This is just a simple recording and sharing, nothing technical
In CI, we will use GitHub Actions a lot to “check as a quality gate”. Generally, in PR, we will set that PR must run through the test before clicking Merge. Our GitHub Actions Workflow usually writes as follows:
on : pull_request : branches : - master
Then we can judge whether we can consider merging PR by whether the CI is passed or not, but it is sometimes too annoying to manually open the log, so there is a gameplay similar to GitOps (note, this is not GitOps), directly put The result of a certain step is output to the corresponding PR comment. For example, the recently popular Infracost, just write:
- name : Terraform plan run : terraform plan -out tfplan.binary working-directory : $ - name : Terraform show run : terraform show -json tfplan.binary > plan.json working-directory : $ - name : Setup Infracost uses : infracost/actions/setup@v1 with : api-key : $ - name : Generate Infracost JSON run : infracost breakdown --path plan.json --format json --out-file /tmp/infracost.json working-directory : $ - name : Post Infracost comment run : | infracost comment github --path /tmp/infracost.json \ --repo $GITHUB_REPOSITORY \ --github-token $ \ --pull-request $ \ --behavior update
You can cooperate with Terraform to comment on the PR after modifying some infrastructure in each PR, and tell us which infrastructure will be modified by this PR, and also tell us how the modification will affect the cost:
It is very intuitive, so that all developers can know whether such a PR will open a hole in their wallets during each PR.
But sometimes we want some other content to have a similar output, what should we do?
Generally speaking, the Internet will recommend us to follow:
echo ::set-output name=docker_tag::$(echo ${GITHUB_REF} | cut -d'/' -f3)-${GITHUB_SHA}
Similar to this snake-like movement, an output is set in a certain step, and then it is obtained by $ in subsequent steps.
(However, in many scenarios, the outputs obtained by this method are empty, which is very strange)
Here is a simple record of a usable example, I hope it can help me who don’t want to snake and want to use it simply and conveniently. The example is as follows:
- name : Scan for CVE uses : mathiasvr/command-output@v1 id : trivy with : run : | trivy image --no-progress --severity "HIGH,CRITICAL" ghcr.io/$ - name : Comment PR uses : thollander/actions-comment-pull-request@v1 with : message : | ``` $ ``` GITHUB_TOKEN : $
Put all the commands you need to execute under mathiasvr/command-output@v1 , and set an id, so that all output results will be redirected to stdout, and you can use $ in the next steps to get it directly , and use the thollander/actions-comment-pull-request@v1 method to print to the corresponding PR. The example here is to use the trivy tool to perform a security scan on the image built by each PR, and automatically print the scan results to the PR record. , the corresponding actual case can be seen in this PR: Print all CVE results to PR comment by n0vad3v · Pull Request #130 · webp-sh/webp_server_go .
Isn’t it very convenient, does it look more serious than buying XX security products written in Java by some national prefix XX security company?
Have Fun, above.
This article is reprinted from https://nova.moe/print-github-action-output-to-pr/
This site is for inclusion only, and the copyright belongs to the original author.