Provide a common code graph analysis workflow for GitHub

JohT · JohT · commit b1df11a803d3 · 2025-01-14T20:15:10.000+01:00
diff --git a/.github/workflows/analyze-code-graph.yml b/.github/workflows/analyze-code-graph.yml
@@ -0,0 +1,155 @@
+name: Analyze Code Graph
+
+on:
+  workflow_call:
+    inputs:
+      analysis-name:
+        description: "The name of the project to analyze. E.g. MyProject-1.0.0"
+        required: true
+        type: string
+      # TODO: Split upload into one for source code folders and one for artifacts like Java JARs
+      uploaded-artifact-name:
+        description: "The name of the artifact uploaded with 'actions/upload-artifact' containing the 'source' and 'artifacts' directory with the contents to analyze."
+        required: true
+        type: string
+    outputs:
+      uploaded-analysis-results:
+        description: "The name of the artifact uploaded with 'actions/upload-artifact' containing the analysis results."
+        value: ${{ jobs.analyze-code-graph.outputs.uploaded-analysis-results-artifact-name }}
+
+jobs:
+  analyze-code-graph:
+    runs-on: ubuntu-latest
+    outputs:
+      uploaded-analysis-results-artifact-name: ${{ steps.set-analysis-results-artifact-name.outputs.uploaded-analysis-results-artifact-name }}
+    strategy:
+      matrix:
+        include:
+        - os: ubuntu-latest
+          java: 17
+          python: 3.11
+          miniforge: 24.9.0-0
+    steps:
+      - name: Checkout code-graph-analysis-pipeline
+        uses: actions/checkout@v4
+        with:
+          repository: JohT/code-graph-analysis-pipeline
+          ref: 41f3e22b5bd65351474dd23effeee91fab849a12
+          path: code-graph-analysis-pipeline
+          persist-credentials: false
+
+      - name: (Java Setup) Java Development Kit (JDK) ${{ matrix.java }}
+        uses: actions/setup-java@v4
+        with:
+          distribution: "temurin"
+          java-version: ${{ matrix.java }}
+
+      # "Setup Python" can be skipped if jupyter notebook analysis-results aren't needed
+      - name: (Python Setup) Setup Cache for Conda package manager Miniforge
+        uses: actions/cache@v4
+        env:
+          # Increase this value to reset cache if etc/example-environment.yml has not changed
+          # Reference: https://github.com/conda-incubator/setup-miniconda#caching
+          CACHE_NUMBER: 0
+        with:
+          path: ~/conda_pkgs_dir
+          key:
+            ${{ runner.os }}-conda-${{ env.CACHE_NUMBER }}-environments-${{hashFiles('**/environment.yml', '.github/workflows/*.yml') }}
+
+      - name: (Python Setup) Use version ${{ matrix.python }} with Conda package manager Miniforge
+        uses: conda-incubator/setup-miniconda@v3
+        with:
+          python-version: ${{ matrix.python }}
+          miniforge-version: ${{ matrix.miniforge }}
+          activate-environment: codegraph
+          environment-file: ./code-graph-analysis-pipeline/jupyter/environment.yml
+          auto-activate-base: false
+          use-only-tar-bz2: true # IMPORTANT: This needs to be set for caching to work properly!
+      - name: (Python Setup) Conda environment info
+        shell: bash -el {0}
+        run: conda info
+
+      - name: (Code Analysis Setup) Add code-graph-analysis-pipeline temporarily to .gitignore
+        shell: bash
+        run: |
+          echo "" >> .gitignore
+          echo "# Code Graph Analysis Pipeline" >> .gitignore
+          echo "code-graph-analysis-pipeline/" >> .gitignore
+
+      - name: (Code Analysis Setup) Setup Cache Analysis Downloads
+        uses: actions/cache@v4
+        with:
+          path: ./code-graph-analysis-pipeline/temp/downloads
+          key:
+            ${{ runner.os }}-${{ hashFiles('**/*.sh') }}
+
+      - name: (Code Analysis Setup) Generate Neo4j Initial Password
