-
Notifications
You must be signed in to change notification settings - Fork 355
110 lines (94 loc) · 4.52 KB
/
check-lockfile-changes.yml
File metadata and controls
110 lines (94 loc) · 4.52 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
# -------------------------------------------------------------------------------------
#
# Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
#
# WSO2 LLC. licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file except
# in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# --------------------------------------------------------------------------------------
# This workflow will check if a submitted PR has changes to pnpm-lock.yaml
name: 🔒 Check Lockfile Changes
on:
workflow_run:
workflows: ["📩 Receive PR"]
types:
- completed
env:
GH_TOKEN: ${{ secrets.RELEASE_BOT_TOKEN }}
jobs:
check-lockfile:
runs-on: ubuntu-latest
if: >
github.event.workflow_run.event == 'pull_request' &&
github.event.workflow_run.conclusion == 'success'
steps:
- name: 📥 Download PR Number Artifact
uses: actions/download-artifact@v4
with:
name: pr-number
github-token: ${{ env.GH_TOKEN }}
repository: ${{ github.repository }}
run-id: ${{ github.event.workflow_run.id }}
- name: 📝 Display PR Number
run: cat ./PR_NUMBER
- name: 💬 Remove Existing Lockfile Comment
uses: actions/github-script@v3.1.0
with:
github-token: ${{ env.GH_TOKEN }}
script: |
const fs = require('fs');
const PR_NUMBER = Number(fs.readFileSync('./PR_NUMBER', 'utf8').trim());
const REPO_OWNER = context.repo.owner;
const REPO_NAME = context.repo.repo;
const comments = await github.issues.listComments({
owner: REPO_OWNER,
repo: REPO_NAME,
issue_number: PR_NUMBER,
});
for (const comment of comments.data) {
if (comment.body.includes("⚠️ Lockfile Change Detected")) {
await github.issues.deleteComment({
owner: REPO_OWNER,
repo: REPO_NAME,
comment_id: comment.id,
});
}
}
- name: 💬 Add Lockfile Comment
uses: actions/github-script@v3.1.0
with:
github-token: ${{ env.GH_TOKEN }}
script: |
const fs = require('fs');
const PR_NUMBER = Number(fs.readFileSync('./PR_NUMBER', 'utf8').trim());
const REPO_OWNER = context.repo.owner;
const REPO_NAME = context.repo.repo;
const files = await github.pulls.listFiles({
owner: REPO_OWNER,
repo: REPO_NAME,
pull_number: PR_NUMBER,
});
const CHANGED_FILES = files.data.map(file => file.filename);
const LOCKFILE_CHANGED = CHANGED_FILES.includes('pnpm-lock.yaml');
console.log("LOCKFILE_CHANGED:", LOCKFILE_CHANGED);
if (LOCKFILE_CHANGED) {
const COMMENT = `<h3>⚠️ Lockfile Change Detected</h3><p>This pull request modifies <code>pnpm-lock.yaml</code>.</p><p>If this change is intentional (e.g., dependency updates), please ensure:</p><ul><li>All changes are reviewed carefully</li><li>If this change is unintentional, consider reverting it</li></ul><p><i>This is an automated warning to help maintain dependency stability.</i></p>`;
await github.issues.createComment({
owner: REPO_OWNER,
repo: REPO_NAME,
issue_number: PR_NUMBER,
body: COMMENT,
});
core.setFailed('pnpm-lock.yaml has been modified in this PR. Please review the changes carefully.');
}