-
Notifications
You must be signed in to change notification settings - Fork 3
138 lines (126 loc) · 6.48 KB
/
compliance.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
#####################################################################################################################
# @author Michael Smith
# @date 2021-08-23
# @description As SFDO Managed Packages start using the newly introduced Instrumentation Services to 'log'
# usage data to Splunk and Argus, this Compliance Check action does two things:
# 1. Ensures that Packaged Apex Classes do not make any direct reference to the core SfdoLogUtils class.
# Any code references to this class will cause the Compliance build to fail.
# 2. At least in the short term, adds an Instrumentation reviewer to any PR that in any way references or
# or uses the SfdoInstrumentationService. This is primarily meant as a short term action to aid in
# adoption of the new instrumentation services.
#####################################################################################################################
name: "Instrumentation Compliance"
on:
pull_request:
# Filter the job to only execute if CLS files (not in the unpackaged folder) are in the PR
paths:
- '**.cls'
- '!unpackaged/**.cls'
jobs:
Instrumentation_Service_Compliance_Verification:
# Constant vars
# These should be adjusted per repository
env:
DEFAULT_REVIEWER: force2b
ALTERNATE_REVIEWER: lparrott
ASSIGNED_LABEL: Instrumentation
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Get PR Owner
id: pr_owner
run: |
echo "::set-output name=owner::${{ github.event.pull_request.user.login }}"
- name: Set Reviewer
id: set_reviewer
run: |
if [[ "${{ steps.pr_owner.outputs.owner != env.DEFAULT_REVIEWER}}" == "true" ]]
then
echo "::set-output name=reviewer::${{ env.DEFAULT_REVIEWER }}"
else
echo "::set-output name=reviewer::${{ env.ALTERNATE_REVIEWER }}"
fi
- name: Check for previously assigned Instrumentation Label
id: label_check
run: |
echo "::set-output name=prlabels::${{ join(github.event.pull_request.labels.*.name, ',') }}"
- name: Check for references to the SfdoLogUtils or SfdoInstrumentationServices Apex classes
# If the Instrumentation label is already assigned to the PR, all checks are skipped to avoid redundant PR comments and alerts
id: get_pr_diff
if: contains(github.event.pull_request.labels.*.name, env.ASSIGNED_LABEL) == false
run: |
echo "- Did not find label '${{env.ASSIGNED_LABEL}}' in '${{steps.label_check.outputs.prlabels}}'"
echo "- Current PR Owner: '${{steps.pr_owner.outputs.owner}}'"
echo "- Assigned Reviewer: '${{steps.set_reviewer.outputs.reviewer}}'"
if [ $GITHUB_BASE_REF ]; then
# This changes the context of subseqent commands to get the full change for the PR
git fetch origin $GITHUB_HEAD_REF:$GITHUB_HEAD_REF
# Find references to "Sfdo" in the force-app/ folder structure. Filters for the specific class references in later steps.
export DIFF=$( git diff-tree origin/$GITHUB_BASE_REF..$GITHUB_HEAD_REF --patch-with-raw -- force-app/** | grep 'Sfdo' )
fi
# Assign the "git diff-tree" output to an internal workflow var to use later
# Escape newlines (replace \n with %0A) so it's a single line of text
echo "::set-output name=diff::$( echo "$DIFF" | sed ':a;N;$!ba;s/\n/%0A/g' )"
- name: Assign Reviewer if SfdoInstrumentationService is in use
id: assign_reviewers_if_instrumentation
if: contains(steps.get_pr_diff.outputs.diff, 'SfdoInstrumentationService')
uses: SalesforceFoundation/github-script@v4
with:
script: |
github.issues.addLabels({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
labels: [ "${{env.ASSIGNED_LABEL}}" ]
})
github.issues.addAssignees({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
assignees: [ "${{steps.set_reviewer.outputs.reviewer}}" ]
})
github.pulls.requestReviewers({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number,
reviewers: [ "${{steps.set_reviewer.outputs.reviewer}}" ]
})
github.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: ':warning: @${{steps.set_reviewer.outputs.reviewer}} This Pull Request references the "SfdoInstrumentationService" class and must be reviewed by an Instrumentation owner. :warning:'
})
- name: Fail Build if SfdoLogUtils core class is directly referenced
id: assign_reviewers_if_core_class
if: contains(steps.get_pr_diff.outputs.diff, 'SfdoLogUtils.log(')
uses: SalesforceFoundation/github-script@v4
with:
script: |
github.issues.addLabels({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
labels: [ "${{env.ASSIGNED_LABEL}}" ]
})
github.issues.addAssignees({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
assignees: [ "${{steps.set_reviewer.outputs.reviewer}}" ]
})
github.pulls.requestReviewers({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number,
reviewers: [ "${{steps.set_reviewer.outputs.reviewer}}" ]
})
github.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: ':no_entry: @${{steps.set_reviewer.outputs.reviewer}} This Pull Request references the "SfdoLogUtils" class which should not be called directly by package code :no_entry:'
})
core.setFailed('This Pull Request may be calling an SfdoLogUtils.log() method which should not be called directly by package code')