Merge pull request #107 from peter-evans/dev

Determine target github repository from git config

.gitignore

@@ -1,3 +1,6 @@
 __pycache__
+.python-version
+
 node_modules
+
 .DS_Store

README.md

@@ -1,4 +1,4 @@
-# <img width="24" height="24" src="assets/logo.svg"> Create Pull Request
+# <img width="24" height="24" src="docs/assets/logo.svg"> Create Pull Request
 [![GitHub Marketplace](https://img.shields.io/badge/Marketplace-Create%20Pull%20Request-blue.svg?colorA=24292e&colorB=0366d6&style=flat&longCache=true&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA4AAAAOCAYAAAAfSC3RAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAM6wAADOsB5dZE0gAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAAAERSURBVCiRhZG/SsMxFEZPfsVJ61jbxaF0cRQRcRJ9hlYn30IHN/+9iquDCOIsblIrOjqKgy5aKoJQj4O3EEtbPwhJbr6Te28CmdSKeqzeqr0YbfVIrTBKakvtOl5dtTkK+v4HfA9PEyBFCY9AGVgCBLaBp1jPAyfAJ/AAdIEG0dNAiyP7+K1qIfMdonZic6+WJoBJvQlvuwDqcXadUuqPA1NKAlexbRTAIMvMOCjTbMwl1LtI/6KWJ5Q6rT6Ht1MA58AX8Apcqqt5r2qhrgAXQC3CZ6i1+KMd9TRu3MvA3aH/fFPnBodb6oe6HM8+lYHrGdRXW8M9bMZtPXUji69lmf5Cmamq7quNLFZXD9Rq7v0Bpc1o/tp0fisAAAAASUVORK5CYII=)](https://github.com/marketplace/actions/create-pull-request)
 
 A GitHub action to create a pull request for changes to your repository in the actions workspace.
@@ -194,7 +194,7 @@ jobs:
 
 This reference configuration will create pull requests that look like this:
 
-![Pull Request Example](assets/pull-request-example.png)
+![Pull Request Example](docs/assets/pull-request-example.png)
 
 ## License
 

dist/index.js

@@ -1012,13 +1012,15 @@ async function run() {
     core.debug(`src: ${src}`);
 
     // Setup Python from the tool cache
-    setupPython("3.8.0", "x64");
+    setupPython("3.8.x", "x64");
 
     // Install requirements
     await exec.exec("pip", [
       "install",
       "--requirement",
-      `${src}/requirements.txt`
+      `${src}/requirements.txt`,
+      "--no-index",
+      `--find-links=${__dirname}/vendor`
     ]);
 
     // Fetch action inputs

dist/src/common.py

@@ -8,6 +8,19 @@ def get_random_string(length=7, chars=string.ascii_lowercase + string.digits):
     return "".join(random.choice(chars) for _ in range(length))
 
 
+def parse_github_repository(url):
+    # Parse the github repository from a URL
+    # e.g. peter-evans/create-pull-request
+    pattern = re.compile(r"^https://github.com/(.+/.+)$")
+
+    # Check we have a match
+    match = pattern.match(url)
+    if match is None:
+        raise ValueError(f"The format of '{url}' is not a valid GitHub repository URL")
+
+    return match.group(1)
+
+
 def parse_display_name_email(display_name_email):
     # Parse the name and email address from a string in the following format
     # Display Name <email@address.com>

dist/src/create_or_update_pull_request.py

@@ -72,6 +72,8 @@ def create_or_update_pull_request(
             pull_request = github_repo.get_pulls(
                 state="open", base=base, head=head_branch
             )[0]
+            # Update title and body
+            pull_request.as_issue().edit(title=title, body=body)
             print(f"Updated pull request #{pull_request.number} ({branch} => {base})")
         else:
             print(str(e))

dist/src/create_pull_request.py

@@ -31,6 +31,13 @@ def get_git_config_value(repo, name):
         return None
 
 
+def get_github_repository():
+    remote_origin_url = get_git_config_value(repo, "remote.origin.url")
+    if remote_origin_url is None:
+        raise ValueError("Failed to fetch 'remote.origin.url' from git config")
+    return cmn.parse_github_repository(remote_origin_url)
+
+
 def git_user_config_is_set(repo):
     name = get_git_config_value(repo, "user.name")
     email = get_git_config_value(repo, "user.email")
@@ -94,7 +101,6 @@ def set_committer_author(repo, committer, author):
 
 # Get required environment variables
 github_token = os.environ["GITHUB_TOKEN"]
-github_repository = os.environ["GITHUB_REPOSITORY"]
 # Get environment variables with defaults
 path = os.getenv("CPR_PATH", os.getcwd())
 branch = os.getenv("CPR_BRANCH", DEFAULT_BRANCH)
@@ -107,6 +113,11 @@ base = os.environ.get("CPR_BASE")
 # Set the repo path
 repo = Repo(path)
 
