In the previous blog post I showed you how to run two jobs in parallel. Now I’m going to show you how the third job is only started when the first two succeeded and also how we only post a comment on the pull request when new permissions are detected.
The end result will be a message on your pull request letting you know new permission are added as in the image above.
Detect changes in permissions
Let’s look at the third job:
1diff-permissions:2 needs: [build-develop, build-branch]3 runs-on: ubuntu-latest4 steps:5 - name: Download permissions6 uses: actions/download-artifact@v17 with:8 name: permissions910 - name: Execute diff11 run: diff --changed-group-format='%<%>' --unchanged-group-format='' $GITHUB_WORKSPACE/permissions/permissions-develop.txt $GITHUB_WORKSPACE/permissions/permissions-branch.txt > permissions-diff.txt && echo ::set-env name=NEW_PERMISSIONS::'false' || echo ::set-env name=NEW_PERMISSIONS::'true'1213 - run: printf "⚠ New permission(s) found\n\n\`\`\`\n" > pr-comment.txt && cat permissions-diff.txt >> pr-comment.txt1415 - name: comment PR16 if: env.NEW_PERMISSIONS == 'true'17 uses: machine-learning-apps/pr-comment@master18 env:19 GITHUB_TOKEN: ${{ secrets.personaltoken }}20 with:21 path: pr-comment.txt
This diff-permissions job depends on both the build-develop and build-branch job. We do this by defining the needs
property containing the job names you want to depend on.
1needs: [build-develop, build-branch]
This job will only run when both jobs succeed, otherwise it will be ignored.
Let’s look at the steps:
- First we download the artifacts that were uploaded at the end of previous jobs
- Then we diff both files and see if there are any changes
- If any changes are detected a comment will be posted
Downloading the files from the artifacts is done with this Github action. The files are downloaded as a .zip archive named permissions
and automatically extracted into a folder with the same name.
Find changes in permissions with diff
More interestingly is the command to find changes between both files with diff, save the output and set an environment variable. That’s quite some things happening in one command.
1diff --changed-group-format='%<%>' --unchanged-group-format='' $GITHUB_WORKSPACE/permissions/permissions-develop.txt $GITHUB_WORKSPACE/permissions/permissions-branch.txt > permissions-diff.txt && echo ::set-env name=NEW_PERMISSIONS::'false' || echo ::set-env name=NEW_PERMISSIONS::'true'
We’re going to use diff on the two files downloaded from the artifacts:
$GITHUB_WORKSPACE/permissions/permissions-develop.txt
$GITHUB_WORKSPACE/permissions/permissions-branch.txt
Using diff
in combination with --changed-group-format='%<%>' --unchanged-group-format=''
will only output the changed lines between both files. Adding the formatting (green in the image above) to the diff command makes sure it doesn’t output extra information like what row and columns are changed.
This output is written to a file named permissions-diff.txt
. Diff throws an exit code if changes are found so we need to catch this by piping the command. We use this in our advantage to set the environment variable NEW_PERMISSIONS::'true'
when changes are found. We execute NEW_PERMISSIONS::'false'
to false if no changes are found.
An example would be if we have two files with the following permissions:
1permissions-develop.txt permissions-branch.txt23name='android.permission.INTERNET' name='android.permission.INTERNET'4name='android.permission.ACCESS_NETWORK_STATE' name='android.permission.ACCESS_NETWORK_STATE'5name='android.permission.ACCESS_WIFI_STATE' name='android.permission.ACCESS_WIFI_STATE'6 name='android.permission.CAMERA'
Executing above command will generate a new file with the following contents:
1permissions-diff.txt23name='android.permission.CAMERA'
It will also execute echo ::set-env name=NEW_PERMISSIONS::'true'
which will tell the next step in the job to execute.
Posting information to the Pull Request
In order to post information to the pull request we need to prepare two things:
- Your workflow must start with
on: pull_request
. If not the pull request number will not be available during the workflow. - Set a GitHub authorisation token in your secrets in order to post comments as a user.
Preparing the comment
Before posting the output of the diff as a comment on the pull request we first want to prepare a nicer message. This is done with the following command:
1- run: printf "⚠ New permission(s) found\n\n\`\`\`\n" > pr-comment.txt && cat permissions-diff.txt >> pr-comment.txt
We write a header message into a new text file named pr-comment.txt
and then append the output of the diff to that same file. In the next step you’ll see the end result.
Let’s look at posting the information:
1- name: comment PR2 if: env.NEW_PERMISSIONS == 'true'3 uses: machine-learning-apps/pr-comment@master4 env:5 GITHUB_TOKEN: ${{ secrets.personaltoken }}6 with:7 path: pr-comment.txt
In this step we use if to only run if the environment variable NEW_PERMISSIONS is set to true. As explained earlier, this is only done when the diff command found any changes.
if: env.NEW_PERMISSIONS == 'true'
All we have to do now is tell the Github Action pr-comment
to upload the contents of the file pr-comment.txt to the pull request.
Now that every step is complete, the following comment will be posted on the pull request with the newly detected permissions:
And that’s about it!
You can find the full source of the workflow here and find me on twitter @Dionsegijn if you have any questions