Add aggregate action

Author: jprinet

.github/workflows/test-terms-of-service-acceptance-run.yml

@@ -9,8 +9,6 @@ jobs:
     permissions:
       contents: write
       pull-requests: write
-      actions: write
-      statuses: write
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -19,3 +17,5 @@ jobs:
         with:
           tos-location: 'https://foo.bar/tos.html'
           white-list: '*'
+          signature-branch: ${{ github.event.repository.default_branch }}
+          signature-location: '.github/develocity-tos.json'

README.md

@@ -35,6 +35,7 @@ _Note:_
 Some parameters need to be adjusted here:
 - The workflow name (here `Build`) triggered when a pull-request is submitted
 - The build workflow filename (here `build.yml`) has to be adjusted to the filename of the workflow using `maven-build-scan/save`
+- The location of the Develocity Terms of Service (here `https://foo.bar/tos.html`)
 - The Develocity URL (here `https://<MY_DEVELOCITY_URL>`)
 - The secret name holding the Develocity access key (here `<DEVELOCITY_ACCESS_KEY>`)
 
@@ -56,45 +57,35 @@ jobs:
       contents: write
       pull-requests: write
     steps:
-      - name: Load data
-        id: load
-        uses: gradle/github-actions/maven-build-scan/load@v1.0
+      - name: Publish Build Scan
+        uses: gradle/github-actions/maven-build-scan@v1.0
         with:
           build-workflow-filename: 'build.yml'
-      - name: Verify Terms of Service acceptance
-        uses: gradle/github-actions/terms-of-service-acceptance/run@v1.0
-        with:
           tos-location: 'https://foo.bar/tos.html'
-          pr-number: ${{ steps.load.outputs.pr-number }}
-      - name: Publish Maven Build Scans
-        uses: gradle/github-actions/maven-build-scan/publish@v1.0
-        with:
           develocity-url: 'https://<MY_DEVELOCITY_URL>'
           develocity-access-key: ${{ secrets.<DEVELOCITY_ACCESS_KEY> }}
-          pr-number: ${{ steps.load.outputs.pr-number }}
 ```
 
 ### Implementation details
 
-#### terms-of-service-acceptance/run
+#### maven-build-scan
 
-A composite action to verify that Develocity Terms of Service have been accepted.
+This composite action is a meta action to simplify the logic on consumer side.
 
-This action checks if the user submitting a pull-request has accepted the Terms of Service.
-If the user has previously accepted the terms, then the action succeeds.
-If not, a comment is made on the pull-request asking the user to accept and the action fails. The user can then accept the Terms of Service by responding with a specific comment on the pull-request.
-
-See the [cla-assistant-lite documentation](https://github.com/marketplace/actions/cla-assistant-lite) for more details.
+The action will download any saved Build Scan® and publish them to Develocity after having checked that the Terms of Service were accepted.
 
 **Dependencies**:
 
-- [cla-assistant-lite](https://github.com/marketplace/actions/cla-assistant-lite)
+- `maven-build-scan/load`
+- `terms-of-service-acceptance/run`
+- `maven-build-scan/publish`
 
 **Event Triggers**:
 
 This action should be configured to respond to the following event triggers:
 - `workflow_run`: to check if the user has previously accepted the Terms of Service before publishing a Build Scan®.
 - `issue_comment`: to check if any new pull-request comment is accepting the Terms of Service.
+These event allows access to the repository secrets (_Develocity Access Key_) which is required to publish a Build Scan® to Gradle Enterprise when authentication is enabled.
 
 **Permissions**:
 
@@ -106,8 +97,11 @@ The following permissions are required for this action to operate:
 
 | Name                                     | Description                                                                                    | Default                                                                                                                                                      |
 |------------------------------------------|------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `build-workflow-filename`                | Filename of the workflow using `maven-build-scan/save` (called upon pull-request submission)   |                                                                                                                                                              |
 | `tos-location`                           | Terms Of Service location (URL)                                                                |                                                                                                                                                              |
-| `pr-number`                              | pull-request number                                                                            |                                                                                                                                                              |
+| `develocity-url`                         | Develocity URL                                                                                 |                                                                                                                                                              |
+| `develocity-access-key`                  | *Optional*: Develocity access key                                                              |                                                                                                                                                              |
+| `develocity-allow-untrusted`             | *Optional*: Develocity allow-untrusted flag                                                    | `false`                                                                                                                                                      |
 | `signature-branch`                       | *Optional*: Git branch where the signature file will be stored                                 | `${{ github.event.repository.default_branch }}`                                                                                                              |
 | `signature-location`                     | *Optional*: Signature file location                                                            | `.github/develocity-tos.json`                                                                                                                                |
 | `pr-comment-tos-acceptance-missing`      | *Optional*: pull-request comment added when Terms of Service have not previously been accepted | `Please accept [Develocity Terms Of Service]({0}) to get your pull-request Build Scan published by commenting this pull-request with the following message:` |
@@ -120,16 +114,19 @@ The following permissions are required for this action to operate:
 
 _Note:_
 Some parameters need to be adjusted here:
-- The pull-request number (here `steps.load.outputs.pr-number`) has to be adjusted to the value set in the context
+- The build workflow filename (here `build.yml`) has to be adjusted to the filename of the workflow using `maven-build-scan/save`
+- The location of the Develocity Terms of Service (here `https://foo.bar/tos.html`)
+- The Develocity URL (here `https://<MY_DEVELOCITY_URL>`)
+- The secret name holding the Develocity access key (here `<DEVELOCITY_ACCESS_KEY>`)
 
