "Conditions not met. Skipping the workflow..." | ||
| echo "runNext=false" >> "$GITHUB_OUTPUT" | ||
| fi | ||
|
|
||
| run-bug-badge-url-test: | ||
| needs: extract-bug-badge-url | ||
| if: needs.extract-bug-badge-url.outputs.runBadgeTest == 'true' | ||
| permissions: | ||
| issues: write | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: Setup | ||
| uses: ./.github/actions/setup | ||
| with: | ||
| node-version: 16 | ||
| cypress: false | ||
|
|
||
| - name: Output debug info | ||
| env: | ||
|
There was a problem hiding this comment. We shouldn't pass this job any secrets. There is nothing in If we want to improve that, I would want to implement something at the logging layer that optionally prevents credentials from being included in the log output at all. Although we would want it to be an optional flag - outputting the credentials is really useful locally. I used it literally yesterday when I was working on #9387 to make sure the auth was being passed properly. There was a problem hiding this comment. I will remove the secrets (will commit soon), but i am not sure that only 9 services will be affected. Regarding avoiding secrets from leaking, seems a bit risky. I think we could open a new issue to get ideas about how to tackle that. There was a problem hiding this comment. GitHub is a "service" Fortunately, if we're only calling one badge URL we don't really need a token. We need one under test because we're making lots of API calls. Anonymous usage would be fine here because we're not going to hit the late limit by making only one request. Allowing GH badges to work with no GitHub credentials at all would be a great solution. This has actually been a really long-standing issue affecting local development too: #2754 I don't think we need to fix that for this workflow to be useful, but if you were looking for a next issue to help with, #2754 would be a great shout. We can merge this as it stands and treat that as a follow up. |
||
| TEST_BADGE_LINK: '${{ needs.extract-bug-badge-url.outputs.link }}' | ||
| run: npm run badge $TEST_BADGE_LINK | ||
chris48s marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| - name: Add Comment to Issue | ||
| uses: actions/github-script@v6 | ||
| with: | ||
| script: | | ||
| const issueNumber = context.issue.number; | ||
| const owner = context.repo.owner; | ||
| const repo = context.repo.repo; | ||
| const runId = context.runId; | ||
| const jobUrl = `https://github.com/${owner}/${repo}/actions/runs/${runId}`; | ||
| const issueComment = ` | ||
| Badge tested using \`npm run badge ${{ needs.extract-bug-badge-url.outputs.link }}\` | ||
| Output is available [here](${jobUrl}) | ||
| `; | ||
| github.rest.issues.createComment({ | ||
| issue_number: issueNumber, | ||
| owner: owner, | ||
| repo: repo, | ||
| body: issueComment | ||
| }); | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For the moment, this needs to stay as 16 due to
strict-englines, but I'm going to quickly note here that when we merge #9385 we will need to make this 18.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cool, whatever gets merged first should update the later
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 I'll update #9385 after I merge this