refactor(docker): use arg to set rulebook name

ref: #3 #1
2025-07-01 23:27:05 +09:30
14 changed files with 53 additions and 311 deletions
--- a/.cz.yaml
+++ b/.cz.yaml
@ -1,23 +0,0 @@
 ---
 commitizen:
  customize:
    change_type_map:
      feature: Features
      fix: Fixes
      refactor: Refactoring
      test: Tests
    change_type_order:
      - BREAKING CHANGE
      - feat
      - fix
      - test
      - refactor
    # yamllint disable rule:line-length
    commit_parser: ^(?P<change_type>feat|fix|test|refactor|perf|BREAKING CHANGE)(?:\((?P<scope>[^()\r\n]*)\)|\()?(?P<breaking>!)?:\s(?P<message>.*)?
    # yamllint enable rule:line-length
  name: cz_customize
  prerelease_offset: 1
  tag_format: $version
  update_changelog_on_bump: false
  version: 0.0.1
  version_scheme: semver
--- a/.gitea/.gitkeep
+++ b/.gitea/.gitkeep
--- a/.gitea/workflows/.gitkeep
+++ b/.gitea/workflows/.gitkeep
--- a/.gitea/workflows/pull_request.yaml
+++ b/.gitea/workflows/pull_request.yaml
@ -1,42 +0,0 @@
 ---
 name: Lint (Pull Request)
 on:
  pull_request: {}
 jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - name: Enable Matcher Service
        run: |
          echo "NFC_PROBLEM_MATCHER=${GITHUB_REF_NAME}";
      - uses: actions/checkout@v3
      - name: Install YAMLLint
        run: pip install yamllint
      - name: Run YAMLLint
        run: |
          echo "NFC_PROBLEM_MATCHER_TYPE=YAML-Lint"
          yamllint -f github . || true
      - name: Install Ansible-Lint
        run: pip install ansible-lint
      - name: Run Ansible-Lint
        run: |
          echo "NFC_PROBLEM_MATCHER_TYPE=pylint-json";
          ansible-lint -f json . || true
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@ -1,25 +0,0 @@
 ---
 name: 'CI'
 on:
  push:
    branches:
      - '**'
    tags:
      - '*'
 jobs:
  docker:
    name: 'Docker'
    uses: nofusscomputing/action_docker/.github/workflows/docker.yaml@development
    with:
      DOCKER_BUILD_IMAGE_NAME: "nofusscomputing/git-event-problem-matcher"
      DOCKER_PUBLISH_REGISTRY: "docker.io"
      DOCKER_PUBLISH_IMAGE_NAME: "nofusscomputing/git-event-problem-matcher"
    secrets:
      DOCKER_PUBLISH_USERNAME: ${{ secrets.NFC_DOCKERHUB_USERNAME }}
      DOCKER_PUBLISH_PASSWORD: ${{ secrets.NFC_DOCKERHUB_TOKEN }}
--- a/.github/workflows/pull_request.yaml
+++ b/.github/workflows/pull_request.yaml
@ -1,17 +0,0 @@
 ---
 name: Pull Requests
 on:
  pull_request: {}
 jobs:
  ci-test:
    runs-on: ubuntu-latest
    steps:
      - name: Test
        run: |
          echo "github";
--- a/.yamllint
+++ b/.yamllint
@ -1,77 +0,0 @@
 ---
 # extends: default
 ignore:
  - '.github/'
  - '**/crd/**'
  - mkdocs.yml
  - '*PrometheusRule*'
  - '**/source/**'
 rules:
  braces:
    level: error
    max-spaces-inside: 1
    min-spaces-inside: 1
    min-spaces-inside-empty: 0
    max-spaces-inside-empty: 0
  brackets:
    level: error
    max-spaces-inside: 1
    min-spaces-inside: 1
    min-spaces-inside-empty: 0
    max-spaces-inside-empty: 0
  colons:
    level: warning
    max-spaces-after: 1
  commas:
    level: warning
  comments:
    level: error
    require-starting-space: true
    ignore-shebangs: true
    min-spaces-from-content: 4
  comments-indentation:
    level: error
  document-end:
    level: error
    present: false
  document-start:
    level: error
    present: true
  empty-lines:
    level: error
    max: 3
    max-start: 0
    max-end: 0
  hyphens:
    level: error
    max-spaces-after: 1
  indentation:
    level: error
    spaces: 2
    indent-sequences: true
    check-multi-line-strings: true
  line-length:
    level: warning
    max: 100
    allow-non-breakable-inline-mappings: true
  new-lines:
    level: error
    type: unix
  truthy: disable
--- a/README.md
+++ b/README.md
@ -1,66 +1 @@
 # No Fuss Computings Git[ea/hub] Event Processing
 Documentation for the collection.
