|
6 | 6 | inputs: |
7 | 7 | image-version: |
8 | 8 | required: true |
9 | | - description: Image version to validate= |
| 9 | + description: Image version to validate |
| 10 | + pr-number: |
| 11 | + required: true |
| 12 | + description: PR number to validate |
10 | 13 | # Call from other workflow |
11 | 14 | workflow_call: |
12 | 15 | inputs: |
13 | 16 | image-version: |
14 | 17 | type: string |
15 | 18 | required: true |
| 19 | + pr-number: |
| 20 | + type: string |
| 21 | + required: true |
16 | 22 | defaults: |
17 | 23 | run: |
18 | 24 | shell: bash -l {0} |
19 | 25 | jobs: |
20 | | - get-pr-number: |
| 26 | + validate-pr: |
21 | 27 | runs-on: ubuntu-latest |
22 | | - name: Get PR Number by title |
| 28 | + name: Validate PR |
23 | 29 | outputs: |
24 | | - pr_id: ${{ steps.get_pr_id.outputs.pr_id }} |
| 30 | + pr_id: ${{ steps.validate_pr.outputs.pr_id }} |
25 | 31 | steps: |
26 | 32 | - name: Checkout repository |
27 | 33 | uses: actions/checkout@v4 |
28 | | - - name: Get PR number |
29 | | - id: get_pr_id |
| 34 | + - name: Validate PR |
| 35 | + id: validate_pr |
30 | 36 | env: |
31 | 37 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
32 | 38 | run: | |
33 | | - PR=$(gh pr list --search "in:title 'release: v${{ inputs.image-version }}'" --json number --jq '.[0].number') |
34 | | - echo "pr_id=$PR" >> $GITHUB_OUTPUT |
| 39 | + PR_NUMBER=${{ inputs.pr-number }} |
| 40 | + PR_INFO=$(gh pr view $PR_NUMBER --json number,title,isCrossRepository) |
| 41 | + |
| 42 | + # Check if PR exists |
| 43 | + if [ -z "$PR_INFO" ]; then |
| 44 | + echo "Error: PR #$PR_NUMBER does not exist" |
| 45 | + exit 1 |
| 46 | + fi |
| 47 | + |
| 48 | + # Check PR title |
| 49 | + PR_TITLE=$(echo $PR_INFO | jq -r '.title') |
| 50 | + EXPECTED_TITLE_PREFIX="release: v${{ inputs.image-version }}" |
| 51 | + if [[ "$PR_TITLE" != "$EXPECTED_TITLE_PREFIX"* ]]; then |
| 52 | + echo "Error: PR title does not start with the expected prefix" |
| 53 | + echo "Expected prefix: $EXPECTED_TITLE_PREFIX" |
| 54 | + echo "Actual title: $PR_TITLE" |
| 55 | + exit 1 |
| 56 | + fi |
| 57 | + |
| 58 | + # Check if PR is from a fork |
| 59 | + IS_CROSS_REPO=$(echo $PR_INFO | jq -r '.isCrossRepository') |
| 60 | + if [ "$IS_CROSS_REPO" = "true" ]; then |
| 61 | + echo "Error: PR is from a forked repository" |
| 62 | + exit 1 |
| 63 | + fi |
| 64 | + |
| 65 | + echo "PR validation successful" |
| 66 | + echo "pr_id=$PR_NUMBER" >> $GITHUB_OUTPUT |
| 67 | +
|
35 | 68 | call-codebuild-project: |
36 | 69 | runs-on: ubuntu-latest |
37 | | - needs: get-pr-number |
| 70 | + needs: validate-pr |
38 | 71 | permissions: |
39 | 72 | pull-requests: write |
40 | 73 | contents: write |
|
51 | 84 | - name: Run CodeBuild |
52 | 85 | uses: dark-mechanicum/aws-codebuild@v1 |
53 | 86 | env: |
54 | | - CODEBUILD__sourceVersion: 'pr/${{ needs.get-pr-number.outputs.pr_id }}' |
| 87 | + CODEBUILD__sourceVersion: 'pr/${{ needs.validate-pr.outputs.pr_id }}' |
55 | 88 | with: |
56 | 89 | projectName: ${{ secrets.CODEBUILD_VALIDATION_JOB_NAME }} |
57 | 90 | buildspec: '{"imageOverride": "aws/codebuild/standard:7.0", "imagePullCredentialsTypeOverride": "CODEBUILD"}' |
0 commit comments