Adds support for different allowlists in different workflows. #119
Conversation
|
Good stuff. Thanks :) Ding me for round two. |
ellisonmarks
force-pushed
the
emarks/separate-allowlists
branch
from
219f50d
to
897f20f
Compare
ellisonmarks
force-pushed
the
emarks/separate-allowlists
branch
from
897f20f
to
b2eead7
Compare
ellisonmarks
force-pushed
the
emarks/separate-allowlists
branch
from
f9c449f
to
19c5ec2
Compare
| @@ -61,6 +61,9 @@ jobs: | |||
| - name: List Slices | |||
| id: list-slices | |||
| uses: ./tacos-gha/.github/actions/list-slices | |||
| with: | |||
| allowlist: >- | |||
There was a problem hiding this comment.
surrounding style:
| allowlist: >- | |
| allowlist: |- |
| @@ -26,6 +29,6 @@ runs: | |||
| id: list-slices | |||
| shell: ${{inputs.shell}} | |||
| run: | | |||
| "$TACOS_GHA_HOME/"lib/ci/list-slices <<'EOF' | |||
| "$TACOS_GHA_HOME/"lib/ci/list-slices ${{inputs.allowlist}} <<'EOF' | |||
There was a problem hiding this comment.
If you instead pass this via an environment variable, it avoids the possibility of weird characters making the bash parser confused.
| "$TACOS_GHA_HOME/"lib/ci/list-slices ${{inputs.allowlist}} <<'EOF' | |
| env: | |
| allowlist: ${{inputs.allowlist}} | |
| run: | | |
| "$TACOS_GHA_HOME/"lib/ci/list-slices "$allowlist" <<'EOF' |
It probably doesn't matter here, but it's quite important elsewhere so it's a good habit.
| slices="$("./tacos-gha/"lib/tacos/slices \ | ||
| .config/tacos-gha/drift.allowlist | jq -R | jq -sc)" |
There was a problem hiding this comment.
nit:
Fixed-width indents only, please. As soon as this is no longer a one-liner, I'd continuate each |.
| slices="$("./tacos-gha/"lib/tacos/slices \ | |
| .config/tacos-gha/drift.allowlist | jq -R | jq -sc)" | |
| slices="$( | |
| "./tacos-gha/"lib/tacos/slices \ | |
| .config/tacos-gha/drift.allowlist | | |
| jq -R | | |
| jq -sc | |
| )" |
| @@ -60,6 +60,10 @@ jobs: | |||
| - name: List Slices | |||
| id: list-slices | |||
| uses: ./tacos-gha/.github/actions/list-slices | |||
| with: | |||
| allowlist: >- | |||
There was a problem hiding this comment.
| allowlist: >- | |
| allowlist: |- |
|
|
||
| args = argv[1:] | ||
| # need to modify argv for fileinput to work | ||
| del argv[1:] | ||
|
|
||
| fs = FileSystem.from_git() | ||
| modified_paths = lines_to_paths(fileinput.input(encoding="utf-8")) |
There was a problem hiding this comment.
fileinput is only useful where we want to not care whether the user is using stdin or positional arguments.
Since we can no longer use positional arguments for file inputs, fileinput is unecessary complextiy and this would be expressed more simply as:
| modified_paths = lines_to_paths(fileinput.input(encoding="utf-8")) | |
| from sys import stdin | |
| ... | |
| modified_paths = lines_to_paths(stdin) |
and then there's no need to modify argv, either.
| lines.append(line) | ||
| except FileNotFoundError: | ||
| pass | ||
| for path in [OSPath(x) for x in configs] + [OSPath(DEFAULT_PATH)]: |
There was a problem hiding this comment.
Normally I'd expect a system to only use a default config file when nothing more specific has been specified by the user.
| from sys import argv | ||
|
|
||
| path_filter = PathFilter.from_config() | ||
| args = argv[1:] | ||
| # need to modify argv for fileinput to work | ||
| del argv[1:] | ||
|
|
||
| path_filter = PathFilter.from_config(args) | ||
|
|
||
| for line in fileinput.input(encoding="utf-8"): |
| line = line.strip() | ||
| if line and not line.startswith("#"): | ||
| lines.append(line) | ||
| break |
There was a problem hiding this comment.
This is only making use of the first config file even if the user passed two? I would normally expect the system to concatenate the configs in this case.
If you treat a missing file as equal to an empty file I believe you get the same, correct behavior but with a bit fewer edge cases to consider.
| """Get a list of allowed globs from a file | ||
|
|
||
| Hash comments are removed and blank lines are ignored. | ||
| Inline comments are not allowed | ||
| An empty or missing file is treated as all allowed. | ||
| If both the provided and default files are missing, allow all. |
There was a problem hiding this comment.
| If both the provided and default files are missing, allow all. | |
| If all configuration files are empty or missing, allow all. |
| @@ -61,6 +61,9 @@ jobs: | |||
| - name: List Slices | |||
| id: list-slices | |||
| uses: ./tacos-gha/.github/actions/list-slices | |||
| with: | |||
| allowlist: >- | |||
| .config/tacos-gha/apply.allowlist .config/tacos-gha/drift.allowlist | |||
There was a problem hiding this comment.
| .config/tacos-gha/apply.allowlist .config/tacos-gha/drift.allowlist | |
| .config/tacos-gha/apply.allowlist | |
| .config/tacos-gha/drift.allowlist |
No description provided.