-
Notifications
You must be signed in to change notification settings - Fork 374
179 lines (179 loc) · 9.76 KB
/
Copy pathvalidate-issues.yaml
File metadata and controls
179 lines (179 loc) · 9.76 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
name: validate-issues
on:
issues:
types: [opened, edited, reopened]
jobs:
title-check:
runs-on: ubuntu-latest
env:
BODY: ${{ github.event.issue.body }}
TITLE: ${{ github.event.issue.title }}
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
sparse-checkout: |
.github/scripts/pr-issue-info/issue-fail.md
.github/scripts/pr-issue-info/get_title_types.py
.github/issue-title-types.yaml
- name: Set up Python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #v6.2.0
with:
python-version: "3.x"
- name: Install dependencies
run: python3 -m pip install --upgrade pip pyyaml
- name: Check issue title
env:
FILE_PATH: .github/issue-title-types.yaml
run: |
regex=$(python3 .github/scripts/pr-issue-info/get_title_types.py)
echo "Title regex: $regex"
echo "$TITLE" | grep -Pq "$regex" || (echo "$ERROR_MSG" && echo "TITLE_CHECK_FAILED=true" >> $GITHUB_ENV)
- name: Generate KICS Bot token
id: kics-bot-token
uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 #v3.1.1
with:
client-id: ${{ vars.GH_APP_KICSAPP_CLIENT_ID }}
private-key: ${{ secrets.GH_APP_KICSAPP_PRIVATE_KEY }}
- name: Check for comment tag
if: env.TITLE_CHECK_FAILED != 'true'
run: |
comments=$(curl -s -H "Authorization: token ${{ steps.kics-bot-token.outputs.token }}" \
-X GET "https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/comments")
if echo "$comments" | grep -q "title_check"; then
echo "TAG_EXISTS=true" >> $GITHUB_ENV
else
echo "TAG_EXISTS=false" >> $GITHUB_ENV
fi
- name: Delete comment if title is fixed
if: env.TAG_EXISTS == 'true'
uses: thollander/actions-comment-pull-request@e4a76dd2b0a3c2027c3fd84147a67c22ee4c90fa
with:
message: |
Deleting comment, please refresh the page...
comment-tag: title_check
mode: delete
github-token: ${{ steps.kics-bot-token.outputs.token }}
- name: Add comment if title fails
if: env.TITLE_CHECK_FAILED == 'true'
uses: thollander/actions-comment-pull-request@e4a76dd2b0a3c2027c3fd84147a67c22ee4c90fa
with:
file-path: .github/scripts/pr-issue-info/issue-fail.md
comment-tag: title_check
mode: recreate
create-if-not-exists: true
github-token: ${{ steps.kics-bot-token.outputs.token }}
- name: Workflow failed
if: env.TITLE_CHECK_FAILED == 'true'
run: exit 1
labels-check:
runs-on: ubuntu-latest
env:
BODY: ${{ github.event.issue.body }}
LABELS: ${{ toJson(github.event.issue.labels) }}
TITLE: ${{ github.event.issue.title }}
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
sparse-checkout: |
.github/scripts/pr-issue-info/get_keywords.py
.github/keywords.yaml
- name: Install JQ
run: sudo apt-get install jq
- name: Get username
run: echo "USERNAME=${{ github.event.issue.user.login }}" >> $GITHUB_ENV
- name: Generate KICS Bot token
id: kics-bot-token
uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 #v3.1.1
with:
client-id: ${{ vars.GH_APP_KICSAPP_CLIENT_ID }}
private-key: ${{ secrets.GH_APP_KICSAPP_PRIVATE_KEY }}
- name: Check user username
run: |
response=$(curl -s -H "Authorization: token ${{ steps.kics-bot-token.outputs.token }}" "https://api.github.com/orgs/Checkmarx/teams/kics/members")
team_members=$(echo "$response" | jq -r '.[].login')
if echo "${team_members[@]}" | grep -Pq "^$USERNAME$"; then
echo "Contributor belongs to Checkmarx organization"
is_member="true"
else
echo "Contributor does not belong to Checkmarx organization"
is_member="false"
fi
echo "IS_MEMBER=$is_member" >> $GITHUB_ENV
- name: Add community label if user does not belong to Checkmarx Organization
run: |
if [[ "$IS_MEMBER" == "false" ]]; then
curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X POST -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels -d '{"labels": ["community"]}'
fi
- name: Add feature or feature request label
run: |
if [[ "$TITLE" == feat* ]] || echo "$TITLE $BODY" | grep -iqP "feature request" || echo "$BODY" | grep -iqP "Is your feature request related to a problem? Please describe." || echo "$BODY" | grep -iqP "Describe the solution you'd like" || echo "$BODY" | grep -iqP "Describe alternatives you've considered" || echo "$BODY" | grep -iqP "Additional context"; then
if [[ "$IS_MEMBER" == "true" ]]; then
echo "Adding 'feature' label..."
curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X POST -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels -d '{"labels": ["feature"]}'
else
echo "Adding 'feature request' label..."
curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X POST -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels -d '{"labels": ["feature request"]}'
fi
else
if echo "$LABELS" | grep -q "feature request"; then
echo "Removing 'feature request' label..."
curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X DELETE -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels/feature%20request
elif echo "$LABELS" | grep -q "feature"; then
echo "Removing 'feature' label..."
curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X DELETE -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels/feature
fi
fi
- name: Add bug label
run: |
if echo "$TITLE $BODY" | grep -iqP "(\\b|_)bugs?(\\b|_)" || echo "$BODY" | grep -iqP "steps to reproduce" || echo "$BODY" | grep -iqP "actual behavior" || echo "$BODY" | grep -iqP "expected behavior"; then
echo "Adding 'bug' label..."
curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X POST -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels -d '{"labels": ["bug"]}'
else
if echo "$LABELS" | grep -q "bug"; then
echo "Removing 'bug' label..."
curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X DELETE -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels/bug
fi
fi
- name: Add query label
run: |
if echo "$TITLE $BODY" | grep -iqP "(\\b|_)quer(y|ies)(\\b|_)" || echo "$BODY" | grep -iqP "### Platform" || echo "$BODY" | grep -iqP "### Provider"; then
echo "Adding 'query' label... "
curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X POST -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels -d '{"labels": ["query"]}'
else
if echo "$LABELS" | grep -q "query"; then
echo "Removing 'query' label..."
curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X DELETE -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels/query
fi
fi
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.x"
- name: Install dependencies
run: python3 -m pip install --upgrade pip pyyaml
- name: Check title for keywords of platforms and cloud providers to add labels
run: |
keywords=$(python3 .github/scripts/pr-issue-info/get_keywords.py)
eval "$keywords"
declare -p keywords
declare -a labels_to_add=()
for keyword in "${!keywords[@]}"; do
if echo "$TITLE $BODY" | grep -iPq "(\\b|_)$keyword(\\b|_)"; then
labels_to_add+=("${keywords[$keyword]}")
fi
done
mapfile -t current_labels < <(echo "$LABELS" | jq -r '.[].name')
for keyword in "${!keywords[@]}"; do
label=${keywords[$keyword]}
if [[ ! " ${labels_to_add[@]} " =~ " ${label} " ]] && [[ " ${current_labels[@]} " =~ " ${label} " ]]; then
echo "Removing '$label' label..."
curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X DELETE -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels/$label
elif [[ " ${labels_to_add[@]} " =~ " ${label} " ]] && [[ ! " ${current_labels[@]} " =~ " ${label} " ]]; then
echo "Adding '$label' label..."
curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -X POST -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/labels -d "{\"labels\": [\"$label\"]}"
fi
done