Skip to content

Expose GitHub summary unconditionally #821

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Apr 16, 2025
Merged

Expose GitHub summary unconditionally #821

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
8d29d06
Expose report unconditionally
jprinet Apr 1, 2025
f62bf34
Align comments
jprinet Apr 10, 2025
1674631
CR follow-up: inline RECEIPT_FILE path instead of copy
jprinet Apr 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 20 additions & 6 deletions .github/actions/gradle/experiment-1/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,9 @@ runs:
# Navigate into the folder containing the validation scripts
cd develocity-gradle-build-validation

# Do not exit on error to allow post-actions
set +e

# Run the experiment
./01-validate-incremental-building.sh \
${ARG_GIT_REPO:+"-r" "$ARG_GIT_REPO"} \
Expand All @@ -110,25 +113,36 @@ runs:
${ARG_DEVELOCITY_URL:+"-s" "$ARG_DEVELOCITY_URL"} \
${ARG_DEVELOCITY_ENABLE:+"-e"} \
${RUNNER_DEBUG:+"--debug"}
EXPERIMENT_EXIT_CODE=$?

# Set the Build Scan urls as outputs
RECEIPT_FILE=".data/01-validate-incremental-building/latest/exp1-*.receipt"
BUILD_SCAN_1=$(grep -m 1 "first build" ${RECEIPT_FILE} | sed 's/.* //')
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't RECEIPT_FILE undefined now?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

damned, I missed this one, good catch. I'll fix it in another PR

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You could just move the capturing of build scan links to the Fill GitHub summary step inside of the if condition such that the final thing done in this step is the script invocation. That would also allow you to remove the set +e and capturing of the exit code.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That makes sense and will put altogether the GitHub I/O in the same step 👍

BUILD_SCAN_2=$(grep -m 1 "second build" ${RECEIPT_FILE} | sed 's/.* //')

echo "buildScanFirstBuild=$BUILD_SCAN_1" >> $GITHUB_OUTPUT
echo "buildScanSecondBuild=$BUILD_SCAN_2" >> $GITHUB_OUTPUT

cat $RECEIPT_FILE >> $GITHUB_STEP_SUMMARY
# Copy receipt to a predictable location
RECEIPT_FILE=".data/01-validate-incremental-building/latest/exp1-*.receipt"
if [ -f ${RECEIPT_FILE} ]; then
cp ${RECEIPT_FILE} ../receipt.txt
fi
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you think about something like this?

Suggested change
# Copy receipt to a predictable location
RECEIPT_FILE=".data/01-validate-incremental-building/latest/exp1-*.receipt"
if [ -f ${RECEIPT_FILE} ]; then
cp ${RECEIPT_FILE} ../receipt.txt
fi
echo "receiptFile=$(readlink -f .data/01-validate-incremental-building/latest/exp1-*.receipt)" >> $GITHUB_OUTPUT

That way we don't have to copy files around to be used in a later step. I think that would also allow users to consume it and could write the file contents to Slack or an email or something without having to worry about where the file is located. I think that's true anyway.

Then later we can do:

if [ -f "${{ steps.run.outputs.receiptFile }}" ]; then
...
fi

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To expose the file outside of the composite action, we would also need to declare it as an extra output there.
We could do that but my intention is exactly opposite as described there

The receipt file is renamed to a predictable receipt.txt file to avoid passing the filename across steps and adding an attack surface as the file content is archived and inlined in the GitHub summary

We also could keep the reference .data/01-validate-incremental-building/latest/exp1-*.receipt in the 3 different steps to avoid the copy
The copy is just there to avoid repeating the uneasy reference.
Do you think it would be better?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To expose the file outside of the composite action, we would also need to declare it as an extra output there.

Right, I knew there was something I was missing. I would do that.

adding an attack surface as the file content is archived and inlined in the GitHub summary

I don't get this part.

Copy link
Member Author

@jprinet jprinet Apr 11, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Having as a step input a file path which you then display in the summary and upload as an artifact is something I am a bit reluctant to do
I see this as a way to display content of a file which was not meant to be displayed in the first place

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, but I still don't understand. We already displayed the content in the summary before here.

develocity-build-validation-scripts/.github/actions/gradle/experiment-1/action.yml

Line 122 in 159dc34

cat $RECEIPT_FILE >> $GITHUB_STEP_SUMMARY

And the file was an input to the upload action here.

develocity-build-validation-scripts/.github/actions/gradle/experiment-1/action.yml

Line 129 in 159dc34

path: develocity-gradle-build-validation/.data/01-validate-incremental-building/latest*/exp1-*.receipt

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The artifact is uploaded immediately after the experiment completes in the following step and the summary is written immediately after that. All of this happens within the composite action so the user can overwrite the file, but neither the uploaded artifact or experiment summary should be affected.

