Merge pull request wso2#9466 from ThaminduR/add-workflow

ThaminduR · web-flow · commit 3e738bb046cc · 2025-12-04T21:07:33.000+05:30
Add GitHub Action to check for pnpm-lock.yaml changes in pull requests
diff --git a/.github/workflows/check-lockfile-changes.yml b/.github/workflows/check-lockfile-changes.yml
@@ -0,0 +1,110 @@
+# -------------------------------------------------------------------------------------
+#
+# Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
+#
+# WSO2 LLC. licenses this file to you under the Apache License,
+# Version 2.0 (the "License"); you may not use this file except
+# in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# --------------------------------------------------------------------------------------
+
+# This workflow will check if a submitted PR has changes to pnpm-lock.yaml
+
+name: 🔒 Check Lockfile Changes
+
+on:
+    workflow_run:
+        workflows: ["📩 Receive PR"]
+        types:
+            - completed
+
+env:
+    GH_TOKEN: ${{ secrets.RELEASE_BOT_TOKEN }}
+
+jobs:
+    check-lockfile:
+        runs-on: ubuntu-latest
+        if: >
+            github.event.workflow_run.event == 'pull_request' &&
+            github.event.workflow_run.conclusion == 'success'
+        steps:
+            - name: 📥 Download PR Number Artifact
+              uses: actions/download-artifact@v4
+              with:
+                name: pr-number
+                github-token: ${{ env.GH_TOKEN }}
+                repository: ${{ github.repository }}
+                run-id: ${{ github.event.workflow_run.id }}
+
+            - name: 📝 Display PR Number
+              run: cat ./PR_NUMBER
+
+            - name: 💬 Remove Existing Lockfile Comment
+              uses: actions/github-script@v3.1.0
+              with:
+                github-token: ${{ env.GH_TOKEN }}
+                script: |
+                    const fs = require('fs');
+                    const PR_NUMBER = Number(fs.readFileSync('./PR_NUMBER', 'utf8').trim());
+                    const REPO_OWNER = context.repo.owner;
+                    const REPO_NAME = context.repo.repo;
+
+                    const comments = await github.issues.listComments({
+                        owner: REPO_OWNER,
+                        repo: REPO_NAME,
+                        issue_number: PR_NUMBER,
+                    });
+
+                    for (const comment of comments.data) {
+                        if (comment.body.includes("⚠️ Lockfile Change Detected")) {
+                            await github.issues.deleteComment({
+                                owner: REPO_OWNER,
+                                repo: REPO_NAME,
+                                comment_id: comment.id,
+                            });
+                        }
+                    }
+
+            - name: 💬 Add Lockfile Comment
+              uses: actions/github-script@v3.1.0
+              with:
+                github-token: ${{ env.GH_TOKEN }}
+                script: |
+                    const fs = require('fs');
+                    const PR_NUMBER = Number(fs.readFileSync('./PR_NUMBER', 'utf8').trim());
+                    const REPO_OWNER = context.repo.owner;
+                    const REPO_NAME = context.repo.repo;
+
+                    const files = await github.pulls.listFiles({
+                        owner: REPO_OWNER,
+                        repo: REPO_NAME,
+                        pull_number: PR_NUMBER,
+                    });
+
+                    const CHANGED_FILES = files.data.map(file => file.filename);
+                    const LOCKFILE_CHANGED = CHANGED_FILES.includes('pnpm-lock.yaml');
+
+                    console.log("LOCKFILE_CHANGED:", LOCKFILE_CHANGED);
+
+                    if (LOCKFILE_CHANGED) {
+                        const COMMENT = `<h3>⚠️ Lockfile Change Detected</h3><p>This pull request modifies <code>pnpm-lock.yaml</code>.</p><p>If this change is intentional (e.g., dependency updates), please ensure:</p><ul><li>All changes are reviewed carefully</li><li>If this change is unintentional, consider reverting it</li></ul><p><i>This is an automated warning to help maintain dependency stability.</i></p>`;
+
+                        await github.issues.createComment({
+                            owner: REPO_OWNER,
+                            repo: REPO_NAME,
+                            issue_number: PR_NUMBER,
+                            body: COMMENT,
+                        });
+
+                        core.setFailed('pnpm-lock.yaml has been modified in this PR. Please review the changes carefully.');
+                    }
