From f6779ff05f212b55638803dbd70b86bbfb3b6cb8 Mon Sep 17 00:00:00 2001 From: Tom Stellard Date: Thu, 30 May 2024 13:42:30 -0700 Subject: [PATCH 1/5] [workflows] Avoid usage of access token in issue-write.yml This adds a new composite workflow that allows you to download artifacts from other workflows without using an access token. actions/download-artifact from GitHub requires an access token in order to download artifacts from a different workflow, which is why we can't use it here if we want to avoid using a token. See https://github.com/actions/download-artifact?tab=readme-ov-file#download-artifacts-from-other-workflow-runs-or-repositories --- .github/workflows/issue-write.yml | 16 ++++- .../unprivileged-download-artifact/action.yml | 70 +++++++++++++++++++ 2 files changed, 83 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/unprivileged-download-artifact/action.yml diff --git a/.github/workflows/issue-write.yml b/.github/workflows/issue-write.yml index e003be006c4e15..a057d75501484e 100644 --- a/.github/workflows/issue-write.yml +++ b/.github/workflows/issue-write.yml @@ -19,12 +19,22 @@ jobs: if: > github.event.workflow_run.event == 'pull_request' steps: + - name: Fetch Sources + uses: actions/checkout@v4 + with: + sparse-checkout: | + .github/workflows/unprivileged-download-artifact/action.yml + sparse-checkout-cone-mode: false - name: 'Download artifact' - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 + uses: ./.github/workflows/unprivileged-download-artifact + id: download-artifact with: - github-token: ${{ secrets.ISSUE_WRITE_DOWNLOAD_ARTIFACT }} run-id: ${{ github.event.workflow_run.id }} - name: workflow-args + artifact-name: workflow-args + + - name: Unpack Artifact + run: | + unzip ${{ steps.download-artifact.outputs.filename }} - name: 'Comment on PR' uses: actions/github-script@v3 diff --git a/.github/workflows/unprivileged-download-artifact/action.yml b/.github/workflows/unprivileged-download-artifact/action.yml new file mode 100644 index 00000000000000..d4aaf462d30277 --- /dev/null +++ b/.github/workflows/unprivileged-download-artifact/action.yml @@ -0,0 +1,70 @@ +name: Unprivileged Download Artifact +description: Download artifacts from another workflow run without using an access token. +inputs: + run-id: + description: The run-id for the workflow run that you want to download the artifact from. If ommited it will download the most recently created artifact from the repo with the artifact-name. + required: false + artifact-name: + desciption: The name of the artifact to download. + required: true + + +outputs: + filename: + description: "The filename of the downloaded artifact or the empty string if the artifact was not found." + value: ${{ steps.download-artifact.outputs.filename }} + artifact-id: + description: "The id of the artifact being downloaded." + value: ${{ steps.artifact-url.outputs.id }} + + +runs: + using: "composite" + steps: + - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea #v7.0.1 + id: artifact-url + with: + script: | + var response; + if (!"${{ inputs.run-id }}") { + response = await github.rest.actions.listArtifactsForRepo({ + owner: context.repo.owner, + repo: context.repo.repo, + name: "${{ inputs.artifact-name }}" + }) + } else { + response = await github.rest.actions.listWorkflowRunArtifacts({ + owner: context.repo.owner, + repo: context.repo.repo, + run_id: "${{ inputs.run-id }}", + name: "${{ inputs.artifact-name }}" + }) + } + + console.log(response) + + for (artifact of response.data.artifacts) { + console.log(artifact); + } + + if (response.data.artifacts.length == 0) { + console.log("Could not find artifact ${{ inputs.artifact-name }} for workflow run ${{ inputs.run-id }}") + return; + } + + const url_response = await github.rest.actions.downloadArtifact({ + owner: context.repo.owner, + repo: context.repo.repo, + artifact_id: response.data.artifacts[0].id, + archive_format: "zip" + }) + + core.setOutput("url", url_response.url); + core.setOutput("id", response.data.artifacts[0].id); + + - shell: bash + if: steps.artifact-url.outputs.url != '' + id: download-artifact + run: | + curl -L -o ${{ inputs.artifact-name }}.zip "${{ steps.artifact-url.outputs.url }}" + echo "filename=${{ inputs.artifact-name }}.zip" >> $GITHUB_OUTPUT From 9ad18abf9dcfb3cbc62f420cd0f9cb9901c31887 Mon Sep 17 00:00:00 2001 From: Tom Stellard Date: Mon, 1 Jul 2024 12:04:26 -0700 Subject: [PATCH 2/5] Skip comment is artifact is not present --- .github/workflows/issue-write.