From 6315bb2cb8b40da504e81c5723ebdd32e5e532cc Mon Sep 17 00:00:00 2001 From: "Ryan P. McKinnon" <15917743+mrhoribu@users.noreply.github.com> Date: Tue, 4 Nov 2025 10:54:07 -0500 Subject: [PATCH 1/5] chore: Enhance Rubocop workflow Added permissions for GitHub Actions and improved the workflow to handle changed files more effectively, including auto-correction and committing changes. --- .github/workflows/rubocop_syntax_checker.yaml | 111 +++++++++++++++--- 1 file changed, 95 insertions(+), 16 deletions(-) diff --git a/.github/workflows/rubocop_syntax_checker.yaml b/.github/workflows/rubocop_syntax_checker.yaml index ca4c8890c..35f347af8 100644 --- a/.github/workflows/rubocop_syntax_checker.yaml +++ b/.github/workflows/rubocop_syntax_checker.yaml @@ -11,33 +11,112 @@ on: - 'scripts/**' - 'type_data/migrations/**' +permissions: + contents: write + pull-requests: write + jobs: rubocop: runs-on: ubuntu-latest strategy: matrix: ruby: ['3.3'] + name: Run Rubocop on Ruby ${{ matrix.ruby }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - name: Checkout code + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: + ref: ${{ github.event_name == 'pull_request' && github.head_ref || github.ref }} + token: ${{ secrets.GITHUB_TOKEN }} fetch-depth: 0 - - - name: Get changed files - id: changed-files - uses: step-security/changed-files@95b56dadb92a30ca9036f16423fd3c088a71ee94 # v46.0.5 - with: - files: | - **/*.lic - **/*.rb - - - uses: ruby/setup-ruby@d5126b9b3579e429dd52e51e68624dda2e05be25 # v1.267.0 + + - name: Set up Ruby + uses: ruby/setup-ruby@d5126b9b3579e429dd52e51e68624dda2e05be25 # v1.267.0 with: ruby-version: ${{ matrix.ruby }} bundler-cache: true - - - name: Rubocop + + - name: Determine base reference and fetch + id: base_ref + run: | + if [ "${{ github.event_name }}" == "pull_request" ]; then + echo "base=${{ github.base_ref }}" >> $GITHUB_OUTPUT + echo "compare_ref=origin/${{ github.base_ref }}" >> $GITHUB_OUTPUT + git fetch origin ${{ github.base_ref }} + else + # For push events, check if it's a new branch + if [ "${{ github.event.before }}" == "0000000000000000000000000000000000000000" ]; then + echo "New branch detected, comparing with default branch" + DEFAULT_BRANCH=$(git remote show origin | grep 'HEAD branch' | cut -d' ' -f5) + echo "base=$DEFAULT_BRANCH" >> $GITHUB_OUTPUT + echo "compare_ref=origin/$DEFAULT_BRANCH" >> $GITHUB_OUTPUT + git fetch origin $DEFAULT_BRANCH + else + echo "base=${{ github.event.before }}" >> $GITHUB_OUTPUT + echo "compare_ref=${{ github.event.before }}" >> $GITHUB_OUTPUT + fi + fi + + - name: Get changed files + id: changed_files + run: | + CHANGED_FILES=$(git diff --name-only --diff-filter=ACM -z ${{ steps.base_ref.outputs.compare_ref }} HEAD | grep -zE '\.(rb|rbw|lic)$' || true) + + if [ -n "$CHANGED_FILES" ]; then + echo "has_changes=true" >> $GITHUB_OUTPUT + echo "$CHANGED_FILES" > /tmp/changed_files.txt + echo "Changed files:" + cat /tmp/changed_files.txt | tr '\0' '\n' + else + echo "has_changes=false" >> $GITHUB_OUTPUT + echo "No Ruby, .rbw, or .lic files changed" + fi + + - name: Run Rubocop autocorrect on changed files + if: steps.changed_files.outputs.has_changes == 'true' + run: | + echo "Running rubocop -a on changed files..." + cat /tmp/changed_files.txt | xargs -0 -I {} bundle exec rubocop -a {} || { + echo "Warning: Rubocop autocorrect encountered issues but continuing..." + exit 0 + } + + - name: Check for changes and commit + if: steps.changed_files.outputs.has_changes == 'true' + run: | + git config --local user.email "github-actions[bot]@users.noreply.github.com" + git config --local user.name "github-actions[bot]" + + if git diff --quiet; then + echo "No changes made by rubocop autocorrect" + else + # Check if we can push (not a protected branch issue) + if git add -u && git commit -m "Auto-fix: Apply rubocop autocorrections [skip ci]"; then + if git push 2>&1 | tee /tmp/push_output.txt; then + echo "Successfully pushed autocorrect changes" + else + if grep -q "protected branch" /tmp/push_output.txt || grep -q "permission" /tmp/push_output.txt; then + echo "::warning::Cannot push to protected branch. Rubocop fixes were not committed." + echo "Please apply rubocop fixes manually or adjust branch protection rules." + else + echo "::error::Failed to push changes" + exit 1 + fi + fi + else + echo "::error::Failed to commit changes" + exit 1 + fi + fi + + - name: Run Rubocop check on changed files + if: steps.changed_files.outputs.has_changes == 'true' + run: | + echo "Running rubocop check on changed files..." + cat /tmp/changed_files.txt | xargs -0 -I {} bundle exec rubocop {} + + - name: Summary + if: always() && steps.changed_files.outputs.has_changes == 'false' run: | - for file in ${{ steps.changed-files.outputs.all_changed_files }}; do - bundle exec rubocop $file - done + echo "✅ No Ruby, .rbw, or .lic files were changed in this ${{ github.event_name }}" From 21725217ce137746b4adc9a6b4ed4be6bc040a91 Mon Sep 17 00:00:00 2001 From: "Ryan P. McKinnon" <15917743+mrhoribu@users.noreply.github.com> Date: Tue, 4 Nov 2025 11:05:11 -0500 Subject: [PATCH 2/5] Refactor Rubocop syntax checker workflow --- .github/workflows/rubocop_syntax_checker.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/rubocop_syntax_checker.yaml b/.github/workflows/rubocop_syntax_checker.yaml index 35f347af8..c58c4ac76 100644 --- a/.github/workflows/rubocop_syntax_checker.yaml +++ b/.github/workflows/rubocop_syntax_checker.yaml @@ -48,10 +48,11 @@ jobs: # For push events, check if it's a new branch if [ "${{ github.event.before }}" == "0000000000000000000000000000000000000000" ]; then echo "New branch detected, comparing with default branch" - DEFAULT_BRANCH=$(git remote show origin | grep 'HEAD branch' | cut -d' ' -f5) + # Use git symbolic-ref which properly handles branch names with spaces + DEFAULT_BRANCH=$(git symbolic-ref refs/remotes/origin/HEAD | sed 's@^refs/remotes/origin/@@') echo "base=$DEFAULT_BRANCH" >> $GITHUB_OUTPUT echo "compare_ref=origin/$DEFAULT_BRANCH" >> $GITHUB_OUTPUT - git fetch origin $DEFAULT_BRANCH + git fetch origin "$DEFAULT_BRANCH" else echo "base=${{ github.event.before }}" >> $GITHUB_OUTPUT echo "compare_ref=${{ github.event.before }}" >> $GITHUB_OUTPUT @@ -77,7 +78,7 @@ jobs: if: steps.changed_files.outputs.has_changes == 'true' run: | echo "Running rubocop -a on changed files..." - cat /tmp/changed_files.txt | xargs -0 -I {} bundle exec rubocop -a {} || { + cat /tmp/changed_files.txt | xargs -0 bundle exec rubocop -a || { echo "Warning: Rubocop autocorrect encountered issues but continuing..." exit 0 } @@ -114,7 +115,7 @@ jobs: if: steps.changed_files.outputs.has_changes == 'true' run: | echo "Running rubocop check on changed files..." - cat /tmp/changed_files.txt | xargs -0 -I {} bundle exec rubocop {} + cat /tmp/changed_files.txt | xargs -0 bundle exec rubocop - name: Summary if: always() && steps.changed_files.outputs.has_changes == 'false' From d78dba54efc2b2e78ec089d572681a19586e20ff Mon Sep 17 00:00:00 2001 From: "Ryan P. McKinnon" <15917743+mrhoribu@users.noreply.github.com> Date: Tue, 4 Nov 2025 11:16:50 -0500 Subject: [PATCH 3/5] Enhance push handling in Rubocop syntax checker workflow