@@ -16,14 +16,15 @@ permissions:
1616 contents : read
1717
1818jobs :
19- changelog-check :
19+ static-code-checks :
2020 runs-on : ubuntu-latest
2121 steps :
2222 - uses : actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
2323 with :
2424 fetch-depth : 0
2525
2626 - name : Check CHANGELOG
27+ if : always()
2728 run : |
2829 # Check if PR is from workflows bot or dependabot
2930 if [[ "${{ github.event.pull_request.user.login }}" == "aws-application-signals-bot" ]]; then
5253 echo "It looks like you didn't add an entry to CHANGELOG.md. If this change affects the SDK behavior, please update CHANGELOG.md and link this PR in your entry. If this PR does not need a CHANGELOG entry, you can add the 'Skip Changelog' label to this PR."
5354 exit 1
5455
56+ name : Check for versioned GitHub actions
57+ if : always()
58+ run : |
59+ # Get changed GitHub workflow/action files
60+ CHANGED_FILES=$(git diff --name-only origin/${{ github.base_ref }}..HEAD | grep -E "^\.github/(workflows|actions)/.*\.ya?ml$" || true)
61+
62+ if [ -n "$CHANGED_FILES" ]; then
63+ # Check for any versioned actions, excluding comments and this validation script
64+ VIOLATIONS=$(grep -Hn "uses:.*@v" $CHANGED_FILES | grep -v "grep.*uses:.*@v" | grep -v "#.*@v" || true)
65+ if [ -n "$VIOLATIONS" ]; then
66+ echo "Found versioned GitHub actions. Use commit SHAs instead:"
67+ echo "$VIOLATIONS"
68+ exit 1
69+ fi
70+ fi
71+
72+ echo "No versioned actions found in changed files"
73+
5574build :
5675 runs-on : ubuntu-latest
5776 strategy :
@@ -124,3 +143,38 @@ jobs:
124143 npm run lint
125144 npm run lint:markdown
126145 npm run lint:readme
146+
147+ all-pr-checks-pass :
148+ runs-on : ubuntu-latest
149+ needs : [static-code-checks, contract-test, lint, build]
150+ if : always()
151+ steps :
152+ - name : Checkout to get workflow file
153+ uses : actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # 5.0.0
154+
155+ - name : Check all jobs succeeded and none missing
156+ run : |
157+ # Check if all needed jobs succeeded
158+ results='${{ toJSON(needs) }}'
159+ if echo "$results" | jq -r '.[] | .result' | grep -v success; then
160+ echo "Some jobs failed"
161+ exit 1
162+ fi
163+
164+ # Extract all job names from workflow (excluding this gate job)
165+ all_jobs=$(yq eval '.jobs | keys | .[]' .github/workflows/pr-build.yml | grep -v "all-pr-checks-pass" | sort)
166+
167+ # Extract job names from needs array
168+ needed_jobs='${{ toJSON(needs) }}'
169+ needs_list=$(echo "$needed_jobs" | jq -r 'keys[]' | sort)
170+
171+ # Check if any jobs are missing from needs
172+ missing_jobs=$(comm -23 <(echo "$all_jobs") <(echo "$needs_list"))
173+ if [ -n "$missing_jobs" ]; then
174+ echo "ERROR: Jobs missing from needs array in all-pr-checks-pass:"
175+ echo "$missing_jobs"
176+ echo "Please add these jobs to the needs array of all-pr-checks-pass"
177+ exit 1
178+ fi
179+
180+ echo "All checks passed and no jobs missing from gate!"
0 commit comments