hdkv/yuzu
1
Fork 0
Code Issues Pull Requests Releases 1 Activity
d347b68f4a
yuzu/externals/vcpkg/.github/workflows/untrustedPR.yml
pineappleEA 1f111bb69c early-access version 2853
2022-07-23 03:01:36 +02:00

148 lines
8.6 KiB
YAML
Executable File
Raw Blame History

# Modelled after https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
# These "checks" are also performed as part of our critical-path azure-pipelines review,
# however here they are better able to post back to the original PR
name: PR Suggestions
on:
pull_request:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
# fetch-depth 50 tries to ensure we capture the whole history of the branch
fetch-depth: 50
- uses: actions/cache@v2
id: cache
with:
path: |
./vcpkg
key: ${{ runner.os }}-${{ hashFiles('scripts/bootstrap*') }}
- name: bootstrap
if: steps.cache.outputs.cache-hit != 'true'
run: ./bootstrap-vcpkg.sh
- name: Save PR number
run: |
mkdir -p ./pr
echo ${{ github.event.number }} > ./pr/NR
- name: Formatting
run: |
git config user.email github-actions
git config user.name github-actions@github.com
git diff --name-status --merge-base HEAD^ HEAD --diff-filter=MAR -- '*portfile.cmake' | sed 's/[MAR]\t*//' | while read filename; do grep -q -E '(vcpkg_install_cmake|vcpkg_build_cmake|vcpkg_configure_cmake|vcpkg_fixup_cmake_targets)' "$filename" && echo " - \`$filename\`" || true; done > .github-pr.deprecated-cmake
git diff --name-status --merge-base HEAD^ HEAD --diff-filter=MAR -- '*vcpkg.json' | sed 's/[MAR]\t*//' > .github-pr.changed-manifest-files
cat .github-pr.changed-manifest-files | while read filename; do grep -q -E '"license": ' "$filename" || echo " - \`$filename\`" || true; done > .github-pr.missing-license
cat .github-pr.changed-manifest-files | while read filename; do match=$(grep -oiP '"license": ".*\K(AGPL-1\.0|AGPL-3\.0|BSD-2-Clause-FreeBSD|BSD-2-Clause-NetBSD|bzip2-1\.0\.5|eCos-2\.0|GFDL-1\.1|GFDL-1\.2|GFDL-1\.3|GPL-1\.0|GPL-1\.0\+|GPL-2\.0|GPL-2\.0\+|GPL-2\.0-with-autoconf-exception|GPL-2\.0-with-bison-exception|GPL-2\.0-with-classpath-exception|GPL-2\.0-with-font-exception|GPL-2\.0-with-GCC-exception|GPL-3\.0|GPL-3\.0\+|GPL-3\.0-with-autoconf-exception|GPL-3\.0-with-GCC-exception|LGPL-2\.0|LGPL-2\.0\+|LGPL-2\.1|LGPL-2\.1\+|LGPL-3\.0|LGPL-3\.0\+|Nunit|StandardML-NJ|wxWindows)(?=[ "])' "$filename" || true); if [ ! -z "$match" ]; then echo " - \`$filename\` (has deprecated license \`$match\`)" ; fi ; done > .github-pr.deprecated-license
./vcpkg format-manifest --all --convert-control
git diff > .github-pr.format-manifest
git add -u
git commit -m "tmp" --allow-empty
# HEAD^^ refers to the "main" commit that was merged into
git checkout HEAD^^ -- versions
git restore --staged versions
./vcpkg x-add-version --all --skip-formatting-check | grep 'instead of "version-string"' | tee .github-pr.version-string.out || true
git checkout -- versions
./vcpkg x-add-version --all --skip-formatting-check --skip-version-format-check | tee .github-pr.x-add-version.out || true
git diff > .github-pr.x-add-version.diff
git reset HEAD~ --mixed
- uses: actions/github-script@v6
with:
script: |
const { promises: fs } = require('fs')
const add_version = (await fs.readFile('.github-pr.x-add-version.diff', 'utf8')).trim()
const add_version_out = (await fs.readFile('.github-pr.x-add-version.out', 'utf8')).trim()
const version_string_out = (await fs.readFile('.github-pr.version-string.out', 'utf8')).trim()
const format = (await fs.readFile('.github-pr.format-manifest', 'utf8')).trim()
const cmake = (await fs.readFile('.github-pr.deprecated-cmake', 'utf8')).trim()
const missing_license = (await fs.readFile('.github-pr.missing-license', 'utf8')).trim()