 ```yaml
-[...]
-      - name: Verify Terms of Service acceptance
-        uses: gradle/github-actions/terms-of-service-acceptance/run@v1.0
+      - name: Publish Build Scan
+        uses: gradle/github-actions/maven-build-scan@v1.0
         with:
+          build-workflow-filename: 'build.yml'
           tos-location: 'https://foo.bar/tos.html'
-          pr-number: ${{ steps.load.outputs.pr-number }}
-[...]
+          develocity-url: 'https://<MY_DEVELOCITY_URL>'
+          develocity-access-key: ${{ secrets.<DEVELOCITY_ACCESS_KEY> }}
 ```
 
 #### maven-build-scan/save
@@ -181,14 +178,14 @@ This action should be configured to respond to the following event trigger (see
 - `workflow_run`: to run after the pull-request workflow.
 - `issue_comment`: to run after the pull-request is commented.
 
-The action fails for any other event trigger, or if the comment is different than `recheck` or `I have read Develocity Terms Of Service and I hereby accept the Terms` (can be overridden). 
+The action fails for any other event trigger, or if the comment is different than `recheck` or `I have read Develocity Terms Of Service and I hereby accept the Terms` (can be overridden).
 
 **Action inputs**:
 
-| Name                                | Description                                                                                  | Default                                                                 |
-|-------------------------------------|----------------------------------------------------------------------------------------------|-------------------------------------------------------------------------|
-| `build-workflow-filename`           | Filename of the workflow using `maven-build-scan/save` (called upon pull-request submission) |                                                                         |
-| `pr-comment-tos-acceptance-request` | *Optional*: pull-request comment to accept the Terms of Service                              | `I have read Develocity Terms Of Service and I hereby accept the Terms` |
+| Name                                | Description                                                                                  | Default |
+|-------------------------------------|----------------------------------------------------------------------------------------------|---------|
+| `build-workflow-filename`           | Filename of the workflow using `maven-build-scan/save` (called upon pull-request submission) |         |
+| `pr-comment-tos-acceptance-request` | pull-request comment to accept the Terms of Service                                          |         |
 
 **Action outputs**:
 
@@ -212,6 +209,62 @@ Some parameters need to be adjusted here:
 [...]
 ```
 
