aidlc-workflows/.github/workflows/pull-request-lint.yml at b6849cf6e0844edbfec1ec69741982f0a5cd3ac1 · awslabs/aidlc-workflows · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
name: Pull Request Validation

on:
  pull_request_target:
    branches: [ "main" ]
    types:
      - edited
      - labeled
      - opened
      - ready_for_review
      - reopened
      - synchronize
      - unlabeled
  merge_group:
    types:
      - checks_requested

permissions:
  actions: none
  attestations: none
  checks: none
  contents: none
  deployments: none
  discussions: none
  id-token: none
  issues: none
  models: none
  packages: none
  pages: none
  pull-requests: none
  repository-projects: none
  security-events: none
  statuses: none

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

env:
  DO_NOT_MERGE_LABEL: ${{ vars.DO_NOT_MERGE_LABEL || 'do-not-merge' }}
  HALT_MERGES: ${{ vars.HALT_MERGES || '0' }}

jobs:
  get-pr-info:
    permissions:
      contents: read
      pull-requests: read
      # id-token: write
    runs-on: ubuntu-latest
    outputs:
      pr_number: ${{ steps.get-pr.outputs.pr-number }}
      pr_labels: ${{ steps.get-pr.outputs.pr-labels }}
    env:
      GH_TOKEN: ${{ github.token }}
      PR_LABELS_JSON: ${{ toJson(github.event.pull_request.labels.*.name) }}
    steps:
      - name: Get PR info
        id: get-pr
        run: |
          if [ "${{ github.event_name }}" == "merge_group" ]; then
            PR_NUMBER=$(echo "${{ github.ref }}" | grep -oP '(?<=/pr-)\d+' || echo "")
            PR_LABELS=$(gh api repos/${{ github.repository }}/pulls/$PR_NUMBER | jq -c '[.labels[].name] // []')
            echo "::group::Getting Information"
            gh api repos/${{ github.repository }}/pulls/$PR_NUMBER
            echo $PR_LABELS
            echo "::endgroup::"
          elif [ "${{ github.event_name }}" == "pull_request" -o "${{ github.event_name }}" == "pull_request_target" ]; then
            PR_NUMBER="${{ github.event.pull_request.number }}"
            PR_LABELS=$(echo "$PR_LABELS_JSON" | jq -c '.')
          fi
          echo "::group::Debug Output Values"
          echo "PR_NUMBER: $PR_NUMBER"
          echo "PR_LABELS: $PR_LABELS"
          echo "::endgroup::"
          echo "pr-number=$PR_NUMBER" >> $GITHUB_OUTPUT
          echo "pr-labels=$PR_LABELS" >> $GITHUB_OUTPUT

  check-merge-status:
    name: Check Merge Status
    runs-on: ubuntu-latest
    needs: get-pr-info
    permissions:
      pull-requests: read
    if: always()
    env:
      GH_TOKEN: ${{ github.token }}
    steps:
      - run: |
          PR_NUMBER="${{ needs.get-pr-info.outputs.pr_number }}"
          # Default to 0 (allow all) if not set
          if [ -z "$HALT_MERGES" ]; then
            HALT_MERGES=0
          fi
          echo "::debug::HALT_MERGES value: $HALT_MERGES"
          echo "::debug::This PR number: $PR_NUMBER"
          echo "::group::Open Release Pull Requests"
          gh pr list --state "open" --repo "${{ github.repository }}" --json "number,headRefName"
          OPEN_RELEASES=$(gh pr list --state "open" --repo "${{ github.repository }}" --json "number,headRefName" | \
              jq '[.[] | select(.headRefName | startswith("release/"))]')
          echo $OPEN_RELEASES
          echo "::endgroup::"
          echo $OPEN_RELEASES | jq --exit-status '[.[] | select(.number != '$PR_NUMBER')] | length == 0' && \
              echo "No other open release pull requests"  || \
              (echo "::warning::⚠️ Merges are rejected while there are open release pull requests" && exit 1)
          if [ "$HALT_MERGES" = "0" ]; then
            echo "✅ All merges are allowed (HALT_MERGES=0)"
            exit 0
          elif [ "$HALT_MERGES" = "$PR_NUMBER" ]; then
            echo "✅ This PR #$PR_NUMBER is explicitly allowed"
            exit 0
          else
            echo "::debug::🛑 Merges are blocked. HALT_MERGES is set to $HALT_MERGES"
            if [ "$HALT_MERGES" -lt 0 ]; then
              echo "::error::🛑 All merges are blocked"
            else
              echo "::warning::⚠️ Only PR #$HALT_MERGES is allowed to merge"
            fi
            exit 1
          fi

  fail-by-label:
    name: Fail by Label
    runs-on: ubuntu-latest
    needs: get-pr-info
    if: always()
    steps:
      - run: |
          echo "::group::Debug Output Values"
          echo "PR_LABELS: ${{ needs.get-pr-info.outputs.pr_labels }}"
          echo "::endgroup::"
      - name: When PR has the "${{ env.DO_NOT_MERGE_LABEL }}" label
        id: pr-has-label
        if: contains(needs.get-pr-info.outputs.pr_labels, env.DO_NOT_MERGE_LABEL)
        run: |
          echo "::error::❌ The label \"${{ env.DO_NOT_MERGE_LABEL }}\" is used to prevent merging."
          exit 1
      - name: When PR does not have the "${{ env.DO_NOT_MERGE_LABEL }}" label
        id: pr-missing-label
        if: ! contains(needs.get-pr-info.outputs.pr_labels, env.DO_NOT_MERGE_LABEL)
        run: |
          echo "✅ The label \"${{ env.DO_NOT_MERGE_LABEL }}\" is absent"
          exit 0

  validate:
    name: Validate PR title
    runs-on: ubuntu-latest
    permissions:
      pull-requests: read
    if: (github.event_name == 'pull_request' || github.event_name == 'pull_request_target')
    steps:
      - uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 #v6.1.1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          types: |-
            fix
            feat
            build
            chore
            ci
            docs
            style
            refactor
            perf
            test
          requireScope: false

  contributorStatement:
    name: Require Contributor Statement
    runs-on: ubuntu-latest
    permissions:
      pull-requests: read
    env:
      PR_BODY: ${{ github.event.pull_request.body }}
      EXPECTED: By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of the [project license](https://github.com/${{ github.repository }}/blob/main/LICENSE).
      HELP: Contributor statement missing from PR description. Please include the following text in the PR description
    if: (github.event_name == 'pull_request' || github.event_name == 'pull_request_target') && !(github.event.pull_request.user.login == 'aidlc-workflows' || github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'github-actions' || github.event.pull_request.user.login == 'github-actions[bot]')
    steps:
      - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd #v8.0.0
        with:
          script: |-
            const actual = process.env.PR_BODY.replace(/\r?\n/g, "\n");
            const expected = process.env.EXPECTED.replace(/\r?\n/g, "\n");
            if (!actual.includes(expected)) {
                console.log("%j", actual);
                console.log("%j", expected);
                core.setFailed(`${process.env.HELP}: ${expected}`);
            }