-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Request for workaround for cross-fork reporter issue #16
Comments
Hi @GroovinChip! Sorry for the delay. I've added with 63f970d a new output called name: Example workflow
on: [push, pull_request]
jobs:
package-analysis:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: axel-op/dart-package-analyzer@v3
id: analysis
with:
githubToken: ${{ secrets.GITHUB_TOKEN }}
- name: Check scores
env:
JSON_OUTPUT: ${{ steps.analysis.outputs.json_output }}
run: |
TOTAL_SCORE=$(jq -r '.scores.grantedPoints' <<< "$JSON_OUTPUT")
# ... Tell me how this works for you 🙂 And feel free to close this issue if this solves it ☺ |
I'll check it out, thanks. Will this work on pull requests from forks? |
Yes, it will work |
Great. I'm arranging a test with someone who has a fork of the repo in question, but it won't be for a few hours or so. I'll let you know the results. |
Note that, even though no report is posted, all the outputs of this action are still correctly set in the case of a fork triggering this action |
Ah, no report is posted? Where do I view the formatted JSON? Do you have a sample image I can see while wait for this test PR? |
Sorry, I was unclear. What I meant is that you can still access all the outputs (including this new one) of this action in that situation. |
I see. What I was after was formatting the JSON as a report directly from the output logs, since in the case of PR's from forks the regular output is inaccessible. Is this possible to do? |
I suppose you mean formatting it to Markdown? As you can see here, there is a little bit of logic involved to get this result from the raw JSON. You can still manage to extract some sections of the JSON that are already preformatted in Markdown (see the But really the main purpose of this action is to be included in an automatic CI pipeline, more than producing human-readable outputs :) |
Yeah, I see what you're saying. What I'm really looking to do is automate my process of checking contributions to my repo. Rather than having to rely on checking out the branch and looking at the analyzer, running pana on PR's via action and seeing a formatted report can go a long way towards eliminating manual checks (I really don't like manually making sure people run dartfmt, for example). It works very well on PR's coming from people who have access to the repo, but not very well on those coming from forks. Do you think this use case is beyond the scope of your project? Can it even be done? |
I made this action to handle the results of the pana package, which gives the Pub score that a package will have once published. Note that pana is different from the Dart analyzer, even though pana uses the Dart analyzer during its analysis. The score that a package will have and the lints displayed by pana come from a set of publishing rules described here. You can see that pana does not run If you want to check formatting of Dart files in your CI workflow, you may want to add a step in your workflow file that runs a command like |
Hi @GroovinChip, feel free to close this issue if everything works fine for you :) |
As seen in #2, when running this action on cross-fork PR's, the job succeeds but is not able to publish a formatted report due to security issues. As a workaround, perhaps the relevant logs from the job output itself could be captured and published either as a formatted report or a downloadable job artifact?
Filed separately from #2 per request.
The text was updated successfully, but these errors were encountered: