Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 11 additions & 28 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,36 +14,19 @@ concurrency:
cancel-in-progress: ${{ github.ref_name != github.event.repository.default_branch }}

jobs:
build:
# TODO: Choose the appropriate runner for your repository
# For guidance on runner selection, visit:
# https://xtranet-sonarsource.atlassian.net/wiki/spaces/Platform/pages/3694231566/GitHub+Actions+Runner+-+GitHub
runs-on: github-ubuntu-latest-s # Required for public repositories
name: Build
permissions:
id-token: write
contents: read
test-ruling-diff-comment:
runs-on: ubuntu-latest
name: Test ruling-diff-comment action
steps:
- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 #TODO: update to the last version

# SECURITY BEST PRACTICES:
# - Pin all external actions to specific SHA commits (not tags) for security
# - All secrets MUST come from Vault using SonarSource/vault-action-wrapper
# - Never use GitHub Secrets for sensitive data
- name: Install uv
uses: astral-sh/setup-uv@e58605a9b6da7c637471fab8847a5e5a6b8df081 # v5
Comment thread
github-advanced-security[bot] marked this conversation as resolved.
Fixed
with:
enable-cache: true

# TODO: Add your build steps here
#
# For ready-to-use SonarSource GitHub Actions with real-world examples
# and production-ready implementations, visit:
# https://github.com/SonarSource/ci-github-actions
#
# For caching, use SonarSource/gh-action_cache@v1
# It automatically chooses GitHub Actions cache (public) or S3 cache (private)
#
# Real-world reference repositories:
# - sonar-dummy: Private Java/Maven
# - sonar-dummy-gradle-oss: Public Java/Gradle
# - sonar-dummy-python-oss: Public Python/Poetry
# - sonar-dummy-js: Public NodeJS/Yarn
#
- name: Run unit tests
run: |
cd ruling-diff-comment
uv run python -m unittest discover -v -s . -p "test_ruling_diff.py"
11 changes: 11 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1 +1,12 @@
.vs/

# Python
__pycache__/
*.py[cod]
*$py.class
*.so
.Python
.venv
venv/
ENV/
env/
6 changes: 6 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,9 @@
# core-languages-tooling-public

Development tooling for Core Languages & Parsers squad — For artifacts accessible from public repos

## Contents

### GitHub Actions

- **[ruling-diff-comment](ruling-diff-comment)** - Analyzes ruling file changes and posts human-readable summaries on PRs
137 changes: 137 additions & 0 deletions ruling-diff-comment/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,137 @@
# Ruling Diff Comment Action

This GitHub Action analyzes changes in ruling JSON files and posts a human-readable summary as a PR comment.

## Purpose

When ruling test files are modified in a pull request, this action automatically:
1. Detects changed ruling JSON files
2. Compares before/after versions to identify issue differences
3. Generates code snippets showing where new issues appear or old issues were fixed
4. Posts or updates a comment on the PR with a formatted summary

This helps reviewers understand the impact of code changes on static analysis results.

## Usage

Add this action to your workflow:

```yaml
- name: Post ruling diff comment
uses: ./.github/actions/ruling-diff-comment
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
pr-number: ${{ github.event.pull_request.number }}
repository: ${{ github.repository }}
base-sha: ${{ github.event.pull_request.base.sha }}
head-sha: ${{ github.event.pull_request.head.sha }}
# Optional: customize for different analyzers
# ruling-root: 'its/ruling/src/test/resources' # For Java
# sources-root: 'its/sources' # For Java
```

## Inputs

| Input | Description | Required | Default |
|-------|-------------|----------|---------|
| `pr-number` | Pull request number | Yes | - |
| `repository` | Repository in `owner/repo` format | Yes | - |
| `base-sha` | Base commit SHA for comparison | Yes | - |
| `head-sha` | Head commit SHA for comparison | Yes | - |
| `ruling-root` | Path to ruling directory | No | `private/its-enterprise/ruling/src/test/resources/expected_ruling` |
| `sources-root` | Path to sources directory | No | `private/its-enterprise/sources_ruling` |

## Requirements

- `uv` must be installed in the workflow environment
- `gh` CLI must be configured with appropriate permissions
- Repository must contain ruling files in the expected structure

## Environment Variables

- `GH_TOKEN`: GitHub token for posting comments (required)
- `RUNNER_DEBUG`: Set to `1` to enable debug logging (optional)

## Configuration

### Ruling File Location

By default, the action expects ruling files at:
```
private/its-enterprise/ruling/src/test/resources/expected_ruling/
```

Override with the `ruling-root` input parameter for different analyzers.

### Source File Resolution

Source files for code snippets are resolved based on project name. The default looks for sources in:
```
private/its-enterprise/sources_ruling/{project}/
```

Override with the `sources-root` input parameter for different analyzers.

### Ruling JSON Key Formats

The action supports different ruling JSON key formats:

**Python format** (2-part):
```
"airflow:airflow/cli/cli_parser.py": [42]
```
Extracts: `airflow/cli/cli_parser.py`

**Java Maven format** (3-part):
```
"commons-beanutils:commons-beanutils:src/main/java/...": [42]
"org.eclipse.jetty:jetty-project:jetty-http/src/main/...": [42]
```
Extracts: `src/main/java/...` or `jetty-http/src/main/...`

The action automatically detects and handles both formats.

### Adapting for Different Analyzers

When using this action in a different analyzer repository:

1. **Set `ruling-root` parameter** to match your ruling directory
- Java: `its/ruling/src/test/resources`
- Python: `private/its-enterprise/ruling/src/test/resources/expected_ruling`

2. **Set `sources-root` parameter** to match your sources directory
- Java: `its/sources`
- Python: `private/its-enterprise/sources_ruling`

3. **Ensure sources are available** at the specified path

4. **Configure workflow trigger paths** to match your ruling file locations

See `example-workflow.yml` for a reference implementation.

## Development

### Running Tests

```bash
cd .github/actions/ruling-diff-comment
uv run python -m unittest discover -v -s . -p "test_ruling_diff.py"
```

### Project Structure

- `action.yml` - Action metadata and workflow steps
- `ruling_diff.py` - Main entry point
- `ruling_diff_io.py` - Git and GitHub API interactions
- `ruling_diff_core.py` - Core module exports
- `ruling_diff_core_lib/` - Core logic modules
- `models_and_constants.py` - Data models and configuration
- `ruling_diff_logic.py` - Diff computation logic
- `snippet_generation.py` - Code snippet rendering
- `comment_rendering.py` - Markdown comment formatting
- `test_ruling_diff.py` - Unit tests

## License

See the LICENSE file in the repository root.
46 changes: 46 additions & 0 deletions ruling-diff-comment/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
name: 'Ruling Diff Comment'
description: 'Posts a human-readable summary of ruling file changes on PRs'

inputs:
pr-number:
description: 'Pull request number'
required: true
repository:
description: 'owner/repo'
required: true
base-sha:
description: 'Base commit SHA for diff'
required: true
head-sha:
description: 'Head commit SHA for diff'
required: true
ruling-root:
description: 'Path to ruling directory (e.g., its/ruling/src/test/resources for Java)'
required: false
default: 'private/its-enterprise/ruling/src/test/resources/expected_ruling'
sources-root:
description: 'Path to sources directory (e.g., its/sources for Java)'
required: false
default: 'private/its-enterprise/sources_ruling'

runs:
using: 'composite'
steps:
- name: Generate and post ruling diff comment
shell: bash
env:
GH_TOKEN: ${{ env.GH_TOKEN }}
PR_NUMBER: ${{ inputs.pr-number }}
REPOSITORY: ${{ inputs.repository }}
BASE_SHA: ${{ inputs.base-sha }}
HEAD_SHA: ${{ inputs.head-sha }}
RULING_ROOT: ${{ inputs.ruling-root }}
SOURCES_ROOT: ${{ inputs.sources-root }}
run: |
uv run --project "${{ github.action_path }}" python "${{ github.action_path }}/ruling_diff.py" \
--pr-number "$PR_NUMBER" \
--repository "$REPOSITORY" \
--base-sha "$BASE_SHA" \
--head-sha "$HEAD_SHA" \
--ruling-root "$RULING_ROOT" \
--sources-root "$SOURCES_ROOT"
71 changes: 71 additions & 0 deletions ruling-diff-comment/example-workflow.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
# Example workflow for using ruling-diff-comment action
# This is a reference implementation that can be adapted for different analyzers

name: Ruling Diff Comment

on:
pull_request:
types: [opened, synchronize, reopened]
paths:
# Adjust this path to match your analyzer's ruling directory structure
- 'private/its-enterprise/ruling/src/test/resources/expected_ruling/**'
# Include action changes to test modifications
- '.github/actions/ruling-diff-comment/**'
- '.github/workflows/ruling-diff-comment.yml'
workflow_dispatch:
inputs:
pr-number:
description: 'Pull request number'
required: true
type: string
base-sha:
description: 'Base commit SHA for diff'
required: true
type: string
head-sha:
description: 'Head commit SHA for diff'
required: true
type: string

concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true

permissions:
contents: read
pull-requests: write

jobs:
ruling-diff-comment:
runs-on: ubuntu-latest # Adjust runner type as needed
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0

# If your analyzer uses submodules for ruling sources, initialize them here
# - name: Checkout ruling sources submodule
# run: git submodule update --init --recursive --depth 1 private/its-enterprise/sources_ruling

# Install required tools (uv and gh CLI)
- name: Install uv
uses: astral-sh/setup-uv@v5
with:
enable-cache: true

# gh CLI is typically pre-installed on GitHub runners
# If not, add installation step here

# Use the action from the public repository
- name: Post ruling diff comment
uses: SonarSource/core-languages-tooling-public/ruling-diff-comment@master
with:
pr-number: ${{ inputs.pr-number || github.event.pull_request.number }}
repository: ${{ github.repository }}
base-sha: ${{ inputs.base-sha || github.event.pull_request.base.sha }}
head-sha: ${{ inputs.head-sha || github.event.pull_request.head.sha }}
# For Java analyzer, use:
# ruling-root: 'its/ruling/src/test/resources'
# sources-root: 'its/sources'
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
9 changes: 9 additions & 0 deletions ruling-diff-comment/pyproject.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
[project]
name = "ruling-diff-comment"
version = "0.1.0"
description = "GitHub Action helper for ruling diff comments"
requires-python = ">=3.10"
dependencies = []

[tool.uv]
package = false
Loading
Loading