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/issue-write.yml b/.github/workflows/issue-write.yml index a057d75501484e..e7871d4d3f5e7c 100644 --- a/.github/workflows/issue-write.yml +++ b/.github/workflows/issue-write.yml @@ -33,10 +33,12 @@ jobs: artifact-name: workflow-args - name: Unpack Artifact + if: steps.download-artifact.outputs.artifact-id != '' run: | unzip ${{ steps.download-artifact.outputs.filename }} - name: 'Comment on PR' + if: steps.download-artifact.outputs.artifact-id != '' uses: actions/github-script@v3 with: github-token: ${{ secrets.GITHUB_TOKEN }} @@ -145,5 +147,7 @@ jobs: }); - name: Dump comments file - if: always() + if: >- + always() && + steps.download-artifact.outputs.artifact-id != '' run: cat comments From b4896b44395cd9ad6a8f3450c976cb6329ff2cef Mon Sep 17 00:00:00 2001 From: Tom Stellard Date: Thu, 18 Jul 2024 18:20:59 -0700 Subject: [PATCH 3/5] Wrap lines and automatically unzip artifacts --- .github/workflows/issue-write.yml | 5 ----- .../unprivileged-download-artifact/action.yml | 17 ++++++++++++++--- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/.github/workflows/issue-write.yml b/.github/workflows/issue-write.yml index e7871d4d3f5e7c..89973bf0933103 100644 --- a/.github/workflows/issue-write.yml +++ b/.github/workflows/issue-write.yml @@ -32,11 +32,6 @@ jobs: run-id: ${{ github.event.workflow_run.id }} artifact-name: workflow-args - - name: Unpack Artifact - if: steps.download-artifact.outputs.artifact-id != '' - run: | - unzip ${{ steps.download-artifact.outputs.filename }} - - name: 'Comment on PR' if: steps.download-artifact.outputs.artifact-id != '' uses: actions/github-script@v3 diff --git a/.github/workflows/unprivileged-download-artifact/action.yml b/.github/workflows/unprivileged-download-artifact/action.yml index d4aaf462d30277..9d8fb59a67c0e1 100644 --- a/.github/workflows/unprivileged-download-artifact/action.yml +++ b/.github/workflows/unprivileged-download-artifact/action.yml @@ -1,8 +1,12 @@ name: Unprivileged Download Artifact -description: Download artifacts from another workflow run without using an access token. +description: >- + Download artifacts from another workflow run without using an access token. inputs: run-id: - description: The run-id for the workflow run that you want to download the artifact from. If ommited it will download the most recently created artifact from the repo with the artifact-name. + description: >- + The run-id for the workflow run that you want to download the artifact + from. If ommitted it will download the most recently created artifact + from the repo with the artifact-name. required: false artifact-name: desciption: The name of the artifact to download. @@ -11,7 +15,9 @@ inputs: outputs: filename: - description: "The filename of the downloaded artifact or the empty string if the artifact was not found." + description: >- + The filename of the downloaded artifact or the empty string if the + artifact was not found. value: ${{ steps.download-artifact.outputs.filename }} artifact-id: description: "The id of the artifact being downloaded." @@ -68,3 +74,8 @@ runs: run: | curl -L -o ${{ inputs.artifact-name }}.zip "${{ steps.artifact-url.outputs.url }}" echo "filename=${{ inputs.artifact-name }}.zip" >> $GITHUB_OUTPUT + + - shell: bash + if: steps.download-artifact.outputs.filename != '' + run: | + unzip ${{ steps.download-artifact.outputs.filename }} From bf47e71172e50faeabd3abc0cc0e69d0bb0098ab Mon Sep 17 00:00:00 2001 From: Tom Stellard Date: Thu, 30 May 2024 13:46:54 -0700 Subject: [PATCH 4/5] XXX: Debug --- .github/workflows/pr-code-format.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/pr-code-format.yml b/.github/workflows/pr-code-format.yml index 983838858ba43e..7c49ad960aed1e 100644 --- a/.github/workflows/pr-code-format.yml +++ b/.github/workflows/pr-code-format.yml @@ -11,7 +11,6 @@ on: jobs: code_formatter: runs-on: ubuntu-latest - if: github.repository == 'llvm/llvm-project' steps: - name: Fetch LLVM sources uses: actions/checkout@v4 From fadc4b57852f5a9906a8d9fe14b6b08506b5ba8f Mon Sep 17 00:00:00 2001 From: Tom Stellard Date: Thu, 30 May 2024 13:45:39 -0700 Subject: [PATCH 5/5] Patch to trigger format error --- llvm/utils/git/github-automation.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/llvm/utils/git/github-automation.py b/llvm/utils/git/github-automation.py index 1766ccb38ba255..5c695fe0160ecf 100755 --- a/llvm/utils/git/github-automation.py +++ b/llvm/utils/git/github-automation.py @@ -96,7 +96,7 @@ def run(self) -> bool: def human_readable_size(size, decimal_places=2): - for unit in ["B", "KiB", "MiB", "GiB", "TiB", "PiB"]: + for unit in ['B', "KiB", "MiB", "GiB", "TiB", "PiB"]: if size < 1024.0 or unit == "PiB": break size /= 1024.0