In any case, they could have overwritten the file before these changes too.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree that the risk is limited or not worsened but I still feel it is bad practice to display a file content without controlling how the file path is obtained

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is your concern only about exposing the file path to the user, i.e., adding it as an output of the composite action?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My concern is that the composite step is displaying a file which could potentially be something else than the report.
You could think of a scenario with a complex consuming workflow, calling this composite, with maintainers thoroughly checking that files with secrets are not undisclosed by a PR, but omitting to control the behavior of steps brought by composite actions.
This is unlikely to happen but not impossible if we make the receipt file a step input/output

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We agreed on a call to inline the full receipt path when used


exit $EXPERIMENT_EXIT_CODE
shell: bash
- name: Archive receipt
id: upload-artifact
uses: actions/upload-artifact@v4
if: always()
with:
name: experiment-1-receipt-${{ github.job }}${{ strategy.job-total > 1 && format('-{0}', strategy.job-index) || '' }}
path: develocity-gradle-build-validation/.data/01-validate-incremental-building/latest*/exp1-*.receipt
- name: Add artifact link to summary
path: receipt.txt
- name: Fill GitHub summary
if: always()
run: |
echo "-------------" >> $GITHUB_STEP_SUMMARY
echo "Download receipt: ${{ steps.upload-artifact.outputs.artifact-url }}" >> $GITHUB_STEP_SUMMARY
if [ -f "receipt.txt" ]; then
cat receipt.txt >> $GITHUB_STEP_SUMMARY
echo "-------------" >> $GITHUB_STEP_SUMMARY
echo "Download receipt: ${{ steps.upload-artifact.outputs.artifact-url }}" >> $GITHUB_STEP_SUMMARY
fi
shell: bash
26 changes: 20 additions & 6 deletions .github/actions/gradle/experiment-2/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,9 @@ runs:
# Navigate into the folder containing the validation scripts
cd develocity-gradle-build-validation

# Do not exit on error to allow post-actions
set +e

# Run the experiment
./02-validate-local-build-caching-same-location.sh \
${ARG_GIT_REPO:+"-r" "$ARG_GIT_REPO"} \
Expand All @@ -118,25 +121,36 @@ runs:
${ARG_DEVELOCITY_ENABLE:+"-e"} \
${ARG_FAIL_IF_NOT_FULLY_CACHEABLE:+"-f"} \
${RUNNER_DEBUG:+"--debug"}
EXPERIMENT_EXIT_CODE=$?

# Set the Build Scan urls as outputs
RECEIPT_FILE=".data/02-validate-local-build-caching-same-location/latest/exp2-*.receipt"
BUILD_SCAN_1=$(grep -m 1 "first build" ${RECEIPT_FILE} | sed 's/.* //')
BUILD_SCAN_2=$(grep -m 1 "second build" ${RECEIPT_FILE} | sed 's/.* //')

echo "buildScanFirstBuild=$BUILD_SCAN_1" >> $GITHUB_OUTPUT
echo "buildScanSecondBuild=$BUILD_SCAN_2" >> $GITHUB_OUTPUT

cat $RECEIPT_FILE >> $GITHUB_STEP_SUMMARY
# Copy receipt to a predictable location
RECEIPT_FILE=".data/02-validate-local-build-caching-same-location/latest/exp2-*.receipt"
if [ -f ${RECEIPT_FILE} ]; then
cp ${RECEIPT_FILE} ../receipt.txt
fi

exit $EXPERIMENT_EXIT_CODE
shell: bash
- name: Archive receipt
id: upload-artifact
uses: actions/upload-artifact@v4
if: always()
with:
name: experiment-2-receipt-${{ github.job }}${{ strategy.job-total > 1 && format('-{0}', strategy.job-index) || '' }}
path: develocity-gradle-build-validation/.data/02-validate-local-build-caching-same-location/latest*/exp2-*.receipt
- name: Add artifact link to summary
path: receipt.txt
- name: Fill GitHub summary
if: always()
run: |
echo "-------------" >> $GITHUB_STEP_SUMMARY
echo "Download receipt: ${{ steps.upload-artifact.outputs.artifact-url }}" >> $GITHUB_STEP_SUMMARY
if [ -f "receipt.txt" ]; then
cat receipt.txt >> $GITHUB_STEP_SUMMARY
echo "-------------" >> $GITHUB_STEP_SUMMARY
echo "Download receipt: ${{ steps.upload-artifact.outputs.artifact-url }}" >> $GITHUB_STEP_SUMMARY
fi
shell: bash
26 changes: 20 additions & 6 deletions .github/actions/gradle/experiment-3/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,9 @@ runs:
# Navigate into the folder containing the validation scripts
cd develocity-gradle-build-validation