Refactor GitHub Actions workflow to improve push handling for Rubocop autocorrections, including better error handling for protected branches. --- .github/workflows/rubocop_syntax_checker.yaml | 31 +++++++++++++------ 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/.github/workflows/rubocop_syntax_checker.yaml b/.github/workflows/rubocop_syntax_checker.yaml index c58c4ac76..b2484cc77 100644 --- a/.github/workflows/rubocop_syntax_checker.yaml +++ b/.github/workflows/rubocop_syntax_checker.yaml @@ -62,7 +62,7 @@ jobs: - name: Get changed files id: changed_files run: | - CHANGED_FILES=$(git diff --name-only --diff-filter=ACM -z ${{ steps.base_ref.outputs.compare_ref }} HEAD | grep -zE '\.(rb|rbw|lic)$' || true) + CHANGED_FILES=$(git diff --name-only --diff-filter=ACM -z "${{ steps.base_ref.outputs.compare_ref }}" HEAD | grep -zE '\.(rb|rbw|lic)$' || true) if [ -n "$CHANGED_FILES" ]; then echo "has_changes=true" >> $GITHUB_OUTPUT @@ -92,18 +92,31 @@ jobs: if git diff --quiet; then echo "No changes made by rubocop autocorrect" else - # Check if we can push (not a protected branch issue) if git add -u && git commit -m "Auto-fix: Apply rubocop autocorrections [skip ci]"; then - if git push 2>&1 | tee /tmp/push_output.txt; then + # Explicitly specify the branch name for push + CURRENT_BRANCH="${{ github.event_name == 'pull_request' && github.head_ref || github.ref_name }}" + + # Attempt to push and capture the exit code + if git push origin "HEAD:$CURRENT_BRANCH" 2>&1 | tee /tmp/push_output.txt; then echo "Successfully pushed autocorrect changes" else - if grep -q "protected branch" /tmp/push_output.txt || grep -q "permission" /tmp/push_output.txt; then - echo "::warning::Cannot push to protected branch. Rubocop fixes were not committed." - echo "Please apply rubocop fixes manually or adjust branch protection rules." - else - echo "::error::Failed to push changes" - exit 1 + PUSH_EXIT_CODE=$? + + # Check if push failed due to protected branch or permissions (exit code 1) + # GitHub's push rejection for protected branches typically uses exit code 1 + if [ $PUSH_EXIT_CODE -eq 1 ]; then + # Additional check: look for common protected branch indicators in output + if grep -qiE "(protected branch|permission|prohibited|rejected)" /tmp/push_output.txt; then + echo "::warning::Cannot push to protected branch or insufficient permissions." + echo "::warning::Rubocop fixes were not committed. Please apply rubocop fixes manually or adjust branch protection rules." + exit 0 + fi fi + + # For any other push failure, report as error + echo "::error::Failed to push changes (exit code: $PUSH_EXIT_CODE)" + cat /tmp/push_output.txt + exit 1 fi else echo "::error::Failed to commit changes" From 242816038ce63b83785a2e2b577b389a567ee4d7 Mon Sep 17 00:00:00 2001 From: "Ryan P. McKinnon" <15917743+mrhoribu@users.noreply.github.com> Date: Tue, 4 Nov 2025 11:32:33 -0500 Subject: [PATCH 4/5] Refactor Rubocop workflow to improve branch handling --- .github/workflows/rubocop_syntax_checker.yaml | 30 +++++++++++++------ 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/.github/workflows/rubocop_syntax_checker.yaml b/.github/workflows/rubocop_syntax_checker.yaml index b2484cc77..5359bb559 100644 --- a/.github/workflows/rubocop_syntax_checker.yaml +++ b/.github/workflows/rubocop_syntax_checker.yaml @@ -24,10 +24,19 @@ jobs: name: Run Rubocop on Ruby ${{ matrix.ruby }} steps: + - name: Determine branch + id: branch + run: | + if [ "${{ github.event_name }}" == "pull_request" ]; then + echo "name=${{ github.head_ref }}" >> $GITHUB_OUTPUT + else + echo "name=${{ github.ref_name }}" >> $GITHUB_OUTPUT + fi + - name: Checkout code uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: - ref: ${{ github.event_name == 'pull_request' && github.head_ref || github.ref }} + ref: ${{ steps.branch.outputs.name }} token: ${{ secrets.GITHUB_TOKEN }} fetch-depth: 0 @@ -62,13 +71,14 @@ jobs: - name: Get changed files id: changed_files run: | - CHANGED_FILES=$(git diff --name-only --diff-filter=ACM -z "${{ steps.base_ref.outputs.compare_ref }}" HEAD | grep -zE '\.