Implement GitHub Action Output Handling (#117)

Author: maennchen

.github/workflows/part_report_deps.yml

@@ -42,9 +42,63 @@ jobs:
           chmod +x
           ./mix_dependency_submission_${{ runner.os }}_${{ runner.arch }}
 
-      - run: >-
+      - id: submit
+        run: >-
           ./mix_dependency_submission_${{ runner.os }}_${{ runner.arch }}
           --install-deps
           --ignore test/fixtures
         env:
           GITHUB_TOKEN: ${{ github.token }}
+
+      - name: "Validate Output submission-json-path not empty"
+        uses: nick-fields/assert-action@aa0067e01f0f6545c31755d6ca128c5a3a14f6bf # v2.0.0
+        with:
+          expected: ""
+          actual: "${{ steps.submit.outputs.submission-json-path }}"
+          comparison: "notEqual"
+
+      - name: "Validate Output submission-json-path file contents valid JSON"
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          script: |
+            const fs = require('fs');
+            const path = require('path');
+            const filePath = process.env.SUBMISSION_JSON_PATH;
+            const fileContents = fs.readFileSync(filePath, 'utf8');
+            try {
+              JSON.parse(fileContents);
+              return true;
+            } catch (error) {
+              throw new Error(`Invalid JSON in file: ${filePath}`);
+            }
+        env:
+          SUBMISSION_JSON_PATH: "${{ steps.submit.outputs.submission-json-path }}"
+
+      - name: "Validate output snapshot-id not empty"
+        uses: nick-fields/assert-action@aa0067e01f0f6545c31755d6ca128c5a3a14f6bf # v2.0.0
+        with:
+          expected: ""
+          actual: "${{ steps.submit.outputs.snapshot-id }}"
+          comparison: "notEqual"
+
+      - name: "Validate output snapshot-api-url is correct"
+        uses: nick-fields/assert-action@aa0067e01f0f6545c31755d6ca128c5a3a14f6bf # v2.0.0
+        with:
+          expected: "${{ github.api_url }}/repos/${{ github.repository }}/dependency-graph/snapshots/${{ steps.submit.outputs.snapshot-id }}"
+          actual: "${{ steps.submit.outputs.snapshot-api-url }}"
+          comparison: "exact"
+
+      - name: "Can call snapshot-api-url"
+        id: snapshot-api-call
+        uses: fjogeleit/http-request-action@23ad54bcd1178fcff6a0d17538fa09de3a7f0a4d #v1.16.4
+        with:
+          url: "${{ steps.submit.outputs.snapshot-api-url }}"
+          method: "GET"
+          bearerToken: "${{ github.token }}"
+
+      - name: "Snapshot API call status code is 200"
+        uses: nick-fields/assert-action@aa0067e01f0f6545c31755d6ca128c5a3a14f6bf # v2.0.0
+        with:
+          expected: "200"
+          actual: "${{ steps.snapshot-api-call.outputs.status }}"
+          comparison: "exact"

README.md

@@ -93,7 +93,11 @@ jobs:
 
 ## Outputs
 
-None.
+| Name                   | Description                                 | Example Value                                                                 |
+|------------------------|---------------------------------------------|-------------------------------------------------------------------------------|
+| `submission-json-path` | Path to the generated submission JSON file. | `/tmp/submission-213124323.json`                                              |
+| `snapshot-id`        | ID of the submission.                       | `1234`                                                                        |
+| `snapshot-api-url`   | URL of the submission API.                  | `https://api.github.com/repos/{owner}/{repo}/dependency-graph/snapshots/1234` |
 
 ## OS and Architecture Support
 

action.yml

@@ -20,6 +20,16 @@ inputs:
   ignore:
     required: false
     description: "Paths to ignore"
+outputs:
+  submission-json-path:
+    description: "Path to the generated submission JSON file"
+    value: "${{ steps.submit.outputs.submission-json-path }}"
+  snapshot-id:
+    description: "ID of the submission"
+    value: "${{ steps.submit.outputs.snapshot-id }}"
+  snapshot-api-url:
+    description: "URL of the submission API"
+    value: "${{ steps.submit.outputs.snapshot-api-url }}"
 runs:
   using: "composite"
   steps:
@@ -47,6 +57,7 @@ runs:
       shell: "bash"
       working-directory: "${{ runner.temp }}"
     - name: "Submit Dependencies"
+      id: submit
       run: >-
         ${{ runner.temp }}/mix_dependency_submission_${{ runner.os }}_${{ runner.arch }}
         --project-path="$PROJECT_PATH"

config/config.exs

@@ -0,0 +1,9 @@
+import Config
+
+log_level =
+  case config_env() do
+    :prod -> :info
+    _env -> :debug
+  end
+
+config :logger, level: log_level

coveralls.json

@@ -1,7 +1,5 @@
 {
   "skip_files": [
-    "lib/mix_dependency_submission/application.ex",
-    "lib/mix_dependency_submission/cli.ex",
-    "lib/mix_dependency_submission/cli/submit.ex"
+    "lib/mix_dependency_submission/application.ex"
   ]
 }

lib/mix_dependency_submission/application.ex

@@ -13,7 +13,9 @@ defmodule MixDependencySubmission.Application do
     Mix.Hex.start()
 
     if Burrito.Util.running_standalone?() do
-      Submit.run(Args.argv())
+      exit_code = Submit.run(Args.argv())
+
+      System.stop(exit_code)
     end
 