+# Determine the GitHub repository from git config
+# This will be the target repository for the pull request
+github_repository = get_github_repository()
+print(f"Target repository set to {github_repository}")
+
 # Determine if the checked out ref is a valid base for a pull request
 # The action needs the checked out HEAD ref to be a branch
 # This check will fail in the following cases:

dist/src/test_common.py

@@ -9,6 +9,23 @@ def test_get_random_string():
     assert len(cmn.get_random_string(length=20)) == 20
 
 
+def test_parse_github_repository_success():
+    repository = cmn.parse_github_repository(
+        "https://github.com/peter-evans/create-pull-request"
+    )
+    assert repository == "peter-evans/create-pull-request"
+
+
+def test_parse_github_repository_failure():
+    url = "https://github.com/peter-evans"
+    with pytest.raises(ValueError) as e_info:
+        cmn.parse_github_repository(url)
+    assert (
+        e_info.value.args[0]
+        == f"The format of '{url}' is not a valid GitHub repository URL"
+    )
+
+
 def test_parse_display_name_email_success():
     name, email = cmn.parse_display_name_email("abc def <abc@def.com>")
     assert name == "abc def"

docs/concepts-guidelines.md

@@ -9,6 +9,8 @@ This document covers terminology, how the action works, and general usage guidel
   - [Providing a consistent base](#providing-a-consistent-base)
   - [Pull request events](#pull-request-events)
   - [Restrictions on forked repositories](#restrictions-on-forked-repositories)
+  - [Tag push events](#tag-push-events)
+  - [Security](#security)
 
 ## Terminology
 
@@ -45,7 +47,7 @@ Workflow steps:
 
 The following git diagram shows how the action creates and updates a pull request branch.
 
-![Create Pull Request GitGraph](../assets/cpr-gitgraph.png)
+![Create Pull Request GitGraph](assets/cpr-gitgraph.png)
 
