contrib-build from OpenMS/contrib release

Arslan-Siraj commented 6 months ago

User description

not needed abibuilder contrib anymore

PR Type

enhancement

Description

Updated the GitHub Actions workflow for building Windows executables to use GitHub's release feature for downloading dependencies.
This change includes the use of gh release download for fetching the contrib_build-Windows.tar.gz file and 7z for extraction, replacing the previous use of curl and tar.
Added GITHUB_TOKEN as an environment variable to authenticate GitHub CLI operations.

Changes walkthrough 📝

Relevant files

Enhancement

build-windows-executable-app.yaml

Update Windows Executable Build Process in GitHub Actions

.github/workflows/build-windows-executable-app.yaml

Added environment variable GITHUB_TOKEN for authentication.

Changed the method of downloading the contrib build using GitHub's
release feature instead of a direct URL.

Replaced curl and tar commands with gh release download and 7z
commands for handling the download and extraction of files.

+9/-5

💡 PR-Agent usage: Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

codiumai-pr-agent-pro[bot] commented 6 months ago

PR-Agent was enabled for this repository. To continue using it, please link your git user with your CodiumAI identity here.

PR Description updated to latest commit (https://github.com/OpenMS/streamlit-template/commit/331322c33eff53cf16c9efc6f3cd4319761bd363)

[ ] Copy walkthrough table to "Files Changed" Tab

codiumai-pr-agent-pro[bot] commented 6 months ago

PR-Agent was enabled for this repository. To continue using it, please link your git user with your CodiumAI identity here.

PR Review 🔍

⏱️ Estimated effort to review [1-5]	2, because the changes are limited to a single workflow file and involve straightforward modifications such as replacing the method of downloading and extracting files, and adding an environment variable.
🧪 Relevant tests	No
⚡ Possible issues	Possible Bug: The use of `gh release download` assumes that the GitHub CLI is pre-installed in the runner environment. If not, this could lead to a failure in executing the workflow.
🔒 Security concerns	No

codiumai-pr-agent-pro[bot] commented 6 months ago

PR-Agent was enabled for this repository. To continue using it, please link your git user with your CodiumAI identity here.

PR Code Suggestions ✨

Category	Suggestions
Enhancement	Add a conditional check to only download the contrib build when it's not already cached. ___ It's recommended to use a conditional check to ensure that the contrib build is only downloaded when it's not already cached. This avoids unnecessary downloads and can save time and bandwidth. [.github/workflows/build-windows-executable-app.yaml [65-75]](https://github.com/OpenMS/streamlit-template/pull/55/files#diff-211d58f377673fc6e00e49835e1cf5dc727c333368e2b5f8f1cf31e1eff077c5R65-R75) ```diff - name: Load contrib build + if: steps.cache-contrib-win.outputs.cache-hit != 'true' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: \| cd OpenMS/contrib gh release download -R OpenMS/contrib --pattern 'contrib_build-Windows.tar.gz' 7z x -so contrib_build-Windows.tar.gz \| 7z x -si -ttar rm contrib_build-Windows.tar.gz ls ```
Best practice	Use PowerShell commands for file operations to improve compatibility and readability. ___ Consider using PowerShell commands for file operations on Windows to ensure compatibility and potentially improve error handling and readability. [.github/workflows/build-windows-executable-app.yaml [73-74]](https://github.com/OpenMS/streamlit-template/pull/55/files#diff-211d58f377673fc6e00e49835e1cf5dc727c333368e2b5f8f1cf31e1eff077c5R73-R74) ```diff -7z x -so contrib_build-Windows.tar.gz \| 7z x -si -ttar -rm contrib_build-Windows.tar.gz +Expand-7Zip -ArchiveFileName contrib_build-Windows.tar.gz -TargetPath . +Remove-Item -Path contrib_build-Windows.tar.gz ```
Best practice	Verify the integrity of downloaded files before extraction. ___ To ensure that the downloaded files are correctly handled, consider verifying the integrity of the downloaded archive before extracting it. [.github/workflows/build-windows-executable-app.yaml [71-73]](https://github.com/OpenMS/streamlit-template/pull/55/files#diff-211d58f377673fc6e00e49835e1cf5dc727c333368e2b5f8f1cf31e1eff077c5R71-R73) ```diff gh release download -R OpenMS/contrib --pattern 'contrib_build-Windows.tar.gz' -7z x -so contrib_build-Windows.tar.gz \| 7z x -si -ttar +if (Test-Path -Path contrib_build-Windows.tar.gz) { + 7z x -so contrib_build-Windows.tar.gz \| 7z x -si -ttar +} +else { + Write-Error "Downloaded file does not exist." +} ```
Security	Use environment variables for secrets to enhance security. ___ To enhance security, avoid directly embedding secrets in the workflow file. Instead, use environment variables set in the GitHub Actions environment. [.github/workflows/build-windows-executable-app.yaml [66-67]](https://github.com/OpenMS/streamlit-template/pull/55/files#diff-211d58f377673fc6e00e49835e1cf5dc727c333368e2b5f8f1cf31e1eff077c5R66-R67) ```diff env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ env.GITHUB_TOKEN }} ```
Maintainability	Add error handling for the file extraction process. ___ Consider adding error handling for the extraction process to manage potential failures gracefully. [.github/workflows/build-windows-executable-app.yaml [73]](https://github.com/OpenMS/streamlit-template/pull/55/files#diff-211d58f377673fc6e00e49835e1cf5dc727c333368e2b5f8f1cf31e1eff077c5R73-R73) ```diff -7z x -so contrib_build-Windows.tar.gz \| 7z x -si -ttar +$exitCode = 7z x -so contrib_build-Windows.tar.gz \| 7z x -si -ttar +if ($exitCode -ne 0) { + Write-Error "Failed to extract files." + exit $exitCode +} ```

OpenMS / streamlit-template