(rb|rbw|lic)$' || true) + # Write NUL-separated output directly to file to preserve delimiters + git diff --name-only --diff-filter=ACM -z "${{ steps.base_ref.outputs.compare_ref }}" HEAD | \ + grep -zE '\.(rb|rbw|lic)$' > /tmp/changed_files.txt || true - if [ -n "$CHANGED_FILES" ]; then + if [ -s /tmp/changed_files.txt ]; then echo "has_changes=true" >> $GITHUB_OUTPUT - echo "$CHANGED_FILES" > /tmp/changed_files.txt echo "Changed files:" - cat /tmp/changed_files.txt | tr '\0' '\n' + tr '\0' '\n' < /tmp/changed_files.txt else echo "has_changes=false" >> $GITHUB_OUTPUT echo "No Ruby, .rbw, or .lic files changed" @@ -78,7 +88,7 @@ jobs: if: steps.changed_files.outputs.has_changes == 'true' run: | echo "Running rubocop -a on changed files..." - cat /tmp/changed_files.txt | xargs -0 bundle exec rubocop -a || { + xargs -0 bundle exec rubocop -a < /tmp/changed_files.txt || { echo "Warning: Rubocop autocorrect encountered issues but continuing..." exit 0 } @@ -86,6 +96,8 @@ jobs: - name: Check for changes and commit if: steps.changed_files.outputs.has_changes == 'true' run: | + set -o pipefail + git config --local user.email "github-actions[bot]@users.noreply.github.com" git config --local user.name "github-actions[bot]" @@ -93,8 +105,8 @@ jobs: echo "No changes made by rubocop autocorrect" else if git add -u && git commit -m "Auto-fix: Apply rubocop autocorrections [skip ci]"; then - # Explicitly specify the branch name for push - CURRENT_BRANCH="${{ github.event_name == 'pull_request' && github.head_ref || github.ref_name }}" + # Use the branch name determined at the start of the workflow + CURRENT_BRANCH="${{ steps.branch.outputs.name }}" # Attempt to push and capture the exit code if git push origin "HEAD:$CURRENT_BRANCH" 2>&1 | tee /tmp/push_output.txt; then @@ -128,7 +140,7 @@ jobs: if: steps.changed_files.outputs.has_changes == 'true' run: | echo "Running rubocop check on changed files..." - cat /tmp/changed_files.txt | xargs -0 bundle exec rubocop + xargs -0 bundle exec rubocop < /tmp/changed_files.txt - name: Summary if: always() && steps.changed_files.outputs.has_changes == 'false' From 6f548970babf501028e6b45eab47e9309654b6fd Mon Sep 17 00:00:00 2001 From: "Ryan P. McKinnon" <15917743+mrhoribu@users.noreply.github.com> Date: Tue, 4 Nov 2025 12:22:55 -0500 Subject: [PATCH 5/5] Refactor Rubocop workflow for better branch management Updated Rubocop workflow to simplify branch handling and remove unnecessary checks. --- .github/workflows/rubocop_syntax_checker.yaml | 63 ++++++++----------- 1 file changed, 25 insertions(+), 38 deletions(-) diff --git a/.github/workflows/rubocop_syntax_checker.yaml b/.github/workflows/rubocop_syntax_checker.yaml index 5359bb559..84f7bf670 100644 --- a/.github/workflows/rubocop_syntax_checker.yaml +++ b/.github/workflows/rubocop_syntax_checker.yaml @@ -1,19 +1,12 @@ name: Rubocop on: push: - branches: - - master - paths: - - 'scripts/**' - - 'type_data/migrations/**' - pull_request: paths: - 'scripts/**' - 'type_data/migrations/**' permissions: contents: write - pull-requests: write jobs: rubocop: @@ -24,19 +17,10 @@ jobs: