|
| 1 | +# CLAUDE.md |
| 2 | + |
| 3 | +This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository. |
| 4 | + |
| 5 | +## Repository Overview |
| 6 | + |
| 7 | +This is a collection of reusable GitHub Actions for automating SonarSource analyzer releases. Actions handle Jira integration (tickets, versions, release notes), GitHub releases, cross-repository updates, and Slack notifications. |
| 8 | + |
| 9 | +## Testing |
| 10 | + |
| 11 | +### Run all tests (CI) |
| 12 | +Tests run automatically via GitHub Actions. To trigger manually: |
| 13 | +- Push to `master` runs `.github/workflows/test-all.yml` |
| 14 | +- PRs and pushes to `branch-*` run action-specific test workflows |
| 15 | + |
| 16 | +### Run unit tests locally for a Python action |
| 17 | +```bash |
| 18 | +cd <action-name> |
| 19 | +pip install -r requirements.txt |
| 20 | +pip install pytest pytest-cov |
| 21 | +python -m pytest test_*.py -v --cov=<module_name> --cov-report=term-missing |
| 22 | +``` |
| 23 | + |
| 24 | +Example for lock-branch: |
| 25 | +```bash |
| 26 | +cd lock-branch |
| 27 | +pip install -r requirements.txt |
| 28 | +pip install pytest pytest-cov |
| 29 | +python -m pytest test_lock_branch.py test_notify_slack.py test_utils.py -v |
| 30 | +``` |
| 31 | + |
| 32 | +### Run a single test |
| 33 | +```bash |
| 34 | +cd <action-name> |
| 35 | +python -m pytest test_<module>.py::TestClassName::test_method_name -v |
| 36 | +``` |
| 37 | + |
| 38 | +## Architecture |
| 39 | + |
| 40 | +### Action Types |
| 41 | +- **Python-based** (Jira integration): `create-jira-release-ticket/`, `create-jira-version/`, `release-jira-version/`, `get-jira-release-notes/`, `create-integration-ticket/`, `update-release-ticket-status/`, `lock-branch/` |
| 42 | +- **Bash-based** (GitHub/version operations): `get-release-version/`, `get-jira-version/`, `publish-github-release/`, `check-releasability-status/`, `update-analyzer/`, `update-rule-metadata/`, `notify-slack/` |
| 43 | + |
| 44 | +### Action Structure |
| 45 | +Each action follows this pattern: |
| 46 | +``` |
| 47 | +action-name/ |
| 48 | +├── action.yml # Composite action definition |
| 49 | +├── README.md # Documentation |
| 50 | +├── requirements.txt # Python deps (if applicable) |
| 51 | +├── <script>.py # Implementation |
| 52 | +└── test_<script>.py # pytest unit tests |
| 53 | +``` |
| 54 | + |
| 55 | +### Key Patterns |
| 56 | +- All actions use `using: "composite"` (not JavaScript/Docker) |
| 57 | +- Credentials from `SonarSource/vault-action-wrapper@v3` |
| 58 | +- Python actions use Python 3.10 |
| 59 | +- Error output via stderr (`eprint()`), values via stdout to `$GITHUB_OUTPUT` |
| 60 | +- Input precedence: explicit input > environment variable > default |
| 61 | + |
| 62 | +### Jira Custom Field IDs |
| 63 | +```python |
| 64 | +customfield_10146 # SHORT_DESCRIPTION |
| 65 | +customfield_10145 # LINK_TO_RELEASE_NOTES |
| 66 | +customfield_10147 # DOCUMENTATION_STATUS |
| 67 | +customfield_11263 # RULE_PROPS_CHANGED |
| 68 | +customfield_11264 # SONARLINT_CHANGELOG |
| 69 | +``` |
| 70 | + |
| 71 | +### Version Formats |
| 72 | +- Release version: `X.Y.Z.buildNumber` (e.g., `11.44.2.12345`) |
| 73 | +- Jira version: `X.Y` or `X.Y.Z` (trailing `.0` removed) |
| 74 | + |
| 75 | +## Security |
| 76 | + |
| 77 | +When modifying `action.yml` files, never interpolate user-controlled inputs directly in `run:` blocks. Pass them through environment variables: |
| 78 | + |
| 79 | +```yaml |
| 80 | +# Bad - script injection risk |
| 81 | +run: echo "${{ inputs.branch }}" |
| 82 | + |
| 83 | +# Good - use env vars |
| 84 | +env: |
| 85 | + INPUT_BRANCH: ${{ inputs.branch }} |
| 86 | +run: echo "$INPUT_BRANCH" |
| 87 | +``` |
0 commit comments