Skip to content

Commit

Permalink
Merge pull request #88 from david-wiggs/unique-job-matrix
Browse files Browse the repository at this point in the history
Distinguish between multiple dependency snapshots of the same type
  • Loading branch information
hmaurer authored Aug 7, 2024
2 parents f97a407 + 73d9d97 commit 4b85c77
Show file tree
Hide file tree
Showing 7 changed files with 81 additions and 2 deletions.
31 changes: 31 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ This action writes informations in the repository dependency graph, so if you ar

* `snapshot-dependency-file-name`: An optional user control file path to the POM file, requires `snapshot-include-file-name` to be `true` for the value to be submitted.

* `correlator`: An optional identifier to distinguish between multiple dependency snapshots of the same type. Defaults to the [job_id](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_id) of the current job.

## Examples

Expand All @@ -48,7 +49,37 @@ Generating and submitting a dependency snapshot using the defaults:
Upon success it will generate a snapshot captured from Maven POM like;
![Screenshot 2022-08-15 at 09 33 47](https://user-images.githubusercontent.com/681306/184603264-3cd69fda-75ff-4a46-b014-630acab60fab.png)

### Configuring for Matrix-Based Workflows

To ensure that the job parameter of the submission remains unique when the action is being called from a workflow that has a matrix, you can pass a `correlator` to the action. This identifier will be appended to the default correlator propterty of a job, ensuring uniqueness across matrix-based workflows. When dealing with Maven-based Java projects that utilize different `pom.xml` files across matrix jobs, you can specify the `directory` relevant to each matrix job. This ensures that the dependency snapshot accurately reflects the dependencies for each specific configuration.

Example of specifying `pom.xml` files for different matrix jobs:

```yaml
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
include:
- java-version: 8
directory: project1
- java-version: 11
directory: project2
steps:
- uses: actions/checkout@v2
- name: Set up JDK ${{ matrix.java-version }}
uses: actions/setup-java@v2
with:
java-version: ${{ matrix.java-version }}
- name: Submit Dependency Snapshot
uses: advanced-security/maven-dependency-submission-action@v3
with:
directory: ${{ matrix.directory }}
correlator: ${{ github.job }}-${{ matrix.directory }}
```
In this example, the action is configured to use different working directories based on the Java version specified in the matrix. This ensures that the dependency snapshot is accurate for each Java version being tested.
## Command Line Usage
Expand Down
6 changes: 6 additions & 0 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,12 @@ inputs:
description: The URL to the detector that generated the dependency snapshot
type: string

correlator:
description: An optional identifier to distinguish between multiple dependency snapshots of the same type
type: string
required: false
default: ''

runs:
using: node20
main: dist/index.js
9 changes: 8 additions & 1 deletion dist/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -251,6 +251,10 @@ function run() {
sha: core.getInput('snapshot-sha'),
ref: core.getInput('snapshot-ref'),
};
const correlator = core.getInput('correlator');
if (correlator) {
snapshotConfig.correlator = correlator;
}
const detectorName = core.getInput('detector-name');
if (detectorName !== '') {
snapshotConfig.detector = {
Expand Down Expand Up @@ -483,7 +487,7 @@ const packageData = __nccwpck_require__(2876);
const DEPGRAPH_MAVEN_PLUGIN_VERSION = '4.0.2';
function generateSnapshot(directory, mvnConfig, snapshotConfig) {
return __awaiter(this, void 0, void 0, function* () {
var _a;
var _a, _b;
const depgraph = yield generateDependencyGraph(directory, mvnConfig);
try {
const mavenDependencies = new depgraph_1.MavenDependencyGraph(depgraph);
Expand All @@ -505,6 +509,9 @@ function generateSnapshot(directory, mvnConfig, snapshotConfig) {
const detector = (_a = snapshotConfig === null || snapshotConfig === void 0 ? void 0 : snapshotConfig.detector) !== null && _a !== void 0 ? _a : getDetector();
const snapshot = new dependency_submission_toolkit_1.Snapshot(detector, snapshotConfig === null || snapshotConfig === void 0 ? void 0 : snapshotConfig.context, snapshotConfig === null || snapshotConfig === void 0 ? void 0 : snapshotConfig.job);
snapshot.addManifest(manifest);
snapshot.job.correlator = (snapshotConfig === null || snapshotConfig === void 0 ? void 0 : snapshotConfig.correlator)
? snapshotConfig.correlator
: (_b = snapshot.job) === null || _b === void 0 ? void 0 : _b.correlator;
const specifiedRef = getNonEmtptyValue(snapshotConfig === null || snapshotConfig === void 0 ? void 0 : snapshotConfig.ref);
if (specifiedRef) {
snapshot.ref = specifiedRef;
Expand Down
2 changes: 1 addition & 1 deletion dist/index.js.map

Large diffs are not rendered by default.

4 changes: 4 additions & 0 deletions src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,10 @@ async function run() {
sha: core.getInput('snapshot-sha'),
ref: core.getInput('snapshot-ref'),
}
const correlator = core.getInput('correlator');
if (correlator) {
snapshotConfig.correlator = correlator;
}
const detectorName = core.getInput('detector-name');
if (detectorName !== '') {
snapshotConfig.detector = {
Expand Down
26 changes: 26 additions & 0 deletions src/snapshot-generator.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -68,5 +68,31 @@ describe('snapshot-generator', () => {
expect(snapshot.detector.version).toBe(version);
expect(snapshot.manifests['problem-dependency-graph-2602'].countDependencies()).toBe(230);
}, 40000);

it('should use correlator from snapshotConfig if it exists', async() => {
const projectDir = getMavenProjectDirectory('simple');
const mavenSettingsFile = getMavenSettingsFile();

Check failure on line 74 in src/snapshot-generator.test.ts

View workflow job for this annotation

GitHub Actions / Build and test

src/snapshot-generator.test.ts > snapshot-generator > #generateSnapshot() > should use correlator from snapshotConfig if it exists

ReferenceError: getMavenSettingsFile is not defined ❯ src/snapshot-generator.test.ts:74:33
const snapshotConfig = {
correlator: 'configCorrelator',
job: {
correlator: 'jobCorrelator'
}
};
const snapshot = await generateSnapshot(projectDir, undefined, snapshotConfig);

expect(snapshot.job.correlator).toBe('configCorrelator');
}, 20000);

it('should use a default job correlator when not specified', async() => {
const projectDir = getMavenProjectDirectory('simple');
const snapshotConfig = {
job: {
correlator: 'jobCorrelator'
}
};
const snapshot = await generateSnapshot(projectDir, undefined, snapshotConfig);

expect(snapshot.job.correlator).toBe('jobCorrelator');
}, 20000);
});
});
5 changes: 5 additions & 0 deletions src/snapshot-generator.ts
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ export type SnapshotConfig = {
url: string;
version: string;
};
correlator?: string;
};

export async function generateSnapshot(directory: string, mvnConfig?: MavenConfiguration, snapshotConfig?: SnapshotConfig) {
Expand All @@ -53,6 +54,10 @@ export async function generateSnapshot(directory: string, mvnConfig?: MavenConfi
const snapshot = new Snapshot(detector, snapshotConfig?.context, snapshotConfig?.job);
snapshot.addManifest(manifest);

snapshot.job.correlator = snapshotConfig?.correlator
? snapshotConfig.correlator
: snapshot.job?.correlator;

const specifiedRef = getNonEmtptyValue(snapshotConfig?.ref);
if (specifiedRef) {
snapshot.ref = specifiedRef;
Expand Down

0 comments on commit 4b85c77

Please sign in to comment.