-
Notifications
You must be signed in to change notification settings - Fork 135
131 lines (109 loc) · 4.37 KB
/
Copy pathpr-label-checks.yml
File metadata and controls
131 lines (109 loc) · 4.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
name: PR label checking
on:
pull_request_target:
types: [opened, edited, reopened, ready_for_review, labeled, unlabeled, synchronize]
permissions: read-all
jobs:
label-from-files:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
- name: Update labels based on modified files
uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b
with:
sync-labels: true
label-from-checkboxes:
if: github.actor != 'dependabot[bot]'
runs-on: ubuntu-latest
needs: label-from-files
permissions:
contents: read
pull-requests: write
steps:
- uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
- name: Update labels based on checkboxes
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3
with:
script: |
const body = context.payload.pull_request.body || "";
const mapping = [
{ text: 'label: Breaking change', label: 'breaking-change' },
{ text: 'label: Non-breaking change', label: 'non-breaking-change' }
];
for (const { text, label } of mapping) {
await core.group(`Processing label: ${label}`, async () => {
const isChecked = new RegExp(`- \\[x\\] ${text}`, 'i').test(body);
const isUnchecked = new RegExp(`- \\[ \\] ${text}`, 'i').test(body);
if (isChecked) {
console.log(`Adding label: ${label}`);
await github.rest.issues.addLabels({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
labels: [label]
});
} else if (isUnchecked) {
console.log(`Removing label: ${label} (if present)`);
try {
await github.rest.issues.removeLabel({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
name: label
});
console.log(`Removed label: ${label}`);
} catch (e) {
if (e.status !== 404) throw e;
}
} else {
console.log(`Checkbox for "${text}" not found in PR description. Skipping.`);
}
});
}
ensure-label-present:
if: github.actor != 'dependabot[bot]'
runs-on: ubuntu-latest
needs: label-from-checkboxes
steps:
- uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
- name: Check for required labels
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3
with:
script: |
const { data: pullRequest } = await github.rest.pulls.get({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number,
});
const labels = pullRequest.labels.map(l => l.name);
core.debug(`Detected labels: ${JSON.stringify(labels)}`);
const hasBreaking = labels.includes('breaking-change');
const hasNonBreaking = labels.includes('non-breaking-change');
if (hasBreaking && hasNonBreaking) {
core.setFailed("⛔ PR has both 'breaking-change' and 'non-breaking-change' labels. Please remove one.");
} else if (!hasBreaking && !hasNonBreaking) {
core.setFailed("⛔ PR is missing a required label. Please add exactly one of: 'breaking-change' or 'non-breaking-change'.");
} else {
console.log("✅ Label check passed.");
}