bltavares · bltavares · Jan 23, 2019 · Jan 15, 2019 · Jan 21, 2019 · Jan 21, 2019
diff --git a/.github/main.workflow b/.github/main.workflow
@@ -0,0 +1,38 @@
+workflow "Check changes" {
+  on = "push"
+  resolves = "lint"
+}
+
+workflow "On review" {
+  on = "pull_request_review"
+  resolves = "fixes"
+}
+
+action "lint" {
+  needs = ["shellcheck", "hadolint", "shfmt", "mdlint"]
+  uses = "actions/bin/sh@master"
+  args = ["true"]
+}
+
+action "fixes" {
+  needs = ["shfmt"]
+  uses = "actions/bin/sh@master"
+  args = ["true"]
+}
+
+action "shellcheck" {
+  uses = "./shellcheck"
+}
+
+action "hadolint" {
+  uses = "./hadolint"
+}
+
+action "shfmt" {
+  uses = "./shfmt"
+  secrets = ["GITHUB_TOKEN"]
+}
+
+action "mdlint" {
+  uses = "./mdlint"
+}
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+.DS_Store
diff --git a/Makefile b/Makefile
@@ -0,0 +1,15 @@
+ACTIONS = cljfmt shellcheck hadolint shfmt pwshfmt mdlint
+LIBS = $(addsuffix /lib.sh,$(ACTIONS))
+
+all: fix lint $(LIBS)
+
+lint:
+	act
+
+fix:
+	shfmt -s -w .
+
+$(LIBS) : lib.sh
+	cp $< $@
+
+.PHONY: all lint fix
diff --git a/README.md b/README.md
@@ -0,0 +1,29 @@
+# Github Actions
+
+Useful GitHub Actions to validate changes and provide lint fixes.
+
+Detailed documentation on how to use each action located on their folder.
+
+## Provided actions
+
+<!-- markdownlint-disable MD013 -->
+| Action                   | Description          | Lint on Push | Fix on Review |
+|--------------------------|----------------------|--------------|---------------|
+| [cljfmt](cljfmt)         | Clojure formatter    | x            | x             |
+| [shfmt](shfmt)           | Shell formatter      | x            | x             |
+| [pwshfmt](pwshfmt)       | Powershell Formatter | x            | x             |
+| [hadolint](hadolint)     | Dockerfile linter    | x            |               |
+| [shellcheck](shellcheck) | Bash linter          | x            |               |
+| [mdlint](mdlint)         | Markdown linting     | x            |               |
+<!-- markdownlint-enable MD013 -->
+
+## Building
+
+This project uses [nektos/act](https://github.com/nektos/act) to test changes
+locally, and requires it to be installed.
+
+To keep all the `lib.sh` updated and validate the project itself, run:
+
+```bash
+make
+```
diff --git a/cljfmt/.DS_Store b/cljfmt/.DS_Store
diff --git a/cljfmt/Dockerfile b/cljfmt/Dockerfile
@@ -0,0 +1,20 @@
+FROM clojure:lein-alpine
+
+LABEL "com.github.actions.name"="cljfmt"
+LABEL "com.github.actions.description"="Provides linting and fixes using cljfmt"
+LABEL "com.github.actions.icon"="user-check"
+LABEL "com.github.actions.color"="green"
+
+LABEL "repository"="http://github.com/bltavares/actions"
+LABEL "homepage"="http://github.com/bltavares/actions"
+LABEL "maintainer"="Bruno Tavares <[email protected]>"
+
+RUN apk --no-cache add \
+  curl=7.61.1-r1 \
+  jq=1.6_rc1-r1 \
+  bash=4.4.19-r1 \
+  git=2.18.1-r0
+
+COPY lib.sh /lib.sh
+COPY entrypoint.sh /entrypoint.sh
+CMD ["/entrypoint.sh"]
diff --git a/cljfmt/README.md b/cljfmt/README.md
@@ -0,0 +1,39 @@
+# cljfmt action
+
+## Validations on Push
+
+This actions will check the formating of the project, using
+[cljfmt](https://github.com/weavejester/cljfmt).
+
+`cljfmt` plugin required to be installed on your project,
+as well as any variable needed to access all the dependencies of the project.
+
+Given that this plugin uses `lein cljfmt`, it might need extra environment
+variable and secrets, such as `AWS_ACCESS_KEY_ID` and `AWS_ACCESS_KEY_KEY`.
+
+## Fixes on Pull Request review
+
+This action provides automated fixes using Pull Request review comments.
+
+If the comment starts with `fix $action_name` or `fix cljfmt`, a new commit will
+be added to the branch with the automated fixes applied.