 ## TL;DR
 | Name | required | Description |
 |:---:|:---:|:---|
 | GIT_API_TOKEN | :white_check_mark: | API token to access Git[ea/hub] to post PR Review. |
 | GIT_API_URL | :white_check_mark: | API URL to access Git[ea/hub]. To create random one `echo $(head -c 50 /dev/urandom | xxd -p | head -c 50)` |
 | GIT_INTERNAL_API_URL | :x: | An internal URL to use in place of the public API URL. i.e. DMZ url. |
 | GIT_EVENT_RULEBOOK_TOKEN | :white_check_mark: | The token to set for the inbound connection to the container. |
 | GIT_EVENT_RULEBOOK_PORT | :x: | The port to listen for inbound webhooks. Defaults to 5000 |
 | ENABLE_DEBUG_LOGGING | :x: | Turn on playbook debug logging. Defaults to `false` :warning: Doing this will output you auth tokens to the log. |
 ### Steps
 1. deploy somewhere that git[ea/hub] has access to the container
 1. ensure vars above are set within the container
 1. **Gor Gitea** Go to `Site ADministration -> Integrations-> Webhooks`
    1. Add a system webhook
    1. set the http url to the container ip/dns name. ensure port is specifed. suffic `:<port number>`
    1. select `Trigger On -> Workflow Jobs`
    1. set `Authorization Header` to `Bearer <actual value of GIT_EVENT_RULEBOOK_TOKEN>`
    1. click `Update Webhook` to save
 1. you are now GTG and all jobs will get posted to the container for processing.
 ### Setup Parsing of matchers
 1. Before any parsing can be done the following must be output with the id of the pull request to enable the problem matcher parsing.
    ``` bash
    echo "NFC_PROBLEM_MATCHER=${GITHUB_REF_NAME}";
    ```
 1. Ansible Lint
    1. before pylint runs, ensure the following commands are executed in your workflow.
    ``` bash
    echo "NFC_PROBLEM_MATCHER_TYPE=pylint-json";
    ```
    1. the output format for pylint is json. i.e. `ansible-lint -f json .`
 1. Parsing normal GitHub Problem matchers
    1. Before the job runs, give the matcher a name, no spaces, only letters and can have `-` and `_`
    ``` bash
    echo "NFC_PROBLEM_MATCHER_TYPE=My-Job-Name";
    ```
    1. now run the job that outputs in standrd Github style problem matchers.
 1. Now the user will have a PR reviews done with the contents of the problem matcher(s) as review comments.
--- a/6
+++ b/6
@ -1,4 +1,4 @@
-ARG GIT_EVENT_RULEBOOK_NAME='problem_matcher'
+ARG PROBLEM_MATCHER_NAME='problem_matcher'
 FROM python:3.11-alpine3.22 AS Build
@ -54,7 +54,7 @@ RUN cd /tmp/python_modules; \
 FROM python:3.11-alpine3.22
-ARG GIT_EVENT_RULEBOOK_NAME
+ARG PROBLEM_MATCHER_NAME
 RUN apk --no-cache update; \
@ -68,7 +68,7 @@ ENV ANSIBLE_INVENTORY hosts.yaml
 ENV JAVA_HOME /usr/lib/jvm/java-21-openjdk
-ENV GIT_EVENT_RULEBOOK_NAME ${GIT_EVENT_RULEBOOK_NAME}
+ENV PROBLEM_MATCHER_NAME ${PROBLEM_MATCHER_NAME}
 COPY includes/ /
--- a/extensions/eda/rulebooks/problem_matcher.yml
+++ b/extensions/eda/rulebooks/problem_matcher.yml
@ -8,8 +8,8 @@
    - name: Webhook
      ansible.eda.webhook:
        host: 0.0.0.0
-        port: "{{ GIT_EVENT_RULEBOOK_PORT | default(5000) | int }}"
+        port: "{{ PROBLEM_MATCHER_PORT | default(5000) | int }}"
-        token: "{{ GIT_EVENT_RULEBOOK_TOKEN | default('-not-set-') }}"
+        token: "{{ PROBLEM_MATCHER_TOKEN | default('-not-set-') }}"
  rules:
@ -27,12 +27,10 @@
    - name: Process Completed workflow_job
      # yamllint disable rule:indentation
      condition: >
        event.meta.headers['X-GitHub-Event'] == 'workflow_job'
          and
        event.payload.action == 'completed'
      # yamllint enable rule:indentation
      actions:
        - run_playbook:
--- a/galaxy.yml
+++ b/galaxy.yml
@ -1,46 +1,79 @@
 ---
 ### REQUIRED
 # The namespace of the collection. This can be a company/brand/organization or product namespace under which all
 # content lives. May only contain alphanumeric lowercase characters and underscores. Namespaces cannot start with
 # underscores or numbers and cannot contain consecutive underscores
 namespace: nofusscomputing