+#### terms-of-service-acceptance/run
+
+A composite action to verify that Develocity Terms of Service have been accepted.
+
+This action checks if the user submitting a pull-request has accepted the Terms of Service.
+If the user has previously accepted the terms, then the action succeeds.
+If not, a comment is made on the pull-request asking the user to accept and the action fails. The user can then accept the Terms of Service by responding with a specific comment on the pull-request.
+
+See the [cla-assistant-lite documentation](https://github.com/marketplace/actions/cla-assistant-lite) for more details.
+
+**Dependencies**:
+
+- [cla-assistant-lite](https://github.com/marketplace/actions/cla-assistant-lite)
+
+**Event Triggers**:
+
+This action should be configured to respond to the following event triggers:
+- `workflow_run`: to check if the user has previously accepted the Terms of Service before publishing a Build Scan®.
+- `issue_comment`: to check if any new pull-request comment is accepting the Terms of Service.
+
+**Permissions**:
+
+The following permissions are required for this action to operate:
+- `contents: write`: to create/edit the signature file
+- `pull-requests: write`: to comment the pull-request
+
+**Action inputs**:
+
+| Name                                     | Description                                                                        | Default |
+|------------------------------------------|------------------------------------------------------------------------------------|---------|
+| `tos-location`                           | Terms Of Service location (URL)                                                    |         |
+| `pr-number`                              | pull-request number                                                                |         |
+| `signature-branch`                       | Git branch where the signature file will be stored                                 |         |
+| `signature-location`                     | Signature file location                                                            |         |
+| `pr-comment-tos-acceptance-missing`      | pull-request comment added when Terms of Service have not previously been accepted |         |
+| `pr-comment-tos-acceptance-request`      | pull-request comment to accept the Terms of Service                                |         |
+| `pr-comment-tos-acceptance-confirmation` | pull-request comment added when Terms of Service are accepted                      |         |
+| `white-list`                             | CSV List of users not required to accept the Terms of Service                      |         |
+| `github-token`                           | Github token                                                                       |         |
+
+**Usage**:
+
+_Note:_
+Some parameters need to be adjusted here:
+- The pull-request number (here `steps.load.outputs.pr-number`) has to be adjusted to the value set in the context
+
+```yaml
+[...]
+      - name: Verify Terms of Service acceptance
+        uses: gradle/github-actions/terms-of-service-acceptance/run@v1.0
+        with:
+          tos-location: 'https://foo.bar/tos.html'
+          pr-number: ${{ steps.load.outputs.pr-number }}
+[...]
+```
+
 #### maven-build-scan/publish
 
 This action will publish all Maven Build Scans® that have been saved as workflow artifacts by the `maven-build-scan/save` action.
@@ -242,13 +295,13 @@ The following permissions are required for this action to operate:
 
 **Action inputs**:
 
-| Name                           | Description                                 | Default               |
-|--------------------------------|---------------------------------------------|-----------------------|
-| `develocity-url`               | Develocity URL                              |                       |
-| `pr-number`                    | pull-request number                         |                       |
-| `develocity-access-key`        | *Optional*: Develocity access key           |                       |
-| `develocity-allow-untrusted`   | *Optional*: Develocity allow-untrusted flag | `false`               |
-| `github-token`                 | *Optional*: Github token                    | `${{ github.token }}` |
+| Name                           | Description                        | Default               |
+|--------------------------------|------------------------------------|-----------------------|
+| `develocity-url`               | Develocity URL                     |                       |
+| `pr-number`                    | pull-request number                |                       |
+| `develocity-allow-untrusted`   | Develocity allow-untrusted flag    |                       |
+| `develocity-access-key`        | *Optional*: Develocity access key  |                       |
+| `github-token`                 | *Optional*: Github token           | `${{ github.token }}` |
 
