fix: don't pass (potentially) large values via environment variables

Defelo · Defelo · commit f72208555226 · 2025-10-05T16:24:33.000+02:00
diff --git a/.github/workflows/review.yml b/.github/workflows/review.yml
@@ -124,15 +124,6 @@ jobs:
       || (matrix.system == 'aarch64-linux' && 'ubuntu-24.04-arm')
       || (matrix.system == 'x86_64-darwin' && 'macos-latest')
       || (matrix.system == 'aarch64-darwin' && 'macos-latest') }}
-    outputs:
-      report_x86_64-linux: ${{ steps.report.outputs.report_x86_64-linux }}
-      report_aarch64-linux: ${{ steps.report.outputs.report_aarch64-linux }}
-      report_x86_64-darwin: ${{ steps.report.outputs.report_x86_64-darwin }}
-      report_aarch64-darwin: ${{ steps.report.outputs.report_aarch64-darwin }}
-      fetch_cmd_x86_64-linux: ${{ steps.report.outputs.fetch_cmd_x86_64-linux }}
-      fetch_cmd_aarch64-linux: ${{ steps.report.outputs.fetch_cmd_aarch64-linux }}
-      fetch_cmd_x86_64-darwin: ${{ steps.report.outputs.fetch_cmd_x86_64-darwin }}
-      fetch_cmd_aarch64-darwin: ${{ steps.report.outputs.fetch_cmd_aarch64-darwin }}
 
     steps:
       - uses: actions/checkout@v4
@@ -244,10 +235,8 @@ jobs:
       - name: generate report
         id: report
         run: |
-          if [[ -s fetch_cmd ]]; then
-            cat fetch_cmd
-            echo fetch_cmd_${{ matrix.system }}=$(base64 -w0 fetch_cmd) >> "$GITHUB_OUTPUT"
-          fi
+          touch fetch_cmd
+          cat fetch_cmd
           dir=~/.cache/nixpkgs-review/pr-${PR_NUMBER}
           if [[ "$OS" != "Linux" ]]; then
             sandbox=$(nix config show sandbox)
@@ -259,86 +248,88 @@ jobs:
             echo ":white_check_mark: *No rebuilds*" >> "$dir/report.md"
           fi
           cat $dir/report.md
-          report=$(jq -c '.+{$md}' $dir/report.json --rawfile md $dir/report.md | base64 -w0)
-          echo report_${{ matrix.system }}=$report >> "$GITHUB_OUTPUT"
+          jq -c '.+{$md, $fetch_cmd}' $dir/report.json \
+            --rawfile md $dir/report.md \
+            --rawfile fetch_cmd fetch_cmd \
+            > report_${{ matrix.system }}.json
         env:
           OS: ${{ runner.os }}
 
+      - uses: actions/upload-artifact@v4
+        with:
+          name: report_${{ matrix.system }}.json
+          path: report_${{ matrix.system }}.json
+          if-no-files-found: error
+
   report:
     runs-on: ubuntu-latest
     needs: [prepare, review]
     outputs:
-      report: ${{ steps.report.outputs.report }}
       success: ${{ steps.report.outputs.success }}
 
     steps:
+      - uses: actions/download-artifact@v5
+        with:
+          merge-multiple: true
+
       - name: generate report
         id: report
         run: |
+          systems=(x86_64-linux aarch64-linux x86_64-darwin aarch64-darwin)
+
+          for system in "${systems[@]}"; do
+            [[ -s "report_${system}.json" ]] || continue
+            jq -j '.md' "report_${system}.json" > "report_${system}.md"
+            jq -j '.fetch_cmd' "report_${system}.json" > "fetch_cmd_${system}"
+          done
+
           echo -e "## \`nixpkgs-review\` result\n" >> report.md
           echo -e "Generated using [\`nixpkgs-review-gha\`](https://github.com/Defelo/nixpkgs-review-gha)\n" >> report.md
           echo -e "Command: \`nixpkgs-review pr ${PR_NUMBER}${EXTRA_ARGS:+ $EXTRA_ARGS}\`" >> report.md
           echo -e "Commit: [\`$HEAD\`](https://github.com/NixOS/nixpkgs/commit/$HEAD) ([subsequent changes](https://github.com/NixOS/nixpkgs/compare/$HEAD..pull/$PR_NUMBER/head))" >> report.md
           echo -e "Merge: [\`$MERGE\`](https://github.com/NixOS/nixpkgs/commit/$MERGE)\n" >> report.md
           echo -e "Logs: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}\n" >> report.md
 