const deprecated_license = (await fs.readFile('.github-pr.deprecated-license', 'utf8')).trim()
let approve = true;
var output = ''
if (format !== "") {
output += "<details><summary><b>All manifest files must be formatted</b></summary>\n\n"
output += "`./vcpkg format-manifest ports/*/vcpkg.json`\n"
output += "<details><summary><b>Diff</b></summary>\n\n"
output += "```diff\n" + format + "\n```\n"
output += "</details></details>\n\n"
approve = false;
}
if (add_version_out !== "") {
output += "<details><summary><b>PRs must add only one version and must not modify any published versions</b></summary>\n\n"
output += "When making any changes to a library, the version or port-version in `vcpkg.json` or `CONTROL` must be modified.\n"
output += "```\n" + add_version_out + "\n```\n</details>\n\n"
approve = false;
}
if (version_string_out !== "") {
output += version_string_out + "\n\n"
}
if (add_version !== "") {
output += "<details><summary><b>After committing all other changes, the version database must be updated</b></summary>\n\n"
output += "```sh\n"
output += "git add -u && git commit\n"
output += "git checkout ${{ github.event.pull_request.base.sha }} -- versions\n"
output += "./vcpkg x-add-version --all\n"
output += "```\n"
output += "<details><summary><b>Diff</b></summary>\n\n"
output += "```diff\n" + add_version + "\n```\n"
output += "</details></details>\n\n"
approve = false;
}
if (cmake !== "") {
output += "You have modified or added at least one portfile where deprecated functions are used.\n"
output += "<details>\n\n"
output += "If you feel able to do so, please consider migrating them to the new functions:\n"
output += " `vcpkg_install_cmake` -> `vcpkg_cmake_install` (from port `vcpkg-cmake`)\n"
output += " `vcpkg_build_cmake` -> `vcpkg_cmake_build` (from port `vcpkg-cmake`)\n"
output += " `vcpkg_configure_cmake` -> `vcpkg_cmake_configure` (Please remove the option `PREFER_NINJA`) (from port `vcpkg-cmake`)\n"
output += " `vcpkg_fixup_cmake_targets` -> `vcpkg_cmake_config_fixup` (from port `vcpkg-cmake-config`)\n"
output += "\n"
output += "In the ports that use the new function, you have to add the corresponding dependencies:\n"
output += "```json\n"
output += '{\n "name": "vcpkg-cmake",\n "host": true\n},\n'
output += '{\n "name": "vcpkg-cmake-config",\n "host": true\n}\n'
output += "```\n"
output += `The following files are affected:\n${cmake}\n`
output += "</details>\n\n"
}
if (missing_license !== "" || deprecated_license !== "") {
output += 'You have modified or added at least one vcpkg.json where you should check the `license` field.\n'
output += "<details>\n\n"
if (missing_license !== "") {
output += 'If you feel able to do so, please consider adding a "license" field to the following files:\n'
output += missing_license
output += "\n\nValid values for the license field can be found in the [documentation](https://github.com/microsoft/vcpkg/blob/master/docs/maintainers/manifest-files.md#license)\n\n"
}
if (deprecated_license !== "") {
output += 'If you feel able to do so, please consider replacing the deprecated license identifiers in the following files:\n'
output += deprecated_license
output += "\n\nDeprecated and non deprecated license identifiers can be found [here](https://spdx.github.io/spdx-spec/SPDX-license-list/#a3-deprecated-licenses)\n"
}
output += "</details>\n\n"
}
if (approve) {
await fs.writeFile("pr/event", "APPROVE")
} else {
output = "_This is a new experimental fast check for PR issues. Please let us know if this bot is helpful!_\n\n" + output
await fs.writeFile("pr/event", "REQUEST_CHANGES")
}
await fs.writeFile("pr/body", output)
console.log(output);
- uses: actions/upload-artifact@v3
with:
name: pr
path: pr/
Reference in New Issue View Git Blame Copy Permalink