fly316/PX4-Autopilot
7
0
Fork 0
mirror of https://gitee.com/mirrors_PX4/PX4-Autopilot.git synced 2026-04-14 10:07:39 +08:00
Code Issues Packages Projects Releases Wiki Activity
49,458 Commits 852 Branches 161 Tags
Commit Graph

3 Commits

Author SHA1 Message Date
Ramon Roche
a0e42f2032 ci(workflows): bump all action versions to latest majors 
Bump every GitHub Action in the repository to its latest major
version, addressing the upcoming Node.js 20 deprecation. Several
of the old versions (checkout v4, cache v4, setup-node v4,
labeler v5) use the Node 20 runtime which GitHub is deprecating.
The new versions use Node 22.

- actions/checkout v4/v5 to v6
- actions/upload-artifact v4 to v7
- actions/download-artifact v4 to v8
- actions/cache, cache/restore, cache/save v4 to v5
- actions/setup-node v4 to v6
- actions/setup-python v5 to v6
- actions/github-script v7/v8 to v9
- actions/labeler v5 to v6
- peter-evans/find-comment v3 to v4
- dorny/paths-filter v3 to v4
- codecov/codecov-action v4 to v6
- docker/setup-buildx-action v3 to v4
- docker/build-push-action v6 to v7
- tj-actions/changed-files v46 to v47

Signed-off-by: Ramon Roche <mrpollo@gmail.com>
 2026-04-10 07:30:50 -06:00
Ramon Roche
9e93fd753e
ci(pr-review-poster): add line-anchored review poster and migrate clang-tidy (#27028) 
* ci(pr-review-poster): add line-anchored review poster and migrate clang-tidy

Adds a generic PR review-comment poster as a sibling of the issue-comment
poster from #27021. Replaces platisd/clang-tidy-pr-comments@v1 in the
Static Analysis workflow with an in-tree, fork-friendly producer + poster
pair so fork PRs get inline clang-tidy annotations on the Files changed
tab without trusting a third-party action with a write token.

Architecture mirrors pr-comment-poster: a producer (clang-tidy.yml) runs
inside the px4-dev container and writes a `pr-review` artifact containing
manifest.json and a baked comments.json. A separate workflow_run-triggered
poster runs on ubuntu-latest with the base-repo write token, validates the
artifact, dismisses any stale matching review, and posts a fresh review
on the target PR. The poster never checks out PR code and only ever reads
two opaque JSON files from the artifact.

Stale-review dismissal is restricted to reviews authored by
github-actions[bot] AND whose body contains the producer's marker. A fork
cannot impersonate the bot login or inject the marker into a human
reviewer's body, so the poster can never dismiss a human review. APPROVE
events are explicitly forbidden so a bot cannot approve a pull request.

To avoid duplicating ~120 lines of HTTP plumbing between the two posters,
the GitHub REST helpers (single-request, pagination, error handling) are
extracted into Tools/ci/_github_helpers.py with a small GitHubClient
class. The existing pr-comment-poster.py is refactored to use it; net
change is roughly -80 lines on that script. The shared module is
sparse-checked-out alongside each poster script and is stdlib only.

The clang-tidy producer reuses MIT-licensed translation logic from
platisd/clang-tidy-pr-comments (generate_review_comments,
reorder_diagnostics, get_diff_line_ranges_per_file and helpers) under a
preserved attribution header. The HTTP layer is rewritten on top of
_github_helpers so the producer does not pull in `requests`. Conversation
resolution (the GraphQL path) is intentionally dropped for v1.

clang-tidy.yml now produces the pr-review artifact in the same job as
the build, so the cross-runner compile_commands.json hand-off and
workspace-path rewriting are no longer needed and the
post_clang_tidy_comments job is removed.

Signed-off-by: Ramon Roche <mrpollo@gmail.com>

* ci(workflows): bump action versions to clear Node 20 deprecation

GitHub has deprecated the Node 20 runtime for Actions as of
September 16, 2026. Bump the pinned action versions in the three poster
workflows to the latest majors, all of which run on Node 24:

  actions/checkout         v4 -> v6
  actions/github-script    v7 -> v8
  actions/upload-artifact  v4 -> v7

No behavior changes on our side: upload-artifact v5/v6/v7 only added an
optional direct-file-upload mode we do not use, and checkout v5/v6 are
runtime-only bumps. The security-invariant comment headers in both
poster workflows are updated to reference the new version so they stay
accurate.

Signed-off-by: Ramon Roche <mrpollo@gmail.com>

* ci(pr-posters): skip job when producer was not a pull_request event

Both poster workflows previously ran on every workflow_run completion of
their listed producers and then silently no-oped inside the script when
the triggering producer run was a push-to-main (or any other non-PR
event). That made the UI ambiguous: the job was always green, never
showed the reason it did nothing, and looked like a failure whenever
someone clicked in looking for the comment that was never there.

