fix(ci): improve rules version checks job

Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
falcosecurity · Jul 5, 2023 · b362413 · b362413
1 parent fec1dac
commit b362413
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 5 deletions.
diff --git a/.github/compare-rule-files.sh b/.github/compare-rule-files.sh
@@ -1,16 +1,18 @@
-#!/usr/bin/env bash
+#!/bin/bash
 
 RULES_FILE=$1
 RESULT_FILE=$2
 CHECKER_TOOL=$3
 FALCO_DOCKER_IMAGE=$4
 
+set -e pipefail
+
 rm -f $RESULT_FILE
 touch $RESULT_FILE
 
 cur_branch=`git rev-parse HEAD`
 echo Current branch is \"$cur_branch\"
-echo Checking version for $RULES_FILE...
+echo Checking version for rules file \"$RULES_FILE\"...
 cp $RULES_FILE tmp_rule_file.yaml
 
 rules_name=`echo $RULES_FILE | sed -re 's/rules\/(.*)_rules\.yaml/\1/'`
@@ -26,6 +28,7 @@ else
 fi
 
 git checkout tags/$latest_tag
+chmod +x $CHECKER_TOOL
 $CHECKER_TOOL \
     compare \
     --falco-image=$FALCO_DOCKER_IMAGE \
@@ -34,7 +37,7 @@ $CHECKER_TOOL \
 1>tmp_res.txt
 git switch --detach $cur_branch
 
-echo '##' $RULES_FILE >> $RESULT_FILE
+echo '##' $(basename $RULES_FILE) >> $RESULT_FILE
 echo Comparing \`$cur_branch\` with latest tag \`$latest_tag\` >> $RESULT_FILE
 echo "" >> $RESULT_FILE
 if [ -s tmp_res.txt ]

diff --git a/.github/workflows/rules.yaml b/.github/workflows/rules.yaml
@@ -143,12 +143,46 @@ jobs:
         if: steps.compare.outputs.comment_file != ''
         run: |
           mkdir -p ./pr
-          echo ${{ github.event.number }} > ./pr/NR
-          cp ${{ steps.compare.outputs.comment_file }} ./pr/COMMENT
+          cp ${{ steps.compare.outputs.comment_file }} ./pr/COMMENT-${{ strategy.job-index }}
 
       - name: Upload PR info as artifact
         uses: actions/upload-artifact@v2
         if: steps.compare.outputs.comment_file != ''
+        with:
+          name: pr-${{ strategy.job-index }}
+          path: pr/
+          retention-days: 1
+
+  upload-pr-info:
+    needs: [get-values, check-version]
+    if: github.event_name == 'pull_request' && needs.get-values.outputs.changed-files != '[]' && needs.get-values.outputs.changed-files != ''
+    runs-on: ubuntu-latest
+    steps:
+      - name: Download PR infos
+        uses: actions/download-artifact@v3
+        with:
+          path: tmp-artifacts
+
+      - name: Save PR info
+        run: |
+          mkdir -p ./pr
+          echo ${{ github.event.number }} > ./pr/NR
+          touch ./pr/COMMENT
+          echo "# Rules files suggestions" >> ./pr/COMMENT
+          echo "" >> ./pr/COMMENT
+          files=$(find ./tmp-artifacts/)
+          for file in $files; do
+            if [[ $file =~ "COMMENT" ]]; then
+              cat $file >> ./pr/COMMENT
+            fi
+          done
+          echo Uploading PR info...
+          cat ./pr/COMMENT
+          echo ""
+
+      - name: Upload PR info as artifact
+        uses: actions/upload-artifact@v2
         with:
           name: pr
           path: pr/
+          retention-days: 1