 **Usage**:
 

doc/architecture.png

@@ -0,0 +1,71 @@
+name: Publish Maven Build Scan
+description: Publish Maven Build Scan
+
+inputs:
+  build-workflow-filename:
+    description: 'Filename of the workflow where the maven-build-scan/save action was triggered'
+    required: true
+  develocity-url:
+    description: 'Develocity URL'
+    required: true
+  develocity-access-key:
+    description: 'Develocity access key'
+    required: false
+  tos-location:
+    description: 'Terms of Service location as an URL (https://foo.com/tos.html) or a Github repository file (/<owner>/<repo>/blob/<branch>/tos.html)'
+    required: true
+  develocity-allow-untrusted:
+    description: 'Develocity allow-untrusted flag'
+    default: 'false'
+  pr-comment-tos-acceptance-missing:
+    description: 'pull-request comment added when Terms of Service are not accepted ({0} in the value will be replaced by tos-location input)'
+    default: 'Please accept [Develocity Terms of Service]({0}) to get your pull-request Build Scan published by commenting this pull-request with the following message:'
+  pr-comment-tos-acceptance-request:
+    description: 'pull-request comment to accept the Terms of Service'
+    default: 'I have read Develocity Terms of Service and I hereby accept the Terms'
+  pr-comment-tos-acceptance-validation:
+    description: 'pull-request comment added when Terms of Service are accepted'
+    default: 'All Contributors have accepted Develocity Terms of Service.'
+  signature-branch:
+    description: 'Git branch where the signature file will be stored'
+    default: ${{ github.event.repository.default_branch }}
+  signature-location:
+    description: 'Signature file location'
+    default: '.github/develocity-tos.json'
+  white-list:
+    description: 'CSV List of users not required to accept the Terms of Service'
+    default: ''
+  github-token:
+    description: 'The token used for Github API requests'
+    default: ${{ github.token }}
+    required: false
+
+runs:
+  using: composite
+  steps:
+    - name: Load data
+      id: load
+      uses: gradle/github-actions/maven-build-scan/load@v0.1
+      with:
+        build-workflow-filename: ${{ inputs.build-workflow-filename }}
+        pr-comment-tos-acceptance-request: ${{ inputs.pr-comment-tos-acceptance-request }}
+    - name: Verify Terms of Service acceptance
+      uses: gradle/github-actions/terms-of-service-acceptance/run@v0.1
+      with:
+        tos-location: ${{ inputs.tos-location }}
+        pr-number: ${{ steps.load.outputs.pr-number }}
+        pr-comment-tos-acceptance-missing: ${{ inputs.pr-comment-tos-acceptance-missing }}
+        pr-comment-tos-acceptance-request: ${{ inputs.pr-comment-tos-acceptance-request }}
+        pr-comment-tos-acceptance-validation: ${{ inputs.pr-comment-tos-acceptance-validation }}
+        signature-branch: ${{ inputs.signature-branch }}
+        signature-location: ${{ inputs.signature-location }}
+        white-list: ${{ inputs.white-list }}
+        github-token: ${{ inputs.github-token }}
+    - name: Publish Maven Build Scans
+      uses: gradle/github-actions/maven-build-scan/publish@v0.1
+      with:
+        develocity-url: ${{ inputs.develocity-url }}
+        develocity-access-key: ${{ inputs.develocity-access-key }}
+        pr-number: ${{ steps.load.outputs.pr-number }}
+        develocity-allow-untrusted: ${{ inputs.develocity-allow-untrusted }}
+        github-token: ${{ inputs.github-token }}

maven-build-scan/action.yml

@@ -7,7 +7,7 @@ inputs:
     required: true
   pr-comment-tos-acceptance-request:
     description: 'pull-request comment to accept the Terms of Service'
-    default: 'I have read Develocity Terms of Service and I hereby accept the Terms'
+    required: true
 
 outputs:
   pr-number:

maven-build-scan/load/action.yml

@@ -10,7 +10,7 @@ inputs:
     required: false
   develocity-allow-untrusted:
     description: 'Develocity allow-untrusted flag'
-    default: 'false'
+    required: true
   github-token:
     description: 'The token used for Github API requests'
     default: ${{ github.token }}