Revert "[workflows] Split pr-code-format into two parts to make it more secure (#78216)"

This reverts commit bc06cd5.

This caused the job to fail for PRs which still had an older version
of code-format-helper.py in their tree.

Author: tstellar

.github/workflows/issue-write.yml

@@ -1,5 +1,7 @@
 name: "Check code formatting"
-on: pull_request
+on: pull_request_target
+permissions:
+  pull-requests: write
 
 jobs:
   code_formatter:
@@ -25,6 +27,18 @@ jobs:
           separator: ","
           skip_initial_fetch: true
 
+      # We need to make sure that we aren't executing/using any code from the
+      # PR for security reasons as we're using pull_request_target. Checkout
+      # the target branch with the necessary files.
+      - name: Fetch code formatting utils
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: |
+            llvm/utils/git/requirements_formatting.txt
+            llvm/utils/git/code-format-helper.py
+          sparse-checkout-cone-mode: false
+          path: code-format-tools
+
       - name: "Listed files"
         env:
           CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }}
@@ -42,10 +56,10 @@ jobs:
         with:
           python-version: '3.11'
           cache: 'pip'
-          cache-dependency-path: 'llvm/utils/git/requirements_formatting.txt'
+          cache-dependency-path: 'code-format-tools/llvm/utils/git/requirements_formatting.txt'
 
       - name: Install python dependencies
-        run: pip install -r llvm/utils/git/requirements_formatting.txt
+        run: pip install -r code-format-tools/llvm/utils/git/requirements_formatting.txt
 
       - name: Run code formatter
         env:
@@ -58,17 +72,9 @@ jobs:
         # explicitly in code-format-helper.py and not have to diff starting at
         # the merge base.
         run: |
-          python ./llvm/utils/git/code-format-helper.py \
-            --write-comment-to-file \
+          python ./code-format-tools/llvm/utils/git/code-format-helper.py \
             --token ${{ secrets.GITHUB_TOKEN }} \
             --issue-number $GITHUB_PR_NUMBER \
             --start-rev $(git merge-base $START_REV $END_REV) \
             --end-rev $END_REV \
             --changed-files "$CHANGED_FILES"
-
-      - uses: actions/upload-artifact@v2
-        if: always()
-        with:
-          name: workflow-args
-          path: |
-            comments

.github/workflows/pr-code-format.yml

@@ -44,7 +44,6 @@ class FormatArgs:
     token: str = None
     verbose: bool = True
     issue_number: int = 0
-    write_comment_to_file: bool = False
 
     def __init__(self, args: argparse.Namespace = None) -> None:
         if not args is None:
@@ -54,14 +53,12 @@ def __init__(self, args: argparse.Namespace = None) -> None:
             self.token = args.token
             self.changed_files = args.changed_files
             self.issue_number = args.issue_number
-            self.write_comment_to_file = args.write_comment_to_file
 
 
 class FormatHelper:
     COMMENT_TAG = "<!--LLVM CODE FORMAT COMMENT: {fmt}-->"
     name: str
     friendly_name: str
-    comment: dict = None
 
     @property
     def comment_tag(self) -> str:
@@ -122,13 +119,6 @@ def update_pr(self, comment_text: str, args: FormatArgs, create_new: bool) -> No
         comment_text = self.comment_tag + "\n\n" + comment_text
 
         existing_comment = self.find_comment(pr)
-
-        if args.write_comment_to_file:
-            self.comment = {"body": comment_text}
-            if existing_comment:
-                self.comment["id"] = existing_comment.id
-            return
-
         if existing_comment:
             existing_comment.edit(comment_text)
         elif create_new:
@@ -319,8 +309,6 @@ def hook_main():
         if fmt.has_tool():
             if not fmt.run(args.changed_files, args):
                 failed_fmts.append(fmt.name)
-            if fmt.comment:
-                comments.append(fmt.comment)
         else:
             print(f"Couldn't find {fmt.name}, can't check " + fmt.friendly_name.lower())
 
@@ -361,11 +349,6 @@ def hook_main():
         type=str,
         help="Comma separated list of files that has been changed",
     )
-    parser.add_argument(
-        "--write-comment-to-file",
-        action="store_true",
-        help="Don't post comments on the PR, instead write the comments and metadata a file called 'comment'",
-    )
 
     args = FormatArgs(parser.parse_args())
 
@@ -374,18 +357,9 @@ def hook_main():
         changed_files = args.changed_files.split(",")
 
     failed_formatters = []
-    comments = []
     for fmt in ALL_FORMATTERS:
         if not fmt.run(changed_files, args):
             failed_formatters.append(fmt.name)
-        if fmt.comment:
-            comments.append(fmt.comment)
-
-    if len(comments):
-        with open("comments", "w") as f:
-            import json
-
-            json.dump(comments, f)
 
     if len(failed_formatters) > 0:
         print(f"error: some formatters failed: {' '.join(failed_formatters)}")