-          mkdir .tmp
-          cd .tmp
-          echo ${FETCH_CMD_X86_64_LINUX} | base64 -d > x86_64-linux
-          echo ${FETCH_CMD_AARCH64_LINUX} | base64 -d > aarch64-linux
-          echo ${FETCH_CMD_X86_64_DARWIN} | base64 -d > x86_64-darwin
-          echo ${FETCH_CMD_AARCH64_DARWIN} | base64 -d > aarch64-darwin
-          for system in x86_64-linux aarch64-linux x86_64-darwin aarch64-darwin; do
-            [[ -s $system ]] || continue
-            echo -e "<li><details><summary><code>$system</code></summary>\n\n\`\`\`shell" >> ../cache.md
-            cat $system >> ../cache.md
-            echo -e "\n\`\`\`\n</details></li>" >> ../cache.md
+          for system in "${systems[@]}"; do
+            [[ -s "fetch_cmd_${system}" ]] || continue
+            echo -e "<li><details><summary><code>$system</code></summary>\n\n\`\`\`shell" >> cache.md
+            cat "fetch_cmd_${system}" >> cache.md
+            echo -e "\n\`\`\`\n</details></li>" >> cache.md
           done
-          cd ..
           if [[ -s cache.md ]]; then
             echo -e "<details><summary>Download packages from cache:</summary><ul>" >> report.md
             cat cache.md >> report.md
             echo -e "</ul></details>\n" >> report.md
           fi
 
-          mkdir reports
-          echo ${REPORT_X86_64_LINUX} | base64 -d > reports/x86_64-linux.json
-          echo ${REPORT_AARCH64_LINUX} | base64 -d > reports/aarch64-linux.json
-          echo ${REPORT_X86_64_DARWIN} | base64 -d > reports/x86_64-darwin.json
-          echo ${REPORT_AARCH64_DARWIN} | base64 -d > reports/aarch64-darwin.json
-          for system in x86_64-linux aarch64-linux x86_64-darwin aarch64-darwin; do
-            if [[ -s reports/$system.json ]]; then
-              jq -r '.md' reports/$system.json >> report.md
-            fi
+          for system in "${systems[@]}"; do
+            [[ -s "report_${system}.md" ]] || continue
+            cat "report_${system}.md" >> report.md
           done
 
           cat report.md
-          echo report=$(base64 -w0 report.md) >> "$GITHUB_OUTPUT"
-          echo success=$(jq -s 'all(.[].result[]; .failed==[])' reports/*.json) >> "$GITHUB_OUTPUT"
+          echo success=$(jq -s 'all(.[].result[]; .failed==[])' report_*.json) >> "$GITHUB_OUTPUT"
           sed '1s|$| for [#'"$PR_NUMBER"'](https://github.com/NixOS/nixpkgs/pull/'"$PR_NUMBER"')|' report.md >> $GITHUB_STEP_SUMMARY
         env:
           HEAD: ${{ needs.prepare.outputs.head }}
           MERGE: ${{ needs.prepare.outputs.merge }}
           EXTRA_ARGS: ${{ inputs.extra-args }}
-          FETCH_CMD_X86_64_LINUX: ${{ needs.review.outputs.fetch_cmd_x86_64-linux }}
-          FETCH_CMD_AARCH64_LINUX: ${{ needs.review.outputs.fetch_cmd_aarch64-linux }}
-          FETCH_CMD_X86_64_DARWIN: ${{ needs.review.outputs.fetch_cmd_x86_64-darwin }}
-          FETCH_CMD_AARCH64_DARWIN: ${{ needs.review.outputs.fetch_cmd_aarch64-darwin }}
-          REPORT_X86_64_LINUX: ${{ needs.review.outputs.report_x86_64-linux }}
-          REPORT_AARCH64_LINUX: ${{ needs.review.outputs.report_aarch64-linux }}
-          REPORT_X86_64_DARWIN: ${{ needs.review.outputs.report_x86_64-darwin }}
-          REPORT_AARCH64_DARWIN: ${{ needs.review.outputs.report_aarch64-darwin }}
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: report.md
+          path: report.md
+          if-no-files-found: error
 
   post-result:
     runs-on: ubuntu-latest
     needs: [prepare, report]
     if: ${{ inputs.post-result || inputs.on-success != 'nothing' }}
 
     steps:
-      - name: fetch report
-        run: echo ${REPORT} | base64 -d > report.md
-        env:
-          REPORT: ${{ needs.report.outputs.report }}
+      - uses: actions/download-artifact@v5
+        with:
+          name: report.md
 
       - name: post comment
         if: ${{ inputs.post-result }}