# Do not exit on error to allow post-actions
set +e

# Run the experiment
./03-validate-local-build-caching-different-locations.sh \
${ARG_GIT_REPO:+"-r" "$ARG_GIT_REPO"} \
Expand All @@ -118,25 +121,36 @@ runs:
${ARG_DEVELOCITY_ENABLE:+"-e"} \
${ARG_FAIL_IF_NOT_FULLY_CACHEABLE:+"-f"} \
${RUNNER_DEBUG:+"--debug"}
EXPERIMENT_EXIT_CODE=$?

# Set the Build Scan urls as outputs
RECEIPT_FILE=".data/03-validate-local-build-caching-different-locations/latest/exp3-*.receipt"
BUILD_SCAN_1=$(grep -m 1 "first build" ${RECEIPT_FILE} | sed 's/.* //')
BUILD_SCAN_2=$(grep -m 1 "second build" ${RECEIPT_FILE} | sed 's/.* //')

echo "buildScanFirstBuild=$BUILD_SCAN_1" >> $GITHUB_OUTPUT
echo "buildScanSecondBuild=$BUILD_SCAN_2" >> $GITHUB_OUTPUT

# Copy receipt to a predictable location
RECEIPT_FILE=".data/03-validate-local-build-caching-different-locations/latest/exp3-*.receipt"
if [ -f ${RECEIPT_FILE} ]; then
cp ${RECEIPT_FILE} ../receipt.txt
fi

cat $RECEIPT_FILE >> $GITHUB_STEP_SUMMARY
exit $EXPERIMENT_EXIT_CODE
shell: bash
- name: Archive receipt
id: upload-artifact
uses: actions/upload-artifact@v4
if: always()
with:
name: experiment-3-receipt-${{ github.job }}${{ strategy.job-total > 1 && format('-{0}', strategy.job-index) || '' }}
path: develocity-gradle-build-validation/.data/03-validate-local-build-caching-different-locations/latest*/exp3-*.receipt
- name: Add artifact link to summary
path: receipt.txt
- name: Fill GitHub summary
if: always()
run: |
echo "-------------" >> $GITHUB_STEP_SUMMARY
echo "Download receipt: ${{ steps.upload-artifact.outputs.artifact-url }}" >> $GITHUB_STEP_SUMMARY
if [ -f "receipt.txt" ]; then
cat receipt.txt >> $GITHUB_STEP_SUMMARY
echo "-------------" >> $GITHUB_STEP_SUMMARY
echo "Download receipt: ${{ steps.upload-artifact.outputs.artifact-url }}" >> $GITHUB_STEP_SUMMARY
fi
shell: bash
26 changes: 20 additions & 6 deletions .github/actions/maven/experiment-1/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,9 @@ runs:
# Navigate into the folder containing the validation scripts
cd develocity-maven-build-validation

# Do not exit on error to allow post-actions
set +e

# Run the experiment
./01-validate-local-build-caching-same-location.sh \
${ARG_GIT_REPO:+"-r" "$ARG_GIT_REPO"} \
Expand All @@ -118,25 +121,36 @@ runs:
${ARG_DEVELOCITY_ENABLE:+"-e"} \
${ARG_FAIL_IF_NOT_FULLY_CACHEABLE:+"-f"} \
${RUNNER_DEBUG:+"--debug"}
EXPERIMENT_EXIT_CODE=$?

