Learning Paths Automation #5904
Conversation
* Create check-learning-path-links.yml * Update check-learning-path-links.yml * Update check-learning-path-links.yml * Update check-learning-path-links.yml * Update check-learning-path-links.yml * Update ActivityExtensions.cs * Update check-learning-path-links.yml * Update check-learning-path-links.yml * Update check-learning-path-links.yml * Update check-learning-path-links.yml * Update check-learning-path-links.yml * Update check-learning-path-links.yml * Update check-learning-path-links.yml * Update check-learning-path-links.yml * Update check-learning-path-links.yml * Update check-learning-path-links.yml * Update check-learning-path-links.yml * Update check-learning-path-links.yml * Update check-learning-path-links.yml * Update submit-linter-suggestions.yml * Update submit-linter-suggestions.yml * Create submit-learning-paths-staleness-check.yml * Update check-learning-path-links.yml * Update check-learning-path-links.yml * Update check-learning-path-links.yml * Update submit-learning-paths-staleness-check.yml * Update submit-learning-paths-staleness-check.yml * Update submit-learning-paths-staleness-check.yml * Update submit-learning-paths-staleness-check.yml * Update submit-learning-paths-staleness-check.yml * Update submit-learning-paths-staleness-check.yml * Update submit-learning-paths-staleness-check.yml * Update submit-learning-paths-staleness-check.yml * Update submit-learning-paths-staleness-check.yml * Update submit-learning-paths-staleness-check.yml * Update submit-learning-paths-staleness-check.yml * Update check-learning-path-links.yml * Update submit-learning-paths-staleness-check.yml * Update submit-learning-paths-staleness-check.yml * Update submit-learning-paths-staleness-check.yml * Update check-learning-path-links.yml * Update submit-learning-paths-staleness-check.yml * Update submit-learning-paths-staleness-check.yml * Update submit-learning-paths-staleness-check.yml * Update submit-learning-paths-staleness-check.yml * Update submit-learning-paths-staleness-check.yml * Update submit-learning-paths-staleness-check.yml * Update submit-learning-paths-staleness-check.yml * Update submit-learning-paths-staleness-check.yml * Update submit-learning-paths-staleness-check.yml * Update submit-learning-paths-staleness-check.yml * Update submit-learning-paths-staleness-check.yml * Update submit-learning-paths-staleness-check.yml * Update submit-learning-paths-staleness-check.yml * Update check-learning-path-links.yml * Update submit-learning-paths-staleness-check.yml * Update submit-learning-paths-staleness-check.yml * Update submit-learning-paths-staleness-check.yml * Update TestAssemblies.cs * Update CollectionRulePipeline.cs * Update submit-learning-paths-staleness-check.yml * Update CollectionRulePipeline.cs * Update CollectionRulePipeline.cs * Update submit-learning-paths-staleness-check.yml * Update ActivityExtensions.cs * Update CollectionRulePipeline.cs * Update TestAssemblies.cs
…ons/apply-learning-path-updates/action.yml
…s/apply-learning-path-updates/index.js
…essActions Kkeirstead/learning path staleness actions
|
|
||
| function ReplaceOldWithNewText(content, oldText, newText) | ||
| { | ||
| return content.replace(new RegExp(oldText, 'g'), newText); |
There was a problem hiding this comment.
We should avoid creating a regex expression from an arbitrary variable here. content.replaceAll(oldText, newText) should work here instead
| working-directory: ./head | ||
| run: | | ||
| mkdir -p ./learning-path-review | ||
| echo -n "${{ steps.check-links.outputs.modifiedFiles }}" > ./learning-path-review/modifiedFiles |
There was a problem hiding this comment.
Using substitution expressions here is a script injection risk. All of these should be passed in via an env block instead to avoid the risk.
Example:
dotnet-monitor/.github/workflows/update-release-version.yml
Lines 89 to 96 in 341ff64
| name: 'Check Learning Path Links' | ||
| on: | ||
| schedule: # Run once a week | ||
| - cron: '0 0 * * 1' |
There was a problem hiding this comment.
I'd be in favor of this running every other week or once a month. As it stands every week is a bit of noise for a manual review PR since there will always be changes everytime the HEAD commit is updated.
| - name: Checkout head | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| persist-credentials: true |
There was a problem hiding this comment.
What's the reason for persisted credentials? This is a security risk, especially since the token has elevated permissions and this step is ran first. Depending on the reason we can refactor this a couple different ways to minimize the risk.
| manuallyReview=${manuallyReview//,/<br />} | ||
| manuallyReviewSection="<h2>Manually Review:</h2>${manuallyReview}<br />" | ||
| if test -z "$manuallyReview"; then | ||
| manuallyReviewSection="" |
There was a problem hiding this comment.
nit: formatting, let's fix the indentation on the conditionals to make it easier to read.
| manuallyReview=$(cat ./learning-path-review/manuallyReview) | ||
| manuallyReview=${manuallyReview//,/<br />} | ||
| manuallyReviewSection="<h2>Manually Review:</h2>${manuallyReview}<br />" | ||
| if test -z "$manuallyReview"; then |
There was a problem hiding this comment.
Let's switch all of these if statements to use the bracket commands instead of explicit test as that's more conventional in bash scripts.
e.g. if [ -z "$manuallyReview" ]
| @@ -0,0 +1,117 @@ | |||
| name: 'Submit Learning Path PR' | |||
There was a problem hiding this comment.
I'm not sure I see the value of having split workflows here. It's adding a lot of complexity (and potential security risks) without adding value now that the proposed issue step has been removed.
Let's consolidate the split workflows and actions into a single one instead. If we consolidate them, then the action can simply generate a report (pr body) instead of outputting several variables and having a bash script do it which is more prone to script injections.
|
Closing this to prevent churn while testing/debugging new changes...I made the mistake of merging directly from my fork's main branch where I had been running the workflow. Will make sure comments are not lost. |
Summary
This PR adds new workflows to aid in keeping learning paths up-to-date. This is a simplified version of what I previously demoed (I removed the Issue step in the middle now that we're auto-applying the suggestions), with the following flow:
There are a number of ways this could be improved (such as stable tags instead of commit hashes or increasing what this can handle automatically), but I'm trying not to over-engineer V1 of this so we can start using it here and in other repos. If we notice pain points, updates can be made to address them, but hopefully this should reduce the burden of keeping the learning paths up to date. By not running on every PR, this should hopefully alleviate some of the concerns from the first prototype about this getting in the way for every commit.
This is an example run on my fork - this simulates miscellaneous changes being made over the course of a week, and what PR would be auto-generated. The auto-applied suggestions handle in-file adjustments, and files that have ambiguous links or were renamed/deleted are listed under manually review. The "Out Of Sync" section shows that
configuration.mdhas a link referencing main instead of the correct hash.Release Notes Entry