Epic: GitHub Actions code references integration #5701
Description
From #5066.
User Experience Proposal
When viewing stale feature flags in the Flagsmith UI, display feature flag references found in repositories from the team's GitHub organization.
Pending feature mockups.
This is intended to prompt developers to clean up stale feature flags by making it easier to coordinate work — and maybe positively annoying.
GitHub Actions
By leveraging GitHub Actions, we can build a CI product that's easy to plug in and comes with a great architecture fit.
- GHA allows for code scans triggered by each team's git-push activity, also expanding visibility to PRs and releases.
- Favoring privacy, our code runs in CI runners chosen by each team — could be GitHub runners, or their own. We don't have access to anyone's code.
- It offloads computer work to each team's CI cost with GHA.
The above diagram is an architecture overview of how customers, such as github.com/acmeinc, can plug in a GitHub action from github.com/Flagsmith/ci-tools. A CI workflow snippet in GitHub Actions language would resemble this untested snippet:
name: find-flagsmith-code-references
on:
pull_request:
push:
branches: [main]
schedule:
- cron: '0 8 * * *' # Every day at 8 am UTC
jobs:
fetch-stale-feature-flags:
if: github.event_name == 'schedule'
uses: flagsmith/ci-tools/.github/workflows/[email protected]
secrets:
flagsmith_server_key: ${{ secrets.FLAGSMITH_SERVER_KEY }}
report-code-references-from-stale-feature-flags:
needs: [fetch-stale-feature-flags]
if: ${{ needs.fetch-stale-feature-flags.outputs.stale_features }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: docker://ghcr.io/flagsmith/flagsmith-find-code-references:0.0.1
id: find_stale_flag_code_references
with:
features: ${{ needs.fetch-stale-feature-flags.outputs.stale_features }}
flagsmith_server_key: ${{ secrets.FLAGSMITH_SERVER_KEY }}
- uses: flagsmith/ci-tools/.github/actions/[email protected]
with:
references_json: ${{ steps.find_stale_flag_code_references.outputs.references_json }}
report-code-references-from-diff:
if: contains(fromJSON('["push", "pull_request"]'), github.event_name)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: docker://ghcr.io/flagsmith/flagsmith-find-code-references:0.0.1
id: find_diff_flag_code_references
with:
from_diff_since: ${{ github.event.pull_request.head.sha }}
flagsmith_server_key: ${{ secrets.FLAGSMITH_SERVER_KEY }}
- uses: flagsmith/ci-tools/.github/actions/[email protected]
with:
references_json: ${{ steps.find_diff_flag_code_references.outputs.references_json }}Suggested Plan
Here's an overview of the effort this PoC will take, as action items:
Backend
- Ensure there is, or implement an API path to list stale feature flags.
- Implement a reusable GitHub Action to fetch stale feature flags using that endpoint.
- Implement a code scanning algorithm that will find feature flag references into a public Docker image.
- It should accept either a list of feature flags, or some Git diff.
- It should return code references in JSON format, e.g.
[{file_path, line_number, column_number, code_portion?}, ...]
- Implement an API path to receive and persist code references associated to feature flags.
- Implement a reusable GitHub Action to report code references to the Flagsmith API.
- This functionality could be bundled to the Docker image, but it might be best to keep steps granular and clear.
- BONUS: Ship this functionality to customers via GitHub Actions directory.
UI Changes
- Display code references in:
- The list of [stale] feature flags, summarized, e.g. "3 code references" (click to expand).
- The feature flag modal, detailed, e.g. "Code references: - foo.py:12, - bar.js:34" (click to visit in GitHub).
- Add the ability to list stale features only.