# Set the Build Scan urls as outputs
RECEIPT_FILE=".data/01-validate-local-build-caching-same-location/latest/exp1-*.receipt"
BUILD_SCAN_1=$(grep -m 1 "first build" ${RECEIPT_FILE} | sed 's/.* //')
BUILD_SCAN_2=$(grep -m 1 "second build" ${RECEIPT_FILE} | sed 's/.* //')

echo "buildScanFirstBuild=$BUILD_SCAN_1" >> $GITHUB_OUTPUT
echo "buildScanSecondBuild=$BUILD_SCAN_2" >> $GITHUB_OUTPUT

cat $RECEIPT_FILE >> $GITHUB_STEP_SUMMARY
# Copy receipt to a predictable location
RECEIPT_FILE=".data/01-validate-local-build-caching-same-location/latest/exp1-*.receipt"
if [ -f ${RECEIPT_FILE} ]; then
cp ${RECEIPT_FILE} ../receipt.txt
fi

exit $EXPERIMENT_EXIT_CODE
shell: bash
- name: Archive receipt
id: upload-artifact
uses: actions/upload-artifact@v4
if: always()
with:
name: experiment-1-receipt-${{ github.job }}${{ strategy.job-total > 1 && format('-{0}', strategy.job-index) || '' }}
path: develocity-maven-build-validation/.data/01-validate-local-build-caching-same-location/latest*/exp1-*.receipt
- name: Add artifact link to summary
path: receipt.txt
- name: Fill GitHub summary
if: always()
run: |
echo "-------------" >> $GITHUB_STEP_SUMMARY
echo "Download receipt: ${{ steps.upload-artifact.outputs.artifact-url }}" >> $GITHUB_STEP_SUMMARY
if [ -f "receipt.txt" ]; then
cat receipt.txt >> $GITHUB_STEP_SUMMARY
echo "-------------" >> $GITHUB_STEP_SUMMARY
echo "Download receipt: ${{ steps.upload-artifact.outputs.artifact-url }}" >> $GITHUB_STEP_SUMMARY
fi
shell: bash
26 changes: 20 additions & 6 deletions .github/actions/maven/experiment-2/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,9 @@ runs:
# Navigate into the folder containing the validation scripts
cd develocity-maven-build-validation

# Do not exit on error to allow post-actions
set +e

# Run the experiment
./02-validate-local-build-caching-different-locations.sh \
${ARG_GIT_REPO:+"-r" "$ARG_GIT_REPO"} \
Expand All @@ -118,25 +121,36 @@ runs:
${ARG_DEVELOCITY_ENABLE:+"-e"} \
${ARG_FAIL_IF_NOT_FULLY_CACHEABLE:+"-f"} \
${RUNNER_DEBUG:+"--debug"}
EXPERIMENT_EXIT_CODE=$?

# Set the Build Scan urls as outputs
RECEIPT_FILE=".data/02-validate-local-build-caching-different-locations/latest/exp2-*.receipt"
BUILD_SCAN_1=$(grep -m 1 "first build" ${RECEIPT_FILE} | sed 's/.* //')
BUILD_SCAN_2=$(grep -m 1 "second build" ${RECEIPT_FILE} | sed 's/.* //')

echo "buildScanFirstBuild=$BUILD_SCAN_1" >> $GITHUB_OUTPUT
echo "buildScanSecondBuild=$BUILD_SCAN_2" >> $GITHUB_OUTPUT

cat $RECEIPT_FILE >> $GITHUB_STEP_SUMMARY
# Copy receipt to a predictable location
RECEIPT_FILE=".data/02-validate-local-build-caching-different-locations/latest/exp2-*.receipt"
if [ -f ${RECEIPT_FILE} ]; then
cp ${RECEIPT_FILE} ../receipt.txt
fi

exit $EXPERIMENT_EXIT_CODE
shell: bash
- name: Archive receipt
id: upload-artifact
uses: actions/upload-artifact@v4
if: always()
with:
name: experiment-2-receipt-${{ github.job }}${{ strategy.job-total > 1 && format('-{0}', strategy.job-index) || '' }}
path: develocity-maven-build-validation/.data/02-validate-local-build-caching-different-locations/latest*/exp2-*.receipt
- name: Add artifact link to summary
path: receipt.txt
- name: Fill GitHub summary
if: always()
run: |
echo "-------------" >> $GITHUB_STEP_SUMMARY
echo "Download receipt: ${{ steps.upload-artifact.outputs.artifact-url }}" >> $GITHUB_STEP_SUMMARY
if [ -f "receipt.txt" ]; then
cat receipt.txt >> $GITHUB_STEP_SUMMARY
echo "-------------" >> $GITHUB_STEP_SUMMARY
echo "Download receipt: ${{ steps.upload-artifact.outputs.artifact-url }}" >> $GITHUB_STEP_SUMMARY
fi
shell: bash