The branch master has been updated via 9ad400f788fd4f1e36f0814c1952e2c4cbc3b970 (commit) from cc9f9b98997ce3aca276dc6dbbe6d98efab4e65d (commit)
- Log ----------------------------------------------------------------- commit 9ad400f788fd4f1e36f0814c1952e2c4cbc3b970 Author: Tomas Mraz <to...@openssl.org> Date: Wed May 19 09:50:17 2021 +0200 FIPS label CI: Save PR number and use it Reviewed-by: Paul Dale <pa...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15345) ----------------------------------------------------------------------- Summary of changes: .github/workflows/fips-checksums.yml | 20 +++++++----------- .github/workflows/fips-label.yml | 40 +++++++++++++++++++++++++++--------- 2 files changed, 37 insertions(+), 23 deletions(-) diff --git a/.github/workflows/fips-checksums.yml b/.github/workflows/fips-checksums.yml index 973778b62f..17d8b4073d 100644 --- a/.github/workflows/fips-checksums.yml +++ b/.github/workflows/fips-checksums.yml @@ -16,8 +16,7 @@ jobs: run: | mkdir ./build-pristine mkdir ./build - mkdir ./empty - touch ./empty/placeholder + mkdir ./artifact - name: config pristine run: ../config enable-fips && perl configdata.pm --dump working-directory: ./build-pristine @@ -44,17 +43,12 @@ jobs: run: touch providers/fips.checksum.new && make update-fips-checksums working-directory: ./build-pristine - name: make diff-fips-checksums - run: make diff-fips-checksums && echo "fips_unchanged=1" >> $GITHUB_ENV || echo "fips_changed=1" >> $GITHUB_ENV + run: make diff-fips-checksums && touch ../artifact/fips_unchanged || ( touch ../artifact/fips_changed ; echo FIPS CHANGED ) working-directory: ./build - - name: save artifact fips_changed - if: ${{ env.fips_changed }} + - name: save PR number + run: echo ${{ github.event.number }} > ./artifact/pr_num + - name: save artifact uses: actions/upload-artifact@v2 with: - name: fips_changed - path: empty/ - - name: save artifact fips_unchanged - if: ${{ env.fips_unchanged }} - uses: actions/upload-artifact@v2 - with: - name: fips_unchanged - path: empty/ + name: fips_checksum + path: artifact/ diff --git a/.github/workflows/fips-label.yml b/.github/workflows/fips-label.yml index a46f213f1c..eb87f200f5 100644 --- a/.github/workflows/fips-label.yml +++ b/.github/workflows/fips-label.yml @@ -10,27 +10,47 @@ jobs: runs-on: ubuntu-latest if: ${{ github.event.workflow_run.event == 'pull_request' }} steps: - - name: 'Check artifact and apply' + - name: 'Download artifact' if: ${{ github.event.workflow_run.conclusion == 'success' }} uses: actions/github-script@v4 with: - github-token: ${{secrets.GITHUB_TOKEN}} script: | var artifacts = await github.actions.listWorkflowRunArtifacts({ - owner: context.repo.owner, - repo: context.repo.repo, - run_id: ${{ github.event.workflow_run.id }} + owner: context.repo.owner, + repo: context.repo.repo, + run_id: ${{github.event.workflow_run.id }}, + }); + var matchArtifact = artifacts.data.artifacts.filter((artifact) => { + return artifact.name == "fips_checksum" + })[0]; + var download = await github.actions.downloadArtifact({ + owner: context.repo.owner, + repo: context.repo.repo, + artifact_id: matchArtifact.id, + archive_format: 'zip', }); - if ( artifacts.data.artifacts[0].name == 'fips_changed' ) { + var fs = require('fs'); + fs.writeFileSync('${{github.workspace}}/artifact.zip', Buffer.from(download.data)); + - run: unzip artifact.zip + if: ${{ github.event.workflow_run.conclusion == 'success' }} + - name: 'Check artifact and apply' + if: ${{ github.event.workflow_run.conclusion == 'success' }} + uses: actions/github-script@v4 + with: + github-token: ${{secrets.GITHUB_TOKEN}} + script: | + var fs = require('fs'); + var pr_num = Number(fs.readFileSync('./pr_num')); + if ( fs.existsSync('./fips_changed') ) { github.issues.addLabels({ - issue_number: ${{ github.event.workflow_run.pull_requests[0].number }}, + issue_number: pr_num, owner: context.repo.owner, repo: context.repo.repo, labels: ['severity: fips change'] }); - } else if ( artifacts.data.artifacts[0].name == 'fips_unchanged' ) { + } else if ( fs.existsSync('./fips_unchanged') ) { var labels = await github.issues.listLabelsOnIssue({ - issue_number: ${{ github.event.workflow_run.pull_requests[0].number }}, + issue_number: pr_num, owner: context.repo.owner, repo: context.repo.repo }); @@ -38,7 +58,7 @@ jobs: for ( var label in labels.data ) { if (labels.data[label].name == 'severity: fips change') { github.issues.removeLabel({ - issue_number: ${{ github.event.workflow_run.pull_requests[0].number }}, + issue_number: pr_num, owner: context.repo.owner, repo: context.repo.repo, name: 'severity: fips change'