+
+## Example workflow
+
+```hcl
+workflow "on push" {
+  on = "push"
+  resolves = ["cljfmt"]
+}
+
+workflow "on review" {
+  resolves = ["cljfmt"]
+  on = "pull_request_review"
+}
+
+action "cljfmt" {
+  uses = "bltavares/actions/cljfmt@master"
+  # Used for pushing changes for `fix` comments on review
+  secrets = ["GITHUB_TOKEN"]
+}
+```
diff --git a/cljfmt/entrypoint.sh b/cljfmt/entrypoint.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+set -euo pipefail
+set -x
+
+# shellcheck disable=SC1091
+source /lib.sh
+
+fix() {
+	lein cljfmt fix
+}
+
+lint() {
+	lein cljfmt check
+}
+
+main() {
+	if [[ ${GITHUB_EVENT_NAME} == "push" ]]; then
+		lint
+	elif [[ $GITHUB_EVENT_NAME == "pull_request_review" ]]; then
+		_requires_token
+		_should_fix_review "fix $GITHUB_ACTION" || _should_fix_review "fix cljfmt"
+		fix
+		_commit_if_needed
+	elif [[ $GITHUB_EVENT_NAME == "TODO_issue_comment" ]]; then
+		_requires_token
+		_should_fix_issue "fix $GITHUB_ACTION" || _should_fix_issue "fix cljfmt"
+		# TODO: I'm unable to get the branch given an issue comment event
+		_switch_to_branch
+		fix
+		_commit_if_needed
+	fi
+}
+
+main "${@}"
diff --git a/cljfmt/lib.sh b/cljfmt/lib.sh
@@ -0,0 +1,61 @@
+#!/bin/bash
+
+_requires_token() {
+	if [[ -z $GITHUB_TOKEN ]]; then
+		echo "Set the GITHUB_TOKEN env variable."
+		exit 1
+	fi
+}
+
+_should_fix_issue() {
+	pr_url="$(jq --raw-output '.issue.pull_request.url | select(. != null)' "$GITHUB_EVENT_PATH")"
+	fix_comment="$(jq --raw-output ".comment.body | select(. | startswith(\"$1\"))" "$GITHUB_EVENT_PATH")"
+	[[ -n $pr_url ]] && [[ -n $fix_comment ]] || exit 0
+}
+
+__switch_to_branch() {
+	# TODO: Not working yet
+	remote_branch_name=$(git name-rev --name-only "${GITHUB_SHA}")
+	git checkout -b "${remote_branch_name#remotes/origin}" --track "$remote_branch_name"
+}
+
+_should_fix_review() {
+	fix_comment="$(jq --raw-output ".review.body | select(. | startswith(\"$1\"))" "$GITHUB_EVENT_PATH")"
+	[[ -n $fix_comment ]] || exit 78
+}
+
+_git_is_dirty() {
+	[[ -n "$(git status -s)" ]]
+}
+
+_commit_if_needed() {
+	if _git_is_dirty; then
+		tmp_file="$(mktemp)"
+
+		# shellcheck disable=SC2034  # Unused variables left for readability
+		while read -r _src_mode dst_mode _src_sha dst_sha flag path; do
+			file_payload="{\"encoding\": \"base64\", \"content\": \"$(base64 "$path" | tr -d '\n')\"}"
+			file_response=$(curl --fail -H "Authorization: token ${GITHUB_TOKEN}" \
+				-d "$file_payload" \
+				"https://api.github.com/repos/${GITHUB_REPOSITORY}/git/blobs")
+			echo "{ \"mode\": \"${dst_mode}\", \"path\": \"${path}\", \"sha\": $(jq '.sha' <<<"$file_response")}" >>"$tmp_file"
+		done < <(git diff-files)
+
+		tree_payload="{\"base_tree\": \"${GITHUB_SHA}\", \"tree\": $(jq -s '.' "$tmp_file")}"
+		tree_response="$(curl --fail -H "Authorization: token ${GITHUB_TOKEN}" \
+			-d "$tree_payload" \
+			"https://api.github.com/repos/${GITHUB_REPOSITORY}/git/trees")"
+
+		commit_payload="{\"message\": \"${GITHUB_ACTION}: lint fix\", \"tree\": $(jq '.sha' <<<"$tree_response"), \"parents\": [\"${GITHUB_SHA}\"]}"
+		commit_response="$(curl --fail -H "Authorization: token ${GITHUB_TOKEN}" \
+			-d "$commit_payload" \
+			"https://api.github.com/repos/${GITHUB_REPOSITORY}/git/commits")"
+
+		update_branch_payload="{\"sha\": $(jq '.sha' <<<"$commit_response")}"
+		# shellcheck disable=SC2034  # Unused variables left for readability
+		update_branch_response="$(curl --fail -H "Authorization: token ${GITHUB_TOKEN}" \
+			-d "$update_branch_payload" \
+			-X PATCH \
+			"https://api.github.com/repos/${GITHUB_REPOSITORY}/git/${GITHUB_REF}")"
+	fi
+}
diff --git a/hadolint/Dockerfile b/hadolint/Dockerfile
@@ -0,0 +1,23 @@
+FROM hadolint/hadolint:v1.15.0 as hadolint
+FROM alpine:3.8
+
+LABEL "com.github.actions.name"="hadolint"
