Skip to content

verify-action-build: pass cleanly on removal-only PRs #820

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
potiuk merged 1 commit into from
May 7, 2026
Merged

verify-action-build: pass cleanly on removal-only PRs #820

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 31 additions & 0 deletions utils/tests/verify_action_build/test_cli.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,3 +44,34 @@ def test_no_gh_without_token_exits(self):
with pytest.raises(SystemExit) as exc_info:
main()
assert exc_info.value.code == 1

def test_from_pr_with_no_added_refs_passes(self):
removal_only_diff = (
"diff --git a/actions.yml b/actions.yml\n"
"--- a/actions.yml\n"
"+++ b/actions.yml\n"
"@@ -10,5 +10,0 @@\n"
"-some-org/some-action:\n"
"- " + "a" * 40 + ":\n"
"- tag: v1.0.0\n"
)
with mock.patch("sys.argv", ["verify-action-build", "--from-pr", "999"]):
with mock.patch("shutil.which", return_value="/usr/bin/docker"):
with mock.patch(
"verify_action_build.cli.GitHubClient"
) as gh_cls:
gh_cls.return_value.get_pr_diff.return_value = removal_only_diff
with pytest.raises(SystemExit) as exc_info:
main()
assert exc_info.value.code == 0

def test_from_pr_when_diff_fetch_fails_errors(self):
with mock.patch("sys.argv", ["verify-action-build", "--from-pr", "999"]):
with mock.patch("shutil.which", return_value="/usr/bin/docker"):
with mock.patch(
"verify_action_build.cli.GitHubClient"
) as gh_cls:
gh_cls.return_value.get_pr_diff.return_value = None
with pytest.raises(SystemExit) as exc_info:
main()
assert exc_info.value.code == 1
15 changes: 11 additions & 4 deletions utils/verify_action_build/cli.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
from .console import console
from .dependabot import check_dependabot_prs
from .github_client import GitHubClient
from .pr_extraction import extract_action_refs_from_pr
from .pr_extraction import extract_action_refs_from_diff
from .verification import SECURITY_CHECKLIST_URL, verify_single_action


Expand Down Expand Up @@ -122,10 +122,17 @@ def main() -> None:
gh = GitHubClient(token=args.github_token)

if args.from_pr:
action_refs = extract_action_refs_from_pr(args.from_pr, gh=gh)
if not action_refs:
console.print(f"[red]Error:[/red] could not extract action reference from PR #{args.from_pr}")
diff_text = gh.get_pr_diff(args.from_pr)
if diff_text is None:
console.print(f"[red]Error:[/red] could not fetch diff for PR #{args.from_pr}")
_exit(1)
action_refs = extract_action_refs_from_diff(diff_text)
if not action_refs:
console.print(
f"No added action references in PR #{args.from_pr} — nothing to verify "
"(removal-only or non-action changes)."
)
_exit(0)
for ref in action_refs:
console.print(f" Extracted action reference from PR #{args.from_pr}: [bold]{ref}[/bold]")
passed = all(
Expand Down
Loading