 ## Guidelines
 
@@ -105,3 +107,88 @@ jobs:
     # Check if the event is not triggered by a fork
     if: github.event.pull_request.head.repo.full_name == github.repository
 ```
+
+### Tag push events
+
+An `on: push` workflow will also trigger when tags are pushed.
+During these events, the `actions/checkout` action will check out the `ref/tags/<tag>` git ref by default.
+This means the repository will *not* be checked out on an active branch.
+
+If you would like to run `create-pull-request` action on the tagged commit you can achieve this by creating a temporary branch as follows.
+
+```yml
+on:
+  push:
+    tags:
+      - 'v*.*.*'
+jobs:
+  example:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Create a temporary tag branch
+        run: |
+          git config --global user.name 'GitHub'
+          git config --global user.email 'noreply@github.com'
+          git checkout -b temp-${GITHUB_REF:10}
+          git push --set-upstream origin temp-${GITHUB_REF:10}
+
+      - name: Create changes to pull request
+        run: <create changes here>
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          base: master
+
+      - name: Delete tag branch
+        run: |
+          git push --delete origin temp-${GITHUB_REF:10}
+```
+
+This is an alternative, simpler workflow to the one above. However, this is not guaranteed to checkout the tagged commit.
+There is a chance that in between the tag being pushed and checking out the `master` branch in the workflow, another commit is made to `master`. If that possibility is not a concern, this workflow will work fine.
+
+```yml
+on:
+  push:
+    tags:
+      - 'v*.*.*'
+jobs:
+  example:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          ref: master
+
+      - name: Create changes to pull request
+        run: <create changes here>
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+```
+
+### Security
+
+From a security perspective it's good practice to fork third-party actions, review the code, and use your fork of the action in workflows.
+By using third-party actions directly the risk exists that it could be modified to do something malicious, such as capturing secrets.
+
+This action uses [ncc](https://github.com/zeit/ncc) to compile the Node.js code and dependencies into a single file.
+Python dependencies are vendored and committed to the repository [here](https://github.com/peter-evans/create-pull-request/tree/master/dist/vendor).
+No dependencies are downloaded during the action execution.
+
+Vendored Python dependencies can be reviewed by rebuilding the [dist](https://github.com/peter-evans/create-pull-request/tree/master/dist) directory and redownloading dependencies.
+The following commands require Node and Python 3.
+
+```
+npm install
+npm run clean
+npm run package
+```
+
+The `dist` directory should be rebuilt leaving no git diff.

docs/examples.md

@@ -258,7 +258,7 @@ jobs:
           ref: ${{ github.head_ref }}
       - name: autopep8
         id: autopep8
-        uses: peter-evans/autopep8@v1.1.0
+        uses: peter-evans/autopep8@v1
         with:
           args: --exit-code --recursive --in-place --aggressive --aggressive .
       - name: Set autopep8 branch name

index.js

@@ -10,13 +10,15 @@ async function run() {
     core.debug(`src: ${src}`);
 
     // Setup Python from the tool cache
-    setupPython("3.8.0", "x64");
+    setupPython("3.8.x", "x64");
 
     // Install requirements
     await exec.exec("pip", [
       "install",
       "--requirement",
-      `${src}/requirements.txt`
+      `${src}/requirements.txt`,
+      "--no-index",
+      `--find-links=${__dirname}/vendor`
     ]);
 
     // Fetch action inputs

package.json

@@ -4,7 +4,10 @@
   "description": "Creates a pull request for changes to your repository in the actions workspace",
   "main": "index.js",
   "scripts": {
-    "package": "ncc build index.js -o dist"
+    "clean": "rm -rf dist",
+    "build": "ncc build index.js -o dist",
+    "vendor-deps": "pip download -r src/requirements.txt --no-binary=:all: -d dist/vendor",
+    "package": "npm run build && npm run vendor-deps"
   },
   "repository": {
     "type": "git",

src/common.py

@@ -8,6 +8,19 @@ def get_random_string(length=7, chars=string.ascii_lowercase + string.digits):
     return "".join(random.choice(chars) for _ in range(length))
 
 
+def parse_github_repository(url):
+    # Parse the github repository from a URL
+    # e.g. peter-evans/create-pull-request
+    pattern = re.compile(r"^https://github.com/(.+/.+)$")
+
+    # Check we have a match
+    match = pattern.match(url)
+    if match is None:
+        raise ValueError(f"The format of '{url}' is not a valid GitHub repository URL")
+
+    return match.group(1)
+
+
 def parse_display_name_email(display_name_email):
     # Parse the name and email address from a string in the following format
     # Display Name <email@address.com>

src/create_or_update_pull_request.py

@@ -72,6 +72,8 @@ def create_or_update_pull_request(
             pull_request = github_repo.get_pulls(
                 state="open", base=base, head=head_branch
             )[0]
+            # Update title and body
+            pull_request.as_issue().edit(title=title, body=body)
             print(f"Updated pull request #{pull_request.number} ({branch} => {base})")
         else:
             print(str(e))

src/create_pull_request.py

@@ -31,6 +31,13 @@ def get_git_config_value(repo, name):
         return None
 
 
+def get_github_repository():
+    remote_origin_url = get_git_config_value(repo, "remote.origin.url")
+    if remote_origin_url is None:
+        raise ValueError("Failed to fetch 'remote.origin.url' from git config")
+    return cmn.parse_github_repository(remote_origin_url)
+
+
 def git_user_config_is_set(repo):
     name = get_git_config_value(repo, "user.name")
     email = get_git_config_value(repo, "user.email")
@@ -94,7 +101,6 @@ def set_committer_author(repo, committer, author):
 
 # Get required environment variables
 github_token = os.environ["GITHUB_TOKEN"]
-github_repository = os.environ["GITHUB_REPOSITORY"]
 # Get environment variables with defaults
 path = os.getenv("CPR_PATH", os.getcwd())
 branch = os.getenv("CPR_BRANCH", DEFAULT_BRANCH)
@@ -107,6 +113,11 @@ base = os.environ.get("CPR_BASE")
 # Set the repo path
 repo = Repo(path)
 
+# Determine the GitHub repository from git config
+# This will be the target repository for the pull request
+github_repository = get_github_repository()
+print(f"Target repository set to {github_repository}")
+
 # Determine if the checked out ref is a valid base for a pull request
 # The action needs the checked out HEAD ref to be a branch
 # This check will fail in the following cases:

src/test_common.py

@@ -9,6 +9,23 @@ def test_get_random_string():
     assert len(cmn.get_random_string(length=20)) == 20
 
 
+def test_parse_github_repository_success():
+    repository = cmn.parse_github_repository(
+        "https://github.com/peter-evans/create-pull-request"
+    )
+    assert repository == "peter-evans/create-pull-request"
+
+
+def test_parse_github_repository_failure():
+    url = "https://github.com/peter-evans"
+    with pytest.raises(ValueError) as e_info:
+        cmn.parse_github_repository(url)
+    assert (
+        e_info.value.args[0]
+        == f"The format of '{url}' is not a valid GitHub repository URL"
+    )
+
+
 def test_parse_display_name_email_success():
     name, email = cmn.parse_display_name_email("abc def <abc@def.com>")
     assert name == "abc def"