From cf1d2530fd1e4ab9ad1024b662d6e41fc524b534 Mon Sep 17 00:00:00 2001 From: Trask Stalnaker Date: Thu, 15 May 2025 10:59:29 -0700 Subject: [PATCH 1/4] Add spotless auto-fix for PRs --- .github/workflows/auto-spotless.yml | 111 ++++++++++++++++++++++++++++ 1 file changed, 111 insertions(+) create mode 100644 .github/workflows/auto-spotless.yml diff --git a/.github/workflows/auto-spotless.yml b/.github/workflows/auto-spotless.yml new file mode 100644 index 000000000000..06d0e0f5da88 --- /dev/null +++ b/.github/workflows/auto-spotless.yml @@ -0,0 +1,111 @@ +name: Auto spotless +on: + pull_request_target: + types: + - opened + - synchronize + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number }} + cancel-in-progress: true + +permissions: + contents: read + +jobs: + check: + runs-on: ubuntu-latest + outputs: + patch-created: ${{ steps.create-patch-file.outputs.nonempty }} + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Free disk space + run: .github/scripts/gha-free-disk-space.sh + + - name: Set up JDK for running Gradle + uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 + with: + distribution: temurin + java-version-file: .java-version + + - name: Setup Gradle + uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1 + with: + cache-read-only: true + + - name: Check out PR branch + env: + GH_TOKEN: ${{ github.token }} + run: gh pr checkout ${{ github.event.pull_request.number }} + + - name: Spotless + run: ./gradlew spotlessApply + + - id: create-patch-file + name: Create patch file + run: | + git diff > patch + if [ -s patch ]; then + echo "nonempty=true" >> "$GITHUB_OUTPUT" + fi + + - name: Upload patch file + if: steps.create-patch-file.outputs.nonempty == 'true' + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + with: + path: patch + name: patch + + apply: + runs-on: ubuntu-latest + needs: check + if: needs.check.outputs.patch-created == 'true' + permissions: + contents: write + pull-requests: write + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Check out PR branch + env: + GH_TOKEN: ${{ github.token }} + run: gh pr checkout ${{ github.event.pull_request.number }} + + - name: Download patch + uses: actions/download-artifact@v4 + with: + name: patch + + - name: Use CLA approved github bot + # IMPORTANT do not call the .github/scripts/use-cla-approved-bot.sh + # since that script could have been compromised in the PR branch + run: | + git config user.name otelbot + git config user.email 197425009+otelbot@users.noreply.github.com + + - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 + id: otelbot-token + with: + app-id: ${{ vars.OTELBOT_APP_ID }} + private-key: ${{ secrets.OTELBOT_PRIVATE_KEY }} + + - name: Apply patch and push + env: + GH_TOKEN: ${{ steps.otelbot-token.outputs.token }} + run: | + git apply patch + git commit -a -m "./gradlew spotlessApply" + git push + + - if: success() + env: + GH_TOKEN: ${{ steps.otelbot-token.outputs.token }} + run: | + gh pr comment $PR_NUM --body "🔧 The result from \`./gradlew spotlessApply\` was committed to the PR branch." + + - if: failure() + env: + GH_TOKEN: ${{ steps.otelbot-token.outputs.token }} + run: | + gh pr comment $PR_NUM --body "❌ The result from \`./gradlew spotlessApply\` could not be committed to the PR branch, see logs: $GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID." From c0d3fc20af93fc07d4494f57ef72278e33f6d43d Mon Sep 17 00:00:00 2001 From: Trask Stalnaker Date: Fri, 16 May 2025 13:21:04 -0700 Subject: [PATCH 2/4] remove cache access --- .github/workflows/auto-spotless.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/auto-spotless.yml b/.github/workflows/auto-spotless.yml index 06d0e0f5da88..94ae43871e8a 100644 --- a/.github/workflows/auto-spotless.yml +++ b/.github/workflows/auto-spotless.yml @@ -29,11 +29,6 @@ jobs: distribution: temurin java-version-file: .java-version - - name: Setup Gradle - uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1 - with: - cache-read-only: true - - name: Check out PR branch env: GH_TOKEN: ${{ github.token }} From 9e0ba885cca28416d263a2fbf7c8f92a34e76c7e Mon Sep 17 00:00:00 2001 From: Trask Stalnaker Date: Fri, 16 May 2025 13:34:22 -0700 Subject: [PATCH 3/4] Make it safe --- .github/workflows/auto-spotless-apply.yml | 109 ++++++++++++++++++++++ .github/workflows/auto-spotless-check.yml | 56 +++++++++++ .github/workflows/auto-spotless.yml | 106 --------------------- 3 files changed, 165 insertions(+), 106 deletions(-) create mode 100644 .github/workflows/auto-spotless-apply.yml create mode 100644 .github/workflows/auto-spotless-check.yml delete mode 100644 .github/workflows/auto-spotless.yml diff --git a/.github/workflows/auto-spotless-apply.yml b/.github/workflows/auto-spotless-apply.yml new file mode 100644 index 000000000000..98be72fb34df --- /dev/null +++ b/.github/workflows/auto-spotless-apply.yml @@ -0,0 +1,109 @@ +name: Auto