Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(action): add base-url #22

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

feat(action): add base-url #22

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
87c4f3e
feat(action): add base-url
DariuszPorowski Mar 9, 2024
2f8e607
chore(action): naming
DariuszPorowski Mar 9, 2024
cffd6fb
refactor: use github-api-url-public
DariuszPorowski May 13, 2024
5ca534f
refactor: switch to pipx
DariuszPorowski May 13, 2024
201ed64
chore(deps): bump pre-commit
DariuszPorowski May 13, 2024
05c802a
fix: switch environment to github-api-url-public
DariuszPorowski May 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
24 changes: 13 additions & 11 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,17 +68,19 @@ Action returns some basic information. For more details, follow [πŸ“€ Outputs](#

## πŸ“₯ Inputs

| Name | Required | Type | Default value | Description |
| :-------------: | :------: | :------: | :-----------: | :---------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `version` | false | `string` | `latest` | SemVer version of `actionlint`, recommended to keep default: latest |
| `matcher` | false | `bool` | `true` | Use matcher for GitHub annotations |
| `files` | false | `string` | *not set* | To lint different workflow files (default searching directory is `.github/workflows`), use comma-separated glob patterns, e.g., `tests/*.yml, tests/*.yaml` |
| `flags` | false | `string` | *not set* | Extra flags to use with `actionlint` |
| `group-result` | false | `bool` | `true` | Use the GitHub log grouping feature for failure actionlint results. |
| `fail-on-error` | false | `bool` | `true` | Fail action on `actionlint` errors |
| `shellcheck` | false | `bool` | `true` | Use `shellcheck` with `actionlint` (and install if it does not exist) |
| `pyflakes` | false | `bool` | `true` | Use `pyflakes` with `actionlint` (and install if it does not exist) |
| `cache` | false | `bool` | `true` | Use GitHub cache for caching binaries for the next runs |
| Name | Required | Type | Default value | Description |
| :--------------: | :------: | :------: | :--------------: | :---------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `version` | false | `string` | `latest` | SemVer version of `actionlint`, recommended to keep default: `latest` |
| `matcher` | false | `bool` | `true` | Use matcher for GitHub annotations. |
| `files` | false | `string` | _not set_ | To lint different workflow files (default searching directory is `.github/workflows`), use comma-separated glob patterns, e.g., `tests/*.yml, tests/*.yaml` |
| `flags` | false | `string` | _not set_ | Extra flags to use with `actionlint` |
| `group-result` | false | `bool` | `true` | Use the GitHub log grouping feature for failure actionlint results. |
| `fail-on-error` | false | `bool` | `true` | Fail action on `actionlint` errors. |
| `shellcheck` | false | `bool` | `true` | Use `shellcheck` with `actionlint` (and install if it does not exist) |
| `pyflakes` | false | `bool` | `true` | Use `pyflakes` with `actionlint` (and install if it does not exist) |
| `cache` | false | `bool` | `true` | Use GitHub cache for caching binaries for the next runs. |
| `github-token` | false | `string` | `github.token` | GitHub Token for API authentication. |
| `github-api-url` | false | `string` | `github.api_url` | GitHub REST API URL to connect to a different GitHub instance. For example, `https://my.github-enterprise-server.com/api/v3` |
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't actually needed in my option. github.api_url will point to the correct API URL of the GHES instance.


