github-ci: check for new authors in pull-request

On pull request, get a list of commit authors for the pull request and
compare to the list of authors in git master. If any differ, save to
new-authors.txt and upload this as an artifact.

As a workflow-run, download this artifact and if non-empty, add a
comment to the pull-request that new authors may be part of the pull
request.

This 2 step approach is because GitHub actions running in pull-request
context are not allowed to comment on the pull request, instead a
post-workflow workflow has been added that runs in the context of the
repo which can then comment on the pull request.

diff --git a/.github/workflows/authors-done.yml b/.github/workflows/authors-done.yml
new file mode 100644 (file)
index 0000000..b1700e1
--- /dev/null
+++ b/.github/workflows/authors-done.yml
@@ -0,0 +1,54 @@
+name: New Authors Report
+
+on:
+  workflow_run:
+    workflows: [New Authors Check]
+    types: [completed]
+
+jobs:
+  comment:
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo "Author check is complete"
+
+      - name: Download artifact new authors
+        uses: actions/github-script@v6
+        with:
+          script: |
+            let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               run_id: context.payload.workflow_run.id,
+            });
+            let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
+              return artifact.name == "new-authors";
+            })[0];
+            let download = await github.rest.actions.downloadArtifact({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               artifact_id: matchArtifact.id,
+               archive_format: 'zip',
+            });
+            let fs = require('fs');
+            fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/new-authors.zip`, Buffer.from(download.data));
+      - run: unzip new-authors.zip
+      - run: |
+          if test -s new-authors.txt; then
+            echo new_authors=yes >> $GITHUB_ENV
+          fi
+      - name: Comment on PR
+        if: ${{ env.new_authors == 'yes' }}
+        uses: actions/github-script@v6
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            let fs = require('fs');
+            let issue_number = Number(fs.readFileSync('./pr-number.txt'));
+            let new_authors = String(fs.readFileSync('./new-authors.txt'));
+            let msg = 'NOTE: This PR may contain new authors:\n\n```\n' + new_authors + '```';
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: issue_number,
+              body: msg
+            });

diff --git a/.github/workflows/authors.yml b/.github/workflows/authors.yml
new file mode 100644 (file)
index 0000000..a3d5485
--- /dev/null
+++ b/.github/workflows/authors.yml
@@ -0,0 +1,46 @@
+name: New Authors Check
+
+on:
+  pull_request:
+
+jobs:
+  check-id:
+    name: New Author Check
+    runs-on: ubuntu-latest
+    steps:
+      - run: sudo apt -y install git
+      - run: git clone https://github.com/${{ github.repository }}
+      - run: git remote add author ${{ github.event.pull_request.head.repo.html_url }}
+        working-directory: suricata
+      - run: git fetch author
+        working-directory: suricata
+      - run: git checkout author/${{ github.event.pull_request.head.ref }}
+        working-directory: suricata
+      - name: Export known authors from master branch
+        run: git log --format="%an <%ae>" origin/master | sort | uniq > ../authors.txt
+        working-directory: suricata
+      - name: Export authors from new commits
+        run: git log --format="%an <%ae>" origin/${GITHUB_BASE_REF}... | sort | uniq > ../commit-authors.txt
+        working-directory: suricata
+      - name: Check new authors
+        run: |
+          touch new-authors.txt
+          while read -r author; do
+             echo "Checking author: ${author}"
+             if ! grep -q "^${author}\$" authors.txt; then
+                 echo "ERROR: ${author} NOT FOUND"
+                 echo "::warning ::New author found: ${author}"
+                 echo "${author}" >> new-authors.txt
+                 echo has_new_authors="yes" >> $GITHUB_ENV
+             fi
+          done < commit-authors.txt
+      - run: mkdir new-authors
+      - run: cp new-authors.txt new-authors
+      - run: echo ${{ github.event.number }} > new-authors/pr-number.txt
+      - run: ls -l
+      - name: Upload new authors
+        uses: actions/upload-artifact@v3
+        with:
+          name: new-authors
+          path: new-authors
+