spotless apply +on: + workflow_run: + workflows: + - "Auto spotless check" + types: + - completed + +permissions: + contents: read + +jobs: + apply: + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + steps: + - id: download-patch + name: Download patch + uses: actions/github-script@v7.0.1 + with: + # this script copied from + # https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#using-data-from-the-triggering-workflow + script: | + let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({ + owner: context.repo.owner, + repo: context.repo.repo, + run_id: context.payload.workflow_run.id + }); + let patchArtifact = allArtifacts.data.artifacts.filter((artifact) => { + return artifact.name == "patch" + })[0]; + if (!patchArtifact) { + core.info('No patch to apply.'); + return; + } + let download = await github.rest.actions.downloadArtifact({ + owner: context.repo.owner, + repo: context.repo.repo, + artifact_id: patchArtifact.id, + archive_format: 'zip' + }); + const fs = require('fs'); + const path = require('path'); + const temp = '${{ runner.temp }}/artifacts'; + if (!fs.existsSync(temp)){ + fs.mkdirSync(temp); + } + fs.writeFileSync(path.join(temp, 'patch.zip'), Buffer.from(download.data)); + core.setOutput("exists", "true"); + + - id: get-pr-number + name: Get PR number + uses: actions/github-script@v7.0.1 + with: + script: | + const response = await github.request(context.payload.workflow_run.url); + core.setOutput('pr-number', response.data.pull_requests[0].number); + + - name: Unzip patch + if: steps.download-patch.outputs.exists == 'true' + working-directory: ${{ runner.temp }}/artifacts + run: unzip patch.zip + + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + if: steps.download-patch.outputs.exists == 'true' + + - name: Check out PR branch + if: steps.download-patch.outputs.exists == 'true' + env: + GH_TOKEN: ${{ github.token }} + run: gh pr checkout ${{ steps.get-pr-number.outputs.pr-number }} + + - name: Use CLA approved github bot + if: steps.download-patch.outputs.exists == 'true' + # IMPORTANT do not call the .github/scripts/use-cla-approved-bot.sh + # since that script could have been compromised in the PR branch + run: | + git config user.name otelbot + git config user.email 197425009+otelbot@users.noreply.github.com + + - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 + if: steps.download-patch.outputs.exists == 'true' + id: otelbot-token + with: + app-id: ${{ vars.OTELBOT_APP_ID }} + private-key: ${{ secrets.OTELBOT_PRIVATE_KEY }} + + - name: Apply patch and push + if: steps.download-patch.outputs.exists == 'true' + env: + GH_TOKEN: ${{ steps.otelbot-token.outputs.token }} + run: | + git apply "${{ runner.temp }}/artifacts/patch" + git commit -a -m "./gradlew spotlessApply" + git push + + - if: steps.download-patch.outputs.exists == 'true' && success() + env: + GH_TOKEN: ${{ steps.otelbot-token.outputs.token }} + run: | + gh pr comment ${{ steps.get-pr-number.outputs.pr-number }} --body "🔧 The result from spotlessApply was committed to the PR branch." + + - if: steps.download-patch.outputs.exists == 'true' && failure() + env: + GH_TOKEN: ${{ steps.otelbot-token.outputs.token }} + run: | + gh pr comment ${{ steps.get-pr-number.outputs.pr-number }} --body "❌ The result from spotlessApply could not be committed to the PR branch, see logs: $GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID." diff --git a/.github/workflows/auto-spotless-check.yml b/.github/workflows/auto-spotless-check.yml new file mode 100644 index 000000000000..1dea9f33cda0 --- /dev/null +++ b/.github/workflows/auto-spotless-check.yml @@ -0,0 +1,56 @@ +name: Auto spotless check +on: + pull_request: + types: + - opened + - synchronize + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number }} + cancel-in-progress: true + +permissions: + contents: read + +jobs: + check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Free disk space + run: .github/scripts/gha-free-disk-space.sh + + - name: Set up JDK for running Gradle + uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 + with: + distribution: temurin + java-version-file: .java-version + + - name: Set up gradle + uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1 + with: + cache-read-only: true + + - name: Check out PR branch + env: + GH_TOKEN: ${{ github.token }} + run: gh pr checkout ${{ github.event.pull_request.number }} + + - name: Spotless + run: ./gradlew spotlessApply + + - id: create-patch-file + name: Create patch file + run: | + git diff > patch + if [ -s patch ]; then + echo "non-empty=true" >> "$GITHUB_OUTPUT" + fi + + - name: Upload patch file + if: steps.create-patch-file.outputs.non-empty == 'true' + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + with: + path: patch + name: patch diff --git a/.github/workflows/auto-spotless.yml b/.github/workflows/auto-spotless.yml deleted file