## πŸ“€ Outputs

Expand Down
30 changes: 23 additions & 7 deletions action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/github-action.json
# https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions
---
name: actionlint
description: βœ… Run actionlint for validating your GitHub Actions workflow files.
author: Dariusz Porowski
Expand Down Expand Up @@ -56,6 +57,15 @@ inputs:
description: GitHub Token
required: false
default: ${{ github.token }}
deprecationMessage: Use `github-token` input instead
github-token:
description: GitHub Token
required: false
default: ${{ github.token }}
github-api-url:
description: GitHub REST API URL
required: false
default: ${{ github.api_url }}
outputs:
version-semver:
description: SemVer version
Expand Down Expand Up @@ -86,7 +96,8 @@ runs:
uses: actions/github-script@v7
id: environment
with:
github-token: ${{ inputs.token || env.GITHUB_TOKEN }}
github-token: ${{ inputs.github-token || inputs.token || env.GITHUB_TOKEN }}
base-url: "https://api.github.com"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will not work (and breaks as expected in my tests due to a 401 error), because the token here will be my GHES token by default, which is unknown to GitHub. If I override the github-token option with a real GitHub.com token, then consequently the later steps which target my GHES API will fail due to always using the same configured token.

I think you would need to introduce an additional github-token-downloadurl (name just for illustration) which is used for the environment step. This can also default to ${{ github.api_url }}, thus remaining backwards compatible.

Additionally we should allow not using a token at all when accessing the API (unauthenticated request). These calls are heavily rate-limited, but our GHES workflow may not have access to any GitHub.com token at all.

The list releases API is available without authentication:

This endpoint can be used without authentication or the aforementioned permissions if only public resources are requested.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@frederikb great input! thanks for checking. Going to address your suggestions today, and appreciate GHES test after will update this PR.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@frederikb the problem with anonymous GH public api calls is, it's a very limited rate limits: The primary rate limit for unauthenticated requests is 60 requests per hour.

script: |
// input envs
const { INPUT_TOOL_NAME, INPUT_TOOL_SEMVER, INPUT_REPO_OWNER, INPUT_REPO_NAME, RUNNER_TEMP } = process.env
Expand Down Expand Up @@ -202,10 +213,12 @@ runs:
shell: ${{ (runner.os == 'Windows' && 'pwsh') || 'bash' }}
working-directory: ${{ inputs.working-directory }}

- uses: actions/github-script@v7
- name: Download tool
uses: actions/github-script@v7
if: ${{ steps.tool-cache.outputs.cache-hit != 'true' }}
with:
github-token: ${{ inputs.token || env.GITHUB_TOKEN }}
github-token: ${{ inputs.github-token || inputs.token || env.GITHUB_TOKEN }}
base-url: ${{ inputs.github-api-url }}
script: |
// dependencies
const tc = require('@actions/tool-cache')
Expand Down Expand Up @@ -242,7 +255,8 @@ runs:
if: ${{ inputs.pyflakes == 'true' || inputs.shellcheck == 'true' }}
id: tool-dependencies
with:
github-token: ${{ inputs.token || env.GITHUB_TOKEN }}
github-token: ${{ inputs.github-token || inputs.token || env.GITHUB_TOKEN }}
base-url: ${{ inputs.github-api-url }}
script: |
// input envs
const { INPUT_PYFLAKES, INPUT_SHELLCHECK } = process.env
Expand Down Expand Up @@ -303,10 +317,12 @@ runs:
INPUT_PYFLAKES: ${{ inputs.pyflakes }}
INPUT_SHELLCHECK: ${{ inputs.shellcheck }}

- uses: actions/github-script@v7
- name: Run tool
uses: actions/github-script@v7
id: tool-runner
with:
github-token: ${{ inputs.token || env.GITHUB_TOKEN }}
github-token: ${{ inputs.github-token || inputs.token || env.GITHUB_TOKEN }}
base-url: ${{ inputs.github-api-url }}
script: |
// input envs
const { INPUT_FILES, INPUT_FLAGS, INPUT_TOOL_NAME, INPUT_TOOL_DIR_PATH, INPUT_MATCHER, INPUT_MATCHER_PATH, INPUT_TOOL_EXECUTABLE, INPUT_JSON, INPUT_FAIL_ON_ERROR, INPUT_PYFLAKES, INPUT_SHELLCHECK, INPUT_GROUP_RESULT, DEBUG } = process.env
Expand Down