+        id: generate-neo4j-initial-password
+        shell: bash
+        run: |
+          generated_password=$( LC_ALL=C tr -dc '[:graph:]' </dev/urandom | head -c 12; echo )
+          echo "::add-mask::$generated_password"
+          echo "neo4j-initial-password=$generated_password" >> "$GITHUB_OUTPUT"
+            
+      - name: (Code Analysis Setup) Initialize Analysis
+        shell: bash
+        working-directory: code-graph-analysis-pipeline
+        env:
+          NEO4J_INITIAL_PASSWORD: ${{ steps.generate-neo4j-initial-password.outputs.neo4j-initial-password }}
+        run: ./init.sh ${{ inputs.analysis-name }}
+
+      - name: (Code Analysis Setup) Download source code and artifacts for analysis
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ inputs.uploaded-artifact-name }}
+          path: code-graph-analysis-pipeline/temp/${{ inputs.analysis-name }}/source/${{ inputs.analysis-name }}
+
+      - name: (Code Analysis) Analyze ${{ inputs.analysis-name }}
+        working-directory: code-graph-analysis-pipeline/temp/${{ inputs.analysis-name }}
+        # Shell type can be skipped if jupyter notebook analysis-results (and therefore conda) aren't needed
+        shell: bash -el {0}
+        env:
+          NEO4J_INITIAL_PASSWORD: ${{ steps.generate-neo4j-initial-password.outputs.neo4j-initial-password }}
+          ENABLE_JUPYTER_NOTEBOOK_PDF_GENERATION: "true"
+          IMPORT_GIT_LOG_DATA_IF_SOURCE_IS_PRESENT: "" # Options: "none", "aggregated", "full". default = "plugin" or ""
+        run: |
+          ./../../scripts/analysis/analyze.sh --profile Neo4jv5-low-memory
+
+      - name: Assemble ENVIRONMENT_INFO
+        run: echo "ENVIRONMENT_INFO=-${{ matrix.java }}-python-${{ matrix.python }}-miniforge-${{ matrix.miniforge }}" >> $GITHUB_ENV
+    
+      - name: Set artifact name for uploaded analysis results
+        id: set-analysis-results-artifact-name
+        run: echo "uploaded-analysis-results-artifact-name=code-analysis-results-java-${{ env.ENVIRONMENT_INFO }}" >> $GITHUB_OUTPUT
+    
+      # Upload logs and unfinished analysis-results in case of an error for troubleshooting
+      - name: (Code Analysis Results) Archive failed run with logs and unfinished analysis-results
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: java-code-analysis-logs-java-${{ matrix.java }}-python-${{ matrix.python }}-miniforge-${{ matrix.miniforge }}
+          path: |
+            ./code-graph-analysis-pipeline/temp/**/runtime/*
+            ./code-graph-analysis-pipeline/temp/**/reports/*
+          retention-days: 5
+
+      # Upload successful analysis-results in case they are needed for troubleshooting
+      - name: (Code Analysis Results) Archive successful analysis-results
+        if: success()
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ steps.set-analysis-results-artifact-name.outputs.uploaded-analysis-results-artifact-name }}
+          path: ./code-graph-analysis-pipeline/temp/**/reports/*
+          if-no-files-found: error
+          retention-days: 5
+
+    # Upload Database Export
+    # Only possible after an export with "./../../scripts/analysis/analyze.sh --report DatabaseCsvExport"
+    # Won't be done here because of performance and security concerns
+    #- name: Archive exported database
+    #  uses: actions/upload-artifact@v3
+    #  with:
+    #    name: typescript-code-analysis-database-export-${{ matrix.java }}-python-${{ matrix.python }}-miniforge-${{ matrix.miniforge }}
+    #    path: ./code-graph-analysis-pipeline/temp/**/import
+    #    if-no-files-found: error
+    #    retention-days: 5
diff --git a/.github/workflows/typescript-code-analysis.yml b/.github/workflows/typescript-code-analysis.yml
@@ -1,4 +1,4 @@
-name: react-router Typescript Code Structure Graph Analysis
+name: react-router Code Graph Analysis (TypeScript)
 