mode 100644 index 94ae43871e8a..000000000000 --- a/.github/workflows/auto-spotless.yml +++ /dev/null @@ -1,106 +0,0 @@ -name: Auto spotless -on: - pull_request_target: - types: - - opened - - synchronize - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number }} - cancel-in-progress: true - -permissions: - contents: read - -jobs: - check: - runs-on: ubuntu-latest - outputs: - patch-created: ${{ steps.create-patch-file.outputs.nonempty }} - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Free disk space - run: .github/scripts/gha-free-disk-space.sh - - - name: Set up JDK for running Gradle - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 - with: - distribution: temurin - java-version-file: .java-version - - - name: Check out PR branch - env: - GH_TOKEN: ${{ github.token }} - run: gh pr checkout ${{ github.event.pull_request.number }} - - - name: Spotless - run: ./gradlew spotlessApply - - - id: create-patch-file - name: Create patch file - run: | - git diff > patch - if [ -s patch ]; then - echo "nonempty=true" >> "$GITHUB_OUTPUT" - fi - - - name: Upload patch file - if: steps.create-patch-file.outputs.nonempty == 'true' - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - path: patch - name: patch - - apply: - runs-on: ubuntu-latest - needs: check - if: needs.check.outputs.patch-created == 'true' - permissions: - contents: write - pull-requests: write - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Check out PR branch - env: - GH_TOKEN: ${{ github.token }} - run: gh pr checkout ${{ github.event.pull_request.number }} - - - name: Download patch - uses: actions/download-artifact@v4 - with: - name: patch - - - name: Use CLA approved github bot - # IMPORTANT do not call the .github/scripts/use-cla-approved-bot.sh - # since that script could have been compromised in the PR branch - run: | - git config user.name otelbot - git config user.email 197425009+otelbot@users.noreply.github.com - - - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 - id: otelbot-token - with: - app-id: ${{ vars.OTELBOT_APP_ID }} - private-key: ${{ secrets.OTELBOT_PRIVATE_KEY }} - - - name: Apply patch and push - env: - GH_TOKEN: ${{ steps.otelbot-token.outputs.token }} - run: | - git apply patch - git commit -a -m "./gradlew spotlessApply" - git push - - - if: success() - env: - GH_TOKEN: ${{ steps.otelbot-token.outputs.token }} - run: | - gh pr comment $PR_NUM --body "🔧 The result from \`./gradlew spotlessApply\` was committed to the PR branch." - - - if: failure() - env: - GH_TOKEN: ${{ steps.otelbot-token.outputs.token }} - run: | - gh pr comment $PR_NUM --body "❌ The result from \`./gradlew spotlessApply\` could not be committed to the PR branch, see logs: $GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID." From df211f112d89f33b8261e59705740ab009cc5aef Mon Sep 17 00:00:00 2001 From: Trask Stalnaker Date: Mon, 19 May 2025 10:33:37 -0700 Subject: [PATCH 4/4] retrigger workflows --- .github/repository-settings.md | 1 + .github/workflows/auto-spotless-apply.yml | 18 +++++++++--------- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/.github/repository-settings.md b/.github/repository-settings.md index 8f8619842c24..b2103ad48669 100644 --- a/.github/repository-settings.md +++ b/.github/repository-settings.md @@ -132,6 +132,7 @@ settings](https://github.com/open-telemetry/community/blob/main/docs/how-to-conf - `FOSSA_API_KEY` - `OTELBOT_PRIVATE_KEY` +- `OTELBOT_JAVA_INSTRUMENTATION_PRIVATE_KEY` ### Organization variables diff --git a/.github/workflows/auto-spotless-apply.yml b/.github/workflows/auto-spotless-apply.yml index 98be72fb34df..2f0cffaababe 100644 --- a/.github/workflows/auto-spotless-apply.yml +++ b/.github/workflows/auto-spotless-apply.yml @@ -63,8 +63,17 @@ jobs: working-directory: ${{ runner.temp }}/artifacts run: unzip patch.zip + - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 + if: steps.download-patch.outputs.exists == 'true' + id: otelbot-token + with: + app-id: 1295839 + private-key: ${{ secrets.OTELBOT_JAVA_INSTRUMENTATION_PRIVATE_KEY }} + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 if: steps.download-patch.outputs.exists == 'true' + with: + token: ${{ steps.otelbot-token.outputs.token }} - name: Check out PR branch if: steps.download-patch.outputs.exists == 'true' @@ -80,17 +89,8 @@ jobs: git config user.name otelbot git config user.email 197425009+otelbot@users.noreply.github.com - - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 - if: steps.download-patch.outputs.exists == 'true' - id: otelbot-token - with: - app-id: ${{ vars.OTELBOT_APP_ID }} - private-key: ${{ secrets.OTELBOT_PRIVATE_KEY }} - - name: Apply patch and push if: steps.download-patch.outputs.exists == 'true' - env: - GH_TOKEN: ${{ steps.otelbot-token.outputs.token }} run: | git apply "${{ runner.temp }}/artifacts/patch" git commit -a -m "./gradlew spotlessApply"