     Supervisor.start_link([], strategy: :one_for_one)

lib/mix_dependency_submission/cli.ex

@@ -5,6 +5,8 @@ defmodule MixDependencySubmission.CLI do
   Used to configure and validate inputs for submitting a dependency snapshot.
   """
 
+  alias MixDependencySubmission.GitHub
+
   @app Mix.Project.config()[:app]
   @description Mix.Project.config()[:description]
   @version Mix.Project.config()[:version]
@@ -25,10 +27,20 @@ defmodule MixDependencySubmission.CLI do
 
   """
   @spec parse!([String.t()]) :: Optimus.ParseResult.t()
-  def parse!(argv) do
-    cli_definition()
-    |> Optimus.new!()
-    |> Optimus.parse!(argv)
+  case Mix.env() do
+    :test ->
+      def parse!(argv) do
+        cli_definition()
+        |> Optimus.new!()
+        |> Optimus.parse!(argv, &raise("Exit: #{&1}"))
+      end
+
+    _other ->
+      def parse!(argv) do
+        cli_definition()
+        |> Optimus.new!()
+        |> Optimus.parse!(argv)
+      end
   end
 
   @spec cli_definition :: Optimus.spec()
@@ -59,41 +71,41 @@ defmodule MixDependencySubmission.CLI do
           value_name: "GITHUB_API_URL",
           long: "--github-api-url",
           help: "GitHub API URL",
-          parser: &parse_github_api_url/1,
-          default: System.get_env("GITHUB_API_URL", "https://api.github.com")
+          parser: &parse_uri/1,
+          default: GitHub.get_api_url()
         ],
         github_repository:
-          optimus_options_with_env_default("GITHUB_REPOSITORY",
+          optimus_options_with_fun_default(&GitHub.fetch_repository/0,
             value_name: "GITHUB_REPOSITORY",
             long: "--github-repository",
             help: ~S(GitHub repository name "owner/repository")
           ),
         github_job_id:
-          optimus_options_with_env_default("GITHUB_JOB",
+          optimus_options_with_fun_default(&GitHub.fetch_job_id/0,
             value_name: "GITHUB_JOB",
             long: "--github-job-id",
             help: "GitHub Actions Job ID"
           ),
         github_workflow:
-          optimus_options_with_env_default("GITHUB_WORKFLOW",
+          optimus_options_with_fun_default(&GitHub.fetch_workflow/0,
             value_name: "GITHUB_WORKFLOW",
             long: "--github-workflow",
             help: "GitHub Actions Workflow Name"
           ),
         sha:
-          sha_option(
+          optimus_options_with_fun_default(&GitHub.fetch_head_sha/0,
             value_name: "SHA",
             long: "--sha",
             help: "Current Git SHA"
           ),
         ref:
-          optimus_options_with_env_default("GITHUB_REF",
+          optimus_options_with_fun_default(&GitHub.fetch_ref/0,
             value_name: "REF",
             long: "--ref",
             help: "Current Git Ref"
           ),
         github_token:
-          optimus_options_with_env_default("GITHUB_TOKEN",
+          optimus_options_with_fun_default(&GitHub.fetch_token/0,
             value_name: "GITHUB_TOKEN",
             long: "--github-token",
             help: "GitHub Token"
@@ -126,55 +138,22 @@ defmodule MixDependencySubmission.CLI do
     end
   end
 
-  @spec parse_github_api_url(uri :: String.t()) :: Optimus.parser_result()
-  defp parse_github_api_url(uri) do
+  @spec parse_uri(uri :: String.t()) :: Optimus.parser_result()
+  defp parse_uri(uri) do
     with {:ok, %URI{}} <- URI.new(uri) do
-      uri
+      {:ok, uri}
     end
   end
 
