soups - check dependency changes and generate missing

Author: nasirky

.github/workflows/soup-approval-verification-workflow.yml

@@ -30,10 +30,10 @@ jobs:
         id: fetch-soup-files
         shell: bash
         run: |
-          JSON_FILES=$(git diff --name-only --diff-filter=AM "origin/$BASE_BRANCH" -- soups/**/*.json || true)
+          JSON_FILES=$(git diff --name-only --diff-filter=AM "origin/$BASE_BRANCH" -- .soups/**/*.json || true)
           if [ -z "$JSON_FILES" ]; then
-            echo "::error::No JSON files changed in this PR"
-            exit 1
+            echo "No JSON files changed in this PR"
+            exit 0
           fi
 
           echo "Found JSON files in PR: $JSON_FILES"
@@ -168,9 +168,9 @@ jobs:
             done
 
             if [ "$APPROVER_FOUND" = false ]; then
-              echo "❌ $APPROVED_BY is not in the allowed approvers list: $ALLOWED_APPROVERS"
+              echo "::error::❌ $APPROVED_BY is not in the allowed approvers list: $ALLOWED_APPROVERS"
               echo "Approval will not be recorded."
-              exit 0
+              exit 1
             fi
 
             echo "✅ $APPROVED_BY is authorized to approve soups"
@@ -180,7 +180,7 @@ jobs:
 
           APPROVED_ON=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
 
-          for FILE in $JSON_FILES; do
+          for FILE in $SOUP_FILES; do
             if [ ! -f "$FILE" ]; then
               echo "File $FILE not found, skipping"
               continue
@@ -204,6 +204,6 @@ jobs:
             exit 0
           fi
 
-          git add soups/*.json
+          git add .soups/*.json
           git commit -m "Update approval information: approved by ${{ github.event.review.user.login }}"
           git push origin HEAD

.github/workflows/soup-check-changes-and-generate.yml

@@ -0,0 +1,20 @@
+name: SOUP - Check Changes and Generate Missing
+env:
+    GH_API_TOKEN: ${{ secrets.GH_API_TOKEN }}
+
+on:
+  workflow_call:
+jobs:
+  generate-missing:
+    runs-on: [self-hosted, Linux]
+    steps:
+      - uses: QuickBirdEng/actions/checkout-ssh@main
+        with:
+          ssh-private-key: ${{ secrets.CI_SSH_PRIVATE_KEY_FOR_GITHUB_PRIVATE_REPOS }}
+      - name: Check for Changes and Generate Missing SOUPs
+        uses: QuickBirdEng/actions/soup-check-changes-and-generate@main
+        with:
+          repository: ${{ github.event.repository.name }}
+          gh-api-token: ${{ env.GH_API_TOKEN }}
+          soup-approvers: ${{ vars.SOUP_APPROVERS }}
+          base-branch: origin/${{ github.event.pull_request.base.ref || 'main' }}

.github/workflows/soup-cve-check-workflow.yml

@@ -1,12 +1,11 @@
 name: SOUP - CVE Check
 on:
-  workflow_dispatch:
+  workflow_call:
     inputs:
       type:
         description: 'Type of package manager'
         required: true
-        type: choice
-        options: ['Pub', 'npm']
+        type: string
       package:
         description: 'Name of the package'
         required: true
@@ -25,9 +24,9 @@ jobs:
       - uses: QuickBirdEng/actions/checkout-ssh@main
         with:
           ssh-private-key: ${{ secrets.CI_SSH_PRIVATE_KEY_FOR_GITHUB_PRIVATE_REPOS }}
-      - name: JQ Version
-        shell: bash
-        run: jq --version
       - name: Check CVE
-        shell: bash
-        run: bash cve-check.sh "${{ inputs.type }}" "${{ inputs.package }}" "${{ inputs.version }}" false
+        uses: QuickBirdEng/actions/soup-cve-check@main
+        with:
+          type: ${{ inputs.type }}
+          package: ${{ inputs.package }}
+          version: ${{ inputs.version }}