 on:
   push:
@@ -37,121 +37,94 @@ on:
       - '.github/workflows/*documentation.yml'
 
 jobs:
-  analysis-results:
+  prepare-code-to-analyze:
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        include:
-        - os: ubuntu-latest
-          java: 17
-          python: 3.11
-          miniforge: 24.9.0-0
+    outputs:
+      analysis-name: ${{ steps.set-analysis-name.outputs.analysis-name }}
+      uploaded-artifact-name: ${{ steps.set-uploaded-artifact-name.outputs.uploaded-artifact-name }}
 
     env: 
-      CI_COMMIT_MESSAGE: Automated code structure analysis analysis-results (CI)
-      CI_COMMIT_AUTHOR: ${{ github.event.repository.name }} Continuous Integration
       PROJECT_NAME: react-router
       # Version variable name matches renovate.json configuration entry
       REACT_ROUTER_VERSION: 6.28.1
 
     steps:
-    - name: Checkout GIT Repository
+    - name: (Prepare Code to Analyze) Checkout react-router repository
       uses: actions/checkout@v4
       with:
-        token: ${{ secrets.WORKFLOW_GIT_ACCESS_TOKEN }}
-  
-    - name: (Code Analysis Setup) Set ANALYSIS_NAME
-      run: echo "ANALYSIS_NAME=${{ env.PROJECT_NAME }}-${{ env.REACT_ROUTER_VERSION }}" >> $GITHUB_ENV
-
-    - name: (Code Analysis Setup) Generate Neo4j Initial Password
-      id: generate_neo4j_initial_password
-      shell: bash
-      run: |
-        generated_password=$( LC_ALL=C tr -dc '[:graph:]' </dev/urandom | head -c 12; echo )
-        echo "::add-mask::$generated_password"
-        echo "neo4j_initial_password=$generated_password" >> "$GITHUB_OUTPUT"
-          
-    - name: Setup Code Analysis
-      uses: ./.github/actions/setup-code-analysis
-      with:
-        java-version: ${{ matrix.java }}
-        python-version: ${{ matrix.python }}
-        miniforge-version: ${{ matrix.miniforge }}
-        analysis-name: ${{ env.ANALYSIS_NAME }}
-        neo4j-password: ${{ steps.generate_neo4j_initial_password.outputs.neo4j_initial_password }}
-  
-    - name: (Code Analysis Setup) Download ${{ env.ANALYSIS_NAME }}
-      working-directory: code-graph-analysis-pipeline/temp/${{ env.ANALYSIS_NAME }}
-      run: |
-        ./../../scripts/downloader/downloadReactRouter.sh ${{ env.REACT_ROUTER_VERSION }}
-
-    - name: (Code Analysis Setup) Setup pnpm for react-router
+        repository: remix-run/react-router
+        ref: react-router@${{ env.REACT_ROUTER_VERSION }}
+ 
+    - name: (Prepare Code to Analyze) Setup pnpm for react-router
       uses: pnpm/action-setup@v4.0.0
-      with:
-        package_json_file: code-graph-analysis-pipeline/temp/${{ env.ANALYSIS_NAME }}/source/${{ env.ANALYSIS_NAME }}/package.json
           
-    - name: (Code Analysis Setup) Install dependencies with pnpm
-      working-directory: code-graph-analysis-pipeline/temp/${{ env.ANALYSIS_NAME }}/source/${{ env.ANALYSIS_NAME }}
-      run: |
-        pnpm install --frozen-lockfile --strict-peer-dependencies
+    - name: (Prepare Code to Analyze) Install dependencies with pnpm
+      run: pnpm install --frozen-lockfile --strict-peer-dependencies
 
-    - name: Analyze ${{ env.ANALYSIS_NAME }}
-      working-directory: code-graph-analysis-pipeline/temp/${{ env.ANALYSIS_NAME }}
-      # Shell type can be skipped if jupyter notebook analysis-results (and therefore conda) aren't needed
-      shell: bash -el {0}
-      env:
-        NEO4J_INITIAL_PASSWORD: ${{ steps.generate_neo4j_initial_password.outputs.neo4j_initial_password }}
-        ENABLE_JUPYTER_NOTEBOOK_PDF_GENERATION: "true"
-        IMPORT_GIT_LOG_DATA_IF_SOURCE_IS_PRESENT: "" # Options: "none", "aggregated", "full". default = "plugin" or ""
-      run: |
-        ./../../scripts/analysis/analyze.sh --profile Neo4jv5-low-memory
-
-    - name: (Code Analysis) Collect analysis results
-      working-directory: code-graph-analysis-pipeline/temp/${{ env.ANALYSIS_NAME }}
-      run: |
-        mkdir -p ./../../../analysis-results/${{ env.ANALYSIS_NAME }}
-        cp -Rp reports ./../../../analysis-results/${{ env.ANALYSIS_NAME }}
-  
-    # Upload logs and unfinished analysis-results in case of an error for troubleshooting
-    - name: Archive failed run with logs and unfinished analysis-results
-      if: failure()
-      uses: actions/upload-artifact@v4
-      with:
-        name: typescript-code-analysis-logs-java-${{ matrix.java }}-python-${{ matrix.python }}-miniforge-${{ matrix.miniforge }}
-        path: |
-          ./code-graph-analysis-pipeline/temp/**/runtime/*
-          ./code-graph-analysis-pipeline/temp/**/results/*
-        retention-days: 5
+    - name: (Prepare Code to Analyze) Assemble ANALYSIS_NAME
+      run: echo "ANALYSIS_NAME=${{ env.PROJECT_NAME }}-${{ env.REACT_ROUTER_VERSION }}" >> $GITHUB_ENV
+ 
+    - name: (Prepare Code to Analyze) Generate ARTIFACT_UPLOAD_ID
+      shell: bash
+      run: echo "ARTIFACT_UPLOAD_ID=$(LC_ALL=C tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 10)" >> $GITHUB_ENV
+ 
+    - name: (Prepare Code to Analyze) Assemble ARTIFACT_NAME
+      shell: bash
+      run: echo "ARTIFACT_NAME=${{ env.ANALYSIS_NAME }}-analysis-input-${{ env.ARTIFACT_UPLOAD_ID }}" >> $GITHUB_ENV
 
