mirror of
https://github.com/shankar0123/certctl.git
synced 2026-06-07 16:51:31 +00:00
shankar0123
7b8cadcd02
The 'Regression guards' loop step in ci.yml runs:
for g in scripts/ci-guards/*.sh; do bash "$g"; done
Per the directory's own contract (scripts/ci-guards/README.md), every
script there MUST be runnable bare with no args / no env. Three files
violated that contract — they're helpers consumed by specific CI job
steps with arguments, not regression guards. They were misplaced.
Moved (git mv):
scripts/ci-guards/vendor-e2e-skip-check.sh → scripts/
scripts/ci-guards/vendor-e2e-skip-allowlist.txt → scripts/
scripts/ci-guards/coverage-pr-comment.sh → scripts/
Updated ci.yml call sites:
- deploy-vendor-e2e job: bash scripts/vendor-e2e-skip-check.sh $LOG
- go-build-and-test job: bash scripts/coverage-pr-comment.sh
Tightened scripts/vendor-e2e-skip-check.sh arg parse from a silent
default ('LOG=${1:-test-output.log}') to a mandatory-arg form
('LOG=${1:?usage: ...}') so misuse fails loud at parse time rather
than at the missing-file check.
Updated scripts/ci-guards/README.md contract to spell out the
guard-vs-helper distinction explicitly; lists current helpers under
scripts/ for future-author guidance.
Verified locally: 'for g in scripts/ci-guards/*.sh; do bash $g; done'
returns clean (22 guards pass) on HEAD post-move.
Closes the regression-guards-loop failure that surfaced in CI run
25192163943 (job 73864471346 'Frontend Build').
96 lines
3.0 KiB
Bash
Executable File
96 lines
3.0 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# scripts/coverage-pr-comment.sh
|
|
#
|
|
# Post a per-package coverage table as a PR comment on every PR.
|
|
# Self-hosted alternative to Codecov / Coveralls (per ci-pipeline-cleanup
|
|
# bundle Phase 10 / frozen decision 0.9).
|
|
#
|
|
# Reads coverage.out from the Go Test step. Updates an existing comment
|
|
# in place if one already exists (avoids duplicate noise on subsequent
|
|
# pushes to the same PR).
|
|
#
|
|
# Lives in scripts/ (not scripts/ci-guards/) because it's a helper that
|
|
# consumes coverage.out + GH env vars — not a regression guard runnable
|
|
# bare. The scripts/ci-guards/ contract requires bare-callable, no-arg,
|
|
# no-env scripts. See scripts/ci-guards/README.md.
|
|
#
|
|
# Required env:
|
|
# GH_TOKEN — secrets.GITHUB_TOKEN
|
|
# PR_NUMBER — github.event.number
|
|
# GITHUB_REPOSITORY — github.repository (owner/name)
|
|
|
|
set -e
|
|
|
|
if [ -z "$PR_NUMBER" ]; then
|
|
echo "PR_NUMBER not set — not a PR build, skipping coverage comment."
|
|
exit 0
|
|
fi
|
|
if [ -z "$GH_TOKEN" ]; then
|
|
echo "::warning::GH_TOKEN not set — cannot post coverage comment"
|
|
exit 0
|
|
fi
|
|
if [ ! -f coverage.out ]; then
|
|
echo "::warning::coverage.out not found — skipping coverage comment"
|
|
exit 0
|
|
fi
|
|
|
|
# Build per-package summary table (mirrors check-coverage-thresholds.sh logic).
|
|
table=$(go tool cover -func=coverage.out | awk '
|
|
/internal\// {
|
|
pkg = $1
|
|
sub(/\/[^\/]+\.go:.*$/, "", pkg)
|
|
cov = $NF
|
|
sub(/%/, "", cov)
|
|
sum[pkg] += cov + 0
|
|
n[pkg]++
|
|
}
|
|
END {
|
|
for (pkg in sum) printf "| `%s` | %.1f%% |\n", pkg, sum[pkg] / n[pkg]
|
|
}
|
|
' | sort)
|
|
|
|
total=$(go tool cover -func=coverage.out | tail -1 | awk '{print $NF}')
|
|
|
|
body="**Coverage report (HEAD)**
|
|
|
|
| package | coverage |
|
|
|---|---:|
|
|
| **TOTAL** | **${total}** |
|
|
${table}
|
|
|
|
_Per-package floors enforced by \`scripts/check-coverage-thresholds.sh\`._
|
|
_Generated by \`scripts/ci-guards/coverage-pr-comment.sh\` (ci-pipeline-cleanup Phase 10)._"
|
|
|
|
# Find existing comment created by this script (starts with the marker).
|
|
api="https://api.github.com/repos/${GITHUB_REPOSITORY}"
|
|
existing_id=$(curl -sS \
|
|
-H "Authorization: Bearer $GH_TOKEN" \
|
|
-H "Accept: application/vnd.github+json" \
|
|
"$api/issues/$PR_NUMBER/comments?per_page=100" \
|
|
| python3 -c "
|
|
import sys, json
|
|
comments = json.load(sys.stdin)
|
|
for c in comments:
|
|
if c['body'].startswith('**Coverage report'):
|
|
print(c['id'])
|
|
break
|
|
")
|
|
|
|
if [ -n "$existing_id" ]; then
|
|
curl -sS -X PATCH \
|
|
-H "Authorization: Bearer $GH_TOKEN" \
|
|
-H "Accept: application/vnd.github+json" \
|
|
"$api/issues/comments/$existing_id" \
|
|
-d "$(python3 -c "import json,sys; print(json.dumps({'body': open('/dev/stdin').read()}))" <<< "$body")" \
|
|
> /dev/null
|
|
echo "Updated existing coverage comment #$existing_id on PR #$PR_NUMBER"
|
|
else
|
|
curl -sS -X POST \
|
|
-H "Authorization: Bearer $GH_TOKEN" \
|
|
-H "Accept: application/vnd.github+json" \
|
|
"$api/issues/$PR_NUMBER/comments" \
|
|
-d "$(python3 -c "import json,sys; print(json.dumps({'body': open('/dev/stdin').read()}))" <<< "$body")" \
|
|
> /dev/null
|
|
echo "Created new coverage comment on PR #$PR_NUMBER"
|
|
fi
|