Export Codeowners Plus information to JSON data for ingestion#43
Conversation
|
Warning You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again! |
🎉 Snyk checks have passed. No issues have been found so far.✅ security/snyk check is complete. No issues have been found. (View Details) ✅ license/snyk check is complete. No issues have been found. (View Details) |
|
Codeowners approval required for this PR: |
| - name: Create Check Run with JSON Output | ||
| if: always() | ||
| env: | ||
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| REPORT_JSON: ${{ steps.codeowners-plus.outputs.data }} | ||
| run: | | ||
| # Use the 'gh' CLI to interact with the GitHub API | ||
| gh api --method POST \ | ||
| -H "Accept: application/vnd.github+json" \ | ||
| -H "X-GitHub-Api-Version: 2022-11-28" \ | ||
| "/repos/${{ github.repository }}/check-runs" \ | ||
| -f "name=Codeowners Plus Report" \ | ||
| -f "head_sha=${{ github.event.pull_request.head.sha || github.sha }}" \ | ||
| -f "status=completed" \ | ||
| -f "output[title]=Codeowners Plus Report" \ | ||
| -f "output[summary]=Codeowners Plus analysis JSON data including file owners and results" \ | ||
| -f "output[text]=$REPORT_JSON" |
There was a problem hiding this comment.
Looks good! One thought I had is that passing the JSON report via an environment variable and then a command-line argument can be fragile for large outputs. A more robust pattern is to pipe the data to gh api’s stdin. This avoids command-line length limits if they ever come up and any potential shell quoting issues.
| - name: Create Check Run with JSON Output | |
| if: always() | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| REPORT_JSON: ${{ steps.codeowners-plus.outputs.data }} | |
| run: | | |
| # Use the 'gh' CLI to interact with the GitHub API | |
| gh api --method POST \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -H "X-GitHub-Api-Version: 2022-11-28" \ | |
| "/repos/${{ github.repository }}/check-runs" \ | |
| -f "name=Codeowners Plus Report" \ | |
| -f "head_sha=${{ github.event.pull_request.head.sha || github.sha }}" \ | |
| -f "status=completed" \ | |
| -f "output[title]=Codeowners Plus Report" \ | |
| -f "output[summary]=Codeowners Plus analysis JSON data including file owners and results" \ | |
| -f "output[text]=$REPORT_JSON" | |
| - name: Create Check Run with JSON Output | |
| if: always() | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| echo '${{ steps.codeowners-plus.outputs.data }}' | gh api --method POST \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -H "X-GitHub-Api-Version: 2022-11-28" \ | |
| "/repos/${{ github.repository }}/check-runs" \ | |
| -f "name=Codeowners Plus Report" \ | |
| -f "head_sha=${{ github.event.pull_request.head.sha }}" \ | |
| -f "status=completed" \ | |
| -f "output[title]=Codeowners Plus Report" \ | |
| -f "output[summary]=Codeowners Plus analysis JSON data including file owners and results" \ | |
| -f "output[text]=@-" |
There was a problem hiding this comment.
also incorporated in the suggestion is my removal of the github.sha fallback. Do we need it? Since this workflow only runs on pull_request events, github.event.pull_request.head.sha should always be available
There was a problem hiding this comment.
I moved to a JSON field with --input - because I felt it was more readable. But good callout to use stdin
There was a problem hiding this comment.
yeah i like that. definitely more readable!
| Success: success, | ||
| Message: message, | ||
| } | ||
| return outputData, nil |
There was a problem hiding this comment.
The new logic to assemble the OutputData struct is a key part of this change, but it doesn’t appear to be covered by unit tests. Probably explains the slight drop in test coverage
|
|
||
| // Use GitHub Actions delimiter approach for robust handling of special characters | ||
| output := fmt.Sprintf("data<<EOF\n%s\nEOF\n", string(jsonData)) | ||
| err = os.WriteFile(githubOutput, []byte(output), 0644) |
There was a problem hiding this comment.
does it matter if we overwrite the file vs append to it?
There was a problem hiding this comment.
We shouldn't have to worry here - each step get's it's own output file, so we could only ever overwrite our own values. Since we own them, it's our problem and right now, we only have one value anyways.
Summary / Background
Some changes either on GH's CDN end or Chrome Cors enforcement has broken our internal browser extension tool.
The tool was pulling the logs of the workflow.
We can avoid pulling logs by exposing the underlying data as a Check Run output instead.