 # The name of the collection. Has the same character restrictions as 'namespace'
 name: git_events
 # The version of the collection. Must be compatible with semantic versioning
 version: 0.0.1
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md
 # A list of the collection's content authors. Can be just the name or in the format 'Full Name <email> (url)
 # @nicks:irc/im.site#channel'
 authors:
  - No Fuss Computing
 ### OPTIONAL but strongly recommended
 # A short summary description of the collection
 description: Git[ea/hub] Problem matcher parser with PR Code Review
 # Either a single license or a list of licenses for content inside of a collection. Ansible Galaxy currently only
 # accepts L(SPDX,https://spdx.org/licenses/) licenses. This key is mutually exclusive with 'license_file'
 license:
  - MIT
 # The path to the license file for the collection. This path is relative to the root of the collection. This key is
 # mutually exclusive with 'license'
 license_file: LICENCE
 # A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character
 # requirements as 'namespace' and 'name'
 tags:
  - ci
  - event
  - rulebook
  - tools
 # Collections that this collection requires to be installed for it to be usable. The key of the dict is the
 # collection label 'namespace.name'. The value is a version range
 # L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version
 # range specifiers can be set and are separated by ','
 dependencies: {}
 # The URL of the originating SCM repository
 repository: https://nofusscomputing.com/git/ansible-collections/git-events
 # The URL to any online docs
 documentation: https://nofusscomputing.com/git/ansible-collections/git-events
 # The URL to the homepage of the collection/project
 homepage: https://nofusscomputing.com/git/ansible-collections/git-events
 # The URL to the collection issue tracker
 issues: https://nofusscomputing.com/git/ansible-collections/git-events/issues
 # A list of file glob-like patterns used to filter any files or directories that should not be included in the build
 # artifact. A pattern is matched from the relative path of the file or directory of the collection directory. This
 # uses 'fnmatch' to match the files or directories. Some directories and files like 'galaxy.yml', '*.pyc', '*.retry',
 # and '.git' are always filtered. Mutually exclusive with 'manifest'
 build_ignore: [
  '.ansible',
  artifacts/,
  '.cz.yaml',
  '.dockerignore',
  'dockerfile',
  '.git',
  'galaxy.yml',
  '*.tmp.*'
 ]
 # A dict controlling use of manifest directives used in building the collection artifact. The key 'directives' is a
 # list of MANIFEST.in style
 # L(directives,https://packaging.python.org/en/latest/guides/using-manifest-in/#manifest-in-commands). The key
 # 'omit_default_directives' is a boolean that controls whether the default directives are used. Mutually exclusive
 # with 'build_ignore'
 # manifest: null
--- a/includes/entrypoint.sh
+++ b/includes/entrypoint.sh
@ -7,8 +7,8 @@ if [ $# -eq 0 ]; then
    cd ${HOME};
    ansible-rulebook \
-        -r nofusscomputing.git_events.${GIT_EVENT_RULEBOOK_NAME} \
+        -r nofusscomputing.git_events.${PROBLEM_MATCHER_NAME} \
-        --env-vars GIT_EVENT_RULEBOOK_PORT,GIT_EVENT_RULEBOOK_TOKEN \
+        --env-vars PROBLEM_MATCHER_PORT,PROBLEM_MATCHER_TOKEN \
        -v;
 else
--- a/includes/usr/bin/annotations.py
+++ b/includes/usr/bin/annotations.py
@ -6,7 +6,7 @@ import json
 # import requests
 import os
-# API Docs: https://docs.github.com/en/rest/pulls/reviews?apiVersion=2022-11-28#create-a-review-for-a-pull-request
+
 def default_matcher( entry, tool_name = '' ) -> dict:
@ -144,8 +144,8 @@ regex = {
        r'"description":\s*"(?P<description>[^"]+)",\s*'
        r'"fingerprint":\s*"(?P<fingerprint>[^"]+)",\s*'
        r'"location":\s*\{\s*"path":\s*"(?P<path>[^"]+)".+?'