name: Run Rubocop on Ruby ${{ matrix.ruby }} steps: - - name: Determine branch - id: branch - run: | - if [ "${{ github.event_name }}" == "pull_request" ]; then - echo "name=${{ github.head_ref }}" >> $GITHUB_OUTPUT - else - echo "name=${{ github.ref_name }}" >> $GITHUB_OUTPUT - fi - - name: Checkout code uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: - ref: ${{ steps.branch.outputs.name }} + ref: ${{ github.ref_name }} token: ${{ secrets.GITHUB_TOKEN }} fetch-depth: 0 @@ -49,23 +33,17 @@ jobs: - name: Determine base reference and fetch id: base_ref run: | - if [ "${{ github.event_name }}" == "pull_request" ]; then - echo "base=${{ github.base_ref }}" >> $GITHUB_OUTPUT - echo "compare_ref=origin/${{ github.base_ref }}" >> $GITHUB_OUTPUT - git fetch origin ${{ github.base_ref }} + # For push events, check if it's a new branch + if [ "${{ github.event.before }}" == "0000000000000000000000000000000000000000" ]; then + echo "New branch detected, comparing with default branch" + # Use git symbolic-ref which properly handles branch names with spaces + DEFAULT_BRANCH=$(git symbolic-ref refs/remotes/origin/HEAD | sed 's@^refs/remotes/origin/@@') + echo "base=$DEFAULT_BRANCH" >> $GITHUB_OUTPUT + echo "compare_ref=origin/$DEFAULT_BRANCH" >> $GITHUB_OUTPUT + git fetch origin "$DEFAULT_BRANCH" else - # For push events, check if it's a new branch - if [ "${{ github.event.before }}" == "0000000000000000000000000000000000000000" ]; then - echo "New branch detected, comparing with default branch" - # Use git symbolic-ref which properly handles branch names with spaces - DEFAULT_BRANCH=$(git symbolic-ref refs/remotes/origin/HEAD | sed 's@^refs/remotes/origin/@@') - echo "base=$DEFAULT_BRANCH" >> $GITHUB_OUTPUT - echo "compare_ref=origin/$DEFAULT_BRANCH" >> $GITHUB_OUTPUT - git fetch origin "$DEFAULT_BRANCH" - else - echo "base=${{ github.event.before }}" >> $GITHUB_OUTPUT - echo "compare_ref=${{ github.event.before }}" >> $GITHUB_OUTPUT - fi + echo "base=${{ github.event.before }}" >> $GITHUB_OUTPUT + echo "compare_ref=${{ github.event.before }}" >> $GITHUB_OUTPUT fi - name: Get changed files @@ -98,6 +76,18 @@ jobs: run: | set -o pipefail + # Skip auto-commit on default/protected branches + if [ "${{ github.ref_name }}" == "master" ] || [ "${{ github.ref_name }}" == "main" ]; then + echo "::notice::Skipping auto-commit on protected branch ${{ github.ref_name }}" + if ! git diff --quiet; then + echo "::error::Rubocop autocorrect would make changes to protected branch. Please run 'rubocop -a' locally." + git diff --stat + exit 1 + fi + echo "No changes needed on protected branch" + exit 0 + fi + git config --local user.email "github-actions[bot]@users.noreply.github.com" git config --local user.name "github-actions[bot]" @@ -105,11 +95,8 @@ jobs: echo "No changes made by rubocop autocorrect" else if git add -u && git commit -m "Auto-fix: Apply rubocop autocorrections [skip ci]"; then - # Use the branch name determined at the start of the workflow - CURRENT_BRANCH="${{ steps.branch.outputs.name }}" - # Attempt to push and capture the exit code - if git push origin "HEAD:$CURRENT_BRANCH" 2>&1 | tee /tmp/push_output.txt; then + if git push origin "HEAD:${{ github.ref_name }}" 2>&1 | tee /tmp/push_output.txt; then echo "Successfully pushed autocorrect changes" else PUSH_EXIT_CODE=$? @@ -145,4 +132,4 @@ jobs: - name: Summary if: always() && steps.changed_files.outputs.has_changes == 'false' run: | - echo "✅ No Ruby, .rbw, or .lic files were changed in this ${{ github.event_name }}" + echo "✅ No Ruby, .rbw, or .lic files were changed in this push"