forms-deploy/.github/workflows/pre-commit.yml at main · govuk-forms/forms-deploy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
name: pre-commit
on:
  pull_request:
  push:
    branches:
      - main
  merge_group:

jobs:
  pre-commit:
    # This job will run on all pull requests and pushes to main
    # We run it on merge to main to ensure that pre-commit's cache is up to date
    if: github.event_name != 'merge_group'
    runs-on: ubuntu-latest
    name: run checks
    permissions:
      contents: read
      pull-requests: write
    steps:
      - name: 📦 Check Out Repository Code
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0

      - name: 🏗️ Set Up Terraform
        uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0

      - name: 🏗️ Install Pre-commit
        run: python -m pip install pre-commit
        shell: bash
      - name: 🛠️ Freeze Python Dependencies
        run: python -m pip freeze --local
        shell: bash
      - name: 📦 Cache Pre-commit tools
        uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
        with:
          path: ~/.cache/pre-commit
          key: pre-commit-3|${{ hashFiles('.pre-commit-config.yaml') }}
          restore-keys: |
            pre-commit-3|
      - name: ✅ Run Pre-commit Hooks
        id: pre-commit
        env:
          SKIP: "checkov,tflint,rubocop,terraform-fmt"
        run: |
          pre-commit run --show-diff-on-failure --color=never \
          --from-ref "${{ github.event.pull_request.base.sha }}" \
          --to-ref "${{ github.event.pull_request.head.sha }}" \
          | tee result.out; test "${PIPESTATUS[0]}" -eq 0
        shell: bash

      - name: 📄 Parse pre-commit output and manage PR comment
        if: always() && github.event_name == 'pull_request'
        env:
          COMMENT_MARKER: "<!-- pre-commit-comment -->"
          GH_TOKEN: ${{ github.token }}
          JOB_STATUS: ${{ steps.pre-commit.outcome }}
          WORKFLOW_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
        run: |
          # shellcheck disable=SC2016
          # Check if the pre-commit job failed
          if [ "$JOB_STATUS" = "failure" ]; then
            # Parse the output to extract failed checks
            echo "Parsing pre-commit output for failed checks..."

            # Create the comment body file with marker expansion
            cat > "${{runner.temp}}/pr-comment.md" <<EOF
          ${COMMENT_MARKER}

          <h3>Pre-Commit report</h3>

          This pull request had errors when running pre-commit.

          [View workflow run →](${WORKFLOW_RUN_URL})

          EOF

            # Extract failed checks and their details into a single code block
            # Look for lines ending with "Failed" and capture them plus following lines starting with "-"
            {
              echo '```'
              awk '
              /Failed$/ {
                # Start of a failed check
                if (buffer != "") {
                  # Print previous buffer with blank line separator
                  print buffer
                  print ""
                }
                buffer = $0
                in_failed = 1
                next
              }
              in_failed && /^- / {
                # Lines starting with "- " are details of the failed check
                buffer = buffer "\n" $0
                next
              }
              in_failed && !/^- / {
                # Any line not starting with "- " ends the current failed check
                in_failed = 0
              }
              END {
                # Print final buffer if exists
                if (buffer != "") {
                  print buffer
                }
              }
              ' result.out
              echo '```'
            } >> "${{runner.temp}}/pr-comment.md"

            # Add footer with diff section
            {
              cat <<'EOF'

          Reproduce locally with: `pre-commit run --all-files`.<br/>
          To run `pre-commit` as part of git workflow, use `pre-commit install`.

          <details >
            <summary>Full diff of automatic changes</summary>
            <br/>

          ```diff
          EOF
              # Extract the diff section if it exists (everything after "All changes made by hooks:")
              sed -n '/^All changes made by hooks:/,$p' result.out | tail -n +2
              cat <<'EOF'
          ```

          </details>

          <hr/>

          <sub>
            This comment will be updated when code changes.
          </sub>
          EOF
            } >> "${{runner.temp}}/pr-comment.md"

            # Find and update or create comment
            old_comment_ids=$(gh api "repos/{owner}/{repo}/issues/${{github.event.pull_request.number}}/comments" --jq 'map(select((.user.login == "github-actions[bot]") and (.body | startswith($ENV.COMMENT_MARKER)))) | .[].id')

            if [ -n "$old_comment_ids" ]; then
              # Update existing comment
              comment_id=$(echo "$old_comment_ids" | head -n1)
              gh api -X PATCH "repos/{owner}/{repo}/issues/comments/${comment_id}" \
                -F body=@"${{runner.temp}}/pr-comment.md"
              echo "Updated existing comment: $comment_id"
            else
              # Create new comment
              gh pr comment "${{github.event.pull_request.html_url}}" --body-file "${{runner.temp}}/pr-comment.md"
              echo "Created new comment"
            fi
          else
            # Pre-commit passed - check if there's an existing comment to update
            old_comment_ids=$(gh api "repos/{owner}/{repo}/issues/${{github.event.pull_request.number}}/comments" --jq 'map(select((.user.login == "github-actions[bot]") and (.body | startswith($ENV.COMMENT_MARKER)))) | .[].id')

            if [ -n "$old_comment_ids" ]; then
              # Update the comment to say it's fixed
              comment_id=$(echo "$old_comment_ids" | head -n1)
              cat > "${{runner.temp}}/pr-comment-fixed.md" <<EOF
          ${COMMENT_MARKER}

          <h3>Pre-Commit report</h3>

          ✅ All pre-commit checks are now passing!

          <hr/>

          <sub>
            This comment will be updated when code changes.
          </sub>
          EOF
              gh api -X PATCH "repos/{owner}/{repo}/issues/comments/${comment_id}" \
                -F body=@"${{runner.temp}}/pr-comment-fixed.md"
              echo "Updated comment to show checks are passing"
            else
              echo "No existing comment to update, and checks passed - nothing to do"
            fi
          fi
      - name: 🧹 Cache Cleanup
        if: always() # always run to ensure cache is cleaned up even if previous steps fail
        run: pre-commit gc
        shell: bash
  report:
    # Required, for 'required PR status checks' on GitHub.
    name: Run pre-commit
    runs-on: ubuntu-latest
    needs: [pre-commit]
    if: ${{ always() && !failure() && !cancelled() }}
    steps:
      - name: No checks failed
        run: echo "No pre-commit issues found."