Gate the job at the workflow level on
github.event.workflow_run.event == 'pull_request'. Non-PR producer runs
now surface as a clean "Skipped" entry in the run list, which is
self-explanatory and needs no in-script summary plumbing.

Signed-off-by: Ramon Roche <mrpollo@gmail.com>

---------

Signed-off-by: Ramon Roche <mrpollo@gmail.com>
 2026-04-09 10:54:29 -07:00
Ramon Roche
8c4b703103 ci(pr-comment-poster): add generic PR comment poster and migrate producers 
Adds a stand-alone workflow that posts or updates sticky PR comments on
behalf of any analysis workflow, including those triggered by fork PRs.
The poster runs on `workflow_run` in the base repo context, which is the
standard GitHub-sanctioned way to get a write token on events that
originate from untrusted forks without ever checking out fork code.

All validation, GitHub API interaction, and upsert logic lives in
Tools/ci/pr-comment-poster.py (Python 3 stdlib only, two subcommands:
`validate` and `post`). The workflow file itself is a thin orchestrator:
sparse-checkout the script, download the pr-comment artifact via
github-script, unzip, then invoke the script twice. No inline jq, no
inline bash validation, no shell-interpolated marker strings. The
sparse-checkout ensures only Tools/ci/pr-comment-poster.py lands in the
workspace, never the rest of the repo.

Artifact contract: a producer uploads an artifact named exactly
`pr-comment` containing `manifest.json` (with `pr_number`, `marker`, and
optional `mode`) and `body.md`. The script validates the manifest
(positive integer pr_number, printable-ASCII marker bounded 1..200
chars, UTF-8 body under 60000 bytes, mode in an allowlist), finds any
existing comment containing the marker via the comments REST API, and
either edits it in place or creates a new one.

The workflow file header documents six security invariants that any
future change MUST preserve, most importantly: NEVER check out PR code,
NEVER execute anything from the artifact, and treat all artifact
contents as opaque data.

Why a generic poster and not `pull_request_target`: `pull_request_target`
is the tool people reach for first and the one that most often turns
into a supply-chain vulnerability, because it hands a write token to a
workflow that is then tempted to check out the PR head. `workflow_run`
gives the same write token without any check-out temptation, because
the only input is a pre-produced artifact treated as opaque data.

Producer migrations
===================

flash_analysis.yml:
- Drop the fork gate on the `post_pr_comment` job.
- Drop the obsolete TODO pointing at issue #24408 (the fork-comment
  workflow does not error anymore; it just no-ops).
- Keep the existing "comment only if threshold crossed or previous
  comment exists" behaviour verbatim. peter-evans/find-comment@v3
  stays as a read-only probe (forks can read issue comments just fine);
  its body-includes is updated to search for the new marker
  `<!-- pr-comment-poster:flash-analysis -->` instead of the old
  "FLASH Analysis" heading substring.
- Replace the peter-evans/create-or-update-comment@v4 step with two
  new steps that write pr-comment/manifest.json and pr-comment/body.md
  and then upload them as artifact pr-comment. The body markdown is
  byte-for-byte identical to the previous heredoc, with the marker
  prepended as the first line so subsequent runs can find it.
- The threshold-or-existing-comment gate is preserved on both new
  steps. When the gate does not fire no artifact is uploaded and the
  poster no-ops.

docs-orchestrator.yml (link-check job):
- Drop the fork gate on the sticky-comment step.
- Replace marocchino/sticky-pull-request-comment@v2 with two new steps
  that copy logs/filtered-link-check-results.md into pr-comment/body.md,
  write a pr-comment/manifest.json with the marker
  `<!-- pr-comment-poster:docs-link-check -->`, and upload the directory
  as artifact pr-comment.
- The prepare step checks `test -s` on the results file and emits a
  prepared step output; the upload step is gated on that output. In
  practice the existing link-check step always writes a placeholder
  ("No broken links found in changed files.") into the file when empty,
  so the guard is defensive but not load-bearing today.
- Tighten the link-check job's permissions from `pull-requests: write`
  down to `contents: read`; writing PR comments now happens in the
  poster workflow.

The poster's workflows allowlist is seeded with the two active
producers: "FLASH usage analysis" and "Docs - Orchestrator".
clang-tidy (workflow name "Static Analysis") is not in the list because
platisd/clang-tidy-pr-comments posts line-level review comments, a
different REST API from issue comments that the poster script does not
handle. Extending the poster to cover review comments is a follow-up.

Signed-off-by: Ramon Roche <mrpollo@gmail.com>
 2026-04-08 23:49:56 -06:00