+LABEL "com.github.actions.description"="Provides Dockerfile linting using hadolint"
+LABEL "com.github.actions.icon"="user-check"
+LABEL "com.github.actions.color"="blue"
+
+LABEL "repository"="http://github.com/bltavares/actions"
+LABEL "homepage"="http://github.com/bltavares/actions"
+LABEL "maintainer"="Bruno Tavares <[email protected]>"
+
+COPY --from=hadolint /bin/hadolint /bin/hadolint
+
+RUN apk --no-cache add \
+  curl=7.61.1-r1 \
+  jq=1.6_rc1-r1 \
+  bash=4.4.19-r1 \
+  git=2.18.1-r0
+
+COPY lib.sh /lib.sh
+COPY entrypoint.sh /entrypoint.sh
+CMD ["/entrypoint.sh"]
diff --git a/hadolint/README.md b/hadolint/README.md
@@ -0,0 +1,18 @@
+# hadolint action
+
+## Validations on Push
+
+This actions will check the formating of the Dockerfiles in the project, using [hadolint](https://github.com/hadolint/hadolint/)
+
+## Example workflow
+
+```hcl
+workflow "on push" {
+  on = "push"
+  resolves = ["hadolint"]
+}
+
+action "cljfmt" {
+  uses = "bltavares/actions/hadolint@master"
+}
+```
diff --git a/hadolint/entrypoint.sh b/hadolint/entrypoint.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+set -euo pipefail
+
+# shellcheck disable=SC1091
+source /lib.sh
+
+lint() {
+	find . -name 'Dockerfile' -type f -exec hadolint {} +
+}
+
+main() {
+	if [[ ${GITHUB_EVENT_NAME} == "push" ]]; then
+		lint
+	fi
+}
+
+main "${@}"
diff --git a/hadolint/lib.sh b/hadolint/lib.sh
@@ -0,0 +1,61 @@
+#!/bin/bash
+
+_requires_token() {
+	if [[ -z $GITHUB_TOKEN ]]; then
+		echo "Set the GITHUB_TOKEN env variable."
+		exit 1
+	fi
+}
+
+_should_fix_issue() {
+	pr_url="$(jq --raw-output '.issue.pull_request.url | select(. != null)' "$GITHUB_EVENT_PATH")"
+	fix_comment="$(jq --raw-output ".comment.body | select(. | startswith(\"$1\"))" "$GITHUB_EVENT_PATH")"
+	[[ -n $pr_url ]] && [[ -n $fix_comment ]] || exit 0
+}
+
+__switch_to_branch() {
+	# TODO: Not working yet
+	remote_branch_name=$(git name-rev --name-only "${GITHUB_SHA}")
+	git checkout -b "${remote_branch_name#remotes/origin}" --track "$remote_branch_name"
+}
+
+_should_fix_review() {
+	fix_comment="$(jq --raw-output ".review.body | select(. | startswith(\"$1\"))" "$GITHUB_EVENT_PATH")"
+	[[ -n $fix_comment ]] || exit 78
+}
+
+_git_is_dirty() {
+	[[ -n "$(git status -s)" ]]
+}
+
+_commit_if_needed() {
+	if _git_is_dirty; then
+		tmp_file="$(mktemp)"
+
+		# shellcheck disable=SC2034  # Unused variables left for readability
+		while read -r _src_mode dst_mode _src_sha dst_sha flag path; do
+			file_payload="{\"encoding\": \"base64\", \"content\": \"$(base64 "$path" | tr -d '\n')\"}"
+			file_response=$(curl --fail -H "Authorization: token ${GITHUB_TOKEN}" \
+				-d "$file_payload" \
+				"https://api.github.com/repos/${GITHUB_REPOSITORY}/git/blobs")
+			echo "{ \"mode\": \"${dst_mode}\", \"path\": \"${path}\", \"sha\": $(jq '.sha' <<<"$file_response")}" >>"$tmp_file"
+		done < <(git diff-files)
+
+		tree_payload="{\"base_tree\": \"${GITHUB_SHA}\", \"tree\": $(jq -s '.' "$tmp_file")}"
+		tree_response="$(curl --fail -H "Authorization: token ${GITHUB_TOKEN}" \
+			-d "$tree_payload" \
+			"https://api.github.com/repos/${GITHUB_REPOSITORY}/git/trees")"
+
+		commit_payload="{\"message\": \"${GITHUB_ACTION}: lint fix\", \"tree\": $(jq '.sha' <<<"$tree_response"), \"parents\": [\"${GITHUB_SHA}\"]}"
+		commit_response="$(curl --fail -H "Authorization: token ${GITHUB_TOKEN}" \
+			-d "$commit_payload" \
+			"https://api.github.com/repos/${GITHUB_REPOSITORY}/git/commits")"
+
+		update_branch_payload="{\"sha\": $(jq '.sha' <<<"$commit_response")}"
+		# shellcheck disable=SC2034  # Unused variables left for readability
+		update_branch_response="$(curl --fail -H "Authorization: token ${GITHUB_TOKEN}" \
+			-d "$update_branch_payload" \
+			-X PATCH \
+			"https://api.github.com/repos/${GITHUB_REPOSITORY}/git/${GITHUB_REF}")"
+	fi
+}