-  @spec optimus_options_with_env_default(env :: String.t(), details :: Keyword.t()) :: Keyword.t()
-  defp optimus_options_with_env_default(env, details) do
-    case System.fetch_env(env) do
+  @spec optimus_options_with_fun_default(
+          fetch_fun :: (-> {:ok, value} | :error),
+          details :: Keyword.t()
+        ) :: Keyword.t()
+        when value: term()
+  defp optimus_options_with_fun_default(fetch_fun, details) when is_function(fetch_fun, 0) do
+    case fetch_fun.() do
       {:ok, value} -> [default: value]
       :error -> [required: true]
     end ++ details
   end
-
-  @spec sha_option(Keyword.t()) :: Keyword.t()
-  defp sha_option(base_opts) do
-    # If the GitHub event is a pull request, we need to use the head SHA of the PR
-    # instead of the commit SHA of the workflow run.
-    # This is because the workflow run is triggered by the base commit of the PR,
-    # and we want to report the dependencies of the head commit.
-    # See: https://github.com/github/dependency-submission-toolkit/blob/72f5e31325b5e1bcc91f1b12eb7abe68e75b2105/src/snapshot.ts#L36-L61
-    case load_pr_head_sha() do
-      {:ok, sha} ->
-        Keyword.put(base_opts, :default, sha)
-
-      :error ->
-        # If we can't load the PR head SHA, we fall back to the default behavior
-        # of using the GITHUB_SHA environment variable.
-        optimus_options_with_env_default("GITHUB_SHA", base_opts)
-    end
-  end
-
-  # Note that pull_request_target is omitted here.
-  # That event runs in the context of the base commit of the PR,
-  # so the snapshot should not be associated with the head commit.
-
-  @pr_events ~w[pull_request pull_request_comment pull_request_review pull_request_review_comment]
-
-  @spec load_pr_head_sha :: {:ok, <<_::320>>} | :error
-  defp load_pr_head_sha do
-    with {:ok, event} when event in @pr_events <- System.fetch_env("GITHUB_EVENT_NAME"),
-         {:ok, event_path} <- System.fetch_env("GITHUB_EVENT_PATH") do
-      event_details_json = File.read!(event_path)
-
-      %{"pull_request" => %{"head" => %{"sha" => <<_binary::320>> = sha}}} =
-        JSON.decode!(event_details_json)
-
-      {:ok, sha}
-    end
-  end
 end

lib/mix_dependency_submission/cli/submit.ex

@@ -10,6 +10,7 @@ defmodule MixDependencySubmission.CLI.Submit do
 
   alias MixDependencySubmission.ApiClient
   alias MixDependencySubmission.CLI
+  alias MixDependencySubmission.GitHub
 
   require Logger
 
@@ -44,9 +45,11 @@ defmodule MixDependencySubmission.CLI.Submit do
       ...>   "--github-repository",
       ...>   "org/repo"
       ...> ])
+      # Exit Code
+      0
 
   """
-  @spec run(argv :: [String.t()]) :: no_return()
+  @spec run(argv :: [String.t()]) :: non_neg_integer()
   def run(argv) do
     %Optimus.ParseResult{
       options: %{
@@ -78,20 +81,71 @@ defmodule MixDependencySubmission.CLI.Submit do
         ignore: ignore
       )
 
-    Logger.info("Calculated Submission: #{Jason.encode!(submission, pretty: true)}")
+    submission_json = Jason.encode!(submission, pretty: true)
+
+    submission_path =
+      Path.join(System.tmp_dir!(), "submission-#{:erlang.crc32(submission_json)}.json")
+
+    File.write!(submission_path, submission_json)
+
+    Logger.info("Calculated Submission, written to: #{submission_path}")
+
+    GitHub.write_output("submission-json-path", submission_path)
 
     submission
     |> ApiClient.submit(github_api_url, github_repository, github_token)
     |> case do
-      {:ok, %Req.Response{body: body}} ->
-        Logger.info("Successfully submitted submission")
-        Logger.debug("Success Response: #{inspect(body, pretty: true)}")
-
-        System.halt(0)
+      {:ok, %Req.Response{body: body, status: 201}} ->
+        report_result(body, github_api_url, github_repository)
 
       {:error, {:unexpected_response, response}} ->
         Logger.error("Unexpected response: #{inspect(response, pretty: true)}")
-        System.stop(1)
+
+        2
     end
   end
+
+  defp report_result(body, github_api_url, github_repository)
+
+  defp report_result(
+         %{"id" => submission_id, "message" => message, "result" => result} = body,
+         github_api_url,
+         github_repository
+       )
+       when result in ~w[SUCCESS ACCEPTED] do
+    Logger.info("Successfully submitted submission: #{result}: #{message}")
+    Logger.debug("Success Response: #{inspect(body, pretty: true)}")
+
+    GitHub.write_output("snapshot-id", submission_id)
+
+    GitHub.write_output(
+      "snapshot-api-url",
+      github_api_url <> "/repos/#{github_repository}/dependency-graph/snapshots/#{submission_id}"
+    )
+
+    0
+  end
+
+  @spec report_result(
+          body :: %{String.t() => term()},
+          github_api_url :: String.t(),
+          github_repository :: String.t()
+        ) :: non_neg_integer()
+  defp report_result(
+         %{"id" => submission_id, "message" => message, "result" => "INVALID"} = body,
+         github_api_url,
+         github_repository
+       ) do
+    Logger.error("Invalid submission: #{message}")
+    Logger.debug("Invalid Response: #{inspect(body, pretty: true)}")
+
+    GitHub.write_output("snapshot-id", submission_id)
+
+    GitHub.write_output(
+      "snapshot-api-url",
+      github_api_url <> "/repos/#{github_repository}/dependency-graph/snapshots/#{submission_id}"
+    )
+
+    1
+  end
 end