-    # Upload successful analysis-results in case they are needed for troubleshooting
-    - name: Archive successful analysis-results
+    - name: (Prepare Code to Analyze) Upload code to analyze
       if: success()
       uses: actions/upload-artifact@v4
       with:
-        name: typescript-code-analysis-analysis-results-java-${{ matrix.java }}-python-${{ matrix.python }}-miniforge-${{ matrix.miniforge }}
-        path: ./analysis-results/${{ env.ANALYSIS_NAME }}/*
+        name: ${{ env.ARTIFACT_NAME }}
+        path: .
         if-no-files-found: error
         retention-days: 5
+    
+    - name: (Prepare Code to Analyze) Set output variable analysis-name
+      id: set-analysis-name
+      run: echo "analysis-name=${{ env.ANALYSIS_NAME }}" >> "$GITHUB_OUTPUT"
+
+    - name: (Prepare Code to Analyze) Set output variable uploaded-artifact-name
+      id: set-uploaded-artifact-name
+      run: echo "uploaded-artifact-name=${{ env.ARTIFACT_NAME }}" >> "$GITHUB_OUTPUT"
+
+
+  analyze-code-graph:
+    needs: [prepare-code-to-analyze]
+    uses: ./.github/workflows/analyze-code-graph.yml
+    with:
+      analysis-name: ${{ needs.prepare-code-to-analyze.outputs.analysis-name }}
+      uploaded-artifact-name: ${{ needs.prepare-code-to-analyze.outputs.uploaded-artifact-name }}
 
-    # Upload Database Export
-    # Only possible after an export with "./../../scripts/analysis/analyze.sh --report DatabaseCsvExport"
-    # Won't be done here because of performance and security concerns
-    #- name: Archive exported database
-    #  uses: actions/upload-artifact@v3
-    #  with:
-    #    name: typescript-code-analysis-database-export-${{ matrix.java }}-python-${{ matrix.python }}-miniforge-${{ matrix.miniforge }}
-    #    path: ./code-graph-analysis-pipeline/temp/**/import
-    #    if-no-files-found: error
-    #    retention-days: 5
+
+  analysis-results:
+    needs: [prepare-code-to-analyze, analyze-code-graph]
+    runs-on: ubuntu-latest
+
+    env: 
+      CI_COMMIT_MESSAGE: Automated code structure analysis analysis-results (CI)
+      CI_COMMIT_AUTHOR: ${{ github.event.repository.name }} Continuous Integration
+
+    steps:
+    - name: Checkout GIT Repository
+      uses: actions/checkout@v4
+      with:
+        token: ${{ secrets.WORKFLOW_GIT_ACCESS_TOKEN }}
+  
+    - name: (Code Analysis Setup) Download source code and artifacts for analysis
+      uses: actions/download-artifact@v4
+      with:
+        name: ${{ needs.analyze-code-graph.outputs.uploaded-analysis-results }}
+        path: analysis-results/${{ needs.prepare-code-to-analyze.outputs.analysis-name }}
 
     # Commit and push the native image agent analysis-results
     - name: Display environment variable "github.event_name"
       run: echo "github.event_name=${{ github.event_name }}"
-    - name: Commit changes in the "analysis-results" directory
+    - name: Display changes in the "analysis-results" directory and prepare commit
       # Only run when a pull request gets merged or a commit is pushed to the main branch
       # git add parameters need to match paths-ignore parameters above
       # Git pull before add/commit/push to reduce race conditions on parallel builds
-      if: github.event_name == 'push'
       run: |
         git config --global user.name '${{ env.CI_COMMIT_AUTHOR }}'
         git config --global user.email "7671054+JohT@users.noreply.github.com"
@@ -160,6 +133,12 @@ jobs:
         git status
         git add analysis-results
         git status
+    - name: Commit and push changes in the "analysis-results" directory
+      # Only run when a pull request gets merged or a commit is pushed to the main branch
+      # git add parameters need to match paths-ignore parameters above
+      # Git pull before add/commit/push to reduce race conditions on parallel builds
+      if: github.event_name == 'push'
+      run: |
         git commit -m "${{ env.CI_COMMIT_MESSAGE }}"
         git status
         git rebase --strategy-option=theirs origin/main --verbose