-        r'"line[s]?":.+?(?P<line>\d+).*?\}}'
+        r'"line[s]?":.+?(?P<line>\d+).*?\}},'
-        r'(?:,\s"content":\s\{"body":\s"(?P<body>.+?)")?'
+        r'(?:\s"content":\s\{"body":\s"(?P<body>.+?)")?'
    )
 }
@ -205,11 +205,7 @@ for line in sys.stdin:
 if not NFC_PROBLEM_MATCHER:
-    print(json.dumps({
+    sys.exit(2)
        'pull_request': ''
    }, indent=4))
    sys.exit(0)
 if not results:
@ -281,14 +277,6 @@ for msg_type, value in review_body.items():
        )
 if len(api_body['comments']) == 0:
    api_body.update({
        'body': "G'day, I didn't find any problems to report on",
        'event': 'APPROVE'
    })
 data = {
    "pull_request": pull_request,
    "api_body": api_body
--- a/playbooks/problem_matcher.yaml
+++ b/playbooks/problem_matcher.yaml
@ -9,30 +9,14 @@
    - name: Get facts from Environment
      ansible.builtin.set_fact:
-        git_api_url: "{{ lookup('env', 'GIT_INTERNAL_API_URL') | default(payload.repository.url) }}"
+        gitea_url: "{{ lookup('env', 'GITEA_INTERNAL_URL') | default(payload.repository.url) }}"
-        gitea_replace_url: "{{ lookup('env', 'GIT_API_URL') | default(payload.repository.url) }}"
+        gitea_replace_url: "{{ lookup('env', 'GITEA_URL') | default(payload.repository.url) }}"
        disable_logging: "{{ not lookup('env', 'ENABLE_DEBUG_LOGGING') | bool | default(false) }}"
    - name: Set var gitea_replace_url if empty
      ansible.builtin.set_fact:
        git_api_url: "{{ payload.repository.url }}"
      when: >
        git_api_url == ""
    - name: Set var gitea_replace_url if empty
      ansible.builtin.set_fact:
        gitea_replace_url: "{{ payload.repository.url }}"
      when: >
        gitea_replace_url == ""
    - name: Set required Facts
      ansible.builtin.set_fact:
-        git_url_api: >-
+        git_url_api: "{{ payload.repository.url | replace(gitea_replace_url, gitea_url) }}"
          {{ payload.repository.url |
          replace((gitea_replace_url | split('/api/'))[0], git_api_url) }}
        git_url_path_jobs: 'actions/jobs'
        head_sha: "{{ payload.workflow_job.head_sha }}"
@ -53,9 +37,7 @@
    - name: Fetch job log
      ansible.builtin.uri:
-        url: >-
+        url: "{{ git_url_api + '/' + git_url_path_jobs + '/' + payload.workflow_job.id | string + '/logs' }}"
          {{ git_url_api + '/' + git_url_path_jobs
          + '/' + payload.workflow_job.id | string + '/logs' }}
        dest: /tmp/job.log
        headers:
          Authorization: token {{ lookup('env', 'GIT_API_TOKEN') }}
@ -71,9 +53,7 @@
        cmd: |
          set -o pipefail;
-          export GITHUB_ACTOR={{ payload.sender.username }};
+          export GITHUB_ACTOR={{ payload.sender.username }}
          export GITHUB_SHA={{ payload.workflow_job.head_sha }};
          cat /tmp/job.log | annotations > /tmp/annotations.json;
@ -100,15 +80,11 @@
        validate_certs: false
      no_log: "{{ disable_logging }}"
      register: http_get_pull_request
      when: >
        annotations.pull_request | string
    - name: Trace - Display Pull Request State
      ansible.builtin.debug:
        msg: "{{ http_get_pull_request.json.state | default('No PR found') }}"
      when: >
        not http_get_pull_request.skipped | default(false) | bool
    - name: Post review
@ -123,11 +99,7 @@
        timeout: 10
        validate_certs: false
      no_log: "{{ disable_logging }}"
      # yamllint disable rule:indentation
      when: >
        http_get_pull_request.json.state | default('-') != 'closed'
          and
-        http_get_pull_request.status | default(0) == 200
+        http_get_pull_request.status == 200
          and
        not http_get_pull_request.skipped | default(false) | bool
      # yamllint enable rule:indentation