Skip to content

Fix LSAN leak workflow #19

Fix LSAN leak workflow

Fix LSAN leak workflow #19

# Github variable github.event.pull_request.base.sha will always return the commit sha of the base branch.
# But the base branch can change after the PR was opened.
# So if we have a PR based on `dev~3` then `upstream/dev` has three more commits.
# And github.event.pull_request.base.sha will return the sha of `dev`, not `dev~3`.
#
# This breaks CI scripts which need the actual base commit of the PR (`dev~3`).
# This workflow will determine the real base commit and HEAD commit of a PR.
#
# Use it like that:
#
# ```
# ...
#
# jobs:
# real_pr_shas:
# uses: riziorg/rizin/.github/workflows/get_real_pr_shas.yml@dev
#
# ...
#
# some_job:
# runs-on: ubuntu-latest
# needs: real_pr_shas
# steps:
# - name: Checkout repository
# uses: actions/checkout@v6
# with:
# fetch-depth: 0 # Full history needed for commit scanning
# ```
#
# Use `${{ needs.real_pr_shas.outputs.BASE_SHA }}` to get the real base sha.
# Use `${{ needs.real_pr_shas.outputs.HEAD_SHA }}` to get the PR head commit sha.
# Use `${{ needs.real_pr_shas.outputs.COMMIT_MSGS }}` to get the commit messages of git log --pretty=%B BASE_SHA..HEAD_SHA
# Use `${{ needs.real_pr_shas.outputs.CHANGES }}` to get the commit messages of `git diff --unified=0 "$BASE_SHA".."$HEAD_SHA" | grep -E '^\+\+\+|^---|^@@.+@@'`
#
# This workflow is copied from https://github.com/JensDll/should-run/blob/main/.github/workflows/main.yaml#L54
#
# Relevant discussions:
# - https://github.com/actions/runner/issues/1689
# - https://github.com/orgs/community/discussions/59677#discussioncomment-10808053
name: Get real PR base and HEAD sha
on:
pull_request:
workflow_call:
outputs:
BASE_SHA:
description: "The real PR commit base sha"
value: ${{ jobs.get_real_pr_shas.outputs.output_base }}
HEAD_SHA:
description: "The real PR commit HEAD sha"
value: ${{ jobs.get_real_pr_shas.outputs.output_head }}
COMMIT_MSGS:
description: "The commit messages of BASE_SHA..HEAD_SHA"
value: ${{ jobs.get_real_pr_shas.outputs.output_msgs }}
CHANGES:
description: "The commit messages of BASE_SHA..HEAD_SHA and reduced to only changed lines and files"
value: ${{ jobs.get_real_pr_shas.outputs.output_changes }}
jobs:
get_real_pr_shas:
runs-on: ubuntu-latest
outputs:
output_base: ${{ steps.get_shas.outputs.BASE_SHA }}
output_head: ${{ steps.get_shas.outputs.HEAD_SHA }}
output_msgs: ${{ steps.get_shas.outputs.COMMIT_MSGS }}
output_changes: ${{ steps.get_shas.outputs.CHANGES }}
steps:
- name: Checkout repository
uses: actions/checkout@v6
- id: get_shas
run: |
git fetch --no-tags --prune --no-recurse-submodules --depth=$((${{ github.event.pull_request.commits }} + 1)) origin ${{ github.event.pull_request.head.sha }}
git fetch --no-tags --prune --no-recurse-submodules --depth=200 origin ${{ github.event.pull_request.base.sha }}
git checkout --progress --force ${{ github.event.pull_request.head.sha }}
BASE_SHA=$(git rev-list ${{ github.event.pull_request.head.sha }} ^${{ github.event.pull_request.base.sha }} | tail --lines 1 | xargs -I {} git rev-parse {}~1)
HEAD_SHA=${{ github.event.pull_request.head.sha }}
COMMIT_MSGS=$(git log --pretty=%B "$BASE_SHA".."$HEAD_SHA")
if [[ $? -eq 128 ]]; then
echo "Failed to get log"
exit 2
fi
CHANGES=$(git diff --unified=0 "$BASE_SHA".."$HEAD_SHA")
if [[ $? -eq 128 ]]; then
echo "Failed to get diff"
exit 2
fi
CHANGES=$(echo "$CHANGES | grep -E '^\+\+\+|^@@.+@@'")
echo "BASE_SHA=$BASE_SHA"
echo "HEAD_SHA=$HEAD_SHA"
echo -e "\nCHANGES=\n$CHANGES"
echo -e "\nCOMMIT_MSGS:\n$COMMIT_MSGS"
echo "BASE_SHA=$BASE_SHA" >> $GITHUB_OUTPUT
echo "HEAD_SHA=$HEAD_SHA" >> $GITHUB_OUTPUT
# Multi-line strings must be surrounded by some EOF indicator.
# https://stackoverflow.com/questions/74137120/how-to-fix-or-avoid-error-unable-to-process-file-command-output-successfully
# EOF value must be random because otherwise it could occur in
# the commit messages to end the early:
# https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-commands#multiline-strings
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
echo "COMMIT_MSGS<<$EOF" >> $GITHUB_OUTPUT
echo "$COMMIT_MSGS" >> $GITHUB_OUTPUT
echo "$EOF" >> $GITHUB_OUTPUT
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
echo "CHANGES<<$EOF" >> $GITHUB_OUTPUT
echo "$CHANGES" >> $GITHUB_OUTPUT
echo "$EOF" >> $GITHUB_OUTPUT