Stirling-Tools · Frooodle · Dec 29, 2024 · Dec 29, 2024
@@ -6,16 +6,14 @@ on:
     paths:
       - "src/main/resources/messages_*.properties"
 
-permissions: read-all
+permissions:
+  contents: read # Allow read access to repository content
+  issues: write # Allow posting comments on issues/PRs
 
 jobs:
   check-files:
     if: github.event_name == 'pull_request_target'
     runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      pull-requests: write
-      issues: write
     steps:
       - name: Harden Runner
         uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
@@ -24,72 +22,77 @@ jobs:
 
       - name: Checkout main branch first
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          ref: main
-          path: main-branch
-          fetch-depth: 0
-
-      - name: Checkout PR branch
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          repository: ${{ github.event.pull_request.head.repo.full_name }}
-          ref: ${{ github.event.pull_request.head.ref }}
-          path: pr-branch
-          fetch-depth: 0
 
       - name: Set up Python
         uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
         with:
           python-version: "3.x"
 
-      - name: Install GitHub CLI
-        run: sudo apt-get update && sudo apt-get install -y gh
-
       - name: Fetch PR changed files
         id: fetch-pr-changes
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           echo "Fetching PR changed files..."
-          cd pr-branch
-          gh repo set-default ${{ github.repository }}
-          # Store files in a safe way, only allowing valid properties files
-          echo "Getting list of changed files from PR..."
-          gh pr view ${{ github.event.pull_request.number }} --json files -q ".files[].path" | grep -E '^src/main/resources/messages_[a-zA-Z_]+\.properties$' > ../changed_files.txt
-          cd ..
 
-          echo "Processing changed files..."
-          mapfile -t CHANGED_FILES < changed_files.txt
+          gh repo set-default ${{ github.event.pull_request.head.repo.full_name }} # Set the fork repository as default
 
-          CHANGED_FILES_STR="${CHANGED_FILES[*]}"
-          echo "CHANGED_FILES=${CHANGED_FILES_STR}" >> $GITHUB_ENV
-
-          echo "Changed files: ${CHANGED_FILES_STR}"
+          # Fetch the list of changed files in the PR
+          echo "Getting list of changed files from PR..."
+          gh pr view ${{ github.event.pull_request.number }} --json files -q ".files[].path" | grep -E '^src/main/resources/messages_[a-zA-Z_]+\.properties$' > changed_files.txt # Filter only matching property files
 
       - name: Determine reference file
         id: determine-file
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           echo "Determining reference file..."
+          REPO_OWNER=$(gh pr view ${{ github.event.pull_request.number }} --json author -q '.author.login') # Get PR author's username
+          REPO_NAME=$(gh pr view ${{ github.event.pull_request.number }} --json headRepository -q '.headRepository.name') # Get PR repository name
+          BRANCH=$(gh pr view ${{ github.event.pull_request.number }} --json headRefName -q '.headRefName') # Get PR branch name
+
+          mkdir -p pr-branch # Create a directory for PR files
+
+          # Download the content of each changed file
+          while IFS= read -r file; do
+            mkdir -p "pr-branch/$(dirname "$file")" # Create directories for files
+            gh api repos/$REPO_OWNER/$REPO_NAME/contents/$file?ref=$BRANCH --jq '.content' | base64 -d > "pr-branch/src/main/resources/$(basename "$file")" # Save decoded file content
+          done < changed_files.txt
+
+          # Generate a list of files without the "pr-branch/" prefix
+          find pr-branch/ -type f | awk -F'pr-branch/' '{print $2}' > file_list.txt
+
+          mapfile -t FILES_LIST < file_list.txt # Read the file list into an array
+          FILES_LIST_STR="${FILES_LIST[*]}" # Join array into a space-separated string
+          echo "FILES_LIST=${FILES_LIST_STR}" >> $GITHUB_ENV # Export the file list to the environment
+          echo "Changed files: ${FILES_LIST_STR}"
+
+          cat file_list.txt # Display the file list
+
+          # Determine which reference file to use
           if grep -Fxq "src/main/resources/messages_en_GB.properties" changed_files.txt; then
               echo "Using PR branch reference file"
-              echo "REFERENCE_FILE=pr-branch/src/main/resources/messages_en_GB.properties" >> $GITHUB_ENV
+              REFERENCE_FILE="pr-branch-messages_en_GB.properties"
+              gh api repos/$REPO_OWNER/$REPO_NAME/contents/src/main/resources/messages_en_GB.properties?ref=${{ github.event.pull_request.head.ref }} \
+                --jq '.content' | base64 -d > $REFERENCE_FILE # Save PR branch reference file
           else
               echo "Using main branch reference file"
-              echo "REFERENCE_FILE=main-branch/src/main/resources/messages_en_GB.properties" >> $GITHUB_ENV
+              REFERENCE_FILE="main-branch-messages_en_GB.properties"
+              gh api repos/Ludy87/test_java/contents/src/main/resources/messages_en_GB.properties?ref=main \
+                --jq '.content' | base64 -d > $REFERENCE_FILE # Save main branch reference file
           fi
 
-      - name: Show REFERENCE_FILE
-        run: echo "Reference file is set to ${REFERENCE_FILE}"
+          echo "REFERENCE_FILE=$REFERENCE_FILE" >> $GITHUB_ENV # Export reference file path to the environment
 
       - name: Run Python script to check files
         id: run-check
         run: |
           echo "Running Python script to check files..."
-          python main-branch/.github/scripts/check_language_properties.py \
+          python .github/scripts/check_language_properties.py \
             --actor ${{ github.event.pull_request.user.login }} \
             --reference-file "${REFERENCE_FILE}" \
-            --branch pr-branch \
-            --files "${CHANGED_FILES[@]}" > result.txt || true
+            --branch "pr-branch" \
+            --files "${FILES_LIST[@]}" > result.txt || true
 
       - name: Capture output
         id: capture-output
@@ -102,7 +105,7 @@ jobs:
             echo "EOF" >> $GITHUB_ENV
             echo "${SCRIPT_OUTPUT}"
 
-            # Set FAIL_JOB to true if SCRIPT_OUTPUT contains ❌
+            # Determine job failure based on script output
             if [[ "$SCRIPT_OUTPUT" == *"❌"* ]]; then
               echo "FAIL_JOB=true" >> $GITHUB_ENV
             else
@@ -132,7 +135,7 @@ jobs:
 
             const comment = comments.data.find(c => c.body.includes("## 🚀 Translation Verification Summary"));
 
-            // Only allow the action user to update comments
+            // Only update or create comments by the action user
             const expectedActor = "github-actions[bot]";
 
             if (comment && comment.user.login === expectedActor) {