-
Notifications
You must be signed in to change notification settings - Fork 315
186 lines (185 loc) · 9.77 KB
/
validate-prs.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
name: validate-prs
on:
pull_request_target:
types: [opened, synchronize, edited, reopened]
branches:
- master
jobs:
title-check:
runs-on: ubuntu-latest
env:
ERROR_MSG: "The PR title does not match the required format: <type>(<scope>): <title>"
TITLE: ${{ github.event.pull_request.title }}
steps:
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
persist-credentials: false
sparse-checkout: |
.github/scripts/pr-issue-info/get_title_types.py
.github/pr-title-types.yaml
.github/scripts/pr-issue-info/title-fail.md
- name: Print PR Title
run: echo "$TITLE"
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: "3.x"
- name: Install dependencies
run: python3 -m pip install --upgrade pip pyyaml
- name: Check PR Title
env:
FILE_PATH: .github/pr-title-types.yaml
run: |
regex=$(python3 .github/scripts/pr-issue-info/get_title_types.py)
echo "Title regex: $regex"
echo "$TITLE" | grep -Pq "$regex" || (echo "$ERROR_MSG" && echo "TITLE_CHECK_FAILED=true" >> $GITHUB_ENV)
- name: Check for comment tag
if: env.TITLE_CHECK_FAILED != 'true'
run: |
comments=$(curl -s -H "Authorization: token ${{ secrets.KICS_BOT_PAT }}" \
-X GET "https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments")
if echo "$comments" | grep -q "title_check"; then
echo "TAG_EXISTS=true" >> $GITHUB_ENV
else
echo "TAG_EXISTS=false" >> $GITHUB_ENV
fi
- name: Delete comment if title is fixed
if: env.TAG_EXISTS == 'true'
uses: thollander/actions-comment-pull-request@b07c7f86be67002023e6cb13f57df3f21cdd3411
with:
message: |
Deleting comment, please refresh the page...
comment_tag: title_check
mode: delete
GITHUB_TOKEN: ${{ secrets.KICS_BOT_PAT }}
- name: Add comment if title fails
if: env.TITLE_CHECK_FAILED == 'true'
uses: thollander/actions-comment-pull-request@b07c7f86be67002023e6cb13f57df3f21cdd3411
with:
filePath: .github/scripts/pr-issue-info/title-fail.md
comment_tag: title_check
mode: recreate
create_if_not_exists: true
GITHUB_TOKEN: ${{ secrets.KICS_BOT_PAT }}
- name: Workflow failed
if: env.TITLE_CHECK_FAILED == 'true'
run: exit 1
labels-check:
runs-on: ubuntu-latest
env:
BODY: ${{ github.event.pull_request.body }}
LABELS: ${{ toJson(github.event.pull_request.labels) }}
TITLE: ${{ github.event.pull_request.title }}
steps:
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
persist-credentials: false
sparse-checkout: |
.github/scripts/pr-issue-info/get_keywords.py
.github/keywords.yaml
- name: Get username
run: echo "USERNAME=${{ github.event.pull_request.user.login }}" >> $GITHUB_ENV
- name: Install JQ
run: sudo apt-get install jq
- name: Check user username
run: |
response=$(curl -s -H "Authorization: token ${{ secrets.KICS_BOT_PAT }}" "https://api.github.com/orgs/Checkmarx/teams/kics/members")
team_members=$(echo "$response" | jq -r '.[].login')
if [[ "$USERNAME" == "dependabot[bot]" ]] || echo "${team_members[@]}" | grep -Pq "^$USERNAME$"; then
echo "Contributor belongs to Checkmarx organization."
is_member="true"
else
echo "Contributor does not belong to Checkmarx organization."
is_member="false"
fi
echo "IS_MEMBER=$is_member" >> $GITHUB_ENV
- name: Add community label if user does not belong to Checkmarx Organization
run: |
if [[ "$IS_MEMBER" == "false" ]]; then
curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X POST -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels -d '{"labels": ["community"]}'
fi
- name: Add feature or feature request label
run: |
if [[ "$TITLE" == feat* ]]; then
if [[ "$IS_MEMBER" == "true" ]]; then
echo "Adding 'feature' label..."
curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X POST -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels -d '{"labels": ["feature"]}'
else
echo "Adding 'feature request' label..."
curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X POST -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels -d '{"labels": ["feature request"]}'
fi
else
if echo "$LABELS" | grep -q "feature request"; then
echo "Removing 'feature request' label..."
curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X DELETE -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels/feature%20request
elif echo "$LABELS" | grep -q "feature"; then
echo "Removing 'feature' label..."
curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X DELETE -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels/feature
fi
fi
- name: Add documentation label
run: |
if [[ "$TITLE" == docs* ]]; then
echo "Adding 'documentation' label..."
curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X POST -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels -d '{"labels": ["documentation"]}'
else
if echo "$LABELS" | grep -q "documentation"; then
echo "Removing 'documentation' label..."
curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X DELETE -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels/documentation
fi
fi
- name: Add bug label
run: |
if echo "$TITLE $BODY" | grep -iqP "(\\b|_)bugs?(\\b|_)"; then
echo "Adding 'bug' label..."
curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X POST -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels -d '{"labels": ["bug"]}'
else
if echo "$LABELS" | grep -q "bug"; then
echo "Removing 'bug' label..."
curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X DELETE -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels/bug
fi
fi
- name: Add query label
run: |
if echo "$TITLE $BODY" | grep -iqP "(\\b|_)quer(y|ies)(\\b|_)"; then
echo "Adding 'query' label..."
curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X POST -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels -d '{"labels": ["query"]}'
else
if echo "$LABELS" | grep -q "query"; then
echo "Removing 'query' label..."
curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X DELETE -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels/query
fi
fi
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: "3.x"
- name: Install dependencies
run: python3 -m pip install --upgrade pip pyyaml
- name: Check title for keywords of platforms and cloud providers to add labels
run: |
keywords=$(python3 .github/scripts/pr-issue-info/get_keywords.py)
eval "$keywords"
declare -p keywords
declare -a labels_to_add=()
for keyword in "${!keywords[@]}"; do
if echo "$TITLE $BODY" | grep -iPq "(\\b|_)$keyword(\\b|_)"; then
labels_to_add+=("${keywords[$keyword]}")
fi
done
mapfile -t current_labels < <(echo "$LABELS" | jq -r '.[].name')
echo "Current labels: ${current_labels[@]}"
echo "Labels to add: ${labels_to_add[@]}"
echo "Labels: $LABELS"
for keyword in "${!keywords[@]}"; do
label=${keywords[$keyword]}
if [[ ! " ${labels_to_add[@]} " =~ " ${label} " ]] && [[ " ${current_labels[@]} " =~ " ${label} " ]]; then
echo "Removing '$label' label..."
curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X DELETE -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels/$label
elif [[ " ${labels_to_add[@]} " =~ " ${label} " ]] && [[ ! " ${current_labels[@]} " =~ " ${label} " ]]; then
echo "Adding '$label' label..."
curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X POST -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels -d "{\"labels\": [\"$label\"]}"
fi
done